Latest Posts

6d117b57d55f63febe392e40a478011f

Weak SOHO Router Default Passwords Leave Tens-of-Thousands at Risk

April 19, 2015 Added by:Anthony M. Freed

Security researcher Viktor Stanchev has publicly disclosed that Bell’s SOHO modem/routers are shipped with extremely weak default passwords that can be cracked in a matter of days, leaving tens-of thousands of users at risk of network intrusions and sensitive data loss.

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Three Things That Need Spring Cleaning in InfoSec

April 19, 2015 Added by:Brent Huston

Spring is here in the US, and that brings with it the need to do some spring cleaning. So, here are some ideas of some things I would like to see the infosec community clean out with the fresh spring air!

Comments  (0)

52ff7cf6fd88aebfb48b323e6251cd95

The Current State of Insecurity: Strategies for Inspecting SSL Traffic

April 17, 2015 Added by:Kasey Cross

Encrypted network traffic improves confidentiality and message integrity, but it also puts organizations at risk. This is because hackers can leverage encryption to conceal their exploits from security devices that do not inspect SSL traffic. Attackers are wising up and taking advantage of this gap in corporate defenses.

Comments  (0)

0ead717779244d9aab5c1699308850d2

PCI DSS 3.1 Sets Deadline for SSL Migration

April 16, 2015 Added by:Brian Prince

The PCI Security Standards Council (PCI SSC) has released the latest version of the PCI Data Security Standard (PCI DSS) with an eye towards addressing security concerns related to the Secure Sockets Layer (SSL) protocol.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

2015 Verizon DBIR and the Human Attack Surface

April 16, 2015 Added by:Tripwire Inc

Verizon’s annual Data Breach Investigations Report (DBIR) gives annual analysis and insight to the prior year’s security incidents and confirmed data breaches. As a security practitioner, I look to this report as a bellwether for our own security practices – what patterns are emerging and what should be my immediate takeaways to better protect my organization.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

ASV Guidance for SSL/TLS Vulnerabilities

April 16, 2015 Added by:PCI Guru

Hidden by all of the news about v3.1 of the PCI DSS being published, is a notice that was sent to all PCI approved scanning vendors (ASV) from the PCI SSC regarding how to handle SSL and “early TLS” vulnerabilities.

Comments  (0)

Af7244bb99debb4a1152fa49a993a05c

Preview: Suits and Spooks London - May 6-7, 2015

April 16, 2015 Added by:Eduard Kovacs

With less than three weeks to go until Suits and Spooks London 2015 kicks off, the agenda is nearly finalized. Our first 2-day international event will host experts in cyber warfare, intelligence, advanced persistent threats, sophisticated malware, and political issues.

Comments  (0)

0ead717779244d9aab5c1699308850d2

Healthcare Industry Challenged by Data Breaches, Compliance

April 15, 2015 Added by:Brian Prince

In a new report from Vormetric focused on healthcare organizations, almost half (48 percent) of the IT decision makers from the U.S. said their organization either failed a compliance audit or experienced a data breach in the last year.

Comments  (0)

2d84e74c0a40157cd7d83753045dfb96

What Threat Intelligence Data Can Tell Us: The Sad Story of WF

April 15, 2015 Added by:Mary Landesman

People differ in how they approach data analytics. One camp prefers to postulate a theory and find data that supports or negates that theory. Another camp prefers to let the data tell the story.

Comments  (0)

C940e50f90b9e73f42045c05d49c6e17

Real-Time Bidding and Malvertising: A Case Study

April 15, 2015 Added by:Malwarebytes

Malvertising continues to be one of the biggest and most effective infection mechanism which, for the most part, is based on rogue advertisers inserting malicious ads in the machine.

Comments  (0)