Network Security
SCADA and ICS Security: Welcome to the Patching Treadmill
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
Comments (0)
So APT Is China *snicker* Now What?
February 28, 2013 Added by:Krypt3ia
As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT, I find myself once again looking at the problem as opposed to the hype.
Comments (0)
Symantec Uncovers Earliest Known Version of Stuxnet (Version 0.5)
February 26, 2013 Added by:Mike Lennon
According to Symantec, Stuxnet Version 0.5, an earlier and less sophisticated version of Stuxnet, was designed to close crucial valves that feed uranium hexafluoride gas into the centrifuges, causing serious damage to the centrifuges and the uranium enrichment system as a whole.
Comments (0)
The Blurring of the Business Identity
February 26, 2013 Added by:Simon Moffatt
The concept of a well defined business identity is blurring and this is causing a complex reaction in the area of identity and access management. Internal, enterprise class identity and access management (IAM) has been long defined, as the managing of user access as defined by approval workflows, authoritative source integration and well defined system connectivity.
Comments (0)
APT1: The Good, The Bad, and The Ugly
February 21, 2013 Added by:Krypt3ia
I believe that Mandiant published the APT1 report primarily as a means of advertising and not much else. There is talk of the release being given the tacit nod by the government to push through the idea that there is a problem and that China is robbing us blind.
Comments (2)
iPhones Are Coming to the Plant Floor – Can we Secure Them?
February 20, 2013 Added by:Eric Byres
Like icebergs, mobile technology has become an unstoppable force of nature. They have invaded the corporate office – is the plant floor the next frontier? What is your company doing about mobile devices on the plant floor? Does it have a strategy?
Comments (0)
Opinion: Recent ISACA Study Adds Fuel to the APT Fire
February 18, 2013 Added by:Steve Ragan
Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these...
Comments (0)
Defining the Qualities of Cyber Warfare
February 14, 2013 Added by:Jarno Limnéll
Cyber warfare is one of the hottest topics currently trending in newsfeeds and, although many are quick to use the term, not everyone fully understands the concept.
Comments (1)
Time to Speak Up on New IF-MAP Specs for ICS and SCADA Security
February 12, 2013 Added by:Eric Byres
Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.
Comments (0)
Bit9 Suffers Breach After Failing to Follow Corporate Policy
February 11, 2013 Added by:Steve Ragan
If you need a one off example this week of why internal policies are important, or why failure to adhere to them could spell trouble, look no further than Bit9.
Comments (0)
DARPA on Cyber Targeted-Attack Analyzer program & micro-satellites
February 11, 2013 Added by:Pierluigi Paganini
Protect the country, population and assets from cyber threats, this is a must for every government, a challenge for every state, new processes, large investment and innovative researches are the topics most debated in this period. Yesterday I wrote about the Russian government and its commitment to strengthen cyber defense, today I desire to introduce how US are trying to improve their cyber capa...
Comments (0)
Network Security Dark Space: What You Don’t Know Can Hurt You
February 11, 2013 Added by:Infosec Island
Dark space is everywhere – it’s a major challenge to security teams everywhere. The good news is the problem can be solved, and complete coverage can be achieved.
Comments (0)
New York Times Attacks Show Need For New Security Defenses
February 01, 2013 Added by:Infosec Island
The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.
Comments (0)
SCADA Security Directions for 2013 - How Will ICS and SCADA Security Change in 2013?
February 01, 2013 Added by:Eric Byres
You see, every January I get asked to make between three and five predictions for the upcoming year. Then every December people remind me that I made those predictions 12 months ago. Then they get to tell me how poorly I did.
Comments (0)
Security Analytics: Hype or Huge?
February 01, 2013 Added by:Simon Moffatt
This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...
Comments (0)
The Case for National Cyber Labs
January 31, 2013 Added by:Don Eijndhoven
Cyber Ranges as these networks are now often referred to, are fun! And they’re extremely useful in developing real-world skills without disappearing behind bars. It’s not even a new idea; various militaries have been doing it for a while now...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!