April 18, 2011 Added by:Headlines
“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."
April 15, 2011 Added by:Global Knowledge
In diagnosing connection and VPN problems, too often SSL or IPSec VPN client logs don’t provide enough information on why connections fail. Consequently, the receiver frequently provides the detail needed through selective debugging and logging...
April 14, 2011 Added by:Ron Lepofsky
Data leakage prevention technology tackles both data at rest residing within a network and specifically on disk storage and of course when data is in motion. Vendors of these technologies vary in what elements of the problem they wish to tackle. Some try to solve all possible problems...
April 14, 2011 Added by:Headlines
According to Brenner, thousands of U.S. companies were targeted in the Aurora attacks, a great deal more than the 34 companies publicly identified. Brenner says the scale of the operation demonstrates China's "heavy-handed use of state espionage against economic targets..."
April 14, 2011 Added by:Jared Carstensen
The so called "massive fraud scheme" utilized software called Coreflood - which collected and stored system and application passwords, along with other financial information. The use of Coreflood was enabled by a Windows OS vulnerability which then allowed the botnet to spread rapidly...
April 13, 2011 Added by:Robb Reck
As malicious actors have proven time and time again, our current security programs are insufficient to provide adequate protection. Defense in depth has come under fire as a result. But it’s not the DiD model that has failed us, it’s our own incomplete implementations...
April 12, 2011 Added by:Carter Schoenberg
Americans maintain a culture of “get it done in two weeks or it has no value”. Odd that its not training, not more ammunition (antivirus), not better firearms (IDS/IPS), but a change in our culture regarding security and technology that will save us from our own cone of destruction...
April 11, 2011 Added by:Stefan Fouant
Practical conservation may never be needed given the trillions of addresses available in IPv6, but maybe in the very distant future it could very well be due to some of these recommendations being put in place today. After all, 640K did turn out to be a rather small number didn't it?
April 10, 2011 Added by:J. Oquendo
We can never stop an attacker from trying to compromise us, it is out of our control. This does not mean that we cannot stop connections from leaving that machine. After all, controlling what leaves a machine will always be more important than what is coming INTO a machine...
April 08, 2011 Added by:Alexander Rothacker
If an organization didn’t catch the attack and the hackers covered their tracks, they might not know of the breach. What if the attackers set up backdoors to come back another time? Now they know exactly where to look for the organization’s critical data – who is to say they won’t be back?
April 07, 2011 Added by:Jamie Adams
In a few of my previous posts, I discussed misleading results some scanners might produce with regard to the versions of software present on your system. In this post, I will demonstrate how to use an SCAP capable scanner using vendor-maintained OVAL patch definitions. ..
April 07, 2011 Added by:Anthony M. Freed
In the case of defending critical infrastructure, translating security concerns for the CxO level needs to go beyond merely conveying network defense efforts in terms of mitigating enterprise risk, the conversation needs to touch on the issue of strengthening our national security...
April 07, 2011 Added by:Scot Terban
A source has sent in some information on the DoS attacks ongoing at Sony, and I have to say I was surprised that the Anon’s are still using the LOIC. There is some interesting information in the data sent, Such as a server called: "staff.anonops.ru vlad.anonops.ru". Really? Staff???
April 07, 2011 Added by:Headlines
"When we put ourselves in state of chaos like this, and this is what it will be, think of the opportunities for striking through the APTs (advanced persistent threats), they can pick and choose the targets with much less security behind them..."
April 06, 2011 Added by:Danny Lieberman
In order to improve IT security countermeasure effectiveness in the Federal Government, the OMB should reduce base payments to contractors who provide IT security services and link their compensation to a reduction in the damage caused to government data and network assets...
April 05, 2011 Added by:Headlines
The U.S. Army has confirmed that accused WikiLeaks source Bradley Manning had installed data-mining software on his SIPRnet-linked computer during the same period he is suspected of harvesting hundreds-of-thousands of classified government documents...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013