Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Cisco Warns Of Security Flaws In Building Management System
Multiple vulnerabilities could enable attackers to access power, HVAC, and physical security systems
Payment Systems Group Issues End-To-End Encryption Guidelines
POS vendor group rolls out requirements for encrypting card data, ahead of PCI group
Security's Top 4 Social Engineers Of All Time
My team here at Secure Network was recently discussing who we considered the best social engineers of all time. My colleagues and I each made a list and defended our candidates based on the creativity, innovation, and the public impact they had made. Here are our final top four social engineers from number four to number one, and why we chose them.
Not Too Late To Learn From Defcon CTF Qualifiers
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.
Sourcefire Expands Real-Time Application Awareness
Capability provides users with increased network visibility
Defense-In-Depth Via Cloud Security Services
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.
What Oracle Gets In The Secerno Buy
One key takeaway from Oracle's acquisition of Secerno is that the database giant now has a database activity monitoring (DAM) solution, closing a big gap in its current security capabilities.
Other Facebook Privacy Problems You May Not Know About
While people are busy discussing Facebook's privacy policies about user data, it's the less-direct privacy issues that constantly nag at me. I haven't seen these discussed before, although I'm sure I'm not the only one to notice them.
Hacking The Security Infrastructure
Researchers at Black Hat USA will demonstrate vulnerabilities, proof-of-concept attacks on popular firewalls, security management consoles
Big New Features In New Metasploit Framework
The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.
Hardware Lockdown Initiative Cracks Down On Cloning, Counterfeiting
Cisco joins seven other vendors in new Hardware Intrinsic Security (HIS) effort
When Social Engineering Tests Fail
Our company, Secure Network, has performed numerous security assessments and penetration tests, many of which involved social engineering. That's when we test our clients' employees to see if they adhere to security policies. Even with all of the planning that goes on beforehand, these engagements sometimes can go wrong.
Product Watch: Sourcefire Rolls Out SSL Appliance
Hardware device works with IPS to inspect SSL-encrypted traffic for malicious intent, data leakage
Goldman Sachs Lawsuit Shows Need For DAM
When Goldman Sachs was hit with a lawsuit by Ipreo Networks, I got a call from Dark Reading contributor Ericka Chickowski to talk about the alleged misuse of the "BigDough" database. Specific details on this case remain scarce, but threats to Customer Relationship Management (CRM) systems and SaaS based data services are well known.
Lessons From The Volcano
I had a chance to fly rather close to Iceland's Eyjafjallajokull volcano last week. On a flight back from Frankfurt, the pilot somehow got permission to divert from the scheduled flight path as we crossed Iceland to give us a closer look of the volcano.
Build-A-Botnet Kits Let Anyone Steal Data
At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, "You don't need to be tech savvy" to steal data. It's a sad but true reality that isn't much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware. We've seen the results of easy-to-use exploit toolkits.
Microsoft Security In 140 Characters Or Less
When Microsoft's JG Chirapurath said he would stick to Twitter's maximum capacity of 140 characters for his responses in our twitterview last week, he wasn't kidding.
PCI Streamlines PIN Transaction Security Requirements
Look for more 'proactive' PCI in the future, working group member says
Suricata Pushing Intrusion Detection Evolution
Advances in intrusion detection systems (IDS) and intrusion prevention systems (IPS) have stayed fairly stagnant, with the exception of the signatures that must change daily to meet current threats. The Suricata project from the Open Information Security Foundation (OISF) looks to change that and bring forth the evolution of the IDS.
A New Way To Choose Database Encryption
I can't count how many times I've been in a meeting when someone tosses out the phrase, "Oh, we'll just encrypt the database."
Yeah. Right. Good luck with that.
New Services Could Signal Shift In SaaS Security Offerings
Symantec, Verizon Business launch new security offerings
The Myth Of Cyberattack Deterrence
Deterrence online is one of the biggest idiocies of the past couple of years. There are some interesting research possibilities in the subject matter, but not as it is portrayed today -- a cure-all strategy.
DOJ, DHS Bust Ring Trafficking Counterfeit Cisco Hardware
Global 'Operation Network Raider' initiative seized phony routers, switches, network cards, secure communication devices made in China
Multifunction Print Devices Under Fire
There's nothing like a news story on a major television network (or talk radio) to get your boss asking you odd questions. Ever had that happen? The recent CBS story on digital photocopiers sure generated a buzz and some extra work for IT professionals across all industries.
Dark Reading Celebrates Its Fourth Anniversary
Four years ago this week, we flipped the switch on a new website -- Dark Reading -- that was designed to meet a simple goal: to tell you everything you need to know about IT security, right up-to-the-minute that it happens.
OK, I said the goal was simple, not easy to achieve.
DOJ, DHS Bust Ring Trafficking Counterfeit Cisco Hardware
Global 'Operation Network Raider' initiative seized phony routers, switches, network cards, secure communication devices made in China
Product Watch: New DNS Security Service Augments DNSSEC
Internet Identity launches DNS monitoring service for 'extended enterprise'
The Idiot Threat
It's been interesting to see how the failed bombing in New York's Times Square has been sifted for "lessons."
Alert: Disposable Facebook Apps Installing Adware
Just like throwaway domains on the wider Internet, it seems like criminals now use throwaway applications on Facebook. They bring one app online to lure users and potentially infect them, and by the time one is taken down by Facebook, they create yet another.
'Twitterview' With Microsoft
I sometimes get a little long-winded when I pose a question to a source during an interview. But I undoubtedly will be pithy tomorrow when I conduct Dark Reading's first-ever "twitterview," or interview via Twitter, where I'll be strictly limited to 140 characters or less for a question.
DLP Gets An Open-Source Boost
Data loss, or leakage, prevention (a.k.a. DLP) is a product class that includes data discovery, classification, and monitoring to prevent your sensitive data from falling into the wrong hands. Some implementations are configured to alert instead of block, but the basics are the same. You have sensitive data, you don't always know where it is, so you use DLP tools to find it and keep it safe.
Product Watch: Imation Rolls Out Secure Data Storage Portfolio
New data-at-rest line features encryption, authentication, and FIPS compliance
Simple USB Flash-Drive Protection
Sneakernet-borne viruses seemed like a thing of the past until we started having Conficker outbreaks. There has been other malware that targeted USB storage devices before Conficker, but for some reason none had been as effective at spreading...something that's likely attributable to the multipronged attack capability.
|
Latest Comment: Becky thought the "Assistant in a Drawer" device was a great idea, until she realized she couldn't stop all the "pop-ups"
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
