Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Legacy Support Leaves Chip-And-PIN Vulnerable, Researcher Says
Black Hat talk will show that security and backwards compatibility are at odds in popular authentication technology
Mac OS X Lion Password Vulnerability: Sleep Mode
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
Facebook Dinner Date Turns Supermarket Robbery
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
Putting Data In The Cloud? Retain Control
Security researcher warns many companies are trading catastrophic problems for gains in efficiency
RSA SecurID Breach Cost $66 Million
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
Social Media Vs. Organized Crime
White House launches plan to leverage social networks and new intelligence and information sharing technologies to fight crime on a global scale.
Black Hat Pwnies Nominate LulzSec, Anonymous
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
Anonymous Boycotts PayPal, Arrest Fallout Continues
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
Metasploit Pro Gets SIEM, Cloud Integration
Rapid7's new Metasploit Pro release, 4.0, automates more workflow tasks
Apple OS X Targeted By Remote Backdoor Malware
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis
Malware Analyzer G2 combines emulation, virtualization in one environment
Blended Web Attacks Hitting More Websites
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
Apple Laptop Batteries Hacked By Researcher
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
Sony Insurer Disputes Breach Insurance Claims
A cautionary tale for enterprises that think they have data breach insurance.
Not Your Average Linux Distribution: DOD's Flavor
The Department of Defense has released a unique Linux distribution with special security considerations for telecommuters.
How To Respond To A Denial Of Service Attack
You can't prevent an overwhelming DDoS attack, but you can minimize its impact. Here's how.
Google Hacking Tools Prepped For Black Hat
'Diggity' family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say.
Researchers Prepare Google Hacking Tools For Black Hat -- Hot Diggity!
Family of search tools will help security teams and pen testers find searchable flaws before bad guys, Stach & Liu researchers say
Google Tries Flagging Malware For Users
Search engine will warn users if it detects a specific attack on their machines
Google Warns Searchers Of Windows Malware Infection
Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
More Windows Kernel Vulnerabilities May Emerge
After issuing dozens of patches this year, Microsoft may still have more work to do, Black Hat speaker warns.
4 Basic Security Steps For SMBs
Time and budget limitations make poor excuses for a lack of security. Here are four key considerations for resource-constrained IT administrators at smaller companies.
Telex Promises Path Around State-Sponsored Net Censorship
Tech researchers have developed a way that ISPs can help Internet users avoid censorship roadblocks.
Feds Issue Government Teleworker Security Guidelines
OMB rules apply to departments, agencies that must secure access to wireless networks and IT systems when employees work remotely.
U.S. Military Outlines Cyber Security Strategy
The strategy focuses on bolstering the military's cyber defenses with new technology, new organizations, and new partnerships with the private sector and foreign allies.
Breaches, Compliance Fuel Database Security Growth
Database activity monitoring gains attention, but market consolidation may be afoot.
Report: Sixty Percent Of Users Are Running Unpatched Versions Of Adobe
Vulnerabilities in software could lead to breaches, Avast Software study warns
Microsoft Patches 'Critical' Bluetooth Vulnerability
Fix among 22 issues addressed by Patch Tuesday
P2P Networks Expose Healthcare Data To Identity Theft
File-sharing software can open healthcare organization networks to criminal activity.
U.S., Russia Forge Cybersecurity Pact
The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.
Antisec Attacks An Urgent Wake-Up: InformationWeek Now
It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.
Five Steps To Protect Against LulzSec
Targeted attacks are a reality today, especially with the likes of hacktivist groups such as Anonymous.
Microsoft Security Center Delivered Adult Content Links
Attackers hacked search results generated by Microsoft's own search engine and served up some adult-oriented links.
Homeland Security: Devices, Components Coming In With Malware
Some imported components for electronic and computer hardware pose a complicated security risk, says the Department of Homeland Security.
As SQL Injection Attacks Surge, New Report Offers Insight On How To Prevent Them
SQL injection has taken its place among the top Web threats and compromised some of the Internet’s best-known companies. Here's a look at how SQL injection attacks happen -- and what you can do about it
New Research Names Top 10 Malware Delivery Networks
Emerging category of networks is distinct from botnets, Blue Coat study says
Google Implements WebGL Security Fix
Web developers wishing to make use of cross-domain media elements with WebGL should look to a new mechanism called CORS.
Reports: DHS, IRS Databases At Risk
Protected critical infrastructure information at risk in DHS data stores, IG report says
Florida Election Servers Hacked Again
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
UCLA Health System Pays $865,000 Over Privacy Charges
Employees allegedly looked at personal health records of celebrities such as Tom Cruise and Farrah Fawcett.
Italian Police Arrest Alleged Anonymous Hackers
Authorities in Switzerland also crack down on members of the loosely organized hacking collective known as Anonymous.
DARPA's Peiter 'Mudge' Zatko Takes Keynote Stage At Black Hat USA 2011
Zatko is the inventor of L0phtCrack, AntiSniff, L0phtWatch/Tempwatch, and SLINT
Researchers Dissect The Underground Economy Of Fake Antivirus Software
Scareware pushers see more than 2 percent sales conversion, make millions in profit -- and even offer refunds
HP TouchPad, Smartphone Hacked
The WebOS mobile operating system platform is vulnerable to XSS, cross-site request forgery based upon a researcher's published proof-of-concept for an attack.
End-User Security: SMBs Prefer Invisibility
Social media and mutating malware have changed the threat landscape, prompting smaller companies to list education and security users don't notice as top needs, Symantec found during the Endpoint Protection 12 public beta.
Researcher Demonstrates HP TouchPad, Smartphone Hack
Mobile operating system platform vulnerable to XSS, cross-site request forgery
LulzSec's Top 3 Hacking Tools Deconstructed
Analysis suggests LulzSec was most effective using a relatively unknown vulnerability to launch large-scale, botnet-driven attacks against everyone from Sony to the Senate.
Fox News Twitter Account Hacked, Claims Obama Killed
Weak or reused passwords likely exploited by group with Anonymous hacking collective sympathies.
Inside Indestructible Botnet, Security Experts See Flaws
The huge TDL4 botnet has snared 4.5 million PCs, as the malware creators pay handsomely for results. But experts say it's sneaky, not unstoppable.
4 Tips: Make Your SMB Website More Secure
Consider this expert advice on how small and midsize businesses can build websites that are well-protected from attacks--and keep them safe.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
