Tech Republic Security
DECEMBER 21, 2016
The coming year will bring a large-scale IoT security breach, with fleet management, retail, manufacturing, and government at the biggest risk, according to experts.
Adam Shostack
DECEMBER 21, 2016
Image credit: Bill Anders, Apollo 8 , launched this day, Dec 21, 1968.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Scary Beasts Security
DECEMBER 13, 2016
Overview TL;DR: full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error. Very full details follow. [ UPDATE 13 Dec 2016 -- a couple of competent readers inform me that I've named the wrong processor!
NopSec
DECEMBER 13, 2016
Growing up as a kid in the 80’s ransom used to be a simple thing. A bad person with a foreign accent would kidnap the loved one(s) of a square-jawed, wealthy protagonist and demand a large sum of money for their safe return. But kidnapping someone’s significant other, their child, or even their beloved pet chihuahua is risky business. The criminals have to first identify a wealthy individual, then get physically close to kidnap the target without being seen or caught in the process.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Kali Linux
DECEMBER 1, 2016
We’re happy to announce that we’ve once again listed our Kali Linux images on the Amazon AWS marketplace. You can now spin up an updated Kali machine easily through your EC2 panel. Our current image is a “full” image, which contains all the standard tools available in a full Kali release. Once your instance is running, connect to it with your SSH private key using the “ ec2-user ” account.
Spinone
DECEMBER 28, 2016
99.9% of companies in the United States are small businesses that give jobs to almost 50% of local employees. SMBs are a great powerhouse of the US economy. Today we’ll be discussing Google Workspace (former G Suite), arguably the most popular business SaaS application for small and medium businesses. In particular, this guide will explain […] The post How to Upgrade From Google Workspace Basic to Business first appeared on SpinOne.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
DECEMBER 29, 2016
There’s some really interesting leaked photos and analysis by Charles Goodman. “ Leaked photos from the Rogue One sequel (Mainly Speculation – Possible Spoilers).
Scary Beasts Security
DECEMBER 5, 2016
Overview In a previous blog post, I disclosed CESA-2016-0002 , an 0day vulnerability (without exploit) in the vmnc decoder of the gstreamer media subsystem, which is installed by default in Fedora. Because a Fedora fix was somewhat slow in coming, I decided to attempt to exploit this vulnerability. This would have to be another scriptless vulnerability.
NopSec
DECEMBER 7, 2016
Remember Shamoon, the malware that disabled some 35,000 computers at one of the world’s largest oil companies in 2012? If you’ve read cybersecurity news lately, you’ve probably heard that it’s back. This time, Shamoon disrupted servers at several Saudi government agencies. When the malware hit Saudi Aramco four years ago, it propelled the company into a technological dark age, forcing the company to rely on typewriters and faxes while it recovered.
Privacy and Cybersecurity Law
DECEMBER 3, 2016
As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department […].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Spinone
DECEMBER 28, 2016
Learn how to upgrade G Suite Basic to Business in our detailed guide for new business owners and founders. Also, find out how to protect your data. On April 22, 2007 Google launched the professional package of Google Apps for Enterprise. Since then, more than 6 million companies around the world are using Google Apps […] The post How to Upgrade G Suite Basic to Business: Detailed Guide first appeared on SpinOne.
Tech Republic Security
DECEMBER 13, 2016
From internal threats to creative ransomware to the industrial Internet of Things, security experts illuminate business cybersecurity threats likely to materialize in the next year.
Adam Shostack
DECEMBER 12, 2016
This quote from Bob Iger, head of Disney, is quite interesting for his perspective as a leader of a big company: There is a human side to it that I try to apply and consider. [But] the harder thing is to balance with the reality that not everything is perfect. In the normal course of running a company this big, you’re going to see, every day, things that are not as great as you would have hoped or wanted them to be.
Scary Beasts Security
DECEMBER 5, 2016
Overview A part of any intellectually honest full disclosure experiment is to disclose the less interesting findings alongside the more serious issues and exploits. Accordingly, if you were looking for spectacular 0day exploits, this is not the post you are looking for. If you’re generally interested in software failure conditions, though, here’s a bunch.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
DECEMBER 2, 2016
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and... The post Nikto v2.5 releases – WebAPP Penetration Testing Tool appeared first on Penetration Testing.
Privacy and Cybersecurity Law
DECEMBER 21, 2016
Canada’s Anti-Spam Law came into force on July 1, 2014. Since then, all eyes have been on the Canadian Radio-television and Telecommunications Commission […].
Spinone
DECEMBER 28, 2016
On April 22, 2007 Google launched the professional package of Google Apps for Enterprise. Since then, more than 6 million companies around the world are using Google Apps for managing their business. So what has been the secret of Google’s success? In my opinion, it’s as a result of ongoing service & security improvements, along with enhanced capabilities that require only a nominal amount of additional IT resources.
Tech Republic Security
DECEMBER 9, 2016
Law enforcement has trained special dogs to find hidden thumb drives and cell phones that human investigators routinely miss, and it's foiling predators, terrorists, and other criminals.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Shostack
DECEMBER 8, 2016
There’s a new paper from Mark Thompson and Hassan Takabi of the University of North Texas. The title captures the question: Effectiveness Of Using Card Games To Teach Threat Modeling For Secure Web Application Developments. Gamification of classroom assignments and online tools has grown significantly in recent years. There have been a number of card games designed for teaching various cybersecurity concepts.
Tech Republic Security
DECEMBER 6, 2016
Here are five things that might convince you to care about your personal data, even if you think you don't.
Tech Republic Security
DECEMBER 7, 2016
A hand-picked list of must-watch cybersecurity videos to help you learn the fundamentals of encryption, how hackers penetrate systems, and strong cyber-defense tactics for business.
Tech Republic Security
DECEMBER 6, 2016
This year thousands of cyber-attacks cost companies millions in damages and exposed billions of sensitive consumer and corporate records. These are the 10 biggest business hacks of 2016.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 7, 2016
We're constantly reminded of the risks that come with bad passwords, yet many people persist in using obvious and easy-to-crack names, words, and patterns. Want to know if you're at risk?
Tech Republic Security
DECEMBER 9, 2016
If your Apache 2 web server is failing to execute PHP files, learn how to quickly remedy this issue.
Tech Republic Security
DECEMBER 2, 2016
The Android Mediaserver is back in the critical column for vulnerabilities. Get the highlights of the November 2016 bulletin.
Tech Republic Security
DECEMBER 5, 2016
In a recent interview with Yahoo's Katie Couric, former NSA contractor Edward Snowden spoke about how he believes justice in the US is 'two-tiered.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 7, 2016
One of the elephants in the room at the 2016 Smart Cities Summit in Boston was cybersecurity. It threatens to derail the most optimistic plans for making cities more efficient and more responsive.
Tech Republic Security
DECEMBER 30, 2016
Discover how revisions to security processes can help protect your company's data.
Tech Republic Security
DECEMBER 1, 2016
In 2016 ransomware, phishing, and IoT attacks pummeled business and consumers alike. What cybersecurity trends will emerge in 2017? Take our survey to share your opinion about emerging hacker trends.
Tech Republic Security
DECEMBER 2, 2016
What malware does Windows Defender recognize? Learn how to use PowerShell's Defender cmdlets to peek inside the malware signature definitions database.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
167 
Let's personalize your content