Tech Republic Security
MAY 10, 2017
Dell EMC's senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.
Scary Beasts Security
MAY 5, 2017
Overview This post explores an old but wonderful vulnerability that enables us to really showcase the (oft underestimated) power of the use-after-free vulnerability class. We’re going to take a step back and consider the wider class of “use-after-invalidation”, of which use-after-free is one type of use of invalidated state. We will see one single area of vulnerable code that has it all: use-after-invalidation leading to out of bounds reads and writes; use-after-free leading to object aliasing;
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lenny Zeltser
MAY 1, 2017
“Zero-day” is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we’ve accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion.
NopSec
MAY 31, 2017
We’re proud to build products IT Security Teams actually need and use on a daily basis. We’re a company started by penetration testers, after all. With boots on the ground and decades of experience, we know the challenges that IT Teams face, and what tools they need to get the job done. There are three specific cybersecurity challenges that we address with our recently released E3 Engine technology and award-winning Unified VRM platform: 1.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Privacy and Cybersecurity Law
MAY 17, 2017
The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. […].
Penetration Testing
MAY 15, 2017
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility.... The post Empire 5.8.1 releases: PowerShell & Python post-exploitation agent appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Scary Beasts Security
MAY 19, 2017
Overview *bleed attacks are hot right now. Most notably, there's been Heartbleed and Cloudbleed. In both cases, out-of-bounds reads in server side code resulted in private server memory content being returned to clients. This leaked sensitive secrets from the server process' memory space, such as keys, tokens, cookies, etc. There was also a recent client-side bleed in Microsoft's image libraries , exposed through Internet Explorer.
Andrew Hay
MAY 3, 2017
Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada. The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security s
Tech Republic Security
MAY 15, 2017
United Airlines recently alerted staff that cockpit access codes has been posted online, raising concerns about the chain of ownership for sensitive data.
Tech Republic Security
MAY 31, 2017
Cyberwarfare has begun. Unlike nuclear weapons, cyberweapons can be proliferated more quickly and the threat from accidentally setting them off is even greater.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
MAY 10, 2017
At the 2017 Dell EMC World conference, RSA senior director of advanced cyber defense, Peter Tran, walked through examples of real-world IT questions and how they could be answered.
Tech Republic Security
MAY 31, 2017
Cisco and IBM have announced a partnership that will see integrations across their products and services as they aim to help customers improve their security posture.
Tech Republic Security
MAY 2, 2017
Should you respond to a cyber incident? The answer isn't always clear. But researchers have developed a model that should make the decision easier.
Tech Republic Security
MAY 31, 2017
A new research report from the Ponemon Institute on third-party IoT integrations shows a strong concern over IoT security, but not many actions taken to mitigate it.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MAY 22, 2017
Recent well-publicized ransomware attacks plagued some Windows users, though Macs aren't immune from malware. Find out how Bitdefender Antivirus can provide Mac users with peace of mind.
Tech Republic Security
MAY 15, 2017
The Federal Trade Commission recently announced new efforts to end scams that target consumers through fake security alerts. Here's how to spot them and stay safe.
Tech Republic Security
MAY 24, 2017
The risk of malware infection may be inevitable--but that doesn't mean you can't take steps to protect your Windows computers from attack. Here are 10 measures that will help minimize the threat.
Tech Republic Security
MAY 22, 2017
Kaspersky Lab detected more than 479 million malicious attacks from online sources in Q1 2017 alone, according to a new report. Here's how to stay safe.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MAY 2, 2017
In a recent support alert issued by IBM, the company noted that some USB drives that shipped with its Storwize systems contained malicious code.
Tech Republic Security
MAY 4, 2017
Artificial intelligence algorithms are involved in a cyber arms race. Who will win: Antimalware developers or malware developers?
Tech Republic Security
MAY 23, 2017
Some 93% of tech decision makers said they are worried about the security challenges posed by an increasingly mobile workforce, according to a new report from iPass.
Tech Republic Security
MAY 18, 2017
Ransomware got you down? There's a solution that could save you from dealing with this issue ever again. That's right. It's Linux.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 15, 2017
Known (and trusted) insiders can pose an even bigger security threat than faceless hackers. Learn how to reduce associated risks.
Tech Republic Security
MAY 30, 2017
The worldwide proliferation of WannaCry ransomware exposed a lack of urgency regarding OS security updates. That can't be allowed to happen.
Tech Republic Security
MAY 16, 2017
Chances are, you've heard these tips before. But as recent news stories indicate, reminders about online security are never a bad thing.
Tech Republic Security
MAY 5, 2017
A report from security company G DATA said that 8,400 new Android malware samples are discovered every day, stemming from the fragmentation issues with the OS.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 2, 2017
A recent study found 956 potential exploits in Android apps that could allow data extraction, malware installs, and remote device control. Some of the affected apps have tens of millions of installs.
Tech Republic Security
MAY 22, 2017
New data from Kaspersky Lab shows that almost all of the WannaCry/WannaCrypt ransomware worm victims were running some version of Windows 7.
Tech Republic Security
MAY 22, 2017
A growing threat landscape has changed the role of the chief information security officer in the past decade. Here's why this position and its evolution are vital in the modern enterprise.
Tech Republic Security
MAY 2, 2017
2.5 quadrillion bits of data are created every day. A new study by cybersecurity firm Neustar shows how weaponized data results in more powerful and frequent attacks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
167 
Let's personalize your content