May, 2017

article thumbnail

9 best practices to improve security in industrial IoT

Tech Republic Security

Dell EMC's senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.

IoT 166
article thumbnail

Ode to the use-after-free: one vulnerable function, a thousand possibilities

Scary Beasts Security

Overview This post explores an old but wonderful vulnerability that enables us to really showcase the (oft underestimated) power of the use-after-free vulnerability class. We’re going to take a step back and consider the wider class of “use-after-invalidation”, of which use-after-free is one type of use of invalidated state. We will see one single area of vulnerable code that has it all: use-after-invalidation leading to out of bounds reads and writes; use-after-free leading to object aliasing;

Hacking 126
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Disambiguate “Zero-Day” Before Considering Countermeasures

Lenny Zeltser

“Zero-day” is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we’ve accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion.

Malware 68
article thumbnail

Top 3 Cybersecurity Problems That are Solved with E3 Engine and Unified VRM

NopSec

We’re proud to build products IT Security Teams actually need and use on a daily basis. We’re a company started by penetration testers, after all. With boots on the ground and decades of experience, we know the challenges that IT Teams face, and what tools they need to get the job done. There are three specific cybersecurity challenges that we address with our recently released E3 Engine technology and award-winning Unified VRM platform: 1.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

NIST Plans To Examine Internet of Things (IoT) For Its Cybersecurity Framework

Privacy and Cybersecurity Law

The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. […].

article thumbnail

Empire 5.8.1 releases: PowerShell & Python post-exploitation agent

Penetration Testing

Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility.... The post Empire 5.8.1 releases: PowerShell & Python post-exploitation agent appeared first on Penetration Testing.

More Trending

article thumbnail

*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images

Scary Beasts Security

Overview *bleed attacks are hot right now. Most notably, there's been Heartbleed and Cloudbleed. In both cases, out-of-bounds reads in server side code resulted in private server memory content being returned to clients. This leaked sensitive secrets from the server process' memory space, such as keys, tokens, cookies, etc. There was also a recent client-side bleed in Microsoft's image libraries , exposed through Internet Explorer.

article thumbnail

Diving into the Issues: Observations from SOURCE and AtlSecCon

Andrew Hay

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada. The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security s

article thumbnail

Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas

Tech Republic Security

Cyberwarfare has begun. Unlike nuclear weapons, cyberweapons can be proliferated more quickly and the threat from accidentally setting them off is even greater.

Hacking 163
article thumbnail

United flight attendant accidentally leaked cockpit security codes to public website

Tech Republic Security

United Airlines recently alerted staff that cockpit access codes has been posted online, raising concerns about the chain of ownership for sensitive data.

165
165
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

10 ways to protect your Windows computers against ransomware

Tech Republic Security

The risk of malware infection may be inevitable--but that doesn't mean you can't take steps to protect your Windows computers from attack. Here are 10 measures that will help minimize the threat.

article thumbnail

IBM, Cisco partner to help customers in fight against cybercrime

Tech Republic Security

Cisco and IBM have announced a partnership that will see integrations across their products and services as they aim to help customers improve their security posture.

article thumbnail

Why Bitdefender Antivirus is a wise choice for Mac users

Tech Republic Security

Recent well-publicized ransomware attacks plagued some Windows users, though Macs aren't immune from malware. Find out how Bitdefender Antivirus can provide Mac users with peace of mind.

Antivirus 141
article thumbnail

94% believe unsecured IoT devices could lead to 'catastrophic' cybersecurity attack

Tech Republic Security

A new research report from the Ponemon Institute on third-party IoT integrations shows a strong concern over IoT security, but not many actions taken to mitigate it.

IoT 146
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How game theory and Nash equilibrium can help decide cybersecurity responses

Tech Republic Security

Should you respond to a cyber incident? The answer isn't always clear. But researchers have developed a model that should make the decision easier.

article thumbnail

FTC looks to shut down fake tech support scams with Operation Tech Trap

Tech Republic Security

The Federal Trade Commission recently announced new efforts to end scams that target consumers through fake security alerts. Here's how to spot them and stay safe.

Scams 138
article thumbnail

Study finds cybersecurity pros are hiding breaches, bypassing protocols, and paying ransoms

Tech Republic Security

It's a shocking discovery that could shake your concept of security to its core: Those trusted to protect your networks are ignoring their own policies. Is something rotten in the state of cybersec?

article thumbnail

IBM admits it sent malware-infected USB sticks to customers

Tech Republic Security

In a recent support alert issued by IBM, the company noted that some USB drives that shipped with its Storwize systems contained malicious code.

Malware 142
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

New Android malware found every 10 seconds, report says

Tech Republic Security

A report from security company G DATA said that 8,400 new Android malware samples are discovered every day, stemming from the fragmentation issues with the OS.

Malware 133
article thumbnail

How the CISO moved from the basement to the boardroom

Tech Republic Security

A growing threat landscape has changed the role of the chief information security officer in the past decade. Here's why this position and its evolution are vital in the modern enterprise.

CISO 127
article thumbnail

Report: Mobile ransomware attacks 'soared' in 2017, up 250% in Q1

Tech Republic Security

Kaspersky Lab detected more than 479 million malicious attacks from online sources in Q1 2017 alone, according to a new report. Here's how to stay safe.

Mobile 137
article thumbnail

Why traveling CEOs and coffee shops are your company's greatest security risks

Tech Republic Security

Some 93% of tech decision makers said they are worried about the security challenges posed by an increasingly mobile workforce, according to a new report from iPass.

Risk 131
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Despite security risks, 75% of CEOs use applications that aren't approved by IT

Tech Republic Security

Despite understanding the risks, a majority of CEOs and business decision makers do not adhere to enterprise security practices, according to a new survey from Code42.

Risk 127
article thumbnail

Microsoft admins: Update your systems now to prevent "crazy bad" zero-day bug exploits

Tech Republic Security

Two members of Google's Project Zero discovered a serious exploit over the weekend. It's so bad it can take over a system just by sending an email-no opening or reading necessary.

120
120
article thumbnail

Hundreds of popular Android apps have open ports, making them prime targets for hacking

Tech Republic Security

A recent study found 956 potential exploits in Android apps that could allow data extraction, malware installs, and remote device control. Some of the affected apps have tens of millions of installs.

Hacking 122
article thumbnail

Why SMBs are at high risk for ransomware attacks, and how they can protect themselves

Tech Republic Security

Ransomware cost businesses more than $1B last year, and SMBs are particularly susceptible to attack. Here are some tips and best practices for keeping your company safe.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Zero day exploits: The smart person's guide

Tech Republic Security

This guide covers everything you need to know about zero day security exploits, which are secret vulnerabilities used by hackers to infiltrate PCs, networks, mobile phones, and IoT devices.

IoT 120
article thumbnail

WannaCrypt makes an easy case for Linux

Tech Republic Security

Ransomware got you down? There's a solution that could save you from dealing with this issue ever again. That's right. It's Linux.

article thumbnail

7 ways to protect your Apple computers against ransomware

Tech Republic Security

Take these steps now to protect your Mac computers from emerging ransomware attacks.

article thumbnail

98% of WannaCry victims were running Windows 7, not XP

Tech Republic Security

New data from Kaspersky Lab shows that almost all of the WannaCry/WannaCrypt ransomware worm victims were running some version of Windows 7.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?