Scary Beasts Security

FEBRUARY 3, 2013

Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome patches and autoupdates bugs pretty fast but this is a WebKit bug and not every consumer of WebKit patches bugs particularly quickly. So I've waited a few months to release a full breakdown of the exploit.

Accountability 82

Accountability 82

NopSec

FEBRUARY 22, 2013

NopSec is pleased to announce the immediate availability of a new Executive Dashboard for Unified VRM. NopSec continues the rapid pace of innovation with new capabilities that provide customers with a graphical view of prioritized vulnerabilities and at-a glance progress toward fixes. Michelangelo Sidagni, Chief Technology Officer at NopSec, had this to say about the Executive Dashboard, “Our customers requested the ability to confidently gauge the vulnerabilities and risk at the present moment

Software 52

Software Firewall Technology Risk 52

Dark Reading

FEBRUARY 19, 2013

Prevention vs. clean up. It’s a security question all financial institutions should ask themselves. When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. That’s because they continue to allow criminals to get their foot in the door.

Banking 40

Banking Authentication Social Engineering Engineering 40

Privacy and Cybersecurity Law

FEBRUARY 9, 2013

If you Google “EU law on security”, you’ll find the EU Data Protection Directive near the top of the search […].

40

40

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

NopSec

FEBRUARY 27, 2013

In a recent article posted by Robert McGarvey in the Credit Union Times, Threat of the Week: APT Will Get You , he talks about advanced persistent threats, referencing the high-profile hacks at large news and media companies. NopSec’s Chief Technology Officer, Michelangelo Sidagni, contributed as an expert source for the article. “These are very sophisticated attackers,” said Michelangelo Sidagni, chief technology officer at NopSec, a New York security firm.

Penetration Testing 40

Penetration Testing Phishing Firewall Technology 40

NopSec

FEBRUARY 21, 2013

We observe a common misconception that companies believe they are doing “vulnerability management” when, more often than not, they are simply performing “vulnerability identification”. I came across an insightful article written by Mark Hatton in SecurityWeek titled, “ Three Mistakes Companies Make When it Come to Vulnerability Management ”. Below are my own observations and comments on the topic.

Software 40

Software 40

NopSec

FEBRUARY 13, 2013

Crain’s New York Business, there is an article written by Matthew Flamm that discusses the pervasiveness of cyber attacks and the implications for New York companies. He makes an assertion that, “New York may become more hospitable to entrepreneurs as the number of engineers and investors attracted to the local tech scene grows.” The article then goes on to spotlight NopSec, “getting attention from large, well-reputed VCs” according to Steve Berg of RTP Ventures.

Cyber threats 40

Cyber threats Media Banking Cyber Attacks 40

NopSec

FEBRUARY 7, 2013

It has been hard to keep up with my news alert due to all the IT security headlines. “ Hackers in China Attacked The Times for Last 4 Months ” in the New York Times, and “ Chinese Hackers Hit U.S. Media ” in The Wall Street Journal. Cyber-attacks on the rise Although unfortunate and painful for the companies involved, high-profile security attacks and breaches are positive for the industry overall from the perspective of increasing the awareness and education of the need to employ an ongoi

Penetration Testing 40

Penetration Testing Education Cyber Attacks Banking 40

Privacy and Cybersecurity Law

FEBRUARY 2, 2013

We’re now well past the UK grace period for cookie compliance. But what are companies actually doing about this? Are […].

Marketing 40

Marketing 40

NopSec

FEBRUARY 13, 2013

It looks like the Federal Government is getting serious about IT security. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Mr. Obama said in his State of the Union address. See “ Obama Order Gives Firms Cyberthreat Information ” by the New York Times. My understanding is that the order targets improvements in information sharing and developing a risk framework and best practices, called the Cybersecurity

Cybersecurity 40

Cybersecurity Government Technology Software 40

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Privacy and Cybersecurity Law

FEBRUARY 27, 2013

As we’re all aware the new Data Protection Regulation (the Regulation) was announced to much bombast a little over a […].

40

40