Security and Vulnerability Management

Security and vulnerability management

cutcaster 902830953 tour small
cwjan15 klossner humanerror cartoon

Endpoint Security Activities Buzzing at Enterprise Organizations

CISOs are assessing people, processes, and technologies to address endpoint security threats and vulnerabilities

00 title

Six social engineering tricks that can be avoided if you're careful

Social Engineers work on multiple levels. The key to their success is to target human nature and emotion.

social media

Social engineering: The dangers of positive thinking

CSO Online recently spoke to a person working in the security field with a rather unique job. He's paid to break into places, such as banks and research facilities (both private and government), in order to test their resistance to...

010515 utm 1

UTM Shootout: Security appliances for SMBs are smaller, more powerful and packed with new features

Vendors are coming up with new ways to fit enterprise-grade security features into more compact and more powerful appliances.

Microsoft Windows patch tuesday bug

Catchy nicknames prompt more patching of vulnerabilities

Vulnerabilities with catchy nicknames get more attention from media, customers, and vendors and so get patched more thoroughly than similar vulnerabilities without clever names.

Windows security patches

Patch Tuesday Dec 2014: 7 fixes, 3 critical patches for Windows, IE and Office

For the last Patch Tuesday in 2014, Microsoft released 7 security updates, including 3 patches for critical remote code execution flaws in Windows, Office and Internet Explorer.

oops keyboard

Do you create stupid users?

A week doesn’t go by where we read about some attack that is precipitated by bad user actions.

FTC gets federal court to shut down $120M tech support scam

FTC says scammers use bogus software and the deceptive telemarketing operations to roll over victims.

Windows security patches

November 2014 Patch Tuesday: Microsoft released 4 critical fixes, 14 total updates

Microsoft released 14 security patches, four rated critical, eight rated important and two rated as moderate.

Chris Young, Cisco

Cisco names new security chief after Young departs

14 year vet Goeckeler was instrumental in Sourcefire integration


8 cutting-edge technologies aimed at eliminating passwords

From electronic pills to digital tattoos, these eight innovations aim to secure systems and identities without us having to remember a password ever again

identity concept 164551610

New Brunswick Conquers Identity Management With Virtual Directory

What started as a single provincial department's effort to roll out a virtual directory now helps government employees and citizens access about 150 applications. Find out how New Brunswick solved what could have otherwise been a big...

Book Report: Cyberstorm by Matthew Mather

Great read for those who want to understand what might happen as a result of a devastating cyber-attack on critical infrastructure

Medical device security

Attacker could use default defibrillator password to launch denial of service

The National Vulnerability Database published two advisories regarding default passwords in defibrillators which attackers could use to "modify device configuration and cause a denial of service." Add this to widespread compromises...

Hexadite's Automated Incident Response Solution narrows the gap between detection and response

It's not uncommon for CIRT personnel to ignore various automated security alerts, largely because they don't have enough time to investigate every alert. As attacks become more frequent and threats grow more serious, the only way...

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee.  This gave the hackers access to the user records of 145 million users...

The Emerging Cybersecurity Software Architecture

It's been a busy week for the information security industry.  FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio.  IBM chimed in with a new Threat Prevention...

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm....

Load More