Security and Vulnerability Management

Security and vulnerability management

Microsoft Windows patch tuesday bug
Windows security patches

oops keyboard

Do you create stupid users?

A week doesn’t go by where we read about some attack that is precipitated by bad user actions.

FTC gets federal court to shut down $120M tech support scam

FTC says scammers use bogus software and the deceptive telemarketing operations to roll over victims.

Windows security patches

November 2014 Patch Tuesday: Microsoft released 4 critical fixes, 14 total updates

Microsoft released 14 security patches, four rated critical, eight rated important and two rated as moderate.

Chris Young, Cisco

Cisco names new security chief after Young departs

14 year vet Goeckeler was instrumental in Sourcefire integration

security

8 cutting-edge technologies aimed at eliminating passwords

From electronic pills to digital tattoos, these eight innovations aim to secure systems and identities without us having to remember a password ever again

identity concept 164551610

New Brunswick Conquers Identity Management With Virtual Directory

What started as a single provincial department's effort to roll out a virtual directory now helps government employees and citizens access about 150 applications. Find out how New Brunswick solved what could have otherwise been a big...

Book Report: Cyberstorm by Matthew Mather

Great read for those who want to understand what might happen as a result of a devastating cyber-attack on critical infrastructure

Medical device security

Attacker could use default defibrillator password to launch denial of service

The National Vulnerability Database published two advisories regarding default passwords in defibrillators which attackers could use to "modify device configuration and cause a denial of service." Add this to widespread compromises...

Hexadite's Automated Incident Response Solution narrows the gap between detection and response

It's not uncommon for CIRT personnel to ignore various automated security alerts, largely because they don't have enough time to investigate every alert. As attacks become more frequent and threats grow more serious, the only way...

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee.  This gave the hackers access to the user records of 145 million users...

The Emerging Cybersecurity Software Architecture

It's been a busy week for the information security industry.  FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio.  IBM chimed in with a new Threat Prevention...

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm....

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and...

CISOs Must “Think Different”

Remember the "Think Different" advertising campaign from Apple?  It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso. The "Think Different" ads coincided...

To Automate or Not to Automate (Incident Response): That Is the Question

The recently published Senate report on the Target breach exposed a dicey situation that is all too familiar to enterprise security professionals.  As it turns out, Target implemented malware detection technology from FireEye which...

Think Deleted Text Messages Are Gone Forever? Think Again

A former federal prosecutor and cybercrime expert tells CIO.com how IT departments can retrieve text messages that the user thought were deleted months or even years ago. As more litigation and investigations turn on the content of...

RSA Conference recap: Positive direction for security industry

Last week's RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I'm not sure about the attendance numbers but it seemed especially busy - not surprising after the many cybersecurity events...

Hot Topics at the RSA Conference

It's the calm before the storm and I'm not talking about the unusual winter weather.  Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.In spite of this year's controversy over the...

Load More