February 12, 2015 | Stephen Molina

Defending the Enterprise from Cyber Attacks: Save Mart Case Study

We’ve seen several cyber attacks occur over the course of 2014 – from Home Depot to Target and most recently Sony. The one thing I think most of us in the industry can agree on is that we don’t want to be the next company in headlines marked by a breach. As the information security administrator of…

February 10, 2015 | Garrett Gross

Emerging Threat - Reflection Using SQL Servers

A new, particularly nasty, technique was discovered out in the wild this past December (2014) where the City of Columbia, Missouri came under a DoS (Denial of Service) attack. While many of the attacks were carried out using known techniques (SSDP/NTP amplification, HTTP POST, SYN flood, etc.), one technique seemed to be of a new breed. It turns out, hackers…

Get the latest security news in your inbox.

Subscribe via Email

February 6, 2015 | Patrick Bedwell

Healthcare and PII: They’ve Seen You Naked

With the recent Anthem data breach that has grabbed our attention, the topic of how Healthcare organizations protect your Personally Identifiable Information (PII) has moved to the forefront. In many ways, bad actors acquiring your PII are far worse than them simply stealing your credit cards. Stolen credit cards, you can cancel – easily and usually without cost. Stolen PII …

February 6, 2015 | Joe Schreiber

Don’t Panic: Six Steps to Surviving your First Breach

So you’ve come to terms with the truth of the world; eventually, you’re going to suffer a security breach. Maybe it won’t happen this month, or this year, but as the great sage Tyler Durden so incisively observed, “On a long enough timeline, the survival rate for everyone drops to zero.” Getting…

February 5, 2015 | Russ Spitler

Cloud Security Confusion: Who Owns What?

At BlackHat this past summer, we ran a survey in our booth asking a series of questions related to security in the cloud. We had more than 500 respondents and the signal was quite strong – everyone is confused about security in the cloud! Let’s start with the simplest, most basic question – who is responsible for security? To…

February 3, 2015 | Andy Manoske

Why Low-Tech Hacking Persists in a High Tech Age

The Bomber Will Always Get Through In the tumultuous years before World War 2, a British Parliamentary official, Stanley Baldwin, gave an ominous speech regarding the country’s war defenses. Responding to calls for building an “impenetrable” air defense network to defend London from an air raid, Baldwin quipped, “it is well also for the man in…

January 30, 2015 | Kate Brew

CryptoParty at Austin OWASP

One of Edward Snowden's first moves involving going around the NSA was to attend a CryptoParty in Hawaii. Not that we are anything like Edward Snowden, but we went ahead and had a CryptoParty at our Austin OWASP chapter meeting on 1/27/15. Here is a recording of the event http://vimeo.com/channels/owaspaustin We did not have cupcakes, but…

January 29, 2015 | Charisse Castagnoli

3 Simple Steps to improve your Company’s Security DNA

With all the security breaches in 2014, no organization can have failed to realize that cyber risk is now part of ongoing organizational risk. Information security is considered right at the top with disaster recovery and business continuity. And every organization struggles with ensuring their staff and employees don’t introduce additional security risk on top of all the external…

January 27, 2015 | Patrick Bedwell

Ghost Vulnerability - the Buffer Overflow Beat Goes On

Qualys today announced a new vulnerability, GHOST (CVE-2015-0235). The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. This is a common threat vector; buffer overflow vulnerabilities have been in the threat landscape for years. Attackers…

January 26, 2015 | Garrett Gross

New Detection Technique – Social Engineering Toolkit

Have you ever heard of “penetration testing” (or “pen testing”)? That’s when a security professional tries to hack into their own (or their client’s) environment to ensure that the security controls put in place are, in fact, functioning properly. It’s a great technique and can uncover some overlooked soft spots…

January 22, 2015 | Tom D'Aquino

0Day Vulnerability in Adobe Flash being exploited by Angler Exploit Kit - What to Do

A few hours ago, a security researcher, Kafeine, spotted an instance of the Angler Exploit Kit which is exploiting an unpatched vulnerability affecting Adobe Flash. It appears that any version of Internet Explorer or Firefox with any version of Windows can be owned if the latest version (16.0.0.287) of Adobe Flash is installed and enabled. Victims of this type of attack…

January 22, 2015 | Michael Roytman

Threat Intelligence - Beyond the Hype

Threat Intelligence Definitions Cyber Squared defines threat intelligence as “An emerging information security discipline that seeks to recognize and understand sophisticated cyber adversaries, specifically why and how they threaten data, networks, and business processes.” And Gartner takes a stab at defining it: “Threat intelligence is evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice...that can…

Watch a Demo ›
Get Price Free Trial