09

Mar 2015

Another SSL/TLS vulnerability has everyone FREAKing out again

On March 3, 2015 researchers disclosed a new secure sockets layer (SSL)/transport layer security (TLS) vulnerability (CVE-2015-0204), dubbed “FREAK”, which is an acronym for “Factoring attack on RSA-EXPORT Keys”. This vulnerability allows attackers to intercept hypertext transfer protocol secure (HTTPS) connections between a vulnerable client and server. Once the connection has been intercepted an attacker can force the connection to use ‘export-grade’ cryptography, which can...

Read More


19

Feb 2015

Report: Cyber Thieves will Increasingly Target Healthcare Companies

Your healthcare company has data – not just any data, but Protected Healthcare Information (PHI). One report predicts the data you have will be increasingly targeted by cyber-thieves who want that information. Healthcare records hold a cornucopia of Personally Identifiable Information (PII) that can be used in multiple follow-up attacks and various kinds of fraud. In 2013, 43 percent of all major data breaches involved healthcare...

Read More


12

Feb 2015

Will the PCI Council Kill SSL Usage?

In a recent release of the Council’s Assessor Newsletter, which is distributed by the Payment Card Industry (PCI) council, contains an interesting paragraph that will cause some concerns among businesses that have to comply with PCI for online transactions. Notice: PCI DSS and PA-DSS v3.1 Revisions Coming In order to address a few minor updates and clarifications and one impacting change, there will be a...

Read More


09

Feb 2015

To Stop a Cyber Thief: Watch Your Data Flow

You’ve got the data and cyber thieves want it. But, if you know how your data flows, you can start controlling who has access to it and how it’s classified. “Customers look at their data and think that it’s just on their computer,” said Sword & Shield Security Analyst Rocky Breeden. “But really, that data is traversing the network and, if it’s in plain text...

Read More


30

Jan 2015

Three Things to Know About Modern Mobile Forensics

When digital forensics started many years ago, the computer was “king” for the valuable information we sought for our clients. Times have definitely changed over the past few years. While computers still provide great value in our investigations, mobile devices such as tablets and smart phones are now becoming a valuable asset in many cases. We are finding that mobile devices are proving to be a...

Read More


20

Jan 2015

Have a Back-up Plan to Mitigate Social Engineering Attacks

If you don’t enjoy having your data or your customers’ personal information plastered all over the Internet, then you should consider the initial attack vector that was most likely used to put it there: a lack of understanding about how social engineering attacks occur and an absence of security controls available to minimize the breach. Phishing, pre-texting, baiting and piggy-backing are just some of the social engineering methods attackers use to trick...

Read More


07

Jan 2015

Securing Your Future with Strategic Security Assessments

You’ve read about the breaches. You’ve seen other companies lose their reputations and financial standing after a cybersecurity attack. You understand that the safety of your company’s data is tantamount to your business’s secure future. But, where do you start? Strategic security assessments tell companies everything about their environment and what their company is doing – or not doing – to safeguard their systems and comply with the regulations their industry requires....

Read More


10

Jul 2013

Insider Threats Greatly Impact Business

While former National Security Agency (NSA) contractor Edward Snowden has dominated the news after leaking details of several top-secret surveillance programs, his type of “insider threat” is not the only one businesses should consider when making IT security decisions. When most hear the term “insider threat”, the typical assumption is that it is an employee who is determined to inflict destruction and harm on his or...

Read More


23

May 2012

PCI and Mobile Payment Application Security

So far, the world of mobile payments has been a “Wild West”, before the sheriff came to town. The vendors have been making their own rules, though at least a few have been smart, and have prepared for what they guessed would happen. The solution can be expressed in one word: Encryption. As early in the payment process as possible, all the way to the bank...

Read More


04

Jan 2012

Information Security: There’s Not an App for That

Vulnerability assessments and exploitation, like so many other areas of technology, have progressed from being understood by a few elite practitioners to being automated for the masses. Each day information security professionals are releasing new software or improving on existing software to make identifying and exploiting network vulnerabilities easier. Unfortunately, these automated tools have produced a “there’s an app for that” attitude toward information security. Many...

Read More



Page 16 of 16« First...1213141516