Search results for: zero trust
For many people involved in the infosecurity community, the notion of security is too often tied to the quality of code (resistance to specific classes of bug, for example) and effective patching – in short, to low-level security.But independent security consultant Eleanor Saitta believes that software developers and security engineers need to take a step back and look at the bigger picture.“Security is not a property of a technical system,” she noted in her talk … More →
Advanced Persistent Threats (APTs) are designed to spread, morph and hide within IT infrastructure to perpetrate a long term attack, posing a significant threat to the security of corporate data. From the world’s largest banks, to a healthcare provider, to a German iron plant, no sector escaped a malware and APT breaches in 2014. Malware and APTs commonly use the Domain Name System (DNS) as a communication mechanism for these breaches. And yet many companies … More →
A critical vulnerability in version 1.3 of the RealTek software development kit (SDK) has opened hole in D-Link and Trendnet Wi-Fi routers – and possibly many others, as well – which can be exploited by attackers to execute arbitrary code on the devices.“The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call,” the … More →
85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions, the new Webroot 2015 Threat Brief reveals. Presented at RSA Conference 2015, this year’s report provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners and shows how collective threat intelligence that is shared across users and organizations is the only winning way to fight cybercrime.Key findings … More →
Cyber attackers are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them, according to Symantec. “Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response. “We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access … More →
RSA Conference announced the 10 finalists for its annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry. The 2015 event marks 10 years since the event launched at RSA Conference 2005 as Innovation Station. Past winners include Sourcefire, Imperva, and most recently RedOwl Analytics. On Monday, April 20, 2015, each of this year’s finalists will demonstrate … More →
Nearly 40 percent of large companies, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers. A new study also found organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks – opening the door for hackers to easily access user, corporate and customer data. The number of mobile cyber-security attacks is continuing to grow. At any given time, malicious code is infecting … More →
After security researcher OJ Reeves publicly revealed the existence of a remote code execution zero-day flaw affecting Seagate’s Business Storage 2-Bay NAS line of products and published a Metasploit module and a standalone Python script that exploit the vulnerability, the company has finally commented the situation more extensively and has announced a patch: “After careful analysis, Seagate has confirmed that the vulnerability on our Business Storage NAS products is low risk and affects only those … More →
Seagate’s Business Storage 2-Bay NAS line of products, which is popular both with home and business users, sports a zero-day remote code execution vulnerability that can be easily exploited by attackers, security researcher OJ Reeves warned on Sunday. “Products in this line that run firmware versions up to and including version 2014.00319 were found to be vulnerable to a number of issues that allow for remote code execution under the context of the root user. … More →
In the digital economy, your data profile has value, but judging from what I watched happen recently in a London shopping mall, a lot of us give it away for free. At the Westfield shopping center in Shepherd’s Bush, a long line of Britons waited to surrender valuable personal information – demographic details, shopping habits, brand preferences, and more – in exchange for a free bar of chocolate. Really. How did the collector, a prominent … More →
GnuPG is a complete and free implementation of the OpenPGP standard. It allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG 2.0.27 is a maintenance release which fixes a couple of bugs, and an update to this version is suggested. What’s new: gpg: Detect faulty use of –verify on detached signatures. gpg: New import option “keep-ownertrust”. … More →
Here’s an overview of some of last week’s most interesting news and articles: Overcoming the daily challenges of a security team The institutionalization of domestic security and incident-response into a distinct profession have formed three major challenges for large enterprises. Security outlook: Technologies and key trends Anonymous threats and lone wolf attacks, increasing fears on cyber security and concerns over immigration will generate significant debate over foreign policy and how to mitigate the security risk … More →
