Search results for: zero trust

Rethinking security: Securing activities instead of computers

For many people involved in the infosecurity community, the notion of security is too often tied to the quality of code (resistance to specific classes of bug, for example) and effective patching – in short, to low-level security.But independent security consultant Eleanor Saitta believes that software developers and security engineers need to take a step back and look at the bigger picture.“Security is not a property of a technical system,” she noted in her talk … More

Defend your network from APTs that exploit DNS

Advanced Persistent Threats (APTs) are designed to spread, morph and hide within IT infrastructure to perpetrate a long term attack, posing a significant threat to the security of corporate data. From the world’s largest banks, to a healthcare provider, to a German iron plant, no sector escaped a malware and APT breaches in 2014. Malware and APTs commonly use the Domain Name System (DNS) as a communication mechanism for these breaches. And yet many companies … More

Critical vulnerability in RealTek SDK breaks routers’ security

A critical vulnerability in version 1.3 of the RealTek software development kit (SDK) has opened hole in D-Link and Trendnet Wi-Fi routers – and possibly many others, as well – which can be exploited by attackers to execute arbitrary code on the devices.“The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call,” the … More

Webroot

Smarter threats and the rising complexity of cybercrime

85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions, the new Webroot 2015 Threat Brief reveals. Presented at RSA Conference 2015, this year’s report provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners and shows how collective threat intelligence that is shared across users and organizations is the only winning way to fight cybercrime.Key findings … More

Attackers use deceptive tactics to dominate corporate networks

Cyber attackers are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them, according to Symantec. “Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response. “We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access … More

RSA Conference 2015

Finalists announced for Innovation Sandbox at RSA Conference 2015

RSA Conference announced the 10 finalists for its annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry. The 2015 event marks 10 years since the event launched at RSA Conference 2005 as Innovation Station. Past winners include Sourcefire, Imperva, and most recently RedOwl Analytics. On Monday, April 20, 2015, each of this year’s finalists will demonstrate … More

Mobile app developers are not investing in security

Nearly 40 percent of large companies, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers. A new study also found organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks – opening the door for hackers to easily access user, corporate and customer data. The number of mobile cyber-security attacks is continuing to grow. At any given time, malicious code is infecting … More

Seagate acknowledges NAS 0-day, announces patch

After security researcher OJ Reeves publicly revealed the existence of a remote code execution zero-day flaw affecting Seagate’s Business Storage 2-Bay NAS line of products and published a Metasploit module and a standalone Python script that exploit the vulnerability, the company has finally commented the situation more extensively and has announced a patch: “After careful analysis, Seagate has confirmed that the vulnerability on our Business Storage NAS products is low risk and affects only those … More

0-day flaw in Seagate NAS devices endangers thousands

Seagate’s Business Storage 2-Bay NAS line of products, which is popular both with home and business users, sports a zero-day remote code execution vulnerability that can be easily exploited by attackers, security researcher OJ Reeves warned on Sunday. “Products in this line that run firmware versions up to and including version 2014.00319 were found to be vulnerable to a number of issues that allow for remote code execution under the context of the root user. … More

Declaring personal data bankruptcy and the cost of privacy

In the digital economy, your data profile has value, but judging from what I watched happen recently in a London shopping mall, a lot of us give it away for free. At the Westfield shopping center in Shepherd’s Bush, a long line of Britons waited to surrender valuable personal information – demographic details, shopping habits, brand preferences, and more – in exchange for a free bar of chocolate. Really. How did the collector, a prominent … More

GnuPG 2.0.27 released

GnuPG is a complete and free implementation of the OpenPGP standard. It allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG 2.0.27 is a maintenance release which fixes a couple of bugs, and an update to this version is suggested. What’s new: gpg: Detect faulty use of –verify on detached signatures. gpg: New import option “keep-ownertrust”. … More

Week in review: Anthem breach, critical IE 11 bug can be used for phishing attacks

Here’s an overview of some of last week’s most interesting news and articles: Overcoming the daily challenges of a security team The institutionalization of domestic security and incident-response into a distinct profession have formed three major challenges for large enterprises. Security outlook: Technologies and key trends Anonymous threats and lone wolf attacks, increasing fears on cyber security and concerns over immigration will generate significant debate over foreign policy and how to mitigate the security risk … More