Space Weather Outlook December 28, 2014 at 09:23PM
Configuring and Using PKI in Your Microsoft Network
This white paper gives you a great overview of the core configuration of your Microsoft CAs. Request Free! |
Why Threat of Downtime Should Be Keeping You Up at Night
Security systems only provide protection if up and running. If video monitoring systems, access control, or other building security systems go down, it can be costly and dangerous. Learn how to protect your security systems and keep them running 24/7/365. Get this informative white paper to learn all about:
Request Free! |
Everything You Need To Know About A DDoS Attack
Even if your company isn’t as large as Amazon or eBay, any amount of profit loss due to downtime should be cause for concern. Not only do you miss a potential sale in real time, that customer is less likely to come back and try to purchase from you again in the future. Request Free! |
Email Security For IT: How To Keep Your Brand Safe
Not only can phishers hurt your company and customers, but your brand can take a beating too. Find out what you should be implementing to keep your brand safe. Request Free! |
Space Weather Outlook December 21, 2014 at 08:19PM
The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook
The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions. The following kit contents will help you get the most out of your Information Security research:
Request Free! |
Network Security For Dummies -- eBook (usually $22.99) FREE for a limited time!
CNN is reporting that a vicious new virus is wreaking havoc on the world’s computer networks. Somebody’s hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that’s got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against most security threats. Whether your network consists of one computer with a high-speed Internet connection or hundreds of workstations distributed across dozens of locations, you’ll find what you need to confidently:
Request Free! |
Space Weather Outlook December 14, 2014 at 09:09PM
Grnde zur Vergabe einer vereinheitlichten Identitt an Insider
Auf der Liste der acht bedeutendsten Bedrohungen in Sachen Internetsicherheit für das Jahr 2013 führt Forbes interne Bedrohungen unter Beachtung interner Angriffe auf Basis des Schadens, den privilegierte Benutzer verursachen, sowie die Art von Daten, zu denen diese Zugang haben, auf Platz 3 “der Verheerendsten” an. Es ist von äußerster Wichtigkeit, dass Führungskräfte und IT-Richtlinienbeauftragte die Gefahr böswilliger Insider, eine gestiegene Angriffsoberfläche und das Potenzial für durch Angestellte verursachte Fehler durch Bedrohungen oder Fahrlässigkeit erkennen und bestätigen. Request Free! |
Three Ways Companies Can Avoid DDoS Attacks
In this 15-minute webinar, Dyn Principal Architect Andrew Sullivan gives a quick-hit overview of DDoS attacks and three tips on how companies can help plan ahead before getting hit. Request Free! |
Proven Practices for Securing Your Website Against DDoS Attacks
Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand! Request Free! |
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Space Weather Outlook December 07, 2014 at 11:41PM
Essential Data Security Kit including Cryptography for Dummies - FREE for a limited time!
Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking. Cryptography for Dummies will teach you everything from the terminology used in the field to specific technologies to the pros and cons of different implementations. This essential research also includes DDoS Attacks, Cloud adoption and security, and what you need to know about eliminating security risks for your company. In this kit you will receive the following resources for Data Security research: Request Free! |
5 ways to protect your company from phone and internet fraud
As a telecoms operator, in order to protect your company against fraudulent attacks, your company needs to make the shift from trying to fix problems after they happen, to focusing on assessing risks ahead of time and implementing the appropriate preventative methods. But how can you prevent these? Find out in the following article... Request Free! |
Is Your Identity and Access Governance Program Vulnerable to Risk?
Your organization must inventory, analyze and understand the access privileges granted to its users to effectively manage risk. Proactive Identity and Access Governance (IAG) can help you answer the critical question: “Who has access to what, and is it appropriate?” NetIQ shows you how in this paper, which they've packed with:
Learn to secure your organization by implementing a proactive IAG program. Request Free! |
Mobile and Remote Access: Balancing Convenience and Security
In today's BYOD world, securing access and maintaining productivity is challenging. Users want access from their own devices, and the applications, data and services they're using are not always secured by a perimeter. How can you provide secure access without inhibiting productivity? In this paper you'll learn:
Get advice on choosing the right solution and the knowledge you need to face today's challenges. Request Free! |
Single Sign-On: with Passwords, Less is More
Your workforce is using applications from a wider variety of sources than ever. Not only does this annoy your users, it's less secure. The solution is simply solved with enterprise Single Sign-On (SSO). Read this paper to learn:
Security and productivity are both at stake: put SSO to work in your organization today. Request Free! |
The Big Shift to Cloud-Based Security
As a mid-sized or smaller organization, there is a lure of feeling safety in obscurity. The truth is your company doesn't have to be a giant global corporation to be in the cross hairs of an attack. Automated exploits of common vulnerabilities can equally sweep up victims on any Internet-facing network. As for targeted attacks, smaller companies are often hit first precisely because cybercriminals know these organizations have weak security – and may be a stepping stone to connected business partners or a large parent company. The good news is you don't need to hire a crew of security experts to effectively manage IT risks and comply with security and privacy regulations. This guide explains how SMBs can use cloud-based security to protect their network and ensure compliance without breaking the bank. Request Free! |
Banking IT Systems Management: Challenges and Solutions
Banking systems need to be readily available and productive, yet secure and protected from data-breach. The risks of irregular maintenance and non-compliance of IT and security policies can cost the organization much in terms of fines, lost opportunities and a damaged reputation. With such a serious and complex challenge, employing an efficient and comprehensive solution is paramount to minimize risk and instill confidence in the organization's ability to fulfill on its compliance requirements. Download this white paper to learn:
Request Free! |
Cryptography For Dummies - eBook (usually $22.99) FREE for a limited time!
Request Free! |
Space Weather Outlook December 01, 2014 at 01:23AM
Space Weather Outlook November 23, 2014 at 10:55PM
When Worlds Collide: Cloud Apps and Financial Services
Trends suggest that cloud services will soon be the new norm for financial institutions. However, there are two major hurdles to clear when moving financial data out of an on-premises network to public cloud applications: security and compliance regulations. This white paper discusses cloud access security brokers and how they can help the finance industry stay secure in the cloud as well as be compliant. Request Free! |
Isn't The Cloud Already Secure?
Successful innovations invariably reach a transitional point at which the general population stops viewing them as shiny toys and realizes these advances are valuable assets. Eventually, like email, it becomes a tool that society can't live without. The adoption of the cloud, however, hasn't been as rapid as experts predicted. Find out who's really responsible for these cloud apps, and the benefits of having a vendor that can protect your corporate data. Request Free! |
Why Some Things Shouldn't Go Viral
Email is the most used application in any modern enterprise, yet it remains the primary avenue for sensitive corporate data to leave your network. Securing email becomes even more challenging when BYOD is introduced. Employees love using a single mobile device for work and life. On the surface, this makes a lot of sense – not only is the employee already familiar with the device, but BYOD can also help cut costs. The problem? The fact that employees are using their own devices, running a variety of operating systems, and connecting over insecure Wi-Fi networks makes data security difficult to achieve. Request Free! |
Top Six Things to Consider with an Identity as a Service Solution
IT doesn't like it either. After all, they're just trying to ensure the security of your enterprise but they're often burdened with password retrieval activities when they could be focused on more value-added tasks. Because your employees have work to do, and they're suffering from password fatigue, they resort to using passwords that circumvent security practices—inviting hackers into your enterprise data. Solutions to solve the problem are often cumbersome making a complicated problem…well, more complicated. Is there a better way? Absolutely: unified identity management with an Identity as a service Solution (IDaaS). Download the white paper: Top Six Things to Consider with an Identity as a Service Solution. You'll discover how an IDaaS can help you drive user productivity, enhance IT efficiency, improve security, mitigate risk, and lower total cost of ownership. Request Free! |
What are the top 10 emerging threats in telecoms?
With operators reported to be losing between 3-9% of their annual revenues to fraud, the proactive detection and efficient management of fraud and RA threats are on-going, complex business priorities that are integral to staying ahead of the fraudster. So, what can operators do to stay ahead of the game and prevent revenue losses? Read on and find out... Request Free! |
Space Weather Outlook November 16, 2014 at 09:31PM
Next Generation Criminal Fraud Detection
As fraud rises, there is a strong need for fraud tools that can detect account takeover and fraudulent transactions. IBM® Security Trusteer™ Pinpoint Criminal Detection software offers a next generation approach that helps address the challenges of traditional risk engines. Trusteer Pinpoint Criminal Detection helps you to:
Request Free! |
Three Steps to Prevent Workplace Crime
You know security is a priority – but where do you start? If you're not a security professional, initiating where to first spend your time and money can be the hardest part. In order to get you started, we've consulted the experts. From understanding what you need in a security review to gaining the power to control your entries to simply understanding the general mind of an opportunistic criminal, you can make a big difference in your company's security. Request Free! |
How to Overcome the Top 5 Business Vulnerabilities
Establishing a thriving business takes dedication and hard work. But all too often, business owners and managers find themselves too busy working to protect what they've worked so hard for to make time to put in place preventative measures as well. To make sure that more businesses are aware of the risks, Tyco IS listed the top five vulnerabilities business owners face every day. From burglary to vandalism to liability, see how you can tackle the risks with the right strategies. Request Free! |
The Case for Mobile Security Management
Since embezzlement and internal theft are leading causes of mid-sized business failure, making sure your company is secure on the inside isn't paranoia – it's smart business. Learn how you can implement simpler security measures with the convenience of your smartphone or tablet. Like never before, you can maximize your most precious non-renewable resource: your time. Give yourself one less thing to worry about and learn how to safeguard your business with your fingertips. Request Free! |
Mobility on Hold: Get Back on Track with Mobile Risk Mitigation
Fortunately, new security measures are available to mitigate the risks associated with advanced mobile banking and payment capabilities. The key to protecting the mobile channel is to realize that it is deeply connected to the online channel. Effective protection must consider risk indicators that span both channels and extend to both to protect against the full range of attack vectors. Read this white paper to learn about:
Request Free! |
Winning the War on Cybercrime: The Four Keys to Holistic Fraud Prevention
They then conduct real-time credential theft and take over accounts. The main reason for cybercriminals' continued success is that highly evasive advanced financial malware allows for a wide variety of attacks that are very difficult to detect with traditional fraud prevention technologies. Download our latest white paper to learn:
Request Free! |
The Thriving Malware Industry: Cybercrime Made Easy
In today's virtual world, the scope of organizations vulnerable to malware-driven cybercrime is quite broad. In addition to banks and credit unions that are subject to online banking fraud, financial fraud can be perpetrated on insurance companies, payment services, large e-commerce companies, airlines and many others. Request Free! |
Selecting the Right Cybercrime-Prevention Solution
Malicious software, or malware, is the primary attack tool used by cybercriminals to execute account takeover attacks, steal credentials and personal information, and initiate fraudulent transactions. The attack tactics, or crime logic, are constantly becoming more sophisticated so they can continue to exploit human and system weaknesses. Fraud-, risk- and IT-security professionals are looking to establish an effective defense against these attacks. Request Free! |
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention
Unmistakably, what led to the release of the FFIEC supplement was the introduction of advanced malware that has created an increasingly hostile online banking environment. Sophisticated malware has become the primary attack tool used by online banking fraudsters to execute account takeover, steal credentials and personal information, and initiate fraudulent transactions. To address emerging threats, the FFIEC requires organizations to continuously perform risk assessments as new information becomes available, adjust control mechanisms as appropriate in response to these changing threats and implement a layered approach to security. Consequently, financial organizations need to select solutions that are able to identify emerging threats, address their impact and apply layered security that can quickly adapt to the ever-changing threat landscape. Request Free! |
Holistic Fraud Prevention: Transforming the Customer's Experience
When evaluating and implementing fraud prevention technologies, most security professionals focus on only the fraud avoidance capabilities. They often overlook the potentially significant adverse impact on customers' experience and operational costs. Good fraud prevention solutions must be effective at identifying and preventing fraud and must do so with no negative impact. Although many fraud prevention professionals believe there must be a tradeoff between strong security on one side and customer experience and operational costs on the other, this is simply no longer the case. Strong, effective security can and should both enhance customers' experience and lower operational costs. Read this white paper to learn:
Request Free! |
Old Techniques, New Channel: Mobile Malware Adapting PC Threat Techniques
Read this white paper to learn more about the emerging attack techniques used by cybercriminals in the mobile channel, including:
Request Free! |
Ten Risky Security Behaviors to Avoid: Protect Your Organization
You are a problem. You are a risk to your employer. The actions you take and the activities you perform at work, online, and even in your personal life put your employer at risk. You need to know how you are a security risk to the organization and what you can do to reduce or eliminate those risks. In this paper, I discuss ten common risky behaviors that typical workers engage in and what you can do to avoid being the weakest link in your company. Request Free! |
Space Weather Outlook November 09, 2014 at 10:23PM
Data Center in the Crosshairs: Today's Most Dangerous Security Threats
Comprising the most valuable assets in your organization – your web, DNS, database, and email servers - data centers have become the number one target of cyber criminals, hacktivists and state-sponsored attackers. This paper analyzes the top five most dangerous threats to your data center. It also describes the impact of these threats and it reveals the latest methods, tools and techniques used by attackers to exploit data center resources. Request Free! |
DDoS Report: The Escalating Threat of DDoS Attacks
Virtually every commercial and governmental organization today is largely - if not entirely - reliant on its online services, and service availability is completely at risk from the rising tide of DDoS attacks. If you are concerned about the possibility of major service outages due to DDoS attacks, you should ensure that your vendor can scale to mitigate the largest multi-vector attacks at your network's edge. Request Free! |
Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC
If Lync customers deploy multiple Lync servers or a "pool," they need to distribute traffic loads to those servers. Load balancing is not just a best practice, it's a requirement. Microsoft advises customers to provision either hardware load balancing or DNS load balancing. If load balancing is required, IT managers can deploy Thunder Series Application Delivery Controllers (ADCs) from A10 Networks to ensure world-class performance, applications availability, and resiliency for Microsoft Lync. Security threats challenge enterprise networks at every level, and Lync applications are not immune. Distributed Denial-of-Service (DDoS) attacks are a particular danger for Lync installments. Thunder ADC acts as a reverse proxy between clients and Lync front-end servers, ensuring that all connections to servers are initiated from Thunder ADC. In this process, Thunder ADC eliminates potentially crippling DDoS attacks and other network-level threats. Request Free! |
Defending Against Network Based DDoS Attacks
In this video we turn our attention to the network side of the house. Request Free! |
Space Weather Outlook November 02, 2014 at 10:29PM
Space Weather Outlook October 27, 2014 at 03:14AM
The 10 Reasons Guide: Choosing a File Sync and Share Solution
Workers want access to business files from anywhere, on any device, and at any time. This presents a new range of corporate security and data leakage risk challenges to today’s IT organizations. Download the white paper that explores 10 reasons why each of Accellion, Anchor/eFolder, Box, Dropbox, Egnyte, Citrix ShareFile, Google Drive and Microsoft OneDrive are not for your business. Plus, one solution that is. Request Free! |
Securing Your Future in the Cloud
To help your organization be the one that does things right, here are 10 questions to consider asking potential cloud vendors, as well as what to look for in their answers. Asking these questions should be part of the due diligence process in evaluating the security practice of a cloud provider. Getting satisfactory answers will help in the decision-making process of selecting the best provider for you. Request Free! |
5 Essential Steps to Sustainable PCI DSS Compliance
For many companies, Payment Card Industry Data Security Standard (PCI DSS) compliance seems so daunting and complex that they only follow the letter of the regulations, without focusing on the subtle areas that provide the most protection. This eBook describes the five “must-do” steps that help assure the effectiveness of a company's PCI DSS compliance program. Request Free! |
Space Weather Outlook October 19, 2014 at 08:30PM
The FDA are Taking Cybersecurity in Medical Devices Seriously and So Should You
Medical devices are undergoing a technical transformation in terms of software, interconnectivity and interoperability. This increase of function comes with an increase in risk from cybersecurity threats which puts not only the patients with medical devices potentially at risk, but has wider implications for connected digital infrastructure too. The safety, security and privacy of patients must be protected and the providers of software for medical devices must work with regulators and the wider industry to ensure this. Request Free! |
Symantec Intelligence Report: September 2014
Read this report to learn more about:
Request Free! |
Five DLP Tips from Security Executives
This research paper examines the findings from a new study on DLP by Symantec. The goal of the study is to understand how DLP programs impact the effectiveness of security executives, while also protecting corporate data. Request Free! |
SANS Report - Breaches Happen: Be Prepared
This paper describes how to start with improved malware reporting and gateway monitoring and how to combine this output with security intelligence from both internal and external resources. Forward thinking organizations use these and other techniques promoted by frameworks such as the Critical Security Controls. The key is to—as quickly as possible—detect hostile activity, identify and locate affected systems and devices, and respond appropriately. Request Free! |
Protecting Your Website With Always On SSL
This white paper discusses the imperative need for Always On SSL, and the steps you can take to deliver end-to-end protection for your users. It also includes detailed accounts of four organizations – Facebook, Google, PayPal and Twitter – that are leading the way with Always On SSL in a cooperative effort to make the Internet more secure. Request Free! |
Simplify SSL Certificate Management Across the Enterprise
This white paper provides five simple steps for IT professionals to take control of SSL certificates across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these certificates throughout their lifecycle. Request Free! |
Getting Ahead of the Compliance Curve
Compliance is a fast-moving target, and it's getting harder to keep up. In a survey by IT Policy Compliance Group, a consortium dedicated to helping IT security professionals meet policy and compliance goals, 70 percent of all respondents reported being subject to multiple regulatory compliance mandates, as well as contractual obligations and industry standards. Request Free! |
Best Practices for Mobile Application Lifecycle Management
Home-grown enterprise apps improve productivity, business partnerships, customer satisfaction and bottom-line performance. Mobile Application Lifecycle Management (MALM) is the key to ensuring the protection of apps and associated data by integrating security throughout the end to end process. Download this white paper to learn how to address:
Request Free! |