Raxis, a leading penetration testing firm, reconstructed a real-world APT attack by Russian hackers on a global bank. A stolen digital certificate and private key resulted in access to almost 100 servers and tens of millions of customer records. Read this whitepaper, Real-world Attack Breaching a Global 100 Bank, to get the details on how you can protect your organization:
Request Free! |
This Blog has Moved!
Raxxis Breach of Global Bank - Real World Attack Case Study
New SANS 20 Updates Require Keys and Certificates to be Protected
Enterprises have an average of almost 24,000 keys and certificates, and 54% of security professional admitted they don’t know where all of their keys and certificates are used. Is your organization ready to meet the new SANS 20 requirements? Download this important SANS 20 Critical Security Control brief to learn how to implement these new requirements and reduce risk:
Request Free! |
Mitigating the DDoS Threat
This white paper covers:
Request Free! |
Space Weather Outlook July 26, 2015 at 09:31PM
Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions
As recent breaches like Target and Neiman Marcus show, payment card information is involved in more security breaches than any other data type. In too many places, sensitive card data is simply not protected adequately. Hacking Point of Sale is a compelling book that tackles this enormous problem head-on. Exploring all aspects of the problem in detail - from how attacks are structured to the structure of magnetic strips to point-to-point encryption, and more – it's packed with practical recommendations. This terrific resource goes beyond standard PCI compliance guides to offer real solutions on how to achieve better security at the point of sale.
Request Free! |
Who's Using Cyber Threat Intelligence
We've seen the “commercialization” of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks. Large botnets are available for rent, allowing attackers to send spam or launch DDoS attacks at will. Many attackers reuse malware and command and control protocols and methods, adapting their “products” over time to keep ahead of the antimalware industry and security professionals. As more and more attacks occur, however, the likelihood increases that some organization or group has seen the attack before. Request Free! |
SANS Analytics and Intelligence Survey
By conducting this survey, SANS had hoped to see more improvements in the use and benefits of security analytics and intelligence. However, security teams are struggling with visibility, and the use of “intelligence” is slipping. Learn more about the information gathered by SANS and understand if you're realizing your threat intelligence investment. Request Free! |
Security Intelligence: Information Sharing Strategies Using Trusted Collaboration
The challenge for the recipient of raw intelligence is validating whether or not the information gathered is accurate and can be used effectively in a timely manner. The results of intelligence collection can be ambiguous at best and often lacks standards; therefore, raw intelligence must go through a number of steps to assess its value. Alternative approaches to data set normalization do exist. Trusted collaboration is a unique approach to security intelligence due to the speed in which intelligence can be reviewed and the diversity of experience within the community to analyze the attack data. Learn more about this new approach to sharing threat intelligence and develop a methodology to measure the effectiveness of your current security infrastructure. Request Free! |
Threat Intelligence: Defeating the Adversary
Many organizations are overwhelmed by the volume of indicators they see daily and can only combat these threats in a reactive manner due to lack of resources. In this presentation, we will discuss threat intelligence, what it is, why it's important, and how to use and leverage your current security investment to help avoid costly breaches and defeat cyber adversaries. Request Free! |
Social Threat Intelligence (STI)
Fascinatingly, enterprise has been slow to embrace community sourcing security intelligence. Trevor Welsh of ThreatStream will present on Social Threat Intelligence (STI). This talk will detail how STI exists today, and how it might exist tomorrow. Trevor will also detail how enterprise can best take advantage of STI in a sensible, secure way. Request Free! |
Are You Asking the Right Questions When Selecting an ERP System?
When selecting an ERP solution it is easy to get lost in the details, but ultimately the decision comes down to two main questions:
Request Free! |
Network Forensics for Attack Mitigation
The network forensics market is set to dramatically expand as increasing numbers of organizations become the victims of malware attacks. Limiting the damage from these incursions, and avoiding potentially crippling losses, are key motivators for businesses of any size. And network forensics offers a powerful set of tools to help companies achieve those goals. Request Free! |
Space Weather Outlook July 20, 2015 at 01:21AM
Rethinking Security: Fighting Known, Unknown and Advanced Threats
Open a newspaper, log onto the Internet, watch TV news or listen to President Obama's recent State of the Union address and you'll hear about another widespread breach. You are not paranoid when you think that your financial data, corporate intelligence and reputation are at risk. They are and it's getting worse. Smart cybersecurity today must include advanced anti-malware at its core. It takes multiple layers of cutting edge technology to form the most effective line of cyberdefense. Download this eBook to learn more. Request Free! |
Future Risks: Be Prepared
When it only takes a single breach to inflict serious damage on your business, defending against the majority of attacks isn't enough. That's why it's best to focus our attention on the most dangerous threats we face, rather than those we face most often. Request Free! |
Endpoint Security for Business: Technology in Action
Thinking you're too small to be of interest is exactly the mindset that cybercriminals are exploiting to launch increasingly sophisticated malware against your business. They know what many SMBs don't: You are a target. Request Free! |
AWS Cloud Security Report for Risk & Security Professionals
Key Takeaways AWS Is Serious About Information Security There has been too much hype about cloud security being different and inherently insecure. Cloud security is no different from other solutions we deploy. Security pros should apply the same security standards to cloud workloads applied to on-premises workloads. In The AWS World, Security Is A Shared Responsibility AWS is not going to secure your applications or software infrastructure for you. AWS’ responsibility stops at the abstraction point between its services and the applications you deploy. It’s up to security and risk pros to engineer the correct security atop AWS. AWS provides key security building blocks, but it’s still your responsibility. AWS Demonstrates Strong Cloud Security Processes and Controls AWS has a very comprehensive security program for its platform. AWS has foundational security controls for its services that enable customers to build secure applications. Where AWS does not have a solution, third parties are working to provide security technology as SaaS and virtual appliances for the AWS environment. Request Free! |
Cloud Security Concerns and the Perceived Effectiveness of Traditional Security Solutions in a Cloud Environment
The report presents research from a survey of high-level security professionals at major North American organizations on their attitudes toward cloud security, key adoption drivers, and the effectiveness of traditional security solutions in cloud environments. Request Free! |
Your Cloud Servers Are Under Attack: How Can You Tell?
Exploding threats and attacks against private, public and hybrid cloud workloads put enormous pressure on enterprises trying to maintain visibility into their compute infrastructure. Traditional security tools simply don’t work well in this dynamic environment. Download this Solution Brief to learn more about gaining visibility into your cloud or virtual infrastructure. Request Free! |
IT Leaders: Have You Done Everything You Can to Prevent a Data Breach?
In this eBook, you will gain valuable insight into who's at risk (the answer might surprise you), and what you can do to protect your organization. Highlights include:
Request Free! |
IT Leaders: Hear Key Takeaways from Recent Disasters and What They Mean for Your DR Plan
Watch now to gain perspective from analysis of recent disasters' costs and lessons, how to prepare using today's technologies, and which technologies will best mitigate disaster outcomes. You can expect answers to questions such as:
Request Free! |
Six Steps to Strong Security for SMBs
Small to Medium Sized Businesses (SMBs) often assume they can escape attacks usually directed at larger businesses. In reality, SMBs can face even greater challenges to network security—from smaller budgets to fewer qualified staff. Since it won't be possible to do everything you want with limited resources, SMBs must look for smarter ways to increase security. By going for quick, easy wins first, a majority of attacks can be prevented. In this white paper, you'll learn how to identify high-risk areas, so you can prioritize your efforts to fend off attack efficiently and cost-effectively. Plus, discover the most important considerations needed for all SMBs to track compliance and identify security gaps. Download the white paper now to learn more about the six steps you can take right now for effective security that reduces risk at your organization. Request Free! |
2015 State of Application Security: Closing the Gap
Despite some agreement, this report outlines the ongoing challenges for both builders and security managers to find ways to work together. Plus, see how this fragile collaboration is further complicated by the rapid development of applications and lack of control over hosting them in the cloud. Download the report now to learn about the issues preventing better engagement between developers and defenders, and get valuable insights into approaches for overcoming these challenges and securing your applications. Request Free! |
Vulnerability Management for Dummies, 2nd Edition
If you are responsible for network security, you need to understand how to prevent attacks by eliminating network weaknesses that leave your business exposed and at risk. Whether your network consists of just a handful of computers or thousands of servers distributed around the world, this newly revised, 6-part eBook will clearly help:
Request Free! |
Space Weather Outlook July 13, 2015 at 12:31AM
Implementing SSL/TLS Using Cryptography and PKI (FREE for a limited time!) Valued at $39.99
If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. Coverage includes:
Request Free! |
Two-Factor Authentication Evaluation Guide
Discover key areas of difference between two-factor authentication solutions and gain insight on concrete criteria for evaluating technologies and vendors with Duo Security's free two-factor evaluation guide. In this guide, you will learn:
Request Free! |
Contemporary Cryptography
Cryptography is an enabling technology (or tool) to secure the information infrastructures we build, use, and count on in daily life. Computer scientists, electrical engineers, and applied mathematicians should care about (and be educated in) the principles and applications of cryptography. Download these slides from Prof. Dr. Rolf Oppliger to help continue your Cryptography research. Request Free! |
Fed Employees, Contractors, and Spouses Identities Compromised
Types of information in the incident involving background investigation records:
- Social Security Numbers
- Residency and educational history
- Employment history
- Information about immediate family and personal and business acquaintances
- Health, criminal and financial history
Some records could also include:
- Findings from interviews conducted by background investigators
- Fingerprints.
- Usernames and passwords used to fill out your forms
This is probably the worst possible data breach for the Federal government, and not because they're going to have to offer credit monitoring for everyone affected.
Noticeably absent from the release is any mention of "who" was responsible for this breach.
Many news sources believe the breach was the work of the Chinese government.
U.S. Senator Sasse believes the database will be used for spy recruitment, and even blackmail, according to Wired.
As a Federal contractor, I'm quite honestly terrified. While the Federal Government is offering identity theft protection, they are taking no steps to protect affected employees and contractors from blackmail attempts - and how could they? At this point, the only way to protect affected employees and contractors would be to give them, as well as their families, a completely new identity. Obviously, with 21.5 million affected individuals, this won't happen.
At the same time, I feel very betrayed, as I'm sure many Federal contractors and employees currently feel. If the Federal government did not take the protection of our personal information seriously, what's to ensure they will do so in the future? This could seriously impact the ability of the Federal government to gain new or retain existing employees or contractors - including myself.
Private sector - now's your chance! There are a lot of disgruntled Federal contractors who will probably jump at a chance to leave, and go somewhere their personal information will actually be protected. Start posting those open positions, and let the mass exodus from Federal contracting begin.
STRATEGIES FOR GUARDING AGAINST HEALTHCARE CYBER THREATS
Emerging cyber threats From 2012-2013, HIPAA data breaches rose 138 percent, with medical-related identity theft accounting for 43 percent of all identity thefts reported in the U.S. in 2013. Medical-device manufacturers are being singled out as the primary target in 2014. The reason for all this unwanted attention is simple: healthcare data is approximately 50 times more valuable on the black market than credit card data because it exposes information such as a person’s height, eye color and other physical characteristics, which can be used to create comprehensive fake identities Healthcare security systems, however, are lagging compared to other industries in addressing this problem. Request Free! |
Space Weather Outlook July 06, 2015 at 01:39AM
How to Overcome the Top 5 Business Vulnerabilities
Establishing a thriving business takes dedication and hard work. But all too often, business owners and managers find themselves too busy working to protect what they've worked so hard for to make time to put in place preventative measures as well. To make sure that more businesses are aware of the risks, Tyco IS listed the top five vulnerabilities business owners face every day. From burglary to vandalism to liability, see how you can tackle the risks with the right strategies. Request Free! |
Three Steps to Prevent Workplace Crime
You know security is a priority – but where do you start? If you're not a security professional, initiating where to first spend your time and money can be the hardest part. In order to get you started, we've consulted the experts. From understanding what you need in a security review to gaining the power to control your entries to simply understanding the general mind of an opportunistic criminal, you can make a big difference in your company's security. Request Free! |
The Case for Mobile Security Management
Since embezzlement and internal theft are leading causes of mid-sized business failure, making sure your company is secure on the inside isn't paranoia – it's smart business. Learn how you can implement simpler security measures with the convenience of your smartphone or tablet. Like never before, you can maximize your most precious non-renewable resource: your time. Give yourself one less thing to worry about and learn how to safeguard your business with your fingertips. Request Free! |
Forrester Research Webinar: The Human Firewall Strengthening Email Security
The numbers are alarming – 91% of hacks begin with an email attack and 23% of phishing emails are opened. Employees, the humans, have always been the weakest link in an IT security strategy. Attackers know this, and prey on them with spear-phishing and social engineering attacks. Listen to guest speaker Nick Hayes from Forrester Research and Steve Malone from Mimecast for insight into how technology and awareness together can strengthen defenses. The webinar covers:
Request Free! |