Top

Featured

The Makings of a Great Incident Management Process

December 8, 2017

Via: Michael Boyd

The importance of incident management is increasing. We’ve gotten to the point where every company, regardless of size, needs to have a proper Incident Management Process implemented. Why is it so important?   Simply because no one is exempt from […]


Mobile security, Vulnerabilities

Developers Targeted in ‘ParseDroid’ PoC Attack

December 7, 2017

Via: Threat Post

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. […]


Network security

How the Major Intel ME Firmware Flaw Lets Attackers Get ‘God Mode’ on a Machine

December 7, 2017

Via: Dark Reading

Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip’s firmware can be abused to take control of a machine – even when it’s turned ‘off.’ A recently discovered and now patched vulnerability in […]


Application security

What Does Secure Digital Transformation Mean to You?

December 7, 2017

Via: Security Intelligence

Recently, IBM Security spotlighted the growing importance of digital transformation on our enterprise customer base. In particular, we’ve focused on the importance of IT security as a facilitator for organizations’ successful digital transformation efforts. What Is Digital Transformation? One thing […]


Cyber-crime, Malware

The StorageCrypt ransomware is the last malware in order of time exploiting SambaCry to target NAS Devices

December 7, 2017

Via: Security Affairs

StorageCrypt Ransomware is the last malware in order of time exploiting the SambaCry vulnerability, it was developed to target NAS Devices. Experts discovered a new strain of malware exploiting the SambaCry vulnerability (CVE-2017-7494), it has been called StorageCrypt Ransomware because […]


Vulnerabilities

Android Developer Tools Contain Vulnerabilities

December 6, 2017

Via: Dark Reading

Several of the most popular cloud-based and downloadable tools Android developers use are affected. Android application developer tools Android Studio, Eclipse, and Intellij-IDEA contain vulnerabilities, Check Point researchers revealed in a report today. Android Application Package Tool (APKTool), Cuckoo-Droid service, […]


Network security

Bringing Shadow IT Into the Security Light

December 6, 2017

Via: Security Intelligence

Practically every organization now has an “invisible network,” in addition to its official computer network, consisting of ties to cloud services that IT and security teams know little or nothing about. This invisible network, better known as shadow IT, is […]


Network security

Cybersecurity professionals aren’t keeping up with training

December 6, 2017

Via: CSO Online

I’ve written a lot about the cybersecurity skills shortage lately based upon data from a new research report titled, The Life and Times of Cybersecurity Professionals, a collaborative effort done by ESG and the information systems security association (ISSA). The […]


Network security

What is a botnet? And why they aren’t going away anytime soon

December 6, 2017

Via: CSO Online

Botnets act as a force multiplier for individual attackers, cyber-criminal groups, and nation-states looking to disrupt or break into their targets’ systems. By definition, they are a collection of any type of internet-connected device that an attacker has compromised. Commonly […]


Network security

PayPal’s TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers

December 5, 2017

Via: Dark Reading

PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach. PayPal’s TIO Networks suffered a data breach that may have compromised the personally identifiable information […]