Expert analysis
ISO 27001 standard: Breaking the documentation myth
Dejan Kosutic is the founder of the Information Security & Business Continuity Academy. In this interview he discusses the future of compliance, ISO 27001 documentation, …
User activity monitoring revealed
In this interview, Matthew Ulery, Director of Product Management with NetIQ, discusses the challenges related to user activity monitoring. He talks about the various methods, …
What makes a good unified database security solution?
The rise of hacktivism that went beyond defacing websites and concentrated on stealing information and leaking it has made it clear that most attackers go right for the …
The dangers of NOT passing cybersecurity legislation in 2012
According to the U.S. Government, cyber-security protection of critical infrastructure is a national priority. With 85 percent of the nation’s critical infrastructure …
Vulnerabilities in open source WAF ModSecurity
During our research of web application firewall evasion issues, we uncovered a flaw in ModSecurity that may lead to complete bypass of the installed rules, in the cases when …
Product pitch: Entrust IdentityGuard
In this podcast, Mike Moir, Product manager with Entrust, talks about Entrust IdentityGuard, an award-winning software authentication platform that helps financial …
Lessons learned from cracking 2 million LinkedIn passwords
Like everyone this week, I learned about a huge file of password hashes that had been leaked. The 120MB zip file contained 6,458,020 SHA-1 hashes of passwords for end-user …
Make your pentester work harder for his money
In this video recorded at Infosecurity 2012, Wolfgang Kandek, CTO at Qualys, talks about their recent research dealing with Java. Many modern exploits use Java as a stepping …
How fraudsters are disguising PCs to fool device fingerprinting
Cybercriminals know that financial and ecommerce providers often use fraud detection systems that monitor for anomalous transactions and behaviors. In order to bypass these …
Passing the internal scan for PCI DSS 2.0
Merchants subject to Payment Card Industry Data Security Standard (PCI DSS) rules are often blindsided by DSS changes, arrival of new payment technologies, and newly emerging …
Gamers increasingly under attack
In this video, Christopher Boyd, Senior Threat Researcher at GFI Software, talks about how scammers increasingly target gamers and gaming databases because of valuable …
When syncing sinks your browser
Google Chrome’s most recent version (v19) introduced a “tab sync” feature. When inspecting this feature from a security perspective we realized that a new …
Featured news
Resources
Don't miss
- Vulnerable firmware for Gigabyte motherboards could allow bootkit installation
- AsyncRAT evolves as ESET tracks its most popular malware forks
- Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech
- Securing vehicles as they become platforms for code and data
- How service providers can turn cybersecurity into a scalable MRR engine