Security Experts:

Security Infrastructure
long dotted


ICS-CERT issued an updated warning about an ongoing attack campaign against critical infrastructure companies.
A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack merchant accounts. A different flaw could have been leveraged to gain access to buyers' details.
Vectra Networks has made some improvements to its real-time threat detection platform to help organizations protect their networks against insiders and targeted attacks.
Researchers have uncovered several vulnerabilities in the admin panel of InfiniteWP, a free application that allows WordPress website administrators to control multiple installations from a single dashboard.
Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported.
Fortinet has launched four new “Rugged” products purpose-built to meet the demanding standards industrial networks that operate in harsh physical environments.
BIND, the most widely used Domain Name System (DNS) software, has been updated to address several remotely exploitable vulnerabilities.
Communications encrypted with the transport layer security (TLS) protocol are also vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks, according to researchers.
DB Networks, a company focused on database security solutions, today announced that it has raised $17 million in new funding led by Grotech Ventures.
Microsoft argued Monday in a court brief that an order requiring it to give US prosecutors data stored in Ireland could "put all of our private digital information at risk."

FEATURES, INSIGHTS // Security Infrastructure

rss icon

James McFarlin's picture
If North Korea is connected to the Sony attacks, it would be an archetypal example of such a weaker state using cyber operations to level the playing field in potential confrontations with the United States.
Rebecca Lawson's picture
Moving towards an adaptive and automated way of applying intelligence based on behavior and heuristics is clearly moving in the right direction to enable a more actionable and relevant set of controls.
David Maman's picture
Through simple planning and forethought, organizations can ensure their databases not only meet compliance requirements, but will remain secure.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Jason Polancich's picture
Starting your own private ISAC is easier and more important long-term than you might think.
Nate Kube's picture
When designing for the OT environment, we should review outdated paradigms, and consider newer technologies and the operational realities of the environment.
Travis Greene's picture
Just as automation is applied to the process of Access Certification, the process of revocation needs automation to deliver an Access Governance program that not only satisfies compliance mandates, but actually reduces risk.
Pat Calhoun's picture
A faster, poorly secured network can actually accelerate the spread of APTs, while building protection against threats can slow down networks.
David Holmes's picture
Since its inception, SSL has been plagued by “man-in-the-middle” attacks, and in the past the twenty years, only slight progress has been made toward properly defending against it.
Joshua Goldfarb's picture
Is budget a good metric for security? In other words, if an organization wishes to improve its security posture, is spending more money an appropriate response?