Attackers typically use one of three common techniques to compromise SAP systems at the application layer: pivoting, portal attacks, and database warehousing, according to researchers from application security firm Onapsis. [Read More]
Analysis of the Naenara Browser, a version of Mozilla Firefox modified by North Korea and bundled into Red Star OS, shows the DPRK may be funneling all traffic through one—or a handful—of public IP addresses. [Read More]
A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack merchant accounts. A different flaw could have been leveraged to gain access to buyers' details. [Read More]
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.