Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cybercriminals compromised the website of an industrial company to conduct a watering hole attack with the goal to collect information on the site's visitors.
Several vendors have joined forces with LogRhythm on a threat intelligence collective designed to provide customers with visibility and insight in order to help them detect sophisticated cyber threats.
Routers provided by many Brazilian Internet service providers (ISPs) to customers use MAC address authentication, instead of wireless security protocols like WEP or WPA.
The Federal Bureau of Investigation acknowledged that it and the US Secret Service were "working to determine the scope of recently reported cyber attacks against several American financial institutions."
Routers produced by China-based networking solutions provider Netis Systems are plagued by a security hole that can be leveraged by an attacker to gain control of the devices.
The National Institute of Standards and Technology (NIST) released today draft guidelines for addressing the security risks posed by the use of Secure Shell (SSH) for automated access.
The Linux Foundation has added a two-factor authentication (2FA) mechanism to the source code repositories housing the Linux kernel in an effort to improve access security for developers.
Facebook has fixed a vulnerability that could have been leveraged to amplify distributed denial-of-service (DDoS) attacks by using the company's own datacenters.
The average peak size of distributed denial-of-service (DDoS) attacks in the second quarter of 2014 increased by 216% compared to the first quarter, according to the latest trends report from Verisign.
The National Security Agency is developing a tool that can detect cyberattacks from an adversary by analyzing Internet traffic and respond automatically, a leaked document showed.

FEATURES, INSIGHTS // Network Security

rss icon

Jason Polancich's picture
Studying a problem from every angle and every level always leads to more practical solutions and quicker (re)action.
Aviv Raff's picture
While the phrase “cyber kill chain” is embedded in the cyber security vocabulary, many enterprises are still not proactive about keeping their assets, data, and reputations safe from bad actors.
Joshua Goldfarb's picture
Conceptually, integrating actionable intelligence is a logical endeavor, though it does contain details requiring specialized skills and technical knowledge. If you can better collect, vet, retain, and leverage intelligence, it will serve you well in the long run!
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Marc Solomon's picture
Organizations need to look at their security model holistically and gain continuous protection and visibility along the entire journey – from point of entry, through propagation, and post-infection remediation.
Tal Be'ery's picture
Defenders should use their "Strategic Depth" to mitigate attacks not on the perimeter but deeper within their network where they can leverage on their strategic advantage.
Torsten George's picture
In order to find the needle in the haystack, it is imperative to have all necessary data available to diagnose the patterns that point to an advanced persistent threat or sophisticated cyber-attack.
Joshua Goldfarb's picture
Understanding the challenges of information sharing up front can help organizations learn from the mistakes of others and build a more successful information sharing program.
Marc Solomon's picture
Data center administrators need technologies that allow them to be as ‘centered’ on security as attackers are on the data center.
Danelle Au's picture
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.