Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Researchers say they have identified several vulnerabilities in Google App Engine for Java, including ones that can be leveraged for a complete sandbox escape.
Researchers have uncovered a total of 20 security holes in Zenoss Core, the free, open-source version of the application, server, and network management platform Zenoss.
VMware has released software updates to address a series of vulnerabilities affecting the company's popular vSphere virtualization platform.
A new type of CAPTCHA system introduced by Google is efficient in preventing spam and abuse, and makes it easy for users to verify that they are human.
ThreatStream, a security startup that offers a SaaS-based cyber security intelligence platform, announced that it has raised $22 million in a series B funding round led by General Catalyst Partners.
OpenDNS unveiled a new security platform and APIs designed to enable security vendors to integrate with OpenDNS’s network and extend their threat protection across any device in any location.
A major distributed DDoS attack was launched against a customer of Florida-based DNS provider DNSimple which peaked at 25 Gbps and 50 million PPS.
The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
According to a study conducted by EMC, enterprises employing more than 250 people lost a total of $1.7 trillion in the past year due to downtime and data loss.
A new version of OpenVPN was released to address a critical denial-of-service (DoS) vulnerability (CVE-2014-8104) that can be exploited to cause servers to crash.

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Tal Be'ery's picture
Passwords needs to be strong enough to resist a guessing attack, often named a "Brute-force" attack. The brute-force attack comes in two flavors: online and offline.
David Maman's picture
Moving sensitive data into the hands of third-party cloud providers expands and complicates the risk landscape in which companies operate every day.
Pat Calhoun's picture
A growing number of corporate IT and security personnel have something in common with extreme athletes: they take unnecessary security risks.
Scott Gainey's picture
Panic triggers a response that often leads to potentially catastrophic mistakes. Those mistakes come as we grasp for short-term fixes that give us a stronger sense of control, but don’t take long term consequences into account.
Eddie Garcia's picture
By default, Hadoop is not secure and simply trusts that users are who they say they are. Within real business use cases, especially when confidential and sensitive data sets are involved, restricting access to only authorized users is critical.
Nate Kube's picture
I would like the OT security community to move away from asking what can we do to gain greater adoption of a greenfield IT security model and instead ask how we can gain demonstrable gains in OT security posture more efficiently.
Scott Simkin's picture
As more organizations build applications other than Web and corporate email into the course of their business, adversaries are taking note and adjusting their tactics.
Joshua Goldfarb's picture
Because of the large volume of even the highest priority alerts, analysts are not able to successfully review each event. And with a large number of false positives, analysts become desensitized to alerts and do not take them seriously.
Jason Polancich's picture
Sharing threat information, analysis and expertise within your “extended family” can be very valuable to establishing the kind of early warning system that is the promise of cyber information sharing to begin with - and without most of the risks.
Jon-Louis Heimerl's picture
We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.