Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
According to researchers at Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against a customers’ VPN appliance and hijacked multiple active user sessions.
Attackers are shifting away from traditional botnet-based distributed denial of service attacks in favor of other techniques to launch larger attacks, Akamai Technologies said in its latest report.
Officials at the Justice Department and FTC said they issued formal guidance telling companies that there would be no antitrust issues from the sharing of technical information about cyber attacks, malware or similar threats.
According to Mandiant’s M-Trends report, organizations are discovering breaches in their networks faster, but still not nearly soon as they must in order to contain damage and prevent loss of sensitive data.
The Heartbleed vulnerability is "catastrophic” for SSL and Internet security, Bruce Schneier, told SecurityWeek. “On the scale of 1 to 10, this is an 11,” he said. Here is what organizations need to know and what actions they should take.
Defense.Net is a startup providing DDoS mitigation as a service. SecurityWeek sat down with CTO and Founder Barrett Lyon to discuss the security startup.
AT&T is offering a new cloud-based security solution designed to protect customers against malware and malicious websites while offering security policy control across enterprise, web, social and mobile networks.
Entrust launched a new cloud-based service that consolidates the management of digital identities, SSL certificates and credentials via a single solution platform.
Bradford Networks, a provider of threat response solutions, unveiled a new offering designed to help organizations rapidly contain advanced cyber threats.
A plan unveiled last month would see the US relinquish its key oversight role for the Internet, handing that over to "the global multi-stakeholder community."
- 1 of 62
- ››
FEATURES, INSIGHTS // Network Security
The shaping of the threat intelligence management market is critical to its success, and there is much confusion about the very term “threat intelligence.” I am a firm believer that intelligence is a process, not an individual thing, and that Intelligence is not “done.” It is “created.”
Security practitioners have long had a love-hate relationship with automation, and for good reason.
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
As enterprises become increasingly focused on security, it’s important to take an honest look not just at what security measures are in place, but how they are really used.
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
The most advanced technology in the world is only as good as the people and systems behind it. Otherwise your sophisticated security device is nothing more than a paperweight.
Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do.
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
The energy sector requires an approach to cybersecurity that doesn’t rely exclusively on air gaps or point-in-time detection tools but addresses the full attack continuum – before, during, and after an attack.
- 1 of 25
- ››
Subscribe to SecurityWeek
- Security is a Marathon
- Brazil Passes Trailblazing Internet Privacy Law
- NIST Pulls Dual_EC_DRBG Algorithm from Random Number Generator Recommendations
- DDoS Attacks Prove Costly, Could Top 800 Gbps in 2015: Research
- Cyber Risks Can Cause Disruption on Scale of 2008 Crisis: Study
- Attacks Targeting Cloud Hosting Providers Rise: Alert Logic
- 2014 SecurityWeek Golf Classic to Take Place May 22 at Half Moon Bay
- Cisco Unveils New Managed Threat Defense Service
- Cyber Attack Exercise Reveals Information Sharing Struggles in Healthcare Industry
- CrowdStrike Releases Heartbleed Scanner
Copyright © 2014 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use