It is an old security methodology to review what is necessary in a Security Strategy: People = we know people can cause security holes, give out security secrets, or perform unknown(and known) security problems… People, Process, Technology = Security strategy
BloombergBusinessweek article 7/17/2014 a. Discusses how Russian hackers infiltrated the NASDAQ network, b. Placed malware on one of the NASDAQ webservers. c. Thus creating a classic “watering hole” attack – where customers of NASDAQ were attacked… Nasdaq Hack teaches network vigilance
Patch Tuesday is the day Microsoft has deemed to give us their vulnerability fixes. It has to be done some time and so it is done on a Tuesday (right after Monday) and still in… Patch Tuesday is here 7/8/14
DARKReading has the highlights of the changes of v3.0 compared with v2.0 SearchSecurity also has a synopsis – with the 5 most important changes: 1. Pentesting (Penetration testing) 2. inventory system components 3. Vendor relationships 4. Antimalware… New PCI DSS v3.0 released Nov 2013
RealclearTechnology has an interesting article (the 4 headings below is my synthesis of the article) It is based out of the Cisco projections (linked in article). #1 issue there will be 4Billion Internet users, and 52%… 4 Future Internet trends and how they affect Security
Since we advocate testing your IT services and devices, what if your organization has cloud services? How about Amazon EC2? AWS compliance keep this in mind. It is as Amazon AWS(Amazon Web Services) says it is… Testing Cloud services
NIST has a computer Security division and they have revamped their The On-line Database: Access and Control policy and procedures There are many good areas to review in this website, including: Don’t forget the home workers: An… National Institute of Standards and Technology (NIST) has new standards
KrebsonSecurity has the story (a good security blog) a 24 year old Viet-Nam (Ngo) national helped create a situation where data from Experian was sold to online identity theft rings. The company Court Ventures helped… Experian – one of the credit reporting agencies was duped
As noted by us-cert.gov there are many methods of taking advantage of SQL injection opening in a website. The real problem is when companies don’t admit to the breaches occuring. At Security magazine they did a survey189,650 respondents:… SQL Injection is a common hacker method to attack
NVD or at the http://nvd.nist.gov/home.cfm NIST is the National Institute of Standards and Technology. NVD contains: 62145 CVE Vulnerabilities 231 Checklists 248 US-CERT Alerts 2862 US-CERT Vuln Notes 10286 OVAL Queries 89128 CPE Names… National Vulnerability Database (NVD)