Tech Republic Security
MAY 15, 2017
United Airlines recently alerted staff that cockpit access codes has been posted online, raising concerns about the chain of ownership for sensitive data.
Scary Beasts Security
MAY 19, 2017
Overview *bleed attacks are hot right now. Most notably, there's been Heartbleed and Cloudbleed. In both cases, out-of-bounds reads in server side code resulted in private server memory content being returned to clients. This leaked sensitive secrets from the server process' memory space, such as keys, tokens, cookies, etc. There was also a recent client-side bleed in Microsoft's image libraries , exposed through Internet Explorer.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy and Cybersecurity Law
MAY 17, 2017
The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. […].
Penetration Testing
MAY 15, 2017
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility.... The post Empire 5.8.1 releases: PowerShell & Python post-exploitation agent appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 15, 2017
The Federal Trade Commission recently announced new efforts to end scams that target consumers through fake security alerts. Here's how to spot them and stay safe.
Scary Beasts Security
MAY 19, 2017
Overview In my previous post on Yahoobleed #1 (YB1) , we saw how an uninitialized memory vulnerability could lead to disclosure of private images belonging to other users. The resulting leaked memory bytes were subject to JPEG compression, which is not a problem for image theft, but is somewhat lacking if we wanted to steal memory content other than images.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 16, 2017
Despite understanding the risks, a majority of CEOs and business decision makers do not adhere to enterprise security practices, according to a new survey from Code42.
Tech Republic Security
MAY 15, 2017
mSecure assists Apple, Windows, and Android users in securely managing passwords across various devices, though some syncing features are not included in the latest release. Erik Eckel explores why.
Tech Republic Security
MAY 18, 2017
Check out researchers' password meter on GitHub to see how the open source web app determines a password's strength and then uses data-driven feedback to make it stronger.
Tech Republic Security
MAY 18, 2017
Ransomware got you down? There's a solution that could save you from dealing with this issue ever again. That's right. It's Linux.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 19, 2017
Protonmail CEO Andy Yen explains how government backdoors and zero day exploits made the British hospital system, SMBs, and enterprise organizations vulnerable to the WannaCry exploit.
Tech Republic Security
MAY 16, 2017
Chances are, you've heard these tips before. But as recent news stories indicate, reminders about online security are never a bad thing.
Tech Republic Security
MAY 17, 2017
The WannaCrypt ransomware exploit is wreaking havoc around the world. This is a first-hand perspective of how one company kept the threat under control.
Tech Republic Security
MAY 15, 2017
Security experts argue there would be unintended consequences were Microsoft to provide critical security updates to old operating systems.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MAY 15, 2017
Known (and trusted) insiders can pose an even bigger security threat than faceless hackers. Learn how to reduce associated risks.
Tech Republic Security
MAY 15, 2017
Firepower Threat Defense is the latest iteration of Cisco's Security Appliance product line. This article explains the steps required to migrate an existing Cisco ASA with FirePOWER services to the new Firepower Threat Defense image.
Tech Republic Security
MAY 15, 2017
Google has announced a significant change to Android that is intended to make pushing updates easier for device manufacturers.
Tech Republic Security
MAY 15, 2017
Morrison Foerster's John Carlin, a former DOJ employee, said that business leaders must own the risks associated with their business and champion cybersecurity efforts.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MAY 15, 2017
Everything in an email can be faked. Hackers and cybercriminals rely on identity deception to fool employees. Agari CTO John Wilson explains how to restore trust to the inbox.
Tech Republic Security
MAY 15, 2017
Brian Vecci, technology evangelist at Varonis, spoke with TechRepublic about how businesses don't fully understand how ransomware behaves, and whether or not their security is adequate.
Tech Republic Security
MAY 16, 2017
Morrison Foerster's John Carlin, a former Department of Justice employee, spoke with TechRepublic about the concept of blended threats, and what businesses can learn from them.
Tech Republic Security
MAY 19, 2017
The WannaCry ransomware attack of the past week has been brutal, and while it has been temporarily stopped experts say it will probably come back. Here's a list of some of the biggest victims so far.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Scary Beasts Security
MAY 17, 2017
Introduction Back in 2014, while at Project Zero, I exploited a buffer overflow of a single NUL byte in glibc. Tavis Ormandy had found the interesting glibc vulnerability but there was skepticism in the Linux community that this was exploitable. The only thing to do was to write an exploit. (Was this really 3 years ago? How time flies!) As part of warming up to write the exploit, I created a few sample test C files which explored different interesting glibc malloc() side effects after an off-by-
Tech Republic Security
MAY 16, 2017
Cyberbit builds cybersecurity solutions for military, government, and enterprise organizations. CEO Adi Dar details the best practices for threat intelligence sharing and the repercussions of delayed threat detection.
Tech Republic Security
MAY 16, 2017
TechRepublic caught up with MÃ¥rten Mickos, CEO of HackerOne, who runs a bug bounty program, to learn about the most common security issues that are threatening AI systems and how to secure them.
Tech Republic Security
MAY 15, 2017
John Carlin, of Morrison Foerster, said that businesses need to know about partnerships between cyber attackers and terrorists and how they, and the growth of IoT, will change security.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MAY 16, 2017
Several of HP's laptops have a keylogging problem: The audio driver is actually saving every press you make to an unsecured log file.
Tech Republic Security
MAY 17, 2017
The answer is not simple
Scary Beasts Security
MAY 15, 2017
Introduction Before we get into it, let's start by stating that the progression of memory corruption mitigations over the years has been intensely valuable. The progression of mitigations continues to make exploiting bugs harder and more time consuming. The pool of people who have both the skill and commitment to exploit any given bug (either reliably or at all) is shrinking.
Tech Republic Security
MAY 16, 2017
The internet can be a threatening place. Follow these tips and stay safe out there.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
166 
Let's personalize your content