 |
Black Hat 2014: How to steal security codes from home alarm systems
For $50 attackers can build a radio device that cracks home alarm systems and other common security devices, Black Hat 2014 attendees will hear this week. A combination of a microcontroller and a single-board computer comprises the device, which can capture and replay codes that make it possible to disable the alarms, according to Silvio Cesare, a researcher at Qualys who will present the talk. + Also on Network World: 10 disturbing attacks at Black Hat USA 2014 |The Black Hat Quiz 2014 +To read this article in full or to leave a comment, please click here Read More
RESOURCE COMPLIMENTS OF: CSO Perspective
Save the Date: Boston-Area CSO Perspectives Conference 9/16
The Boston-area CSO Perspectives Conference is being held on Tuesday, September 16 at the Sheraton Framingham Hotel. At this one-day event, produced by CSO and focused on "Defending Against the Pervasive Attacker," you'll have the opportunity to connect with an extensive network of visionary CSOs, CIOs and business experts. Register now.
WHITE PAPER: Fortinet
NSS Data Center Firewall Test
NSS Labs Product Analysis for Fortinet Data Center Firewall Learn More
PF Chang's hack hit 33 restaurants for 8 months
The hack of credit-card-processing terminals at PF Chang’s hit 33 of the company’s locations across the U.S. and continued for around eight months, the company said Monday.The restaurant chain operator first disclosed a possible hack of its credit- and debit-card-processing system in mid-June, but Monday was the first time it detailed which of its restaurants had been hit.Eight locations had data stolen over an eight-month period from Oct. 19, 2013, until June 11, 2014. Data theft began at a second batch of eight restaurants on Feb. 21, and at another 15 restaurants on April 10, both ending on June 11. At two additional restaurants, theft began on Oct. 19, 2013, and ended on Oct. 26, 2013, and April 10, 2014, respectively.To read this article in full or to leave a comment, please click here Read More
Cloud Security Priorities and Synergies with Enterprise Security
According to ESG research, 63% of mid-market (i.e. 250 to 999 employees) and enterprise (i.e. more than 1,000 employees) are currently using Software-as-a Service (SaaS), 33% use Infrastructure-as-a-Service (IaaS), and 27% employ Platform-as-a-Service (PaaS) today (note: I am an ESG employee). Additionally, 72% of all firms are increasing their spending on cloud computing initiatives this year. Wasn’t IT risk supposed to put the brakes on cloud computing deployment? Security professionals are still quite concerned. In a recent ESG research survey, infosec pros identified numerous cloud security risk areas as follows: 33% of enterprise security professionals said: “a lack control over security operations directly related to IT resources used for internal purposes.” 31% of enterprise security professionals said: “privacy concerns over sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider.” 29% of enterprise security professionals said: “lack of security visibility into cloud services infrastructure.” 28% of enterprise security professionals said: “a security breach that compromises our cloud service providers’ infrastructure.” 27% of enterprise security professionals said: “poor infosec practices at our cloud service provider(s).” These are clearly legitimate concerns (the kind that keep CISOs up at night!), yet it seems like the proverbial horse has left the barn on cloud computing. Enterprise organizations may be proceeding with caution, but they are proceeding nonetheless. To read this article in full or to leave a comment, please click here Read More
: AT&T
Developing a Smart Approach to SMAC Security
In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly difficult task of protecting corporate data. Read on to learn about the issues surrounding data protection today and the strategies you can use to help protect your organization. Learn More
10 Social Media Certifications and Classes to Advance Your Career
While some social media masters may have learned their trade on the streets, formal training and education is a safer bet for the rest of us. To help you stay on course, here are some of the top certification programs and classes to advance your career in social media today. Read More
Cisco patches traffic snooping flaw in operating systems used by its networking gear
The vulnerability affects the OSPF routing protocol implementation on Cisco networking equipment Read More
WHITE PAPER: HP
Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More
Mozilla warns of leaky developer network database
Mozilla’s website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday.Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations, and Joe Stevensen, operations security manager in a blog post. Mozilla is notifying those affected.No malicious activity on the affected server was detected, but that does not mean the data wasn’t accessed, they wrote.To read this article in full or to leave a comment, please click here Read More
Most 'hackable' vehicles are Jeep, Escalade, Infiniti and Prius
Charlie Miller and Chris Valasek will present Remote Automotive Attack Surfaces at Black Hat, but you don’t have to wait for their talk to learn which vehicle models are the most secure and the least secure from attacks. Abdullah AlBargan 2015 Cadillac Escalade interiorTo read this article in full or to leave a comment, please click here Read More
Anticipating Black Hat
RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.Now Black Hat is an interesting blend of constituents consisting of government gum shoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on: Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations. The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in. Threat intelligence. All of the leading infosec vendors (i.e. Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse. Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e. 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics. Las Vegas is simultaneously one of the most fun and banal places on earth, but next week it will become a hotbed of cybersecurity intrigue, intelligence, and brainpower. It’s likely to be 115 degrees in the shade, but I can’t wait to get there. To read this article in full or to leave a comment, please click here Read More
| |
No comments:
Post a Comment