I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.
One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.
The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?
You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.
The Hash is on the road this week, but while yours truly is flying the friendly skies, the following round-up will keep you in the loop on current events and interesting research. Today's cache includes a unique attack on Microsoft Outlook, using XSS to launch DoS attacks, and a note on the end of Windows XP.
Kaspersky Labs says that nearly 30 percent of all Phishing attacks last year targeted financial institutions, second only to social networking Phishing attack campaigns, which accounted for nearly 36 percent of all attacks of this type.
Encryption is one of the best ways to prevent the type of terrible headaches that many high-profile companies have experienced with stolen data. Even if experienced hackers are able to penetrate a system, having the data encrypted can mean that nothing useful is taken.
Rep. William Keating (D-Mass.), who sits on the House Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee, is calling on the Department of Homeland Security to be more involved in tackling the cybersecurity problem. Insider (registration required)
The terms "Internet of Things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, Prescient Solutions.
Confidential company data can make its way onto mobile devices, where it's no longer under the protection of your toughest network defenses. Does that make your data vulnerable? To find out, review some strategies for preventing data loss on mobile devices.
Trying to protect your expanding virtual machine (VM) empire will require a security product that can enforce policies, prevent VMs from being terminated or infected, and deliver the virtual equivalents of firewalls, IPS and anti-virus solutions.
Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week's RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access -- you have to rethink all types to security to protect data and lives.
How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.