• August 14, 2014 14 Aug'14

    Common bypasses found in mobile application management products

    Crypto failures enable attackers to bypass mobile application management products, according to a researcher, leaving sensitive mobile data unprotected and casting doubts on MAM's value.

  • August 12, 2014 12 Aug'14

    August 2014 Patch Tuesday targets IE security improvements

    Beyond the usual slew of IE security patches, Microsoft's August 2014 Patch Tuesday made a couple of moves to improve the security of its browser.

  • August 12, 2014 12 Aug'14

    PCI audit conflict of interest problems persist

    Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.

  • August 11, 2014 11 Aug'14

    Black Hat 2014 session debuts BadUSB

    Do USB drives pose a major threat to enterprise security? Experts at a recent A Black Hat 2014 session have unveiled a new threat -- dubbed BadUSB -- that could infiltrate your network using common USB devices.

  • August 11, 2014 11 Aug'14

    Need to decrypt CryptoLocker files? Researchers offer help

    A new site gives remaining victims of the CryptoLocker ransomware the private keys needed to decrypt and recover locked files.

  • Sponsored News

    • Is Your Active Directory Cloud Ready?

      Many companies today are considering a move to the cloud. Organizations may believe that a hosted service, such as Office 365, will be easier and or cheaper to maintain than on-prem email. Also, Microsoft and other industry leaders may have influenced a move. Whatever the reason, moving to the cloud isn’t as easy as it appears and results are often mixed if you haven’t adequately prepared your Active Directory. See More

    • Five Top Considerations in Architecting Your Network for the Future

      Network architects have more choices than ever when it comes to data center switches. From emerging categories such as white box switches to new powerful cloud spine switches built on custom chip sets, networks can now be designed with maximum flexibility to address a diverse range of price/performance requirements. See More

    • Examining the Active Directory’s Role in Governance, Risk, and Compliance

      When it comes to governance and compliance, much of the IT staff’s effort is often focused on individual systems. Administrators work meticulously to ensure that mail servers, file servers, database servers, and other resources adhere to both internal security standards and regulatory requirements. The one thing that each of these systems has in common however, is its reliance on Active Directory. First introduced in 2000 as a replacement to the Windows NT domain structure, Active Directory was originally designed to manage network resources. Now, Active Directory works as a centralized authentication and access control mechanism, and consequently plays a vital role in the organization’s overall security. See More

    • FAQ: A Guide to Increasing Automation in Data Center Switching

      By increasing automation in data center networks, IT decision makers can reduce costs and complexity, improve uptime, enhance agility and future-proof their network architectures. The issue is not whether to increase automation, but how to do so most effectively and cost-efficiently. See More

    View All Sponsored News
  • August 08, 2014 08 Aug'14

    Yahoo CISO: Enterprise security companies letting us down

    At Black Hat 2014, Yahoo CISO Alex Stamos decried enterprise security companies' inability to handle scale and system diversity, and called on vendors to seize the opportunity for innovation.

  • August 08, 2014 08 Aug'14

    Black Hat legal panel bemoans vagueness of cybercrime laws

    A Black Hat 2014 panel featuring computer crime legal specialists Marcia Hofmann and Kevin Bankston found much for researchers to fear regarding vague cybercrime laws.

  • August 08, 2014 08 Aug'14

    Hold and catch fire: Debating ethical data breach notification policy

    News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure hasn't followed standard procedure.

  • August 07, 2014 07 Aug'14

    Oracle's data redaction security feature riddled with flaws

    At Black Hat, David Litchfield skewered Oracle and its approach to security while detailing several flaws in a new Oracle database security feature.

  • August 07, 2014 07 Aug'14

    SSC issues PCI compliance checklist for third-party service providers

    The PCI Security Standards Council's new information supplement helps enterprises implement a security assurance program to ensure their third-party service providers meet PCI DSS requirements.

  • August 07, 2014 07 Aug'14

    Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

    At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

  • August 06, 2014 06 Aug'14

    Black Hat 2014: Dan Geer says system dependencies threaten security

    At Black Hat USA 2014, keynote speaker Dan Geer said bounding system dependencies was only hope for managing the risks of complexity.

  • August 06, 2014 06 Aug'14

    EMET 5.0 release offers new ways to block plug-ins

    EMET 5.0, the latest version of Microsoft's zero-day prevention tool, includes several new features, most notably improved ways to block plug-ins like Flash and Java.

  • August 06, 2014 06 Aug'14

    Russian hackers steal over a billion usernames and passwords

    A group of Russian cyber criminals have attacked 500 million email addresses and gained 1.2 billion usernames and passwords.

  • August 04, 2014 04 Aug'14

    'Poweliks' malware variant employs new antivirus evasion techniques

    The file-less 'Poweliks' malware incorporates a unique combination of antivirus evasion techniques involving the Windows registry to remain undetected on victims' machines.