• June 24, 2015 24 Jun'15

    Growing threats make security vulnerability management essential

    At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.

  • June 23, 2015 23 Jun'15

    Adobe releases emergency Flash zero-day patch

    Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.

  • June 23, 2015 23 Jun'15

    Study: government compliance-based vulnerability remediation is failing

    In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.

  • June 23, 2015 23 Jun'15

    NIST guidance: Better security from federal contractors

    With the recent OPM breach raising questions about the security of federal data within the government, NIST has issued new guidelines in order to secure data stored by federal contractors outside government facilities.

  • June 23, 2015 23 Jun'15

    Watters: 'Cyber officers' are now risk officers for businesses

    More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.

  • Sponsored News

    • RAND Model Quantifies Staying Power of Security Technologies

      When you estimate the ROI of a new security technology, you usually assume that it will provide the same value year after year. But the RAND Corporation has developed a sophisticated new model of the costs and benefits of cybersecurity which has produced a surprising result. See More

    • Is Your Active Directory Cloud Ready?

      Many companies today are considering a move to the cloud. Organizations may believe that a hosted service, such as Office 365, will be easier and or cheaper to maintain than on-prem email. Also, Microsoft and other industry leaders may have influenced a move. Whatever the reason, moving to the cloud isn’t as easy as it appears and results are often mixed if you haven’t adequately prepared your Active Directory. See More

    • Top 4 Reasons Why Security and Networking Are Coming Together

      Until recently cybersecurity and networking could be treated as separate domains, with different devices, different management tools and different staffs. But that approach won’t fly today. This paper discusses why security needs to be integrated into networking equipment, monitoring and management. See More

    • Examining the Active Directory’s Role in Governance, Risk, and Compliance

      When it comes to governance and compliance, much of the IT staff’s effort is often focused on individual systems. Administrators work meticulously to ensure that mail servers, file servers, database servers, and other resources adhere to both internal security standards and regulatory requirements. The one thing that each of these systems has in common however, is its reliance on Active Directory. First introduced in 2000 as a replacement to the Windows NT domain structure, Active Directory was originally designed to manage network resources. Now, Active Directory works as a centralized authentication and access control mechanism, and consequently plays a vital role in the organization’s overall security. See More

    View All Sponsored News
  • June 19, 2015 19 Jun'15

    Apple sandbox flaws allow password stealing, communication interception

    News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.

  • June 17, 2015 17 Jun'15

    Samsung vulnerability affects up to 600 million Android devices

    A flaw in the default keyboard found on many Samsung Galaxy Android devices may leave as many as 600 million devices at risk for a man-in-the-middle attack.

  • June 16, 2015 16 Jun'15

    New Android Security Rewards program aims for end-to-end improvements

    Google launches new Android Security Rewards program that goes beyond traditional bug bounties and offers monetary rewards for security development.

  • June 15, 2015 15 Jun'15

    White House pushes government cybersecurity changes

    As the estimated number of current and former federal employees affected by the OPM data breach triples, the White House pushes new government cybersecurity changes to avoid another breach.

  • June 12, 2015 12 Jun'15

    Gartner: IoT security is all about physical safety and data handling

    Gartner predicts that by 2020 the rise of the Internet of Things will have far reaching effects on information security, including IoT security forcing better planning in physical safety and data handling.

  • June 12, 2015 12 Jun'15

    White House, Apple join the fight for HTTPS encryption

    News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?

  • June 11, 2015 11 Jun'15

    Dark Web scanner promises to cut data breach detection time to seconds

    As the focus of security moves to detection and response, a new product aims to find stolen corporate data within seconds or minutes of a data breach occurring by crawling the dark Web, but one expert questions the need for such a product.

  • June 11, 2015 11 Jun'15

    FIDO Alliance gains momentum, adds government support

    Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.

  • June 11, 2015 11 Jun'15

    Duqu malware makes a comeback and infiltrates Kaspersky systems

    The first strain of Duqu malware was found in late 2011. Now three and a half years later, Duqu 2.0 has emerged and is exploiting as many as three zero-day vulnerabilities in a new attack campaign.

  • June 11, 2015 11 Jun'15

    From the frontlines: Horror stories on information breach response

    Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.