January 2017

• January 17, 2017 17 Jan'17

  Gmail phishing campaign uses real-time techniques to bypass 2FA

  Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time.  Continue Reading

• January 17, 2017 17 Jan'17

  How does USBee turn USB storage devices into covert channels?

  USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack.  Continue Reading

• January 17, 2017 17 Jan'17

  Stop app attacks with a web application firewall

  Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF.  Continue Reading

• January 17, 2017 17 Jan'17

  Managing vulnerable software: Using data to mitigate the biggest risks

  Three pieces of vulnerable software are most targeted by the exploit kits studied in a Digital Shadows report. Expert Nick Lewis explains how your enterprise can manage them.  Continue Reading

• January 16, 2017 16 Jan'17

  How do man-in-the-middle attacks on PIN pads expose credit card data?

  Passive man-in-the-middle attacks on PIN pads can lead to attackers stealing credit card details. Expert Nick Lewis explains how companies can mitigate these attacks.  Continue Reading

• January 16, 2017 16 Jan'17

  security

  Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats.  Continue Reading

• January 13, 2017 13 Jan'17

  Microsoft privacy tools give users control over data collection

  New Microsoft privacy tools will give users control over the data collected on the web and within Windows. Experts hope the tools will offer data privacy transparency.  Continue Reading

• January 13, 2017 13 Jan'17

  St. Jude Medical finally patches vulnerable medical IoT devices

  News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.  Continue Reading

• January 12, 2017 12 Jan'17

  Google Cloud KMS simplifies the key management service, but lacks features

  Experts are impressed with the simplicity of Google's Cloud KMS even if it doesn't separate itself from the key management service competition.  Continue Reading

• January 12, 2017 12 Jan'17

  What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.  Continue Reading

• January 12, 2017 12 Jan'17

  Risk & Repeat: CES Cybersecurity Forum tackles passwords, IoT

  In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.  Continue Reading

• January 11, 2017 11 Jan'17

  Insider threat detection tools that sniff out dangers from within

  Learn about the insider threat detection tools that can zero-in on anomalous user behavior. Malicious or accidental, the insider threat is one of the most dangerous and costly to companies.  Continue Reading

• January 11, 2017 11 Jan'17

  Tackle IT threats that originate inside your company

  IT threats are tough to tackle when they originate from within your business. This technical guide considers that issue and offers ways to deal with insider security threats.  Continue Reading

• January 11, 2017 11 Jan'17

  Are bug bounty programs secure enough for enterprise use?

  The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties.  Continue Reading

• January 11, 2017 11 Jan'17

  Insecure MongoDB configuration leads to boom in ransom attacks

  Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk.  Continue Reading

• January 10, 2017 10 Jan'17

  January Patch Tuesday sparse before Windows security updates change

  Microsoft offers up a meager January 2017 Patch Tuesday release before bigger changes planned for Windows security update announcements, which are set to take effect in February.  Continue Reading

• January 10, 2017 10 Jan'17

  Insider Edition: Attaining security for IoT, through discovery, identity and testing

  Ever since the internet of things became a "thing," the potential for abuse has been well documented; how best to achieve security for IoT is not yet clear. This Insider Edition of Information Security magazine tackles that second ...  Continue Reading

• January 10, 2017 10 Jan'17

  How to maintain digital privacy in an evolving world

  Protecting a user's digital privacy across different technologies requires a plethora of tools. Expert Matthew Pascucci explores the different ways to protect sensitive data.  Continue Reading

• January 10, 2017 10 Jan'17

  What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.  Continue Reading

• January 10, 2017 10 Jan'17

  Privileged access management and security in the enterprise

  This Security School explores the important steps enterprises need to take when managing privileged access accounts to prevent credential abuse and security incidents.  Continue Reading