October 2017

• October 31, 2017 31 Oct'17

  Is "responsible encryption" the new answer to "going dark"?

  "Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...  Continue Reading

• October 31, 2017 31 Oct'17

  Google Buganizer flaw reveals unpatched vulnerability details

  A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.  Continue Reading

• October 31, 2017 31 Oct'17

  vulnerability disclosure

  Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that stipulates guidelines for doing so.  Continue Reading

• October 31, 2017 31 Oct'17

  How shared cloud security assessments can benefit enterprises

  Ensuring cloud security is a constant problem that shared cloud security assessments are trying to address. Learn about the benefits of sharing assessments with Nick Lewis.  Continue Reading

• October 31, 2017 31 Oct'17

  The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.  Continue Reading

• October 31, 2017 31 Oct'17

  Deception in the Digital Age

  In this excerpt from chapter five of Deception in the Digital Age, authors Cameron H. Malin, Terry Gudaitis, Thomas J. Holt and Max Kilger discuss phishing and watering hole attacks.  Continue Reading

• October 31, 2017 31 Oct'17

  cyber attribution

  Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.  Continue Reading

• October 30, 2017 30 Oct'17

  Bad Rabbit ransomware data recovery may be possible

  Security researchers found a way to recover data locked by the Bad Rabbit ransomware without paying, and others said money might not have been the driver of the attacks.  Continue Reading

• October 30, 2017 30 Oct'17

  Grossman: Cyberinsurance market is like the 'Wild West'

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature.  Continue Reading

• October 27, 2017 27 Oct'17

  DUHK attack puts random number generators at risk

  News roundup: Researchers find DUHK attacks can get around encrypted communications. Plus, FBI Director Wray criticizes mobile device encryption, and more.  Continue Reading

• October 27, 2017 27 Oct'17

  Warning for Equifax security issues came months before breach

  A security researcher reportedly disclosed a number of Equifax security issues to the company months before the major data breach, and none of the problems were fixed.  Continue Reading

• October 27, 2017 27 Oct'17

  EternalRocks malware: What exploits are in it?

  When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and explains what's lurking inside.  Continue Reading

• October 27, 2017 27 Oct'17

  incident response

  Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.  Continue Reading

• October 26, 2017 26 Oct'17

  Bad Rabbit ransomware attacks planned long ago

  The new Bad Rabbit ransomware spread through Russia and Ukraine, drawing comparisons to NotPetya, and researchers say the attacks were planned for a long time.  Continue Reading

• October 26, 2017 26 Oct'17

  Risk & Repeat: Is vulnerability marketing problematic?

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.  Continue Reading

• October 26, 2017 26 Oct'17

  Google Docs phishing attack: How does it work?

  A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack.  Continue Reading

• October 26, 2017 26 Oct'17

  The art of the cyber warranty and guaranteeing protection

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products.  Continue Reading

• October 26, 2017 26 Oct'17

  Windows XP patches: Did Microsoft make the right decision?

  Microsoft had to make several tradeoffs when developing patches for Windows XP. Expert Nick Lewis explains what these tradeoffs were and how enterprises should respond.  Continue Reading

• October 26, 2017 26 Oct'17

  What's the best career path to get CISSP certified?

  The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified.  Continue Reading

• October 25, 2017 25 Oct'17

  NSA cyberweapons report follows Kaspersky transparency plan

  A Kaspersky transparency initiative and a full code review of its products are on the way, and a new Kaspersky statement explained how NSA cyberweapons were uploaded to its servers.  Continue Reading