Security Awareness

Security Awareness news, information, and how-to advice

handing over keys
wordpress dot org

rsa conf 2015

RSAC 2015: RSA Conference (Day 4)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today we're going to talk about passwords.

rsa moscone south

RSAC 2015: RSA Conference (Day 3)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. For this post, we'll examine some recent news.

risk buzzwords

How CISOs can communicate risk to businesses

Veracode’s Chris Wysopal offers a tutorial at RSA on how to communicate risk managment at the C level.

rsa conf 2015

RSAC 2015: RSA Conference (Day 2)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today's post starts with a theme: Shadow IT.

rsa conf 2015

RSAC 2015: RSA Conference (Day 1)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today, we're examining the top hacking techniques of 2014 and...

isis fighter

ISIS online strategies and recruiting techniques

Ira Winkler and Araceli Treu Gomes investigate ISIS’ online activities and recruiting techniques.

Surveys: Employees at fault in majority of breaches

A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.

axis and allies

In a mock cyberattack, Deloitte teaches the whole business how to respond

While security and IT staffers typically are trained on dealing with breaches, staffers in other departments may not always be ready

shrugging woman

What’s next for your awareness program?

You’ve tried phishing simulations and Computer Based Training (CBT), and you still have incidents. You may think your program is successful, or useless. What are you going to do next?

facepalmsecurity

Stupid human security tricks

I have been at this for a long time now. Roughly two decades of working for all sorts of companies, clients and now as a vendor. It has been an an interesting ride. One thing that I did over the years was keep journals. Notebooks...

data cloud

Lost in the clouds: Your private data has been indexed by Google

Each day millions of people across the globe create backups of their files. These backups are supposed to offer a measure of assurance that their files are safe and easily recovered if needed. But that's not entirely true.

Blue bank vault

Sony breach turns bank's focus to users

After the recent wave of high-profile breaches, New Jersey's Provident Bank decided to focus on the fundamentals, with a three-part strategy to educate new hires about security, train existing employees to be vigilant about phishing...

01 stupid title

The things end users do that drive security teams crazy

To protect users from public embarrassment their identities have been withheld in these true stories of failures to follow security protocol.

shoplifting

How to reduce losses caused by theft at POS

Retailers can take steps to try to prevent or at least reduce losses due to theft at point of sale (POS) and shrink.

mongodb

MongoDB tool vulnerable to remote code execution flaw

MongoDB, one of the Web's leading NoSQL platforms, is a popular alternative to table-based relational databases. One of the GUI tools used to manage MongoDB (phpMoAdmin) has a serious vulnerability that, if exploited, allows an...

Survey: Infosec pros under increasing pressure, short-staffed

The majority of security professionals, 54 percent, said they were under more pressure in 2014 than the year before, and 84 percent said they needed more staff, according to a report released today

030415blog hillary clinton checks her email

Why the Hillary Clinton email story is a big deal

A security-only look into why using a personal email address for business communication is an all-around bad idea, regardless if you are a CSO or the Secretary of State (but an extremely bad idea if you are the Secretary of State).

telephone operators 1952

Call recording on: Listen to an actual Microsoft support scam as it happened

The scam starts with a call that warns of problems, and immediately offers to connect you with a Microsoft support staffer. Their goal is to remotely control your system and install malware and rogue anti-Virus software.

Load More