Security Awareness

Security Awareness news, information, and how-to advice

parking lot shadowy figure
businessman meditating

01 the year ahead

The biggest challenges faced by CIOs/CISOs heading into 2015

As the year winds to a close, CIOs and CISOs are faced with a number of challenges heading into 2015. CSO recently heard from several experts about the topic, each offering their opinion on what they feel would be the most important...

2014 12 05 cso which story

Which security story are you telling?

Getting buy-in and support from other leaders comes from connecting. Popular advice suggests using a story. Use the right story built on 3 essential elements.

oops keyboard

Do you create stupid users?

A week doesn’t go by where we read about some attack that is precipitated by bad user actions.

security threat prevention

There is no substitution for in-house security professionals

oday, Security is a cost of doing business and we cannot effectively protect our organizations from the advanced capabilities of the criminals with just technology controls and consultants.

e-gic / vaporizer batteries from joyetech

FUD: E-Cig chargers said to be delivering malware

There was a headline in The Guardian on Friday, related to two topics that interest me personally: malware and vaping. The story is sensationalist, promoting FUD to a growing segment of the population already inundated by false claims...

cso cio

How CSOs can help CIOs talk security to the board

CIOs aren’t necessarily security experts, but that doesn’t mean they can’t speak intelligently to the company’s board of directors. The key is getting a little coaching from the CSO about how and what to communicate.

Businessman holding holiday gift box 187371991

Raising awareness quickly: Holiday tips and tricks

The holidays are here. From now until the end of the year, the retail sector will see a business boom, while organizations both large and small deal with staffers who opt to become part of the shopping rush.

sony wearables 7915

ISACA survey shows security disconnect for breaches, wearables

Consumers are very much aware of the latest data breaches, but few are changing behaviors, according to a new survey released today. They are also looking forward to getting wearable devices this holiday season, while few companies...


Drupal vulnerability blamed for problems at Indiana Dept. of Education

On Monday, Indiana's Department of Education glimpsed the dark side of patch management, after administrators discovered that their website had been defaced. The root cause of the defacement was their vulnerable Drupal installation,...

colored flags

Social Engineers work in teams to harness the power of information

Proving once again that information viewed as harmless can often enable an attacker, the contestants in this years Social Engineering Capture the Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to collect vital...


Advisory says to assume all Drupal 7 websites are compromised

If your organization uses Drupal, you might have a serious problem on your hands. On October 15, Drupal urged users to apply an update that fixed a SQL Injection flaw. However, unless that patch was installed within seven hours,...

In Depth

Report: Criminals use Shellshock against mail servers to build botnet

Targeting message transfer agents (MTAs), mail delivery agents (MDAs), and spam filters, criminals are using Shellshock as a means to create botnets. The process is slow, but working, thanks to a variety of server software that...

Microsoft sign closeup

Microsoft warns of new Zero-Day attack

On Tuesday, Microsoft issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system, except Windows Server 2003. The software giant also confirmed targeted attacks...

dropbox phishing

Dropbox used for Phishing expedition

Symantec says they've recently uncovered a Phishing scam targeting Dropbox users, where many of the elements needed to complete the scam are being hosted on Dropbox directly. Such a move helps lower resistance and bypass some network...

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

Cisco advises users to lock down WebEx to prevent snooping

A security researcher found potentially sensitive meetings open for anyone to join

derbycon logo

Salted Hash: Live from DerbyCon (Update 2)

Salted Hash is on the road this weekend, taking in the sights and sounds of DerbyCon 4.0. This is the second update form the show, with additional bits of information on Shellshock, the vulnerability that's become all the rage here in...

derbycon logo

Salted Hash: Live from DerbyCon (Update 1)

Salted Hash is on the road this weekend, taking in the sights and sounds of DerbyCon 4.0. With dozens of talks over the next three days, more than a thousand people are expected to attend one of the fastest growing conferences in the...

Load More