Security Awareness

Security Awareness news, information, and how-to advice

01 stupid title
shoplifting

mongodb

MongoDB tool vulnerable to remote code execution flaw

MongoDB, one of the Web's leading NoSQL platforms, is a popular alternative to table-based relational databases. One of the GUI tools used to manage MongoDB (phpMoAdmin) has a serious vulnerability that, if exploited, allows an...

Survey: Infosec pros under increasing pressure, short-staffed

The majority of security professionals, 54 percent, said they were under more pressure in 2014 than the year before, and 84 percent said they needed more staff, according to a report released today

030415blog hillary clinton checks her email

Why the Hillary Clinton email story is a big deal

A security-only look into why using a personal email address for business communication is an all-around bad idea, regardless if you are a CSO or the Secretary of State (but an extremely bad idea if you are the Secretary of State).

telephone operators 1952

Call recording on: Listen to an actual Microsoft support scam as it happened

The scam starts with a call that warns of problems, and immediately offers to connect you with a Microsoft support staffer. Their goal is to remotely control your system and install malware and rogue anti-Virus software.

five posts

5 steps to incorporate threat intelligence into your security awareness program

Incorporating threat intelligence can significantly improve the effectiveness of your Security Awareness program, if you do it correctly.

paranoid

The paranoid CISO

Just because there is no noise on our security sensors does not mean we are not under attack. Enter the ever-vigilant and paranoid CISO.

7 warning signs of could-be rogue employees

7 warning signs an employee has gone rogue

Trust and IT go hand in hand. Here are the red flags to watch for before you get burned

police inpectors

Who ‘owns’ an investigation into a security breach?

When things go wrong, as they inevitably will in any organization, the way to resolve those problems starts with an effective investigation. But an advisory council says too often those investigations are plagued with confusion and...

ssl secure browser security lock

Is it possible to determine if your Internet connection has been hijacked?

This post will describe the difference between HTTP and HTTPS connections, as well as what it means to you as you're browsing the Web. After that, we're going to talk about things that can impact HTTPS (e.g. Man-in-the-Middle...

google logo

Google scraps annual Pwnium bug-hunting contest

Google is scrapping Pwnium, its annual bug hunting event, and folding it into an existing year-round program in part to reduce security risks. But Tim Willis of the Chrome Security Team wrote in a blog post that the annual event isn't...

power fingerprint

How ‘Power fingerprint’ could improve security for ICS/SCADA systems

Every digital device or system has a power fingerprint. A new company says monitoring that fingerprint in ICS/SCADA systems can detect intrusions or malfunctions in real time. But some experts say that while it will improve security,...

heatlhcare doctor

After the Anthem breach: How we can help secure health data

The Anthem breach may have seemed a baffling or inexcusable security lapse. But once you understand what’s going on in healthcare security and technology right now, you can see why this was inevitable and how we can help prevent such...

Lenovo Y50 gaming laptop

Lenovo says Superfish problems are theoretical, but that simply isn't the case

On Thursday, the world woke to the news that commercial-grade Lenovo PCs were being shipped from the factory with adware pre-installed on the system. Designed to provide a visual shopping experience, the software is insecure and...

Lenovo Y40 Gaming PC

FAQ: How to find and remove Superfish from your Lenovo laptop

Lenovo has shipped consumer PCs with software designed to offer a visual shopping experience, but in reality it's adware that breaks HTTPS online – leaving customers vulnerable to attack and information theft. Here’s how to determine...

ncsb

It’s time for a National Cybersecurity Safety Board (NCSB)

With regards to information security, the Sony breach of 2014 shows that the time has arrived to create a National Cybersecurity Safety Board (NCSB).

lenovo n20p chromebook 3qtr

Lenovo shipping laptops with pre-installed adware that kills HTTPS

Lenovo is in hot water after it was revealed on Wednesday that the company is shipping consumer laptops with Superfish (Adware) pre-installed. Security experts are alarmed, as the software performs Man-in-the-Middle attacks that...

millenials

Millennials becoming known as Generation Leaky

Millennials, who will soon become the largest population group in the workforce, bring high expectations for convenience and collaboration from technology, but little apparent concern about security. That's a major problem, experts...

loose lips might sink ships

Awareness on the cheap

Our manager finds several ways to expand awareness training without breaking the bank.

Load More