Security Awareness

Security Awareness news, information, and how-to advice

cso cio
Businessman holding holiday gift box 187371991

sony wearables 7915

ISACA survey shows security disconnect for breaches, wearables

Consumers are very much aware of the latest data breaches, but few are changing behaviors, according to a new survey released today. They are also looking forward to getting wearable devices this holiday season, while few companies...

drupal7

Drupal vulnerability blamed for problems at Indiana Dept. of Education

On Monday, Indiana's Department of Education glimpsed the dark side of patch management, after administrators discovered that their website had been defaced. The root cause of the defacement was their vulnerable Drupal installation,...

colored flags

Social Engineers work in teams to harness the power of information

Proving once again that information viewed as harmless can often enable an attacker, the contestants in this years Social Engineering Capture the Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to collect vital...

drupal7

Advisory says to assume all Drupal 7 websites are compromised

If your organization uses Drupal, you might have a serious problem on your hands. On October 15, Drupal urged users to apply an update that fixed a SQL Injection flaw. However, unless that patch was installed within seven hours,...

shellshock
In Depth

Report: Criminals use Shellshock against mail servers to build botnet

Targeting message transfer agents (MTAs), mail delivery agents (MDAs), and spam filters, criminals are using Shellshock as a means to create botnets. The process is slow, but working, thanks to a variety of server software that...

Microsoft sign closeup

Microsoft warns of new Zero-Day attack

On Tuesday, Microsoft issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system, except Windows Server 2003. The software giant also confirmed targeted attacks...

dropbox phishing

Dropbox used for Phishing expedition

Symantec says they've recently uncovered a Phishing scam targeting Dropbox users, where many of the elements needed to complete the scam are being hosted on Dropbox directly. Such a move helps lower resistance and bypass some network...

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

Cisco advises users to lock down WebEx to prevent snooping

A security researcher found potentially sensitive meetings open for anyone to join

derbycon logo

Salted Hash: Live from DerbyCon (Update 2)

Salted Hash is on the road this weekend, taking in the sights and sounds of DerbyCon 4.0. This is the second update form the show, with additional bits of information on Shellshock, the vulnerability that's become all the rage here in...

derbycon logo

Salted Hash: Live from DerbyCon (Update 1)

Salted Hash is on the road this weekend, taking in the sights and sounds of DerbyCon 4.0. With dozens of talks over the next three days, more than a thousand people are expected to attend one of the fastest growing conferences in the...

Binary wireless traffic stream speeding down the street.

Recently introduced TLDs create new opportunities for criminals

Top-level domains are supposed to be a way to focus the Internet. In reality, they've become a boon for registrars, who use them as an up sell and a goldmine for criminals who use them to bypass defenses.

iphone6

Quick tips before you switch to a new iPhone

Millions of people are switching to the latest iPhone this week. But before you trade-up, here's some basic tips to help protect your new device, both at home and at the office.

bitcoin

Old CGI-PHP vulnerability used to spread Bitcoin botnet

In 2012, researchers discovered a flaw in some PHP builds that would enable a remote attacker to execute commands on the server, if PHP was configured as a CGI script (PHP-CGI) at the time. Now, it's being used again to propagate a...

SecuritySymbols

What the symbol you use for security reveals to the people around you

How to consider and select a better symbol to represent you and your approach to security

Hand held over flame

Successful Security Awareness programs hold employees' hands to the fire

Few CSOs and the people responsible for implementing awareness programs are aware of the impact that consequences have on the success of not just an awareness program, but on the entire security program.

nsa sign

Tech groups press Congress to pass USA Freedom Act

As Congress returned from summer recess Monday, several technology and civil rights groups quickly renewed their push for a bill that seeks to put curbs on the bulk collection of phone records and Internet data by the government.

Will bitcoin's creator be unmasked for $12,000?

The anonymous poster wants 25 bitcoins, about $12,000, for the information

Load More