Author: nlqip
The CISO can use these techniques to adjust the appropriate subsystems to move and maintain interactions to the desired level. Let’s unpack an example of doing this. Here’s a common security problem: applications and data are spread around everywhere—on the local networks, on laptops at home, on personal machines, on mobile devices, and in…
Read MoreIf Shakespeare were alive today (and blogging), he might have written about the latest vulnerability to sweep the Internet by pointing out: Hath not the cloud interfaces, code, logic, data? Accessed with the same protocols, exploited with the same weapons, subject to the same vulnerabilities, mitigated by the same solutions, patched by the same methods…
Read MoreBut that’s not the worst news coming out of this survey. No, not by any stretch of the imagination is that the bad news. Sit down and strap in, because it gets much worse. In spite of pushing vulnerable applications into production (and into the hands of consumers), a staggering 44% admitted they aren’t doing anything to…
Read MoreRecapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound! Source link lol
Read More“Managing” vulnerabilities is an endless effort that is only truly noticed when it fails. More often than not, the constant debate over which vulnerabilities get prioritized for remediation is decided based on likelihood of exploit, followed by impact, and level of effort to fix. The typical result is that low- and medium-grade vulnerabilities get de-prioritized—in…
Read MoreUnfortunately, the term “fake news” is now an everyday expression, especially in the political arena. However, accusations of fake news have been around for at least half a century, notably rising in prominence in tabloids. For decades, there has been a vigorous niche of print magazines specializing in embellished and often exaggerated articles and misleading…
Read MoreThis year at RSA, I saw many vendors offering “deceptive defense” solutions. Whether folks were buying them is another matter. The concept of using deception in warfare goes back to the dawn of time. Thousands of years ago, Sun Tzu wrote that “all warfare is based on deception.”1 IT deception as a hacking defense has…
Read MoreNo matter how application-savvy you are, it should be fairly obvious that this is not a typical Content-Type header for an HTTP request. According to the RFC, Content-Type is usually of the form “type/subtype”7. This leviathan contains a valid Content-Type header in the very first line—multipart/form-data—but even a rudimentary BNF parser would flag this as a…
Read MoreThird parties such as outsourced service providers and SaaS vendors are a fact of life in the IT world. It’s the nature of a hyper-connected world where hundreds (if not thousands) of applications are required to run even a modestly sized organization. There is no alternative but to trust a third party with access to…
Read MoreThose of us with experience in IT security know there are some risks we just can’t mitigate. In such cases, many of us seek out risk transference through cyber insurance. Case in point: When a well-financed mercenary hacking team overwhelms our defenses, we need a remedy to make us whole and keep the business afloat.…
Read MoreRecent Posts
- Security plugin flaw in millions of WordPress sites gives admin access
- Phishing emails increasingly use SVG attachments to evade detection
- Fake AI video generators infect Windows, macOS with infostealers
- T-Mobile confirms it was hacked in recent wave of telecom breaches
- GitHub projects targeted with malicious commits to frame researcher