• IT professional, hack thyself

    One way that security practitioners improve the security of their networks is by contracting security professionals to perform penetration testing and vulnerability assessment. These ethical hackers provide valuable services and information that can both help to improve the actual security of the IT infrastructure and demonstrate a credible effort for audit, compliance and insurance purposes.

  • Five key IT security trends for 2015

    Here's a look at five key IT security trends and solutions for 2015.

    The current high level of security breaches, from the largest organization down to the smallest, will continue unabated. What will also grow in 2015 will be the acceptance that security breaches are pretty well unavoidable for the majority of organizations. Companies will need to change their approach to security in order to reflect this. Security spending will continue to increase, with spending growth higher on asset security over perimeter security.

  • Who are the role models in cyberspace?

    Those of us of who are of a certain age learned how to live our life by playing with our toys—our cars, dolls and, of course, Star Wars action figures. We were surrounded by role models, whether they be our parents, aunts, uncles, teachers, Batman, G.I. Joe or Princess Leia, and we witnessed people as they dealt with the same challenges we’d face growing up in the real world. They influenced us through their positive behavior, moral compass, street smarts and courage. As kids, we emulated these role models—we created magical adventures while playing with our toys and friends. We practiced navigating our future lives using our imagination.

    Who do our kids aspire to be in their digital lives?

  • How a penetration test helps you meet PCI compliance guidelines

    Every year, merchants who transmit, process, or store payment card data must conduct a suite of security tests to comply with the Payment Card Industry Data Security Standards (or PCI DSS), now in Version 3.0. The “penetration test” is among the most important of these measures, using hackers’ own methods to determine a business’s susceptibility to attack.

    So how does a penetration test work, and why is it so important for meeting PCI compliance guidelines?

  • What infosec can learn from the Greek elections

    Sometimes disruption happens. Disruption is when something creates a dramatic change of direction, and examples are all around: the introduction of of GUI, the iPod and the iPhone, the Tesla Model S, the cloud. The Greek election may be one too, if the threats made are being put forward into action.

  • Overcoming the daily challenges of a security team

    In the past, companies looked at the importance of hiring talented and experienced CISOs to lead the establishment of security and incident-response teams. Now, emerging threats posed by advanced cybercriminals and the possible damage of a sophisticated rogue insider are changing that trend as companies move beyond traditional security methods and adopt new strategies such as profiling user behavior and leveraging big data analytics. As a result, more companies are shifting towards understanding the importance of hiring diverse teams of talented individuals to develop and then implement these new methods and technologies to secure the cyber front.

  • Identity theft prevention tips and assistance

    Eva Casey-Velasquez is the CEO of the Identity Theft Resource Center, which provides victim assistance at no charge to consumers throughout the United States. They also educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.

  • Companies need to be custodians of customer data, not owners

    Due to the fact that most students are under the age of legal consent and only beginning to establish a “digital footprint” that will follow them the rest of their lives, it’s not hard to understand why so many companies that serve this market agreed to follow a set of rules aimed at protecting the privacy of this special class of consumer. It’s a no-brainer, right? Wrong.

  • 4 tips to make data protection everyone's business

    Most people wrongly assume that the burden of protecting workplace data across laptops, tablets and smartphones falls solely on your IT department. Without active observance of company protocols, however, any data security plan that IT puts in place falls flat, leaving your company’s data vulnerable. You don’t necessarily need to memorize a litany of IT mandates in order to reduce the risk of losing or compromising your work data.

    Thinking twice about the cloud-based apps you download and staying up-to-date on the latest password best practices are examples of simple, proactive measures you can take to support your organization’s data privacy efforts.

  • APTs: Minimizing losses with early detection

    Attackers try hard to mask their activities – but try as they might, in order to accomplish their goals, their behaviors are likely to be anomalous at some point in time. Quickly detecting these anomalies as they develop could make the difference between losing tens of millions of customer records and losing a few hundred – or none at all.

Videos      Podcasts


Compromised cPanel "Account Suspended" pages redirect to exploit kit

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 27th