• How to talk infosec with kids

    As cybersecurity professionals, we know first-hand how the cyber world is filled with battles between good and evil. But do your kids know that? If you’re a parent, like me, chances are you’re concerned about your kids using the Internet.

    As they live digital lives, we need to become digital parents. You’d think that would come easily, given that we work in cybsersecurity, but I’m continually surprised to hear how many of my tech colleagues don’t talk about the dangers they see on their screens at work back at home with their kids. Instead, their strategy is a mixture of hope and worry. They hope something bad doesn’t happen to their kids – they don’t click on a bad link – and then they restrict their kids screen time.

  • Bug bounty programs: The road to hell is paved with good intentions

    Bug bounties are in the news again. The main problem is that once a bounty program is in place, hackers of all type of qualification and ethics consider it a green light to attack the system. The issue here is that these are frequently hackers with very modest or even without experience of professional security testing, who can actually damage the system they are probing.

  • Emerging cloud threats and how to address them

    As organizations deploy and harness private, community and hybrid clouds, they encounter new types of threats, along with the old ones they've been battling for years. Many of these threats come from sharing physical, virtual, and software infrastructure with other clients of varying security postures, and relying on a cloud provider to implement the right security measures. Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike.

  • Securing virtual machines: Considerations for the hybrid cloud

    Many people don’t realize that a majority of today’s data security solutions were designed for physical ecosystems rather than virtual environments. New technologies are needed to address concerns for hybrid cloud security, providing assurances that cloud-hosted workloads are protected from other tenants, outside threats, and cloud administrators. This article looks at several important considerations for assessing a security solution for your hybrid cloud environment.

  • Are free file storage solutions a safe bet for businesses?

    The benefits of cloud computing are becoming increasingly recognised, and with this heightened understanding comes growing numbers of UK businesses that are embracing the use of the cloud for the storage of data. As the technology continues to gather momentum on these shores, many firms and employees are likely to consider utilising popular free services such as Dropbox and Box. Such storage solutions have already been widely adopted by consumers and SMEs alike; however, these solutions are not without their risks.

  • Apple built multi-factor authenticated payment in the right order

    Apple has built a payment system by first rolling out the “second factor”—the biometric Touch ID—and then by rolling out the first factor: the payment application and API. They have spent a couple years acquainting themselves with the really hard bit: biometrics. Now they can do the easy bit: payments. Everyone else has gone about it in reverse order.

  • 5 key things to consider when developing an enterprise mobility management strategy

    Imagine this situation: Bob, the VP of Sales, loses his smartphone on the train. There are two major issues. The device is lost and sensitive company information may be exposed. Additionally, the user has to notify the IT Department to track and wipe the device. How can the exposure of sensitive company data and the negative impact on productivity be minimized?

  • Why open source and collaboration are the future of security

    In this podcast recorded at Black Hat USA 2014, Greg Martin, CTO at ThreatStream, talks about why open source and collaboration are the key drivers of information security innovation. He also discusses the downside of using honeypots as defensive technologies in smaller security architectures, and how that complexity can be avoided.

  • Mobile forensics in a connected world

    In this interview, Andrew Hoog, CEO of viaForensics, talks about the forensic examination of mobile devices, the challenges involved with testifying at trials, and offers advice to those interested in working in the mobile security forensics field.

  • Malicious and risky apps on Android and iOS

    Knowingly or unknowingly to the user, some apps can collect GPS data, grab your contact information, your phone ID, email address, etc.

    In this podcast recorded at Black Hat USA 2014, Mike Raggo, Security Evangelist at MobileIron, talks about the risky behavior of certain apps downloaded from Google Play or the App Store.

Videos      Podcasts


Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Oct 22nd