Archive
German researchers from OpenSource Security (OSS) have created a proof-of-concept worm that targets programmable logic controllers (PLCs), crucial ICS/SCADA equipment. Their research builds on previous work by fellow German researchers, who presented at last year’s Black Hat USA conference a
Several years have passed since the infamous Stuxnet malware managed to destroy centrifuges in multiple Iranian nuclear power plants, but now security firm FireEye claims to have discovered a new type of ICS/SCADA targeting malware that uses some of the
Deadlines for compliance for two of the most important mandates in PCI DSS version 3.2 have been delayed to 2018. The PCI Security Standards Council (PCI SSC) last month published a new version of its data security standard (DSS), used
It is no secret that the Health Insurance Portability and Accountability Act (HIPAA) is a trap for the unwary. A recent study by the non-profit ProPublica has uncovered that the online review site Yelp (as well as other rating sites)
Hewlett Packard Enterprise is looking to realign channel partners in Europe around the cloud and shift their mindset from selling dedicated hardware to selling usage-based cloud computing and software-as-a-service. This local grassroots approach to the European cloud market is a
There have been a lot of stories on hacking and spying in the modern era that getting them all is close to impossible. But here and there comes a few which stand out and make people really talk about them.
This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and
When it comes to information security, vulnerability management (i.e., stopping the bad guys from gaining access) has been less than successful. To put a point on it, Fortune’s Robert Hackett quotes Michael Hayden, former director of the NSA and CIA,
One occasionally runs into a company trying to build an open source project out of an existing product. This is a nuanced problem. This is not a company that owns a project published under an open source license trying to
Four researchers from the Vrije University in the Netherlands have put together a successful attack on Windows 10 that uses a combination of a Rowhammer attack and a newly discovered memory deduplication vector that can give attackers control of the
Small businesses that don’t utilize fixed asset inventory software often encounter the pitfalls that can doom startups and companies with outdated infrastructure — disorganization, poor security, lost or stolen assets, tax code violations and other issues. But due to inertia
A hacker has been awarded a suspended sentence for disclosing security vulnerabilities in a Slovenian police system. The student, 26-year-old Dejan Ornig, studied the Tetra police communication system and through his study found that the system contained security vulnerabilities due
BOULDER, Colo.–October 16, 2012–LogRhythm, the leader in cyber threat defense, detection and response, today announced the enhancement of its award-winning SIEM 2.0 Big Data security analytics platform with the industry’s first multi-dimensional behavioral analytics. Leveraging innovative and patent-pending behavioral whitelisting
Most enterprises have enough security technology in place to protect their businesses. They also have plenty of data from SIEMS and logs and other devices that tell them what’s going on in their environments. What they need now is an
A firewall will no longer protect your company network: you have to cope with users needing to take documents out, and with attackers trying to get in. The best security advice is to assume that your network can be penetrated
Terms like “cyber-arms-race” and “cyber-war”—along with the establishment of a Cyber Command at the Pentagon—indicate just how much the virtual world has come to resemble the battle for physical security. For nation-states and enterprises alike, fighting the good fight now
