Combatting Cyber Risks in the Supply Chain

The latest and greatest advances in technology have created greater efficiency and effectiveness for organizations and their supply chains. However, with the pace of data breaches and intrusions into computer systems accelerating at an alarming rate, this increased level of access and integration within host organization environments can present risks and potential new avenues of compromise. We are seeing unprecedented advancements in the sophistication of perpetrators, making supply chain vendors equally vulnerable to advanced attacks.
» Read more

Honeytokens and honeypots for web ID and IH

Honey

Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks. In this exercise, we respond using valid email addresses that actually received the phish, and wrong passwords. We demonstrate using custom single sign-on code to redirect logins with those fake passwords and any other logins from presumed attacker source IP addresses to a dedicated phishing-victim web honeypot. Although the proof-of-concept described did not become a production deployment, it provided insight into current attacks.
» Read more

Is The Security+ Still Worth It?

SecurityPlus

by Michelle Sellers

The Facts
The Security+ Certification was released in December 2002. The objectives were derived through input from industry, government and academia, a job task analysis, a survey of more than 1,100 subject matter experts and a beta exam with responses from subject matter experts around the world. The test questions were written by IT security professionals, so you can be assured of their relevance. It turns out to be a structured certification program that attempts to fill the gap for trained information security professionals. Since 2002 there have been approximately 10,000 CompTIA Security+ certified professionals in 112 Countries.
» Read more

Mitigating Web Threats with Comprehensive and Pervasive Security

web-security

From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely heavily on the web, not only to innovate and compete, but also to conduct daily business. But the web also poses significant security risks to the enterprise that are easily encountered by users but not so easy to detect.

Some of the most sophisticated web-based threats are designed to hide in plain sight on legitimate and well-trafficked websites. For example, “malvertising” is the new industry term for disguising malware as online advertisements. Watering hole attacks conceal malware on member-based sites, phishing targets individuals with personal details and botnets take control of victim’s devices.
» Read more

Watch out workers, it just got easier to sift your Instant Messages

chat

Employees who want to speak on the sly have often turned to email: it’s a quick, discreet way to gossip about a colleague, and also to engage in more serious conspiracies. These days, though, it’s instant messaging – in the form of Gchat or Skype or Slack – where many workers go to swap ideas and opinions with their colleagues.

But while employees may like the fast, breezy format of “IMing,” the rise of instant messages have proved a headache for company bosses and lawyers. Unlike worker emails, which are easy for higher ups to locate and peer in on (yes, they can do that), instant messages are a motley jumble of data that is hard to parse.
» Read more

Why Windows 10 is the most secure Windows ever

windows-10

Microsoft added two game-changing security features for enterprise users in Windows 10, but until recently, the company has been relatively quiet about them.

So far the buzz has mainly been about Windows Hello, which supports face and fingerprint recognition. But Device Guard and Credential Guard are the two standout security features of Windows 10—they protect the core kernel from malware and prevent attackers from remotely taking control of the machine. Device Guard and Credential Guard are intended for business systems and are available only in Windows 10 Enterprise and Windows 10 Education.
» Read more

1 2