15

Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same survey. What happened in a year? The infamous Target data breach, which resulted in an $18.5 million fine and the ignominious departure of Target’s CEO.

The cascading series of disastrous, high-profile breaches since then makes the Target breach seem almost quaint. The message is clear: Year over year, the risk of career-ending breaches looms larger as threats continue to balloon in number and potency.


Pity the poor CSO in the hotseat. Understandably, some feel compelled to jump on every new threat with a point solution, which plays right into the security software industry’s marketing strategy. But no organization’s cybersecurity budget is infinite. How can CSOs possibly determine how to allocate their defensive resources most effectively?

Learn more about the Switch Network Installers.

The simple answer is twofold: Rationally prioritize risk and, at the same time, make the most of the useful defenses you already have in place. Few dispute that unpatched software and social engineering (including phishing) represent the highest risk in most organizations, followed by password cracking and software misconfiguration. Cut through political and operational barriers to ensuring prompt patching, establish an effective security awareness program, train your ops folks to lock down configurations, and put two-factor authentication in place…and you’ll reduce your overall risk by a magnitude.

Sure, anyone can reel off other big risks and vulnerabilities. If you’re operating an electric utility, for example, you need to understand highly targeted threats to critical infrastructure and how to defend against them. And when malicious hackers do inevitably breach your perimeter, the Zero Trust trend of instituting pervasive authentication among systems shows real promise in stopping attacks from moving laterally through organizations.

Source: csoonline.com
aprabha2611 14 february 2020, 15:14

IT systems – wherever they may be located – are at risk from unauthorised intrusion, theft and sabotage.

Geographical boundaries are being dismantled and threats can come from the other side of the world in a split second. The weakest link in a company’s IT security is constantly on display – every second, 24 hours a day, 365 days a year.

Who is a Cyber Security Consultant?

More and more processes and devices are being connected to the Internet, and IT security should therefore be integrated into all the systems involved. Robust, integrated defence systems can enable a company’s IT systems to withstand cyberattacks and to safeguard against events such as system crashes, data loss and unauthorised access.

Any investment in cyber security should be made on the basis of the business case. It is important to find a solution that supports the business and doesn’t stifle efficiency.
aprabha2611 13 february 2020, 9:21

Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.

This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.

image

Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.
Kate Milovidova 21 march 2018, 7:28

image

The group of researchers found serious shortcomings in the WPA2 protocol, which provides protection for all modern Wi-Fi networks. An attacker who is in the victim's area can use these shortcomings using Key Reinstallation Attacks. Attackers can use this new attack method to read information that was previously considered to be encrypted.

UPD: the post was updated with partial details of the attack and the list of vendor updates.
Skull 4 november 2017, 11:55

image

Performing daily tasks of the system administrator is considered safe when working through the SSH session. This article will discuss modern tools for conducting MITM attacks on the SSH protocol and how to protect against them.
Papay 13 october 2017, 12:18

I want to share one feature when setting COOKIE values, which is often overlooked by the web developers.
According to my experience as for research of the web application vulnerabilities for 2009-2011, this error occurred in 87% of the web applications that were written in PHP.
In order to reduce this rate, I have decided to write this article.

I will not even talk about httpOnly flag, though its use is very important and necessary.

Let’s look at the example of code:
<?php
setcookie('foo','bar1');
header('Set-cookie: foo1=bar11');
?>
ZimerMan 23 may 2014, 18:18

imageA few days ago, the earliest Half-Life 2 version was released in the network for the media. Obviously, this version has not been finished yet, as the main game’s character is not known to the whole world of players a theorist physicist, who wears glasses and a protective suit and holds in his hand a crowbar, but bearded dwarf Ivan, a space biker, who is opposing against the staff of the research center. 15 years ago, the disk contents was reserved exclusively for members of the regular publishers.
Papay 28 january 2014, 13:14

This morning I found a letter in my mail:
image
In fact, this letter does not have any files attached, it just has 6 links (View, Download...), and they lead to the same address: http://95.211.83.65/~ru1/account.googlemail.com/viewer/13083e7f5f2c0890&
mt/0AgIDhQrUEZCMdGc0ejVXZGZpb1FrbWo5cmc2ZVZOalE/[email protected]

First I got to fake Google Docs with the message "document cannot be displayed", and then I was redirected to fake Google Account, where I was asked to enter a password. I guess for my own safety :). After I entered “screw you”, I got to the third fake page of docs with a list of some components.
Papay 27 november 2012, 17:05

It is known that any system reliability is determined by its weakest link. Now we take a good look at the protection from copying of one popular toy that was released a few days ago for OS X and the way of its bypass. In addition, we just look at one of the options for implementing the protection from copying. Of course, this research was conducted in the study purposes, and you still should buy the good software and games.

Step 1


Let’s run the game and see the registration form or purchase. The registration is done online by entering a serial number, or manually by entering a name and the key in accordance with the displayed identifier of a specific computer. Next, we run gdb and get program exited with code 055.
ZimerMan 23 june 2012, 11:54

image
This article is not a panacea for all security lacks, and it does not reveal any new attack vectors. I just saw a serious implementation of the fake for Google mail and decided to warn all UMumble users.

Recently, I have received an interesting letter, supposedly to confirm / cancel automatic forwarding to my mailbox.
Tags: fake, fishing, gmail
Papay 14 may 2012, 10:18
1 2 3