Web Security

Practical security control mapping for financial services organizations

According to Accenture's 2015 Global Risk Management Study, financial services and banking executives view cyber & IT risk as their top risk area over the next two years.

Remediate before it's too late

With mega breaches springing up one after another, many industry players have registered both disbelief and awe at the sheer numbers of individual credentials stolen.

SEA hacks Washington Post mobile site

By

Back in 2013, the Syrian Electronic Army (SEA) hacked The Washington Post's site, redirecting visitors to hacker-controlled pages.

Distil Networks 2015 Bad Bot Report: 5 high-risk lessons

Distil Networks has produced their annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks-- and there are serious implications for anyone responsible for securing their web infrastructure.

Ad network compromised to redirect users to Nuclear EK, install Carberp

Ad network compromised to redirect users to Nuclear EK, install Carberp

By

Attackers targeted a server operated by New Jersey-based advertising network, Mad Ads Media, in order to redirect users to an exploit kit.

Sign on the digital line: Case study

Sign on the digital line: Case study

By

Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.

Hinkley to replace founder Grossman as WhiteHat CEO

By

After more than a year with company founder Jeremiah Grossman serving as interim CEO, WhiteHat has selected Craig Hinkley to fill the top spot.

Key security insights for 2015

It's clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks.

Citizen Lab says 'Great Cannon' tool allowed DDoS against GitHub, GreatFire.org

By

Researchers described "Great Cannon" as China's latest internet censorship tool.

Google says it will no longer trust digital certs issued by CNNIC

Google says it will no longer trust digital certs issued by CNNIC

By

Google made the decision after investigating a security incident in which digital certs were "misissued."

F5 Networks opens new security operations center

By

5 Networks opened the doors to its new security operations center (SOC) facility at its Seattle headquarters today.

Taming the third-party threat: Application security

Taming the third-party threat: Application security

By

The challenge for security practitioners is to make the mobile ecosystem more trustable, reports Alan Earls.

Debate: Your money is safe online.

Debate: Your money is safe online.

Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.

Skills in demand: Web application security

Skills in demand: Web application security

With so many of us visiting the web for social-networking, shopping, banking, paying bills and general surfing, it's imperative that companies ensure their web facing applications are secure and free from vulnerabilities.

IBM security expert panel: Fighting today's advanced attacks with behavioral-based prevention

With security incidents becoming a weekly, if not daily, occurrence, organizations need proactive, preventative security measures to protect themselves and their customers. Hear from a diverse panel of IBM Security experts.

How to help remove the big risks from big data

Although the IBM z Systems platform is known for scalability and security, you still have to monitor who did what, when, why, where and how to ensure that information stays protected.

NYPD union website hacked

By

The New York Police Department's (NYPD) Captains Endowment Association website was hit by a cyber attack over the weekend.

How to extend threat protection to off-network employees

Many of the largest data breaches recently were initiated by attackers targeting the weakest links—remote sites, supplier networks, and mobile workers.

Malvertising has a big impact

By

In this video, Manoj Leelanivas, president and CEO of Cyphort, discusses how malvertising works, the impact of the threat, and how the issue can be addressed.

Understanding SSL best practices

The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Botnet of Joomla servers furthers DDoS-for-hire scheme

Botnet of Joomla servers furthers DDoS-for-hire scheme

By

A vulnerable Google Maps plug-in for Joomla allowed attackers to spoof the source of DDoS attacks.

Transforming government services by leveraging trusted digital identities

Government agencies have the opportunity to lower cost and improve both internal and Citizen-facing services by moving from static web-based information portals to leveraging the web as a service delivery platform.

Exposing risky IT security - Best practices from the testing trenches

Enterprises are racing to shore up on-premises and cloud defenses to avoid being the next security headline. Spending on security technologies is at an all-time high, but how confident are you in vendor decisions and the security architecture you are implementing?

Disrupting the threat: Respond, contain and recover in seconds

As adversaries continue to innovate—designing attacks specifically tailored for your enterprise—being able to respond, contain and recover in a timely manner has never been harder.

Phishing scam uses LinkedIn 'security update' to steal credentials

By

Symantec warns of a phishing campaign that fools victims with fake emails from LinkedIn Support.

How to detect SQL Injection & XSS attacks with AlienVault USM

They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers.

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

FIDO Alliance publishes UAF, U2F specs

By

The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.

SEO poisoning campaign ensares several thousand websites, security expert finds

SEO poisoning campaign ensares several thousand websites, security expert finds

By

A security expert estimates that around 10,000 legitimate websites were impacted by the campaign.

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US