Web Security

Hinkley to replace founder Grossman as WhiteHat CEO

By

After more than a year with company founder Jeremiah Grossman serving as interim CEO, WhiteHat has selected Craig Hinkley to fill the top spot.

Key security insights for 2015

It's clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks.

Citizen Lab says 'Great Cannon' tool allowed DDoS against GitHub, GreatFire.org

By

Researchers described "Great Cannon" as China's latest internet censorship tool.

Google says it will no longer trust digital certs issued by CNNIC

Google says it will no longer trust digital certs issued by CNNIC

By

Google made the decision after investigating a security incident in which digital certs were "misissued."

F5 Networks opens new security operations center

By

5 Networks opened the doors to its new security operations center (SOC) facility at its Seattle headquarters today.

Taming the third-party threat: Application security

Taming the third-party threat: Application security

By

The challenge for security practitioners is to make the mobile ecosystem more trustable, reports Alan Earls.

Debate: Your money is safe online.

Debate: Your money is safe online.

Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.

Skills in demand: Web application security

Skills in demand: Web application security

With so many of us visiting the web for social-networking, shopping, banking, paying bills and general surfing, it's imperative that companies ensure their web facing applications are secure and free from vulnerabilities.

IBM security expert panel: Fighting today's advanced attacks with behavioral-based prevention

With security incidents becoming a weekly, if not daily, occurrence, organizations need proactive, preventative security measures to protect themselves and their customers. Hear from a diverse panel of IBM Security experts.

How to help remove the big risks from big data

Although the IBM z Systems platform is known for scalability and security, you still have to monitor who did what, when, why, where and how to ensure that information stays protected.

NYPD union website hacked

By

The New York Police Department's (NYPD) Captains Endowment Association website was hit by a cyber attack over the weekend.

How to extend threat protection to off-network employees

Many of the largest data breaches recently were initiated by attackers targeting the weakest links—remote sites, supplier networks, and mobile workers.

Malvertising has a big impact

By

In this video, Manoj Leelanivas, president and CEO of Cyphort, discusses how malvertising works, the impact of the threat, and how the issue can be addressed.

Understanding SSL best practices

The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Botnet of Joomla servers furthers DDoS-for-hire scheme

Botnet of Joomla servers furthers DDoS-for-hire scheme

By

A vulnerable Google Maps plug-in for Joomla allowed attackers to spoof the source of DDoS attacks.

Transforming government services by leveraging trusted digital identities

Government agencies have the opportunity to lower cost and improve both internal and Citizen-facing services by moving from static web-based information portals to leveraging the web as a service delivery platform.

Exposing risky IT security - Best practices from the testing trenches

Enterprises are racing to shore up on-premises and cloud defenses to avoid being the next security headline. Spending on security technologies is at an all-time high, but how confident are you in vendor decisions and the security architecture you are implementing?

Disrupting the threat: Respond, contain and recover in seconds

As adversaries continue to innovate—designing attacks specifically tailored for your enterprise—being able to respond, contain and recover in a timely manner has never been harder.

Phishing scam uses LinkedIn 'security update' to steal credentials

By

Symantec warns of a phishing campaign that fools victims with fake emails from LinkedIn Support.

How to detect SQL Injection & XSS attacks with AlienVault USM

They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers.

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

FIDO Alliance publishes UAF, U2F specs

By

The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.

SEO poisoning campaign ensares several thousand websites, security expert finds

SEO poisoning campaign ensares several thousand websites, security expert finds

By

A security expert estimates that around 10,000 legitimate websites were impacted by the campaign.

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

By

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

Hackers targeted Chase Corporate Challenge site to find infiltration route

By

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

Childrens' Hospital apologizes for rogue employee breach

By

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

Faulty UBC software exposed student financial information

By

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.

Security in the new mobile ecosystem

A recent study, conducted by the Ponemon Institute, and commissioned by Raytheon, has revealed some interesting facts related to the adoption and barriers to mobile device usage in the workplace.

Assurance 101: Lessons learned

Assurance 101: Lessons learned

It will continue to be a year where companies need to focus on how their employees interact online.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US