Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
6 Things We Didn't Know A Month Ago: Lego, Software, Arnie, And More... -
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability -
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are Read More - Hacker News
The Identity Issue: October 9, 2014 -
The Identity Issue is a monthly newsletter brought to you by SecureAuth. It includes company and industry articles to inform our community of the latest in security news, trends and culture.   A Quick Guide to Authentication for VPNs  Typically utilized to grant wide access to protected resources when outside the organization’s physical walls, VPNs are … The post The Identity Issue: October 9, 2014 appeared first on SecureAuth. - Hacker News
Hardening Your Infrastructure to Mitigate Leaks of Sensitive Data -
Using encryption, choosing strong passwords, and properly generating secret keys is often perceived as all it takes to ensure that sensitive data remains confidential. However, the operating system can still be leaking this data. In this blog post, we are going to review some common sources of leaks that are frequently overlooked, even by security […] The post Hardening Your Infrastructure to Mitigate Leaks of Sensitive Data appeared first on OpenDNS Security Labs. - Hacker News
October 2014 Patch Tuesday Preview -
After a small Patch Tuesday last month we are back to a normal size this month. We are getting nine bulletins with five allowing for Remote Code Execution (RCE), the category that we usually consider the most urgent. RCEs allow the attacker to take con... - Hacker News
MIRcon 2014 – Day 2 Highlights -
MIRcon 2014 It seemed fitting that the last day of MIRcon started with a total lunar eclipse and ended with an inspirational keynote address by renowned astrophysicist Dr. Neil deGrasse Tyson. After an amazing two days of content, MIRcon 2014 is officially in the books! Read the rest - Hacker News
Where You Were Born? -
Exciting news from AlgoSec this week: we announced our solution for unified security policy management across hybrid cloud infrastructure. This is a key component of our “managing security at the speed of business” vision and supports our mission to automate security policy management in evolving data centers and networks. Read more on Where You Were Born?… The post Where You Were Born? appeared first on Security Management at the Speed of Business - AlgoSec Blog. - Hacker News
Configuration Manager or Microsoft Intune? How About Both? -
In the latest episode of Endpoint Zone, Brad and Simon answer the burning question: Which should I use? Configuration Manager or Intune? read more - Hacker News
Winner of Online InfoSec Training -
We Have a Winner!! It's back to school time. That doesn't just mean for the kids. Everyone can take this opportunity to feel refreshed, to take your career by the horns and ride it to prosperity. Break open that brand new notebook, sharpen your pencils and let's get to work! With this month's prize, you can not only learn a huge number of topics, but you can have unlimited access to this learning for an entire year! Our friends at have a proven track record of providing top notch IT certification training. Their InfoSec and IT Certification Subscription includes unlimited access to their entire instructor led, OnDemand InfoSec and IT training catalog. The catalog comprises 45+ training courses, including EC-Council Endorsed CEH, CHFI, ECSA/LPT, ENSA, Cisco Authorized CCENT, CCNA, CCNP, Microsoft MCSA, MCSE, CompTIA A+, Network+, Security+, ISACA CISA, CISM, ISC2 CISSP and VMware training courses. Make yourself stand out in your office! Begin your certification... - Hacker News
Enhancements to Dyre Banking Trojan -
The Dyre banking Trojan made its first debut in June 2014, targeting large financial institutions across the globe. In September, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) observed a number of enhancements to the banking Trojan that further increases the danger of the threat. Banking Trojans Expand Beyond Financial Targets The most recent attack utilizing the Dyre Trojan targeted the cloud computing company, Historically, banking Trojans were used to steal account credentials of banking customers but now sensitive business data is being stolen from companies in the healthcare industry, retail, software industry and others. Malicious software developers are seeking access to organizational systems and operating systems to steal data that would aid in identity theft for purposes of committing fraud. Attackers remain patient and persistent; evolving the tools, harvesting the data and attacking when it is unexpected. - Hacker News
Winner of Online InfoSec Training -
Trust: what’s it all about? -
Today I delivered a keynote about trust in the cloud at the Cybersecurity Expo 2014 event in London. I’ve been thinking about how to tackle a topic like ‘trust’ and how it applies to cloud computing. I don’t know about you, but when someone you don’t know very well says ‘you can trust me,’ I kind of feel the opposite. I believe that actions speak louder than words. With that … Read more » - Hacker News
ISACA’s new Cybersecurity Nexus -
ISACA, the professional association for those involved in IT Audit and Controls, has decided to move into the realm of "cybersecurity" with their Cybersecurity Nexus (CSX).I've been a member off and on for several years, but for me the group was about ... - Hacker News
Microsoft Advance Notification for October 2014 -
On Tuesday, October 14, Microsoft will publish their newest security update. This patch Tuesday release has eleven bulletins, the highest number so far this year. However, only two of these are rated "Critical", seven are rated "Important" and two are rated "Moderate". These bulletins will affect Internet Explorer, .NET Framework, Microsoft Office, Microsoft Office Web Apps, Microsoft Office Web Services, Microsoft Development Tools and Microsoft Windows. All supported Windows PC-based operating systems and Windows server-based operating systems are affected due to many of the Microsoft Windows bulletins are based on internal OS components. These include Windows operating systems as old... - Hacker News
DEF CON 22 Materials Archive RSS is Live -
Greetings, DEF CON community. Today, we bring you another update to our growing online archive for DEF CON 22 - all the links to the presentation materials, wrapped in a pretty little RSS bow for your convenience. All the presentation slides, links to all the tools and extras, all by grabbing the link below. Perfect for every occasion, and excellent as a holiday gift for the hard-to-buy-for geeks in your life. Because we love you. Watch this space for more DC22 video soon. DEF CON 22 Materials RSS - Hacker News
Hackaday 10th Anniversary: Hacking Your Way To NASA -
TwC Hard at Work After All; 9 Bulletins for Oct Patch Tuesday -
September news reports that the Trustworthy Computing Group at Microsoft was disbanding left some wondering about the future of Patch Tuesday. This month’s patch load of 9 total bulletins, 3 critical, 5 important and 1 moderate should eliminate those worries, at least for now. The security group anyway is definitely still hard at work. Given […] - Hacker News
Microsoft to issue nine security updates to Windows, Office -
Three of the five updates for Windows are rated critical. There is just one for Office and one for ASP.NET MVC - Hacker News
Vuln Hunt: Find the Security Vulnerability Challenge #2 -
Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question: The programmer here has written an input validation regex to test whether a given string matches the format … Read more » - Hacker News
ETA’s Transaction Trends publication recently featured an article by Darrel Anderson entitled Why PCI Compliance Isn’t Working. In it, he describes one of the problems that we’ve been exploring here over the last month or so—incentive structures for PCI DSS. At the ETA Strategic Leadership Forum, the CEO of a prominent payments company echoed this […] - Hacker News
Conmen use fake matrimonial profiles to scam prospective grooms seeking arranged marriages -
News reports of matrimonial scams are becoming increasingly frequent in India. Undertaken by lone operatives, these cons put up attractive fake profiles on dating and matrimonial sites to lure prospective suitors into online relationships, and then pry small sums of money from them. Once drawn into emotional relationship, the con asks for small sums of money to fund a medical emergency or a friend’s urgent need for cash. The sums are small enough not to arouse suspicion until the con vanishes. When a request for money is made after several months of building an online relationship it becomes difficult for the victim to exhibit a lack of trust by questioning the need for money or denying the request. Participants on these online matrimonial sites exchange personal information during the get to know each other period. Personal information and pictures may later be used to tarnish reputation for blackmail or revenge. Most of these sites do not offer any validation or verification as to... - Hacker News
Smartphones ‘remotely wiped’ in police custody, as encryption vs. law enforcement heats up -
British police are warning that smartphones in custody for forensics and ongoing investigations are being remotely wiped, potentially killing vital evidence. - Hacker News
I was researching sites that allowed 2FA, specifically Amazon (they don’t). If you haven’t enabled it on your webmail accounts and your bank websites. I would do it now. Steve Two Factor Auth (2FA) List of websites and whether or not they support 2FA. Also see the list of 2FA providers and the platforms they […] - Hacker News
Privacy Considerations for the Medical Device Ecosystem | 24×7 Magazine -
The security of medical devices is a growing concern in health care.  I have advised many clients that, for example, can’t upgrade the version of Java they are running on some machines because the device manufacturer won’t allow it.  The covered entity is held hostag’ to the vendors intransigence.  Many vendors claim they can’t upgrade […] - Hacker News
Imperva Web Application Attack Report (WAAR) #5 -
Today, we are proud to release the 5th installment of our annual Web Application Attack Report. For those of you new to this report, Imperva’s Web Application Attack Report (WAAR) is a thorough analysis of... - Hacker News
The Hidden costs of an Insider Attack -
Critical Infrastructure Security Isn’t Keeping Up with Threats -
The next time you turn on the faucet in your home, ask yourself: "How do I know this water is safe?" This may seem an odd way to begin a blog post on security, but it’s important to realize that water, electricity, food, and transportation are all part of the critical infrastructure that provides these conveniences—and in some cases, the lifeline—of our world. Technology is making these systems more efficient, lowering overall costs, and improving service, but those same improvements are also introducing new threats and risks that we often overlook. While many infrastructure industries have… - Hacker News
European ATMs under malware attack -
At least 50 cash machines in Eastern Europe have been targeted by malware that allows the hacker to withdraw up to 40 notes at once without a credit or debit card to hand, Computer Weekly reports. The post European ATMs under malware attack appeared fi... - Hacker News
Other ways to read this feed:Feed readerFacebook