Application Security

Issued by: Help Net Security

Integrating threat intelligence with existing security technologies

70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights. The Ponemon Institute study, based on 1,072 respondents in the United Kingdom and North America, also showed that organizations neglect to share essential threat data with board members and C-level executives, despite the fact that security…

Malware & Threats

Issued by: Security Week

U.S. Should Strike Back at Cyberattackers: Report

The US government and private sector should strike back against hackers to counter cyber-attacks aimed at stealing data and disrupting important computer networks, a policy report said Monday. A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said policies should be eased to allow “active defense” measures that…

Application Security

Issued by: CIO Security

IBM deploys machine learning to bolster online banking security program

Behavioral biometrics that uses machine learning is behind new features being added to IBM’s Trusteer Pinpoint Detect platform, which financial institutions use to head off crooks who may have stolen the username and password of legitimate account holders. The new feature looks for anomalies between legitimate users’ normal mouse gestures and those of the current…

Cloud Security

Issued by: Dark Reading

Microsoft Launches Security Program For Azure IoT

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things. Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their…

Network Security

Issued by: Help Net Security

The difference between IT security and ICS security

In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about the difference between IT security and ICS security. On IT networks, the focus of a security program is generally preventing the theft of information. The primary focus on control system networks is safety…

Vulnerabilities

Issued by: Security Week

AtomBombing: The Windows Vulnerability that Cannot be Patched

Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…

Vulnerabilities

Issued by: Security Week

Many Joomla Sites Hacked via Recently Patched Flaws

Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild. Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if…