Advertisement
News
Subscribe to DFI News

The Lead

Within four days of the first public reports of a major flaw in OpenSSL's software for securing communications on the Internet, mass attacks searched for and targeted vulnerable servers. In a report, IBM found that while the attacks have died down, approx

Heartbleed Risk Continues as Servers Remain Unpatched

August 28, 2014 | by Robert Lemos, Ars Technica | Comments

Within four days of the first public reports of a major flaw in OpenSSL's software for securing communications on the Internet, mass attacks searched for and targeted vulnerable servers. In a report, IBM found that while the attacks have died down, approximately half of the original 500,000 potentially vulnerable servers remain unpatched.

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

As in any job, in cybersecurity it’s the paperwork that gets you. In a recent study, the Government Accountability Office found that agencies are doing an incomplete job in documenting their response to security incidents.

Agency Incident Response Rate

August 28, 2014 4:21 pm | by William Jackson, GCN | Comments

As in any job, in cybersecurity it’s the paperwork that gets you. In a recent study, the Government Accountability Office found that agencies are doing an incomplete job in documenting their response to security incidents.       

TOPICS:
Digital devices have provided law enforcement agencies investigating child abuse and exploitation with an embarrassment of riches. The devices can hold thousands of images that can be used as evidence and as clues to help identify and find missing childre

Improved Image Analysis Tools Speed Exploited Children Cases

August 28, 2014 10:29 am | by William Jackson, GCN | Comments

Digital devices have provided law enforcement agencies investigating child abuse and exploitation with an embarrassment of riches. The devices can hold thousands of images that can be used as evidence and as clues to help identify and find missing children. But the sheer volume of data being reviewed can slow an investigation to a crawl.

TOPICS:
JPMorgan Chase & Co is investigating a possible cyber attack and working with law enforcement authorities to determine the scope. It disclosed the investigation after the FBI said Wednesday evening it was investigating media reports earlier in the day tha

JPMorgan Probes Possible Cyber Attack

August 28, 2014 9:40 am | by Reuters | Comments

JPMorgan Chase & Co is investigating a possible cyber attack and working with law enforcement authorities to determine the scope. It disclosed the investigation after the FBI said Wednesday evening it was investigating media reports earlier in the day that several U.S. financial companies have been victims of recent cyber attacks.

TOPICS:
Advertisement
As the acting cybersecurity chief of a federal agency, Timothy DeFoggi should have been well versed in the digital footprints users leave behind online when they visit web sites and download images. But he must have believed his use of the Tor anonymizing

Federal Cybersecurity Director Found Guilty on Child Porn Charges

August 27, 2014 11:28 am | by Kim Zetter, Wired | Comments

As the acting cybersecurity chief of a federal agency, Timothy DeFoggi should have been well versed in the digital footprints users leave behind online when they visit web sites and download images. But he must have believed his use of the Tor anonymizing network shielded him from federal investigators.

TOPICS:
Black Hat USA 2014 recently welcomed more than 9,000 of the most renowned security experts. Tucked away from the glamour of the vendor booths giving away t-shirts and the large presentation rooms filled with rockstar sessions, was the Arsenal — a place wh

Synergy of Hackers and Tools at the Black Hat Arsenal

August 27, 2014 10:50 am | by Mirko Zorz, Help Net Security | Comments

Black Hat USA 2014 recently welcomed more than 9,000 of the most renowned security experts. Tucked away from the glamour of the vendor booths giving away t-shirts and the large presentation rooms filled with rockstar sessions, was the Arsenal — a place where developers were able to present their security tools and grow their community.

TOPICS:
Alleged Silk Road mastermind Ross Ulbricht (aka, Dread Pirate Roberts), has been indicted on three additional charges, including narcotics trafficking, distribution of narcotics by means of the internet, and conspiracy to traffic in fraudulent identificat

Silk Road Kingpin Faces Yet More Criminal Charges

August 27, 2014 10:28 am | by Tara Seals, Infosecurity Magazine | Comments

Alleged Silk Road mastermind Ross Ulbricht (aka, Dread Pirate Roberts), has been indicted on three additional charges, including narcotics trafficking, distribution of narcotics by means of the internet, and conspiracy to traffic in fraudulent identification documents.

TOPICS:
According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of

NSA Increases Interagency Cooperation with Own Search Engine

August 26, 2014 11:00 am | by Cyrus Farivar. Ars Technica | Comments

According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on by The Intercept.

TOPICS:
Even before the academic semester starts, students from across the globe have begun registering for the largest set of student cybersecurity competitions in the world: the NYU Polytechnic School of Engineering Cyber Security Awareness Week (CSAW).

NYU Launches Largest Cybersecurity Student Contests

August 26, 2014 10:04 am | by NYU Polytechnic School of Engineering | Comments

Even before the academic semester starts, students from across the globe have begun registering for the largest set of student cybersecurity competitions in the world: the NYU Polytechnic School of Engineering Cyber Security Awareness Week (CSAW).

TOPICS:
Advertisement
Six months ago, NIST released version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity. The framework was developed with industry in a collaborative and open process over the course of a year, as directed by President Oba

NIST Seeks Info on User Experiences with Cybersecurity Framework

August 26, 2014 9:54 am | by NIST | Comments

Six months ago, NIST released version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity. The framework was developed with industry in a collaborative and open process over the course of a year, as directed by President Obama in Executive Order 13636. NIST is now seeking public feedback on the framework.

TOPICS:
To help digital forensic and incident response (DFIR) professionals take on any Apple case without hesitation, the SANS Institute has introduced the new FOR518: Mac Forensic Analysis course. This intense hands-on forensic analysis course will help Windows

SANS Introduces Apple, Mac and iDevice, Forensic Analysis Course

August 26, 2014 7:56 am | SANS Institute | Comments

To help digital forensic and incident response (DFIR) professionals take on any Apple case without hesitation, the SANS Institute has introduced the new FOR518: Mac Forensic Analysis course. This intense hands-on forensic analysis course will help Windows-based investigators broaden their analysis capabilities and achieve the confidence and knowledge needed to comfortably analyze any Mac or iOS system without hesitation. 

TOPICS:
A cyber attack at a firm that performs background checks for U.S. government employees compromised data of at least 25,000 workers, including some undercover investigators, and that number could rise, agency officials say.

US Undercover Investigators among Those Exposed in Data Breach

August 25, 2014 11:20 am | by Jim Finkle and Mark Hosenball, Reuters | Comments

A cyber attack at a firm that performs background checks for U.S. government employees compromised data of at least 25,000 workers, including some undercover investigators, and that number could rise, agency officials say.       

TOPICS:
The video of James Foley’s execution may have been staged, with the actual   murder taking place off-camera, it has emerged. Forensic analysis of the   footage of the journalist’s death has suggested that the British jihadist in   the film may have been t

Foley Murder Video 'May Have been Staged'

August 25, 2014 10:29 am | by Bill Gardner, The Telegraph | Comments

The video of James Foley’s execution may have been staged, with the actual murder taking place off-camera, it has emerged. Forensic analysis of the footage of the journalist’s death has suggested that the British jihadist in the film may have been the frontman rather than the killer.

TOPICS:
A team of researchers have identified a weakness believed to exist in Android, Windows and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone.

Mobile OS Weakness Allows Apps to Steal Personal Information

August 25, 2014 9:47 am | by Sean Nealon, Univ. of California - Riverside | Comments

A team of researchers have identified a weakness believed to exist in Android, Windows and iOS mobile operating systems that could be used to obtain personal information from unsuspecting users. They demonstrated the hack in an Android phone.  

TOPICS:
Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers.

Stealing Encryption Keys through the Power of Touch

August 22, 2014 10:47 am | by Peter Bright, Ars Technica | Comments

Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers.             

TOPICS:
When APTs (Advanced Persistent Threats) are discovered, network security operations professionals are instantly under pressure to explain and resolve the problems swiftly. Without a robust understanding of the context, network traffic and content, SecOps

Know Your Advanced Persistent Threats' Unknowns

August 22, 2014 10:26 am | by Information Buzz Security | Comments

When APTs (Advanced Persistent Threats) are discovered, network security operations professionals are instantly under pressure to explain and resolve the problems swiftly. Without a robust understanding of the context, network traffic and content, SecOps professionals are often left to rely on informed guesses and not verifiable facts.

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading