When APTs (Advanced Persistent Threats) are discovered, network security operations professionals are instantly under pressure to explain and resolve the problems swiftly. Without a robust understanding of the context, network traffic and content, SecOps professionals are often left to rely on informed guesses and not verifiable facts.
How are ex-military and ex-hackers different? For starters, security guys with a military...
Computer security researchers from TU Darmstadt/CASED in Germany and North Carolina State...
With cyber war comes the threat of new forms of espionage, as well as sabotage conducted within both the information systems and control systems that form the interface between the physical and cyber worlds. Security, both physical and cyber, traditionally has been outward facing. But espionage and sabotage often are the domains of the trusted insider, the agent operating from within.
If you have an account and were asked to put a price on a monthly service fee, how much money would you pay to be inspired, to keep up with news events, or to stay in touch with family, friends and colleagues? You're paying for it now, of course, though not with money.
Discussions of what government should do about the state of poor cyber defenses tend to focus on some kind of change in the law to raise regulations and/or lower liabilities. That is well and good, but government should also think about building a new organization for the cyber age. And it can do so by taking inspiration from one of the most successful agencies created in the past.
Turning computer code into a kind of math puzzle may hold the key to protecting software from hackers. A consortium of universities developing the idea, called mathematical obfuscation, recently received a $5 million grant from the U.S. government as part of a broader cybersecurity initiative.
There's a gaping hole in thousands of unsuspecting people's computers that lets any random internet passerby not only look over their shoulder but reach through to take over their systems. The hole is caused by a remote access tool: specifically, unsecured use of a product known as Virtual Network Computing (VNC).
Mixing upper and lower case letters, numbers and special characters doesn’t make passwords any harder for hackers to crack, only increasing the number of characters does, according to new research from Trustwave.
The hottest topic in the insurance world today is cyber risk insurance, or coverage for the response to and fallout from cyber crime and breaches. Although high–profile breaches have led to skyrocketing interest in cyber insurance, they have also highlighted a glaring weakness in insurance companies’ ability to price — and therefore offer — such coverage: the lack of incident resolution expertise.
Edward Snowden has made us painfully aware of the government’s sweeping surveillance programs over the last year. But a new program, currently being developed at the NSA, suggests that surveillance may fuel the government’s cyberdefense capabilities, too.
Virtual environments are a tool that security researchers and security software use to automatically analyze and detect malware. But according to Symantec research, virtual machines (VMs) are becoming more common in enterprise operational environments — so malware authors are learning to write their code to attack that infrastructure more effectively while avoiding detection.
Black Hat USA 2014 hosted over 9,000 attendees in Las Vegas last week and featured 110 highly informative briefings. Don't fret if you missed it: Some of BHUSA's best talks have now been uploaded to YouTube.
Computer forensic and cybersecurity tools are getting smarter and easier to use by the week, but I'd like to offer a contrarian view and tell you that it's not necessarily a good thing. Better tools — or rather, better tool marketing — can lull you into a false sense of security.
Efforts to pressure the automobile industry into better locking down cyber security in automated features of modern cars has intensified as a collective of security researchers sent the CEOs at major auto firms an open letter calling for them to adopt a new five-star cyber safety program.
Alarmed by mounting cyber threats around the world and across industries, a growing number of security experts see aggressive government action as the best hope for averting disaster.
Network breaches are inevitable. It’s what happens next that really matters, said renowned cryptographic expert Bruce Schneier during the Black Hat security conference.
If there is one thing there's no lack of in Las Vegas at the Black Hat conference, it's drama. This year's show is shaping up to be no different. But before we get there, let's take a quick look back at some of the big demos and research highlights of the past so we can see how influential this show's moments have been in shaping the industry.
Cybersecurity researchers at the Georgia Tech Research Institute are developing a tool that amasses information from the Internet to give organizations an early warning of a pending cyber-attack. The system, known as BlackForest, scrapes and analyzes information culled from a variety of online sources to detect potential attacks.
Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems - a claim that, if confirmed, could prompt a review of aircraft security.
The National Science Foundation's (NSF) Secure and Trustworthy Cyberspace (SaTC) program has announced two new center-scale "Frontier" awards to support large, multi-institution projects that address grand challenges in cybersecurity science and engineering with the potential for broad economic and scientific impact.
Nearly three-quarters of all Internet of Things devices are susceptible to getting hacked or compromised, according to a recent study. The study, released by Hewlett-Packard (HP), examined 10 common smart devices, including thermostats, smart TVs and webcams. Each device had approximately 25 vulnerabilities.
Gathering and understanding cyber intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest helps corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.
A key to reducing cyber crime is getting victims — often major corporations — to cooperate with authorities, two top federal law enforcement officials said during visits to Pittsburgh.
In an interview with former National Security Agency Director General Keith Alexander, Foreign Policy's Shane Harris learned that Alexander plans to file “at least” nine patent applications — “and possibly more" — pertaining to technology for detecting network intruders.
Federal Chief Information Security Officers (CISOs) and information security executives face a number of challenges in today's dynamic, fast-paced environment. These challenges include advanced persistent threats, system vulnerabilities, and regulatory compliance, to name a few.
It has been over a year since The Guardian reported the first story on the National Security Agency’s surveillance programs based on the leaks from former NSA contractor Edward Snowden, yet the national conversation remains largely mired in a simplistic debate over the tradeoffs between national security and individual privacy. It is time to start weighing the overall costs and benefits more broadly.
Cybersecurity is being pushed in two directions. On the one hand, the growing complexity of information systems and the onslaught of threats facing them are putting a premium on speed. Automation is the future of security.
- Page 1