A wasted investment is the last thing any organization needs, yet the cost of a cybersecurity solution doesn’t necessarily equate to value. Consider Security Information and Event Management, or SIEM tools for example. Dark Reading points out that the tool itself is not the key factor in the effectiveness – it must be properly configured […]
Could you have the same vulnerability that led to the Equifax breach?
Regardless of the size of your organization, it’s very likely that you could. Vulnerabilities including the bug reportedly responsible for Equifax’s data breach are still common elements of open-source systems used by developers for creation of business applications and web portals. While this saves time and money on the development side, unless they perform regular […]
Don’t Be ‘fraid of No GHOST; Glibc Vulnerability
During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually covered GHOST already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here
Poodle’s Back – WSWiR Episode 132
Another week, another batch of information security (infosec) news. Would you like a quick summary, rather than hunting it down yourself? No problem! Just check out our weekly video every Friday. Today’s episode covers the Patch Day bonanza, lots of updates on the Sony Pictures breach, and a new twist on the “Poodle” SSL/TLS vulnerability
Getting Started with Gateway AntiVirus
This video tutorial defines Gateway AntiVirus, explains how to activate and configure Gateway AntiVirus, and shows how Gateway AntiVirus and WatchGuard Dimension work together. Run Time: 7…
Evil Tor Exit Node – WSWiR Episode 127
Security FUD, Black Energy, and Tor Terror Happy Halloween! The Internet “threatscape” has changed drastically over the past few years, with many more cyber security incidents each year and tons of information security (infosec) news in the headlines. Can you keep up? If not, maybe my weekly infosec video will help.
How to Neuter POODLE (New SSL Vulnerability)
Surprise, surprise… Researcher’s have found yet another OpenSSL vulnerability . They’ve named this one POODLE. Silly name, I know, but at least it stands for something—Padding Oracle On Downgraded Legacy Encryption
Bugzilla Zero-Day Exposes Zero-Day Bugs
A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors
Shellshock – WSWiR Episode 123
Serious Bash Flaw affects *nix, Mac OS X, and IoT Normally, my weekly video covers a number of important information and network security stories, in order to keep you informed of the latest threats. However, this week one story is so important I give it the primary focus. Today’s show covers the critical “Shellshock” vulnerability in Bash.
‘Shellshock’ Bug Spells Trouble for Web Security
As if consumers weren’t already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise. The bug is being compared to the recent Heartbleed vulnerability because of its ubiquity and sheer potential for causing havoc on Internet-connected systems — particularly Web sites