ADS BY GOOGLE

Earlier this week, the Massachusetts Eye and Ear Infirmary and Massachusetts Ear and Eye, Inc. (MEEI) agreed to pay a hefty $1.5 million settlement to the U.S. Department of Health & Human Services for alleged HIPAA violations. According to MEEI, a personal laptop that contained unencr...
PCI DSS is the industry standard for the safe and secure processing of payment card transactions. In order for a business to effectively process card payments, PCI DSS needs to be used and maintained. As more firms head online, the internet offering a great many business opportunities ...
The powerful Metasploit framework helps you see your network as an intruder would see it. You might discover it is all too easy to get past your own defenses. The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework incl...
Whether you choose to embrace it or you try to resist it, the BYOD (Bring Your Own Device) trend is set to grow. The Cisco IBSG Horizons Study found that 78% of white-collar workers in the U.S. use a mobile device for work purposes and 41% of respondents indicated a majority of smartph...
The data center (as we knew it) is never going to be the same. Fluid changes are already in motion, brought about largely as a result of ‘paradigm’ shifts in computing. empowerment for those that can bring meaningful analytics to bear upon the new data stack and, conversely, security ...
A penetration tester simulates an attack on a customer’s network by trying to find a way inside. Many such attacks begin using a scanning tool, such as NeXpose, Nessus, or Nmap, to look for network vulnerabilities; however, several of the leading Intrusion Detection/Protection systems ...
There’s a house on my block that is constantly under renovation. Last year, the owners added on an in-law suite. This spring, they expanded their kitchen. A neighbor told me there are in plans in the works to extend the deck before fall. All of this has me wondering are these folks rea...
The Open Group's Jim Hietala recaps presentations at the recent Open Group Conference on cybersecurity and protecting global supply chains. Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move...
Identity theft, password breaches, viruses and worms, phishing attacks, Stuxnet—the more we rely upon technology in our increasingly connected world, the greater the risk that we’ll be hacked. Even worse, it seems that the rate at which hacking stories come across the wire is actually ...
Creating a Vulnerability Analysis is a quick and dirty calculation to help you begin the protection process. Nothing speaks to a business owner like the threat of losing money, losing customers, or losing employees. If you are tasked with "figuring it out", the following calculation is...
This thought leadership interview examines the latest efforts to make global supply chains for technology providers more secure, verified, and therefore trusted. The Open Group has a vision of boundaryless information flow, and that necessarily involves interoperability. But interoper...
Agile businesses are scrambling today as employees bring their shiny new personal mobile devices into the workplace and want to use them to get their work done. But the wide variety of mobile devices used by those workers can make it tough for IT departments to support all of them whil...
Disaster recovery represents a fundamental aspect of business, as it involves a series of steps taken in order to minimize the effects of an unplanned outage. This can include a natural disaster such as an earthquake, a computer virus that rips through systems or a gaping hole in secur...
An Open Group panel explores how the technical and legal support of ID management best practices have been advancing rapidly. ID management is really the process of identifying folks who are logging onto computing services, assessing their identity, looking at authenticating them, and...
Government agencies in the United States and around the world are increasing their use of social media to enhance the quality of government services and to encourage more citizen engagement and dialog. When used properly, social media can build trust and develop more efficient communic...
I’ve received a lot of questions lately about security in the Cloud and what CTOs should be considering when they are evaluating it. Here’s my advice, treat the Cloud like an extension of your corporate or production network, don’t treat it or hold it to a lower standard assuming that ...
Is your business creating a mobile app? It’s all the rage, of course. Ninety-one percent of the top 100 brands have branded apps out according to a report by mobile analytics firm Distimo last October. Symantec just announced new research that says 53% of North American companies are m...
Many IT departments have weak patching processes – especially on the client-side. And it’s no wonder – patching is tough. Across all industries and platforms, the Window of Exploit (WOE) – that is, the time lag between announced discovery and the availability of a patch – for web-based...
Just as business critical as perimeter security, having strong internal controls to manage users is important. Using cloud-managed security tools can help reduce incidents. So much is written about the events outside your perimeter; those nefarious and shadowy individuals and offshore...
A recent article in Government Computer News raised the topic of FISMA reporting, specifically describing the “pessimism” of many USG agencies over meeting the September 2012 deadline for “using continuous monitoring to meet Federal Information Security Management Act reporting require...
When we aren’t fighting crime, taking over the world, or enjoying a good book by the fire, we here on the eEye Research team like to participate in the Any Means Possible (AMP) Penetration Testing engagements with our clients. For us, it’s a great way to interact one-on-one with IT fol...
In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider...
Quick Response (QR) codes are intended to help direct users quickly and easily to information about products and services, but they are also starting to be used for social engineering exploits. This article looks at the emergence of QR scan scams and the rising concern for users today....
Managing access to confidential information and application resources via firewalls is the foundation of network security, and firewall audits are central to any mature network security process. However, relying on security and network experts to review rules across multiple firewall z...
Companies across all industries are fighting to secure their proprietary and confidential data behind firewalls and complex passwords; unfortunately, the reality is that this data is most likely still slipping through the cracks. The introduction of employee-owned devices and the consu...
The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve...
Joe Menn explores the current cyber-crime landscape, the underground cyber-gang movement, and the motive behind governments collaborating with organized crime in cyber space. Maybe you can make your enterprise a little trickier to get into than the other guy’s enterprise, but crime pa...
There are some technological concepts that simply go better together. Consider the cloud and information explosion; the cloud offers the potential for unlimited storage for a torrent of ever-increasing data. Another example is virtualization and IT agility; strategic virtualization imp...
We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios fo...
In just the past year, the number of attacks are up, the costs associated with them are higher and more visible, and the risks of not securing systems and processes are therefore much greater. Some people have even called the rate of attacks a pandemic. The path to reducing these risk...
You’ve spent months fixing the red items on an internal audit report and just passed a regulatory exam. You’ve performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You’ve tightened up your information security policy and recent...
In a recent blog post, Gary Sevounts, VP of marketing at Zetta, looks at the most popular offsite backup solutions for organizations with smaller budgets that can't afford a data center, but need their mission-critical data to be protected. Sevounts lists four options: tape, USB, mirro...
The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this proc...
The security community has a growing number of influential and important people, especially as the industry rises to meet the need to address more advanced security threats, such as targeted attacks. But how does a company in the security industry truly identify the influential people?...
The recent spike in insider threats, coupled with a rise in compliance considerations, has forced organizations to ensure only authorized users access sensitive application functionality and data. Historically, user entitlements or authorization logic has been embedded inside an applic...
How can all the players in a technology ecosystem gain assurances that the other participants are adhering to best practices and taking the proper precautions?
We are using the local port forwarding bound on a victim host so when we execute the route command and exploit internal hosts we can map them back to our initial victim, through the meterpreter connection and back to us. The Metasploit Framework is a penetration testing toolkit, explo...
Last week we saw that a proper Log Management tool is a powerful tool to catch the bad guys. Advertise your use of such a tool and you will send a clear signal to would-be attackers that they will be caught, which will act as a powerful deterrent, and curb bad behaviors. A 2004 study...
The OTTF’s purpose is to shape global procurement strategies and best practices to help reduce threats and vulnerabilities in the global supply chain. The framework outlines industry best practices that contribute to the secure and trusted development, manufacture, delivery and ong...
This is really not about adding some security band-aid onto a technology or a product. It's really about the fundamental attributes or assurance of the product or technology that’s being produced. The OTTF is a group that came together under the umbrella of The Open Group to identify ...


ADS BY GOOGLE