WordPress Cookie Flaw Lets Hackers Hijack Your Account

Posted by:

woodpress cookie flaw

WordPress Users Beware!

Do you own a blog on WordPress.com website? If so, then you should take extra care while signing into your WordPress account when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication.

Yan Zhu, a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are ...

Read More →
0

50% Of Security Professionals Do Not Secure Their Mobile Devices

Posted by:

secure mobile devices
If you’re a security professional you have to ask yourself “Why don’t I have my own devices secured?”  Well, you’re not alone.

New research has found that half of security professionals don’t bother to secure data on portable devices.

The findings, uncovered by an iStorage survey which questioned 500 attendees at Infosec 2014, revealed that 50 per cent of security pros don’t bother with security measures or encryption when it ...

Read More →
0

SEC Provides Guidance on CyberSecurity Exams

Posted by:

SEC Cybersecurity ExamsIn an April 15, 2014 Risk Alert, the U.S. Securities and Exchange Commission’s Office of Compliance Inspection and Examinations (OCIE) announced that it would conduct examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity.

The OCIE Alert includes a sample request for information and documents that will be used in the initiative. This sample ...

Read More →
0

Covert Redirect Is Just a Flaw It’s Not Another Heartbleed

Posted by:

covert redirect is no heartbleedBut That Doesn’t Mean Its Not A Problem

On Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called “Covert Redirect,” promoting it as a vulnerability in OAuth 2.0 and OpenID. Yet Jing’s contention of security flaws in OAuth and OpenID has serious flaws of its own, according ...

Read More →
0

Compliance: Why You Can’t Afford To Stay With Windows XP

Posted by:

Now that there has been a Zero Day vulnerability identified in IE that will NOT be patched in Windows XP, we have to ask, “what will it take to get you off XP?” Perhaps the fact that you will not be able to meet your compliance requirements will provide the push you need to upgrade.

Many companies, large and small, have relied on Windows XP for years, and it hasn’t been an issue for compliance. However, ...

Read More →
0

Microsoft Internet Explorer Security Bug Could Impact Millions of Users

Posted by:

internet explorer security flaw

It’s A Good Time To Change Browsers

Just when you thought things were starting to cool down a little after the Heartbleed Bug, Microsoft issued a security advisory on Saturday warning users of a vulnerability in its Internet Explorer web browser that could allow malicious “remote code execution.”

The vulnerability affects all versions of the browser and, as of this writing, there ...

Read More →
0

Heartbleed: Researchers Claim That 95% Of Detection Tools Are Flawed

Posted by:

heartbleed bug tools flawed

You’re Not Out Of The Woods Yet….

If you’ve used one of the free Heartbleed checker tools on the Internet and your site came up “clean” for Heartbleed, you might think again before you breath a sigh of relief.  There’s a good chance you haven’t really checked everything and there’s an even better chance your sites not free from exposure.

Some tools designed to detect the Heartbleed vulnerability are flawed and ...

Read More →
0

New Red Herring Honeypot Fights Heartbleed

Posted by:

red herring honeypotWASHINGTON: US cybersecurity researchers have developed a technique that fights the ‘Heartbleed’ virus, and detects and entraps hackers who might be using it to steal sensitive data.

The Heartbleed bug, which became public last week, has set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.

Researchers at The University of Texas at Dallas ...

Read More →
0

Akamai Heartbleed Patch – Not So Much!

Posted by:

Heartbleed Patch - Akami

Since Akami handles almost 1/3 of the Internet’s traffic so their patch that didn’t patch so much is a big deal.

Akami’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.

Writing on his company’s blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher ...

Read More →
0

Heartbleed: Gov. Agencies Respond

Posted by:

It’s Not Just A Website Issue

Security thought-leaders continue to offer insight into the Heartbleed bug. Avivah Litan, fraud analyst at Gartner Research, calls the issue “mega-serious.”

“I’m just trying to understand why all the news reports are focused on individual communications with websites,” Litan says. “SSL protocols, including OpenSSL, are used in most ‘trusted’ machine to machine communications. The bug affects routers, switches, operating systems and other applications that support the protocol in order to ...

Read More →
0
Page 10 of 11 «...7891011
})
SEC Cybersecurity Exams