-
List open ports and listening services
If you're looking for a way to discover which ports are standing wide open on network machines, read about a powerful cross-platform solution that will do the trick.
-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
User education drops down ASD strategies to prevent security intrusions
An increase in intrusions using techniques that an educated user would not detect has led Australia's signals intelligence unit to place user education as the 28th most effective strategy for mitigati...
-
How mid-to-large companies can optimize security budgets
These tips will help medium-to-large businesses learn to make the most of their IT security budgets.
-
![]()
SMB penny stretching 101: Making the most of your security budget
SMBs can learn how to deal with limited IT security budgets and scarce resources by prioritizing security controls and needs.
-
![]()
Droidpak: A sneak attack on Android devices via PC malware
New Android banking malware leverages vulnerable PCs to install itself on Android mobile devices. Learn how to foil this latest exploit.
-
![]()
Malicious intent can turn Chrome speech recognition into spying device
A speech recognition expert contends malicious players can turn Google's Chrome web browser into a remote listening device.
-
![]()
Researchers describe tool that manipulates RAM, misleads cybercrime investigators
At Shmoocon 2014, Jacob Williams and Alissa Torres described a concept tool that would allow cybercriminals to cover their tracks by altering the contents of a computer's memory.
-
![]()
Internet of Things botnet may include TVs and a fridge
Security firm Proofpoint believes they've detected a spam-sending botnet that includes internet-connected televisions and a refrigerator.
-
![]()
Fake security messages more believable than real warnings research shows
Cambridge University researchers reveal why people believe malicious, fake security messages and ignore real warnings.
-
![]()
Target data breach exposes serious threat of POS malware and botnets
In the wake of Target's massive data breach, Michael Kassner explores the rise of POS malware and botnets.
-
![]()
Technology can't stop phishing perhaps common sense can
Despite the warning, phishing attacks are still the favored attack vector of bad guys. It's time to forget technology and rely on good old common sense.
-
![]()
Neverquest banking malware more dangerous than Zeus trojan
New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.
-
![]()
Target data breach: What you should tell non-IT folks right now
Help your friends, family, and coworkers understand the Target security breach, protect their accounts, and stay calm.
-
![]()
Android flashlight app tracks users via GPS, FTC says hold on
Buried deep in the Brightest Flashlight Free app's EULA is language that let's the maker collect and resell user location data. An FTC complaint leads to better user notification and deletion of all e...
-
User education drops down ASD strategies to prevent security intrusions
An increase in intrusions using techniques that an educated user would not detect has led Australia's signals intelligence unit to place user education as the 28th most effective strategy for mitigati...
-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
Packet Ninjas: How to fight the DDoS threat
Regarding DDoS attacks, one security researcher says, "There is no security, there is only time." Is this perspective the key to better defense and mitigation?
-
Social engineering red flags and tips for training users
Social engineering leads to dangerous security lapses and is notoriously difficult to prevent. Make sure your organization's users can spot the most obvious red flags.
-
![]()
Gender gap: Why information security needs more women
A new report on infosec spotted significant differences in how men and women prioritize needed skills. Here's why greater diversity in the field matters.
-
![]()
Champion security best practices as a community service
Hone your speaking skills and enrich your community with your security expertise.
-
![]()
Security's weakest link: Technology no match for social engineering
A security researcher says there is a 100-percent success rate any time pen-testing uses social engineering to target victims. Here are some of the techniques used.
-
![]()
Infographic: What happens after a data breach?
High profile data breaches that expose customer information are in the news. This graphic shows how the thieves sell the info and make their money.
-
![]()
Encryption for the paranoid: Verifying TrueCrypt source code and binaries
TrueCrypt is open source and verifiable, but until someone actually does the verification, recent events have taught us to be skeptical.
-
The future of IT security compliance: 201 CMR 17.00
Why should you be concerned about a security rule that is part of the State law of Massachusetts -- especially if you aren't in business there? Donovan Colbert explains how compliance regulations have...
-
![]()
Ignoring security advice from the pros: The IT-user disconnect
IT pros and the general population of users have seemingly different agendas when it comes to security. Michael P. Kassner interviews a noted researcher about the psychology of these two groups.
-
![]()
New Android malware should be wake-up call for security admins
Security firm Kaspersky reported on a new malware threat that it calls the most sophisticated it has seen in targeting Android phones.
-
Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works
Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.
-
Mission impossible: Data identification and prioritization
Protecting your organization's most precious data is the goal, but not all data needs the same degree of care. Thinking strategically about what is most valuable can help you focus attention and funds...
-
How to successfully implement the principle of least privilege
Least privilege is a core security principle, but it's one that often meets with resistance by users. Here are tips for how to implement it and get the point across to others.
