A Valentine Love Letter from Your IoT-enabled Device

7 things you can do to secure our relationship

Aaron Perkins

February 11, 2016 - Posted by Aaron Perkins to Security Insight

IoT Love

To the one who holds the key to my heart,

We have known each other for nearly two months now. We met on Christmas, and I still remember it like it was yesterday.

Your eyes lit up as you held me close, and you knew this was just the beginning of a beautiful relationship between a human and his Internet of Things (IoT)-enabled device.

And indeed it has been just that – a beautiful relationship. But as we make our way through this “month of love”, where flowers and chocolates abound, I feel I really need to share my heart with you – what I’m really feeling.

It’s no secret that we complete each other. In fact, it seems we were made for each other, and... read more >

Introduction to Internet of Things (IoT) Security

12 Steps for creating a safe IoT environment

Vance Baker

February 09, 2016 - Posted by Vance Baker to Security Insight

Internet of Things

It’s hard to not find ourselves in possession of one of the so many newly available gadgets, technologies and appliances intended to improve our life experience. Most, if not all, of these new gadgets fall within the classification of “Internet of Things” (IoT), a rather nondescript categorization of devices that use Internet connectivity for a variety of purposes, ranging from entertainment to home automation to enhancing communications. The uncertainty of how to safely introduce these new things into our homes can be a little disconcerting.

Fear not! This blog provides a few basic steps allowing you to create a safe IoT environment in your home to connect those new gadgets and use them safely and in rapid fashion.

Let’s get the precautionary considerations addressed straightaway. First, security standards for IoT devices are evolving.... read more >

PCI SSC Revises Deadline – Should You?

Additional 24 months allowed for compliance

Bob Bybee

February 04, 2016 - Posted by Bob Bybee to Security News

PCI

In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.

The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >

Trust Yet Verify

#WarStoryWednesday

Brent White

February 03, 2016 - Posted by Brent White to Security Insight

Security Guard Assessment Background

When performing a social engineering assessment, you never know what type of person you’re going to encounter, especially when trying to enter the client’s facility.

Sometimes you’ll run into that person who ignores what you have to say, is a stickler for protocol, and is intent on verifying your story and your legitimacy for gaining access. These individuals are the ones who understand that security doesn’t equal convenience. They stick to their security awareness training and incident response procedures, and take the well-being of the company to heart. These are the employees that penetration testers want to avoid when playing the role of an attacker. Unfortunately, this type of employee is often rare in corporate security.

More often, you’ll encounter a very trusting and kind individual who is eager to help out without wanting to inconvenience you... read more >

Business Continuity When Using Cloud Services

Linode DDoS Attack

Vance Baker

February 02, 2016 - Posted by Vance Baker to Security Insight

Cyber Attacks Ahead

2015 ended with a bang and 2016 appears to be starting distressed …at least as far as Linode is concerned. Linode, a cloud service provider, has been under a Distributed Denial of Service (DDoS) attack since Christmas week. The attack has negatively impacted availability of all Linode’s global data centers and has brought the Atlanta data center under such a state of siege that operations were suspended for almost two days.

So, what are the lessons we might learn from this experience? 

First, the need for business continuity planning is especially important as we leverage cloud service providers in fulfillment of our service delivery objectives. When the unthinkable happens (e.g., shutdown of a service provider’s hosting operation), will the impact to subscribers be such that business reputation will be impaired? The answer is most certainly a resounding “YES.” We must consider the ability of the service provider to reallocate... read more >

SERT Q4 2015 Quarterly Threat Report

Evolving attack patterns, views of BASHLITE and JOOMLA, and a look forward on Android

Jon-Louis Heimerl

January 28, 2016 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team (SERT) released its Q4 2015 Quarterly Threat Report today.

As the source of 63 percent of all detected attacks and 79 percent of all detected malware, the United States is once again the most hostile source of cyberattacks. As we’ve seen in the past, this does not mean the attackers are within the U.S. but are using U.S. infrastructure as their launching pads. A 77 percent drop in reconnaissance activity from Q3 ’15 to Q4 ’15 indicates reconnaissance activity has plummeted nearly 88 percent from levels seen in Q2 ’15.

Malware detection and trends continue to vary widely from quarter to quarter, but one interesting observation is that the top five sources of malware accounted for 79 percent of all malware detected during Q4 ‘15. While detected malware rose only slightly through Q4... read more >

0-Day in Linux Kernels: High or Low Threat?

CVE-2016-0728: Evaluating the Threat Level

Jeremy Scott

January 26, 2016 - Posted by Jeremy Scott to Threat Intelligence

Lightbulb Overview

On January 14, 2016 researchers at Perception Point identified a 0-day local privilege escalation vulnerability (CVE-2016-0728) in Linux Kernel versions 3.8 to 4.4 (2012 – 2016). This flaw exists due to the kernel’s keyrings security facility used to retain cached security data, authentication keys, encryption keys and other data. Using a local user account, one can free a referenced keyring object and overwrite it to be executed in the kernel, escalating privileges to root. Based on statistics provided by Perception Point, tens of millions of personal computers (PCs), servers and 66% of all Android devices may be vulnerable.

The Solutionary Security Engineering... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS