Holiday Shoppers Beware!

Four threats to be aware of this holiday season

Terrance DeJesus

November 25, 2015 - Posted by Terrance DeJesus to Security Insight

When thinking about the period between November through the end of December, joyful thoughts of mouth-watering turkey, ham, mashed potatoes and (my personal favorite) stuffing, tend to come to mind. Let’s not forget about those Black Friday, Cyber Monday and holiday deals we are anxiously awaiting and hunting for. Once the deals are found, shoppers create stampedes at local stores to buy the intended items by swiping away at every credit/debit card system needed.

If you like to avoid the chaos, maybe you prefer entering your credit/debit card’s 16-digits, expiration date and CSV code into online shopping sites during Cyber Monday? Either way, with cybercrime on the rise and recent research making cyber news headlines, we should take a step back to ensure that our shopping process does not have negative results by reviewing a little bit of what has been going on, and how it could impact you during or after holiday shopping. Four scams to watch out for during this... read more >

Common Sense Holiday Travel Security Tips

Social Media Scrooges

Michael Born

November 24, 2015 - Posted by Michael Born to Security Insight

I recently had the pleasure of providing security guidance for a news story presented by the local Fox® affiliate. Since the reporter took a few liberties with what I actually said, I thought I would give you, the reader, these tips directly. So, here we go!

Some of what I’m about to say may seem like common sense but to the excited traveler anxiously awaiting a getaway weekend for the upcoming holidays, maybe not. There seems to be a common theme lately of people posting images of their boarding pass on social media sites, unaware of the dangers this actually poses. If we take a moment and examine the various boarding documents of the major airlines, we see a common occurrence of information, all of which when used together can pose pretty serious risk to the unaware holiday traveler.

Delta Airlines® Boarding... read more >

Security Review Policies in Higher Education

CMU and Advocacy for Strong Security Review Policies

Zach Holt

November 19, 2015 - Posted by Zach Holt to Security Insight


Last week the Tor Project created a bit of controversy when it accused Carnegie Mellon University (CMU) of accepting $1 million dollars in order to unmask Tor users.

At a high level, Tor is a privacy focused technology that routes traffic to hide the identity of its users. Tor became a favored technology by political activists and whistleblowers who need such protection, as well as cyber criminals and other unsavory types who want to abuse this protection. It isn’t a surprise that a government agency would be interested in breaking the veil of anonymity. The FBI supposedly used research from CMU to help bring down an illegal marketplace known as the Silk Road, which offered services ranging from normal legal goods, to forged documents, and a... read more >

Five Things Enterprises with Mature Security Programs Should be Thankful for this Thanksgiving

George Hulme

November 18, 2015 - Posted by George Hulme to Security Insight

Give Thanks

Next week many of us will gather to sit down for Thanksgiving dinner with family and friends to express gratitude and to give thanks. Many of us will overstuff our bellies and catch a football game. Whatever you and yours do, cybersecurity will – and probably should – be the last thing on your mind that day.

But that doesn’t mean enterprises can’t take some time to take note and express gratitude for significant security achievements this year.

Be Thankful For:

An accurate baseline of enterprise IT assets and data.

You know your business-technology environment. You know what systems manage your most critical data, and what public and private clouds and software services support those systems. When it comes to your network, you know your network devices and applications online, including desktops, servers, operating systems, applications, routers, firewalls, wireless devices and... read more >

OCC Issues Extortion Notice to Financial Community

A rise in cyber extortion causes OCC and FFIEC to issue an alert

Jon-Louis Heimerl

November 17, 2015 - Posted by Jon-Louis Heimerl to Security News


Two weeks ago today, on November 3, the Office of the Comptroller of the Currency (OCC) passed on a warning issued by the Federal Financial Institutions Examinations Council (FFIEC). The warning was essentially issued to the financial community, but applies to pretty much any business. The notice warns of cyber attacks, which include extortion, and points out that the FFIEC has seen in increase in both the frequency and quality of those attacks.

Without context, warning about “extortion” is pretty broad. The OCC notice is related to an FFIEC press release issued on November 3 of this year.

Ultimately, this extortion refers to holding some part of the target organization for ransom. These extortion attempts have typically come in the following scenarios:

  1. The attacker demands payment to have the attacker stop from proceeding with a denial of service (DoS) attack on the...
read more >

Web Application Testing with Python Part 3

AppSec USA 2015 Follow Up

Michael Born

November 12, 2015 - Posted by Michael Born to Security Insight

This blog is a continuation of the AppSec USA 2015 blog, “Web Application Testing with Python” and “Web Application Testing with Python – Part 2”. To follow along, please download the virtual machine and scripts that I’ll cover in these series of blogs (the files are posted on an OWASP-controlled Google Drive. See Resources below for the full URL).

In the previous blog post, “Web Application Testing with Python – Part 2”, we wrote two scripts to attack the login form of our vulnerable application in order to enumerate valid users. In this blog, we’ll continue attacking... read more >

Security Awareness for Managers

Protecting Yourself and Your Company

Guest Blogger

November 10, 2015 - Posted by Guest Blogger to Security Insight


Nowadays, security awareness training (SAT) is a top priority for organizations of any sizes. Thanks to SAT, management and employees can understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Many companies invest heavily in cybersecurity education programs for employees to learn how to protect their computer and personal information and how to be aware of the many hacktivists and cyber-criminals that scour the Web in search of targets and vulnerabilities.

Apart from employing corporate risk managers, IT managers, and also making use of security defense solutions (firewalls) and protection systems (IDPS), it has become necessary for companies to conduct training for everybody as part of the security strategy to reduce exposure to data integrity attacks and other threats. As breaches become more common, to take security awareness on board in an organization can reduce risks. Educating users... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)