How security researchers and programmers hunt software bugs for cash rewards The business of bug hunting is a potentially lucrative one for both seasoned security researchers and amateurs with an interest in hacking. It’s an area that’s gaining legitimacy thanks to official bug bounty programs and hacking contests, but there’s still a seedy underbelly … Continue reading Bugs for cash: Bounty hunters in the new wild west of security
Watch out for April Fools scamming on Friday by Kevin Frey Annually, businesses and organizations often put up jokes or pranks for April Fools’ Day. Google, Starbucks, Amazon, etc. are frequent participants. E.g. Last year, Amazon revamped their site to look their old, original 1999 version… and Google (known for multiples) turned its “Maps” app … Continue reading Towerwall Information Security Alert Vol 14.07 – Watch out for April Fools scamming on Friday
Complacency in addressing known vulnerabilities puts users at risk If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 … Continue reading Hundreds of cloud apps still vulnerable to DROWN
According to Cisco’s 2015 Annual Security Report, 91 percent of companies have an executive with direct responsibility for security, but only 29 percent of them have a Chief Information Security Officer. The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety, and a widening gap in the skills required to identify … Continue reading Do you have the right person for the job?
Click here for more information & to register! Please save the date and plan to join us for this timely forum on what you need to know about the latest security issues, threats, and technologies that will help you protect your business!
WASHINGTON – The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees. The IRS has learned this scheme part of the surge in phishing emails seen this year already has … Continue reading Towerwall Security Alert Vol 13.05 – IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s
Security researchers reveal new technique to break TLS using SSLv2 server. The war to close down security vulnerabilities is never-ending, but the new “DROWN” vulnerability is one of the biggest to rear its ugly head in recent months. A group of security researchers from a number of different universities and research institutes just unveiled this … Continue reading DROWN attack sinks security for millions of websites
Following the Center for Internet Security’s best practices. We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense. It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so … Continue reading Create a data recovery plan and secure your network
Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information, or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. The team at BakerHostetler has developed a prompt and practical PDF … Continue reading 2015 International Compendium of Data Privacy Laws
10. A hedge against a breach A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry. 9. High talent at low costs As a temp hire, a vCISO offers flexibility and … Continue reading 10 Things I Know About…Hiring a vCISO