Security Wire Weekly


November 7, 2013  2:25 PM

PCI SSC’s Bob Russo, Troy Leach discuss PCI DSS 3.0



Posted by: Eric Parizo
encryption, Financial security, Information Security, PCI, PCI DSS, PCI SSC, pen testing, Security Wire Weekly, web application security

On the eve of the release of PCI DSS 3.0, SearchSecurity spoke with Bob Russo, SSC general manager, and Troy Leach, SSC chief technology officer, about the most important changes in the new version of the standard that debuts Nov. 7, 2013. Russo and Leach also offer their perspective on the most important milestones in the history of the PCI standard, and how PCI community feedback has shaped what the standard has become.

July 16, 2013  1:15 AM

Gartner VP Gregg Kreizman assesses corporate IAM landscape



Posted by: Eric Parizo

In this SearchSecurity podcast recorded at the 2013 Gartner Security and Risk Management Summit, Gregg Kreizman, research vice president at Stamford, Conn.-based Gartner Inc., sits down with Assistant Site Editor Brandan Blevins and explains how evolving corporate identity standards are affecting the IT security landscape.

[0:37] SAML, OAuth 2.0 and OpenID

[1:55] Online Secure Transaction Protocol

[3:07] Trusted Platform Module

[3:43] Biometric methods

[5:23] The end of single-factor password systems

[6:54] 2013 Verizon Data Breach Investigations Report and enterprise authentication issues

[8:44] Mobility and IAM

[11:34] Federated Web authentication

[13:30] No. 1 enterprise authentication issue


December 26, 2012  3:15 PM

Top data breaches of 2012



Posted by: Robert Westervelt

A spate of high profile data breaches throughout 2012 hold important lessons. Lapses in basic security measures and stolen account credentials played a significant role in most of the breaches. The SearchSecurity editorial team discusses what can be done to bolster the security of corporate systems.


November 8, 2012  4:12 PM

Gary McGraw on proactive defense, offensive security



Posted by: Robert Westervelt
cybersecurity, cyberwarfare, security industry trends, Security Newsmakers

Software security expert Gary McGraw explains that investing in destructive cyberweapons could have dangerous consequences. He is advocating for a proactive defense approach to cybersecurity.


September 25, 2012  8:34 PM

Email attacks still highly successful attack vector



Posted by: Robert Westervelt
malware, Security Wire Weekly, spam

Ali Mesdaq a security researcher at FireEye Inc. explains why malicious file attachments are still a highly successful attack vector for cybercriminals. Automated attack toolkits, spambots and targeted attackers typically use the old standby technique because it works. FireEye has found a spike in malicious email attachments in 2012. Social engineering is at the heart of most attacks.


September 20, 2012  6:42 PM

Flame malware analysis, How to defend against fraudulent certificates



Posted by: Eric Parizo
Threat Monitor podcast

Security expert Nick Lewis analyzes Flame malware, plus gives tips for dealing with Flame’s most unique function: its use of fraudulent certificates.


September 19, 2012  12:54 PM

Formulate a more effective information security incident response plan



Posted by: Eric Parizo
Hot Type: Security Books in Audio

In this Hot Type podcast, author Neal McCarthy offers real-world examples that enterprises can use to form an information security incident response plan.


September 12, 2012  4:54 PM

Legal counsel vital component of incident response



Posted by: Robert Westervelt
data breach management, data security breach

Ellen Giblin an attorney at Ashcroft Law and Gant Redmon, the general counsel for Co3 Systems discuss the litigator’s role in incident response. The legal team should be contacted as soon as a security or privacy incident is detected because it shifts the burden and liability over to the attorney, according to Giblin. Learn where the company’s legal team fits into your incident response plan.


September 7, 2012  7:10 PM

Google Aurora attackers back with zero-day exploits, new targeted attack techniques



Posted by: Robert Westervelt
cyberespionage, cybersecurity, cyberwarfare, hacking

The Aurora attackers, which surfaced in 2009 targeting Google and dozens of other firms are improving their techniques and showing impressive skills, according to new research from Symantec. The group is a threat to U.S. defense contractors and their partners, including manufacturers and parts suppliers. Eric Chien, senior technical director for Symantec Security Response explains that the group behind the campaign are using a number of zero-day exploits and a new drive-by attack technique.


September 5, 2012  7:51 PM

The case for using anomaly based monitoring in zero day detection



Posted by: Eric Parizo
Threat Monitor

In light of recent failures by the signature-based model, expert Char Sample discusses anomaly-based monitoring technology and the potential it holds for enterprise security.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: