In the wake of the Stuxnet malware being documented as the most significant example of a nation-state cyberattack to date, expert Nick Lewis discusses how enterprises concerned with surviving cyberwar can begin making preparations.
The SearchSecurity editorial team preview some of the mobile sessions at the 2012 Black Hat Briefings in Las Vegas. Researchers will be picking apart all the major mobile platforms, NFC payment technology, and uncovering weaknesses in cellular architectures. Apple will speaking publicly for the first time about its security processes.
Flame was designed as a monolithic framework to enable people to carry out attacks without having deep knowledge of software coding or the way malware works, said Joe Stewart, director of malware research at Dell Secureworks.
Jim Lewis of CSIS and Stephen Cobb of ESET join the SearchSecurity team in a discussion about the impact that nation-state attacks have on the security industry and the way businesses secure their systems. Stuxnet, Flame and Duqu are being linked to state-sponsored cyber activities, but the real threat may come from cybercriminals who follow no rules of engagement and are difficult to control.
The PCI Security Standards Council recently urged merchants to use certified point-to-point encryption hardware when swiping credit card payments with a mobile device. But Bob Russo, general manager of the PCI SSC insists that the PCI Council is not endorsing the technology. In this interview, Russo discusses the state of the PCI special interest groups (SIGs) and addresses why no Mobile SIG exists.
Business logic flaws are costly to detect but even more costly if they are exploited, says application security expert Dan Kuykendall, CTO of NTOBJECTives Inc. Manual testing can detect the issues before cybercriminals can take advantage of the flawed functionality.
In this edition of Security Squad, the editors discusses the 2012 Verizon DBIR findings that have been hyped and misconstrued and why only 8% of organizations make a breach discovery with internal technologies. Also, a discussion on how the message delivered at a recent conference by several security luminaries fell flat.
Do you think you need a mobile device management platform? Think again, said Darrin Reynolds, vice president of information security at Diversified Agency Services. A formal policy should come first. Reynolds explains that security essentials can be done with existing systems.
Dave Kennedy, CSO of Diebold Inc. and a noted penetration tester talks about the need for enterprises to have more effective penetration tests and to stop buying the latest security technology. It doesn’t work, he told attendees at the 2012 InfoSec World Conference and Expo. Kennedy said businesses should base their pen testing requirements from the Penetration Testing Execution Standard (PTES) and hold pen testers responsible for meeting the standard.
Listen to the top security experts and learn about the latest cybersecurity research. Whether it’s the spread of malware, the explosion of spam or hackers exploiting flaws to steal sensitive data, this podcast series aims to find the right ways to defend against ongoing attacks to your systems.