The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident.
Adam O’Donnell of Sourcefire talks about the future of antimalware. Malware analysis tools are improving, but enterprises need to invest in forensics teams to better understand emerging threats. Antivirus vendors face the daunting challenge of adapting mobile platforms, O’Donnell says. Mobile will draw more cybercrime when attackers find it a worthwhile investment, he said.
In the wake of the Stuxnet malware being documented as the most significant example of a nation-state cyberattack to date, expert Nick Lewis discusses how enterprises concerned with surviving cyberwar can begin making preparations.
The SearchSecurity editorial team preview some of the mobile sessions at the 2012 Black Hat Briefings in Las Vegas. Researchers will be picking apart all the major mobile platforms, NFC payment technology, and uncovering weaknesses in cellular architectures. Apple will speaking publicly for the first time about its security processes.
Security expert Trey Ford talks about the upcoming the Black Hat security conference. Ford is general manager of Black Hat 2012.
Flame was designed as a monolithic framework to enable people to carry out attacks without having deep knowledge of software coding or the way malware works, said Joe Stewart, director of malware research at Dell Secureworks.
Jim Lewis of CSIS and Stephen Cobb of ESET join the SearchSecurity team in a discussion about the impact that nation-state attacks have on the security industry and the way businesses secure their systems. Stuxnet, Flame and Duqu are being linked to state-sponsored cyber activities, but the real threat may come from cybercriminals who follow no rules of engagement and are difficult to control.
The PCI Security Standards Council recently urged merchants to use certified point-to-point encryption hardware when swiping credit card payments with a mobile device. But Bob Russo, general manager of the PCI SSC insists that the PCI Council is not endorsing the technology. In this interview, Russo discusses the state of the PCI special interest groups (SIGs) and addresses why no Mobile SIG exists.
Business logic flaws are costly to detect but even more costly if they are exploited, says application security expert Dan Kuykendall, CTO of NTOBJECTives Inc. Manual testing can detect the issues before cybercriminals can take advantage of the flawed functionality.
In this edition of Security Squad, the editors discusses the 2012 Verizon DBIR findings that have been hyped and misconstrued and why only 8% of organizations make a breach discovery with internal technologies. Also, a discussion on how the message delivered at a recent conference by several security luminaries fell flat.