Collaborate Disseminate
Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to con… Continue reading Eyal Neemany, Javelin Networks – Paul’s Security Weekly #582
The survey found that the majority of cyberattacks – 75% – came from outsiders, while 25% were due to insiders. Continue reading Phishing is still the most commonly used attack on organizations, survey says
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Continue reading The Vulnerability Disclosure Process: Still Broken
Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal Neemany talks about bypassing two-factor authentication on Active Directory. Full Show Notes Subscribe to YouTube Channel
The post Bypassin… Continue reading Bypassing Two-Factor Authentication – Paul’s Security Weekly #539
Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it. Continue reading What You Should Know About the ‘KRACK’ WiFi Security Weakness
Over the past year or so, there’s been an explosion of interest in vulnerability disclosure policy — the question of what to do about flaws in software found by security researchers that should be patched lest they get used by hackers to break into computer systems. Both the Defense Department and the General Services Administration have launched bug bounty programs to reward researchers who responsibly report security flaws they find, and the National Telecommunications and Information Administration’s multistakeholder process published a guide to coordinated vulnerability disclosure, or CVD. Even the Justice Department has gotten in on the act — putting out a set of legal guidelines for companies and other organizations interested in establishing a vulnerability reporting and fixing process. So you would think the publication of yet another set of guidance would be anti-climatic and might even be ignored. But you’d be wrong. The prestigious Software Engineering Institute at Carnegie Mellon University […]
The post This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly appeared first on Cyberscoop.
Veteran federal IT official Roberta G. “Bobbie” Stempfley will take over the Carnegie Mellon University Software Engineering Institute’s CERT Division, the oldest Computer Emergency Response Team in the world, SEI announced this week. “From my positions in government, I have come to know and respect the work done by the talented cybersecurity professionals at the SEI’s CERT Division,” said Stempfley in a release. “It is now my honor to lead this division, which, for nearly 30 years, has been at the forefront of our nation’s cyber defense. I look forward to working with this team.” Before coming to CERT, Stempfley was director of cyber strategy implementation at non-profit government technology contractor the MITRE Corp. She previously served as deputy assistant secretary and acting assistant secretary in the Office of Cyber Security and Communications for the Department of Homeland Security. Prior to that, Stempfley worked at the Pentagon as CIO of the Defense Information Systems Agency […]
The post Bobbie Stempfley will lead Carnegie Mellon CERT appeared first on Cyberscoop.
Continue reading Bobbie Stempfley will lead Carnegie Mellon CERT
Netgear has confirmed a critical vulnerability in its Nighthawk routers that expose devices to command injection attacks. A public exploit is available. Continue reading Netgear Routers Remain Exposed to Critical Flaw