Randall Trzeciak, CERT – Enterprise Security Weekly #125

    Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute! Randall will be speaking at InfoSec World 2019 about “An Effective Insider Threat Program” on Saturda… Continue reading Randall Trzeciak, CERT – Enterprise Security Weekly #125

Eyal Neemany, Javelin Networks – Paul’s Security Weekly #582

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to con… Continue reading Eyal Neemany, Javelin Networks – Paul’s Security Weekly #582

Phishing is still the most commonly used attack on organizations, survey says

The survey found that the majority of cyberattacks – 75% – came from outsiders, while 25% were due to insiders. Continue reading Phishing is still the most commonly used attack on organizations, survey says

The Vulnerability Disclosure Process: Still Broken

Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Continue reading The Vulnerability Disclosure Process: Still Broken

Bypassing Two-Factor Authentication – Paul’s Security Weekly #539

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal Neemany talks about bypassing two-factor authentication on Active Directory. Full Show Notes Subscribe to YouTube Channel
The post Bypassin… Continue reading Bypassing Two-Factor Authentication – Paul’s Security Weekly #539

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it. Continue reading What You Should Know About the ‘KRACK’ WiFi Security Weakness

This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly

Over the past year or so, there’s been an explosion of interest in vulnerability disclosure policy — the question of what to do about flaws in software found by security researchers that should be patched lest they get used by hackers to break into computer systems. Both the Defense Department and the General Services Administration have launched bug bounty programs to reward researchers who responsibly report security flaws they find, and the National Telecommunications and Information Administration’s multistakeholder process published a guide to coordinated vulnerability disclosure, or CVD. Even the Justice Department has gotten in on the act — putting out a set of legal guidelines for companies and other organizations interested in establishing a vulnerability reporting and fixing process. So you would think the publication of yet another set of guidance would be anti-climatic and might even be ignored. But you’d be wrong. The prestigious Software Engineering Institute at Carnegie Mellon University […]

The post This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly appeared first on Cyberscoop.

Continue reading This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly

Bobbie Stempfley will lead Carnegie Mellon CERT

Veteran federal IT official Roberta G. “Bobbie” Stempfley will take over the Carnegie Mellon University Software Engineering Institute’s CERT Division, the oldest Computer Emergency Response Team in the world, SEI announced this week. “From my positions in government, I have come to know and respect the work done by the talented cybersecurity professionals at the SEI’s CERT Division,” said Stempfley in a release. “It is now my honor to lead this division, which, for nearly 30 years, has been at the forefront of our nation’s cyber defense. I look forward to working with this team.” Before coming to CERT, Stempfley was director of cyber strategy implementation at non-profit government technology contractor the  MITRE Corp. She previously served as deputy assistant secretary and acting assistant secretary in the Office of Cyber Security and Communications for the Department of Homeland Security. Prior to that, Stempfley worked at the Pentagon as CIO of the Defense Information Systems Agency […]

The post Bobbie Stempfley will lead Carnegie Mellon CERT appeared first on Cyberscoop.

Continue reading Bobbie Stempfley will lead Carnegie Mellon CERT