January 30, 2015 | Kate Brew

CryptoParty at Austin OWASP

One of Edward Snowden's first moves involving going around the NSA was to attend a CryptoParty in Hawaii. Not that we are anything like Edward Snowden, but we went ahead and had a CryptoParty at our Austin OWASP chapter meeting on 1/27/15. Here is a recording of the event http://vimeo.com/channels/owaspaustin First speaker was Phil Beyer, speaking…

January 29, 2015 | Charisse Castagnoli

3 Simple Steps to improve your Company’s Security DNA

With all the security breaches in 2014, no organization can have failed to realize that cyber risk is now part of ongoing organizational risk. Information security is considered right at the top with disaster recovery and business continuity. And every organization struggles with ensuring their staff and employees don’t introduce additional security risk on top of all the external security…

Get the latest
security news
in your inbox.

Subscribe via email


January 27, 2015 | Patrick Bedwell

Ghost Vulnerability - the Buffer Overflow Beat Goes On

Qualys today announced a new vulnerability, GHOST (CVE-2015-0235). The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. This is a common threat vector; buffer overflow vulnerabilities have been in the threat landscape for years. Attackers…

January 26, 2015 | Garrett Gross

New Detection Technique – Social Engineering Toolkit

Have you ever heard of “penetration testing” (or “pen testing”)? That’s when a security professional tries to hack into their own (or their client’s) environment to ensure that the security controls put in place are, in fact, functioning properly. It’s a great technique and can uncover some overlooked soft spots…

January 22, 2015 | Tom D'Aquino

0Day Vulnerability in Adobe Flash being exploited by Angler Exploit Kit - What to Do

A few hours ago, a security researcher, Kafeine, spotted an instance of the Angler Exploit Kit which is exploiting an unpatched vulnerability affecting Adobe Flash. It appears that any version of Internet Explorer or Firefox with any version of Windows can be owned if the latest version ( of Adobe Flash is installed and enabled. Victims of this type of attack…

January 22, 2015 | Michael Roytman

Threat Intelligence - Beyond the Hype

Threat Intelligence Definitions Cyber Squared defines threat intelligence as “An emerging information security discipline that seeks to recognize and understand sophisticated cyber adversaries, specifically why and how they threaten data, networks, and business processes.” And Gartner takes a stab at defining it: “Threat intelligence is evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice...that can be used to…

January 20, 2015 | Joe Schreiber

MSSP Success Series – Make a List

Managed Security Services Providers (MSSPs), like any other business, are a factor of its People, Process, and Product. This series will offer insight into each of those factors and offer practical ways for MSSPs to achieve success - and end users might also find this information helpful. Have A List And Check It Twice! You’ve just closed the first…

January 14, 2015 | Kate Brew

General Pace’s Leadership Advice: Take Care of Your People

Retired General and former Chairman of the Joint Chiefs of Staff, Peter Pace, presented at the AlienVault Sales Kick Off (SKO) today. If anyone expected bone-crushing, aggressive militaristic leadership advice from the General, they didn’t get it. General Pace focused on the value of being a caring organization, where leadership gives subordinates direction, and subordinates are empowered to make…

January 13, 2015 | Varun Kohli

Five Ways to Avoid Next-Gen Mobile Attacks

The Sony hack is the talk of the town these days but just a couple of weeks back CIOs, CSOs and IT managers around the world awoke to alarming news of the largest retail data breach in U.S. history (at least 56 million credit card numbers stolen from Home Depot). In a knee-jerk reaction to the data breach, the Home…

January 8, 2015 | Kate Brew

AlienVault Training - Notes from Class

I recently attained AlienVault Certified Security Analyst (ACSA) and AlienVault Certified Security Engineer (ACSE) certification, after taking an AlienVault 5-day training course and passing a test. It is probably a little biased since I am an AlienVault employee; however, I found the course to be quite good. For an impartial view, check out this 3rd party review. Following are a…

January 6, 2015 | Garrett Gross

Tor: Problematic for IT

Are you aware of everything that your users are accessing from your environment? While most of the time, non-work-related internet browsing is harmless (looking at pictures of cats, online shopping, social media, etc.) there are some instances where you could be an unknowing and unwilling participant in criminal activity. That is, when users hide that activity via the Tor network,…

December 23, 2014 | Clare Nelson

Are Information Security Certifications Worthwhile? Part 2

If you determine that information security certifications will help your career, which ones should you take? What is the right order? In Part 1, I introduced this topic. In Part 2, I suggest you do some research and sleuthing before embarking on a certification exercise. Information security certifications span many categories including general, technical, or audit/risk-oriented. TechTarget’s IT Security Certification…