2015 was another difficult year for Cybersecurity practitioners and organizations working to defend themselves against an increasingly innovative, aggressive, and situationally aware set of adversaries. Large breaches made headlines, while many individuals and smaller organizations were victimized by well monetized crimeware[1] (especially ransomware[2]) and various email and other online account compromises. We see susceptibility to social engineering, unpatched (vulnerable) software, and a … [Read more...]
Heartbleed Overview and Next Steps
Heartbleed Overview In the last few days, news of the OpenSSL Vulnerability known as Heartbleed has been picked up by the mainstream media which is prompting a lot of questions. Here’s a brief explanation of the issue, its context, and some suggestions on how to mitigate your risks. What is Heartbleed? This was a name given to recently publicized vulnerability in OpenSSL that is tracked as CVE-2014-0160 in the National Vulnerability Database. OpenSSL is an open … [Read more...]
Java Security
Most software security vulnerabilities are quietly patched by vendors and don’t make front page news. The recently publicized Java 7 vulnerability made headlines after being announced by US-CERT (Vulnerability Alert #625617) on January 10. (US-CERT stands for US Computer Emergency Readiness Team and is a part of the Department of Homeland Security.) Mainstream news outlets such as CNN and NBC began carrying the story on Friday, January 11, 2013 reporting that the Department of … [Read more...]