Clik here to view.
Hardware security still essential at the heart of the payments infrastructure
In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration...
View ArticleClik here to view.
shiro源码分析(五)CredentialsMatcher
Realm在验证用户身份的时候,要进行密码匹配。最简单的情况就是明文直接匹配,然后就是加密匹配,这里的匹配工作则就是交给CredentialsMatcher来完成的。先看下它的接口方法: publicinterfaceCredentialsMatcher{...
View ArticleOpen Source Security: Can Security Be Open?
Open source security is emerging as an important new tool in the rapidly evolving world of software development The history of security looks like a cloak and dagger movie of the cold war era. It is a...
View ArticleOrganizations Face Ongoing Security Risks in the Cloud
If you think worries about cyber security in the cloud are dissipating as cloud services continue to proliferate, you’re mistaken. IT and security executives remain quite concerned about threats―maybe...
View ArticleClik here to view.
Finding Security Holes In Hardware
At least three major security holes in processors were identified by Google’s Project Zero over the past year, with more expected to roll out in coming months. Now the question is what to do about...
View ArticleChrome 69 security improvements welcomed
In addition to fixing 40 security vulnerabilities , Chrome 69 introduces a password manager that can auto-generate a random password for users logged into their Google accounts. Chrome then saves the...
View ArticleClik here to view.
揭秘Remcos下的僵尸网络
一、概述 思科Talos团队最近发现多起使用Remcos远程控制工具的事件,该工具由一家名为Breaking Security的公司出售,虽然该公司表示他们出售的软件只能用于合法用途,对于不遵守其最终用户许可协议的用户将撤销其许可证。但远程控制工具的贩卖给攻击者建立一个潜在的僵尸网络提供了所需的一切条件。 每个Remcos许可证的价格从58欧元到389欧元不等。Breaking...
View ArticleClik here to view.
ISC2018观察:大数据时代企业发展与个人隐私保护的博弈
一年一度的ISC互联网安全大会如期召开,在第六届互联网安全大会上会有哪些新的安全趋势让信息安全从业者加以关注和把控,值得我们进一步思索。 互联网社会到今天网络安全越来越重要,上升到国家安全、社会安全、企业经营安全等各个层面。正如大会开幕发言中提到的互联网的深度应用改变了我们的网络环境,物理与虚拟的边界正在消融,安全防护成为信息化的核心内容,安全的价值必然回归本源,安全从0开始。...
View ArticleClik here to view.
小心!ATM机可能把你的钱天女散花了
ATM(Automatic Teller Machine)即银行的自动柜员机,为我们办理存取款、转账等操作提供了许多便利。但是你能想象一台ATM机突然失控、疯狂往外吐钱的场景吗?千万不要以为这是“天上掉下的馅饼”来帮你实现一夜暴富的梦想,说不定攻击ATM的幕后黑手下一个就会瞄准你的银行卡。...
View ArticleClik here to view.
淡马锡联手新加坡巨头StarHub创办网络安全公司Ensign InfoSecurity
【猎云网(微信号:)】9月6日报道(编译:叶展盛) 新加坡电信巨头StarHub宣布和Leone Investments签署了联合投资协议以成立一家网络安全公司,其中Leone Investments是一家由淡马锡间接持股的公司。这家网络安全公司名为Ensign InfoSecurity,它由StarHub的Cyber Security Centre of Excellence、其子公司Accel...
View ArticleClik here to view.
ISC2018观察:“安全从0开始”看安全行业发展变化
大数据、云计算、物联网、人工智能等新一代信息技术的应用,给我们带来便利的同时,也带来了新的网络威胁。今年,影响全球的网络安全事件此起彼伏,这些事件告诉我们,感知安全威胁变得越来越困难,我们必须回到安全的本源和原点思考,让安全从0开始,重新审视网络安全的思想、方法、技术和体系。 9月4日,2018...
View ArticleClik here to view.
“安全至上 全局为王” 构建企业整体网络安全
9月4日至6日,以“安全从0开始”为主题的2018 ISC互联网安全大会(以下简称ISC),在北京国家会议中心成功举办。作为亚太地区规格最高、规模最大、影响力最为深远的网络安全盛会,本届ISC吸引了超4万名安全从业者汇聚一堂,共同探讨前沿技术和创新成果。而思科作为网络安全领域的创新引领者,不仅受邀参会,在6日下午举行的“工业互联网安全分论坛”和“威胁情报分论坛”...
View ArticleClik here to view.
Cisco warns customers of critical security flaws, advisory includes Apache...
Cisco has issued a security advisory to customers detailing a swathe of critical and highly-rated vulnerabilities which have been resolved. The security advisory documents three critical...
View Article动态 | 360信息安全部王伟波:用户操作被截屏/录屏记录为top5热钱包App风险之一
耳朵财经9月6日讯,今日,在ISC互联网安全大会区块链与安全论坛上,360集团信息安全部王伟波在《全球区块链生态安全研究》的演讲中表示:“360集团信息安全部对市面上热钱包APP进行了安全审计,Top5安全风险包括:用户操作被截屏/录屏记录,未监测软件运行环境安全,交易密码未检测弱口令,核心功能代码未加固、钱包APP伪造漏洞。360从服务端安全审计、APP端安全审计、硬件钱包安全审计三个方面对数字货...
View ArticleClik here to view.
Security teams turn to automation to tackle avalanche of alerts
High numbers of alerts and the resources needed to deal with them are causing problems for security teams and leading them to turn to Security Orchestration, Automation and Response (SOAR) tools in...
View ArticleEDR is dead! Long live XDR!
Endpoint detection and response (EDR) has been an important technology for security professionals as they attempt to find suspicious activity, or at least traces of it, on endpoints and hosts....
View ArticleClik here to view.
5 “Unhackable” Claims That Fell Apart
John McAfee, originator of McAfee software and all-round tech website column-filler, has found himself in the headlines again, for making claims he couldn’t deliver. For McAfee, that’s perhaps nothing...
View ArticleWhy security pros are addicted to FUD and what you can do about it
After more than 30 years in the security industry, I must confess, I am (sadly) still addicted to FUD. For example, one recent morning I clicked (and tweeted) these cyber headline stories: Augusta...
View Article3 IAM deployment models: Which will work for your organization?
Identity and access management (IAM) platforms have become vital components of corporate cyber security programs. They help companies manage digital identities and user accessto systems, networks, and...
View ArticleClik here to view.
Understanding Monty Hall dilemma with hacker statistics
Published on:01.09.2018 With help of hacker statistics, the proof will be provided that in Monty Hall game you should always switch doors because you are doubling (from 33% to 66%) your success rate....
View Article