I wrote in the post Do you really know who’s visiting your website? about how often hackers probe my websites. IT Security News has of today this: 5,914 blocked malicious login attempts / was 2092 on May 8th 2,182 spam comments blocked by Akismet. / was 2115 on May 8th The login attempts more than doubled in just 5 […]
NIST is pleased to announce the release of Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security. Link to the full news announcement about this Special Publication (SP 800-82 Revision 2) can be found on the CSRC News page at: http://csrc.nist.gov/news_events/#june8b Direct link to the SP 800-82 Revision 2 document (in .PDF) […]
I have several websites, but the most visited by far is IT Security News (http://www.ITSecurityNews.info). I receive a lot of spam in it which is caught by the plugin Akismet of WordPress. But, from time to time, I receive an email directed to info@ or other addresses. The latest one looks like the screenshot below and I […]
Not so many people outside of the IT Security business know which are the top 500 companies in this field. Cybersecurity Ventures has published this top: check it here. I am not allowed to reproduce any parts of it, but I can tell you that the number 1 is FireEye. From the AV world, we […]
I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored. But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]
The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another 21 critical bugs in Firefox, Chrome, Safari, IE, Adobe Flash, Adobe reader, and last, but definitely not least, the Windows operating system. For those who don’t know the contest, the name “Pwn2Own” is derived from the fact that contestants must “pwn” […]
No, it doesn’t have a name like Heartbleed or POODLE, it was “just” a denial-of-service. “Just” is by no means something to be ignored, but it is less dangerous with the previous vulnerabilities. All users of OpenSSL 1.0.2 should upgrade immediately to version 1.0.2a. In the advisory published on their website the OpenSSL vulnerability is called […]
UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too. I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]
After Heartbleed, a new security vulnerability in SSL is making headlines and producing again headaches for security experts. As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204 and a dedicated website https://freakattack.com/ . FREAK – Factoring RSA Export Keys – affects around […]
My blog post “What is a security expert?” which I published in the (ISC)2 Blog was mentioned in the (ISC)2 EMEA Newsletter: Germany’s Sorin Mustaca, CSSLP takes an analytic look at what it means to be an information security professional, also on the (ISC)² Blog
You must be logged in to post a comment.