Information Security News
PCI Standard's Multi-factor Authentication Mandate Delayed 'Til 2018
And whilst I, like many other infosec professionals, would like to see early SSL/TLS eradicated and MFA deployed everywhere, we have to face the harsh reality of our environment, and I can't blame the SSC for that.” Others agreed. “In my opinion, this ...
VMware vCenter and ESXi -VMSA-2015-0007.5:http://www.
er MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Here's how to make your own infrared camera cheaply
With 1080p cameras available at extremely affordable prices, it is extremely simple to produce your very own infrared camera. If you a look at the video given below, you will know that all cameras are capable of 'seeing' infrared light, but for ...
Cyber security isn't only about technology
IT World Canada
Most experts maintain security involves a combination of people, processes and technology. However, too often infosec leaders focus on technology because it's the most tangible thing — plug this hole with this solution and things are better. A report ...
by Sean Gallagher
Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider, for over a week. While the company has essentially shunted off much of the attack traffic, NS1 experienced some interruptions in service early last week. And the attackers have also gone after partners of NS1, interrupting service to the company's website and other services not tied to the DNS and traffic-management platform. While it's clear that the attack is targeting NS1 in particular and not one of the company's customers, there's no indication of who is behind the attacks or why they are being carried out.
NS1 CEO Kris Beevers told Ars that the attacks were yet another escalation of a trend that has been plaguing DNS and content delivery network providers since February of this year. "This varies from the painful-but-boring DDoS attacks we've seen," he said in a phone interview. "We'd seen reflection attacks [also known as DNS amplification attacks] increasing in volumes, as had a few content delivery networks we've talked to, some of whom are our customers."
In February and March, Beevers said, "we saw an alarming rise in the scale and frequency of these attacks—the norm was to get them in the sub-10 gigabit-per-second range, but we started to see five to six per week in the 20 gigabit range. We also started to see in our network—and other friends in the CDN space saw as well—a lot of probing activity," attacks testing for weak spots in NS1's infrastructure in different regions.
Meet Jon Callas, The Security Czar Who Rejoins Apple
Meet Jon Callas, The Security Czar Who Rejoins Apple. by CXOtoday News Desk May 25, 2016 ... Callas is a member of the Infosec think tank The Shmoo Group. At Apple, he worked for Gursharan Sidhu, the inventor of AppleTalk. Callas “shipped the very ...
Hackers build alternative to 'flawed' CVE bug ID system
Security researchers are urging the infosec community to abandon the MITRE-run CVE scheme for naming flaws in favour of a system that distributes the responsibility for assigning identifiers away from a single, government-run organisation. The common ...