With all of the recent excitement about the “Shellshock” code execution vulnerability in the UNIX bash shell, and the somewhat older news about SSL vulnerabilities, I am reminded once again about the need for organizations to formally manage information security as part of an ongoing process.
Starting in Cisco’s Adaptive Security Appliance (ASA) software version 9.3.1, Cisco has added inline Security Group Tagging (SGT) support to the ASA-5500X and 5585X product lines. If you are not familiar with SGT aka TrustSec, it allows you to tag a packet with an identity field as it travels through the network. Why would anyone…
We are in the middle of security conference season. Therefore, it’s not entirely unexpected to see headlines from Black Hat and other conferences discussing “grave” security threats, and what they mean to our ability to protect our organizations and ourselves.
In a previous blog post, I mentioned that the measure of success with a cloud provider comes down to your ability to get the “real story” during the sales cycle. While I touched on the physical security of the provider’s data center – what about the logical, remote and application data security in the cloud…
What makes advanced persistent threats (APTs) particularly dangerous? The name says it all. According to Symantec, “APTs are often highly sophisticated and more insidious than traditional attacks, relying on highly customized intrusion techniques.” While APTs differ from traditional threats, they leverage some of the same threat vectors.
Even before everyone was able to fully digest the impact of the massive Heartbleed virus, another large-scale vulnerability was announced. On April 26, Microsoft announced a major vulnerability in their Internet Explorer web browser affecting versions 6-11. This vulnerability could allow the remote execution of code due to the way IE accesses an object in…
