NSS Labs Threat Capabilities Report Available

threatglasses1NSS Labs just released their latest Threat Capabilities Report found HERE. Its a short yet interesting report covering  widely used applications that were exploited after September of 2014. They list the top applications, operating systems and countries hosting command and control call homes. This one is free to download. Below is a summary from the report.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2014 Data Breaches in the United State

data-breachThe people at 27001 Academy created a interesting infographic on Data Breaches seen in 2014. The original posting can be found HERE. This post will cover statics found during their research and the infographic.

Here are some stats:

  • 2014 has seen an increase of over 27.5% in data breaches in the U.S.
  • Total incidents in 2014: 783
  • Total incidents in 2013: 614
  • 2014 vs. 2013: 27.5% increase

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Anyconnect 4.0 – Whats New – Why Consider – Free Migrations

AnyconnectLogo1Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.

Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Free FSU Online Security Classes : Offensive Computer Security

FSUCS1

The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire Neohapsis

Neo1

Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.

You can find more about Neohapsis HERE.

The official announcement from Cisco can be found HERE.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Lets Encrypt Free Certificate Authority This Summer

letsE1

The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Worlds Biggest Data Breaches

Dataloss1The people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Validated Designs For PCI DSS 3.0, HIPAA and FISMA

compliance

There are many reasons people invest in security. The best reason is having the desire to avoid being breached however sometimes wanting the best security doesn’t justify the investment. Many decision makers have to juggle improving the infrastructure, investing in the latest flashy technology such as high end video, etc. along with keeping things secure. Usually the flashy stuff outshines security until something with teeth forces the focus back on security. A prime example is meeting mandated regulatory compliance. Being out of compliant to many regulations could mean pricy fines as well as possibly litigation actions. This is good news for the IT guy that wants to get his security budget requests placed at the top of the stack.

To help meet regulatory compliance, Cisco has released validated design guides for general security as well as specific market verticals FOUND HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)