Heartbleed - Security Intelligence

article

Shellshock Anniversary: Major Security Flaw Still Going Strong

As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.

September 27, 2016 | By Michelle Alvarez

article

Authentication techniques may be difficult to refine and improve, but their evolution has not stopped over the past several decades. Today's popular methods of multifactor authentication and biometric security are only making databases more secure.

article

Authentication: The Enterprise’s Weakest Link

Many organizations struggle to find the right authentication methods for their employees and needs, but they can ill afford to let malpractice continue.

September 24, 2015 | By Vinayak Raghuvamshi

article

A new badge program from the Linux Foundation's Core Infrastructure Initiative (CII) hopes to provide credentials to open source projects that meet certain industry standards, which will be set with help from security experts.

news

LinuxCon: CII Program Will Give Badges to Open Source Projects With Strong Security

Open source projects have gotten a bad rap in security circles thanks to Heartbleed and other flaws, but an industry consortium may change that.

August 20, 2015 | By Shane Schick

news

MongoDB is a popular open-source database resource for many organizations, but these enterprises may be unaware that they're putting big data into the hands of cybercriminals thanks to unresolved vulnerabilities in the database security structure.

news

Insecure Configuration of MongoDB, Other Databases Could Be Leaking Information

A recent report suggested poor configurations of MongoDB, Redis and similar database products may be exposing data to cybercriminals.

August 18, 2015 | By Shane Schick

news

OpenSSL recently released an update that eliminated several vulnerabilities, including, most notably, Logjam. The new patches should minimize cybersecurity risks by requiring more advanced key exchanges, among other minor fixes deployed.

news

New OpenSSL Releases Clear Logjam, Target Minor Flaws

Multiple new OpenSSL releases finally clear the Logjam flaw and address other low-to-moderate vulnerabilities plaguing the encryption software.

June 15, 2015 | By Douglas Bonderud

news

As vulnerabilities are now accompanied by marketing campaigns complete with catchy names and logos, is the responsible disclosure process being compromised? Security researchers should focus on protecting end users, not bragging rights.

article

Made for Headlines: Do Designer Vulnerabilities Compromise Security?

As vulnerabilities are now branded with catchy names and logos, security researchers should be careful not to compromise the responsible disclosure process

March 25, 2015 | By Pamela Cobb

article

Security professionals who want to learn more about Heartbleed, Shellshock and other vulnerabilities that rocked the security scene in 2014 should attend the IBM InterConnect session titled, "2014: The Year That the Internet Fell Apart."

article

2014: The Year That the Internet Fell Apart

A session at IBM InterConnect will discuss the vulnerabilities that rocked the Internet in 2014, such as Heartbleed and Shellshock, and what may come next.

February 23, 2015 | By Robert Freeman

article

As more and more software vulnerabilities are reported, there has been a lot of debate regarding a disclosure policy. Do these policies help inform the public of threats, or are they causing more cybercriminals to attack vulnerabilities?

article

The Responsible Disclosure Policy: Safeguard or Cybercriminal Siren Song?

Having a responsible disclosure policy is the best way to communicate software vulnerabilities to the public. However, is this doing more harm than good?

December 26, 2014 | By Douglas Bonderud

article

Contingency plan for risks getting through security measures.

article

Failure to Plan Is a Plan for Failure When It Comes to Security

With major security events happening in 2014, including Heartbleed and Sony's hack, what can companies do to plan ahead and protect themselves from hacks.

December 23, 2014 | By Martin McKeay

article

According to security leaders, sites using the Drupal content management system were probably impacted by a recent software vulnerability, leaving them prone to SQL injection attacks. This vulnerability was discovered in mid-October.

news

Security Leaders Claim Most Sites Using Drupal Have Been Hacked

A flaw in the Drupal content management system may affect many websites, but security leaders have released some steps to help mitigate the risk.

November 4, 2014 | By Shane Schick

news

Many of Baltimore’s City Services Still Offline Two Weeks After Ransomware Attack

Hundreds of Thousands of Users Targeted Daily With Would-Be WannaCry Imitators

Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

More Than 100 US Businesses Affected by Ryuk Ransomware Since August 2018, Finds FBI

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015

Published Exploits for Accessing SAP Systems Put Security Teams on Alert

Penetration Testing Versus Red Teaming: Clearing the Confusion

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Podcast: Foundations for a Winning Operational Technology (OT) Security Strategy

Podcast: ‘You Can Never Have Too Much Encryption’

Podcast: Automating Cyber Resilience Best Practices With Dr. Larry Ponemon

Webinar: Guardium Tech Talk: An Integrated Approach to Data Risk Management

Webinar: The Debrief: Using Tools and Methods From the Intelligence Community to Stop Threats to Your Organization

Webinar: Operational Technology Security in the Age of Digital Transformation

Webinar: Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Tag: Heartbleed

Shellshock Anniversary: Major Security Flaw Still Going Strong

Authentication: The Enterprise’s Weakest Link

LinuxCon: CII Program Will Give Badges to Open Source Projects With Strong Security

Insecure Configuration of MongoDB, Other Databases Could Be Leaking Information

New OpenSSL Releases Clear Logjam, Target Minor Flaws

Made for Headlines: Do Designer Vulnerabilities Compromise Security?

2014: The Year That the Internet Fell Apart

The Responsible Disclosure Policy: Safeguard or Cybercriminal Siren Song?

Failure to Plan Is a Plan for Failure When It Comes to Security

Security Leaders Claim Most Sites Using Drupal Have Been Hacked