comfoo

Reverse engineering reveals inner workings of Comfoo Trojan

Researchers at Dell SecureWorks were able to monitor the command and control system of the persistent RAT, which was used in the 2010 RSA breach that also compromised DOD contractors and is still in wide use.

Ants on a jar of honey

Industrial control 'honeypots' show systems are under attack

Recent research by Trend Micro shows ICS networks are frequently attacked -- and not by accident.

Savannah

Energy lab's wireless system secure enough for classified data

The Savannah River National Lab’s prototype hardware, designed in collaboration with NSA, uses Suite B cryptography for a system that could be adapted for other uses.

Gen. Keith Alexander

NSA's Alexander to Black Hats: Trust us, we need you

Gen. Keith Alexander traveled to the "technical center of gravity" instead of appearing before Congress to plead his case that surveillance programs are targeted, limited and under control.

QRadar

IBM adds vulnerability tool to security arsenal

IBM says its QRadar Vulnerability Manager (QVM) provides security managers a single view of vulnerability data aggregated from network, endpoint, database and application scanners.

encryption

After XKeyscore, is encryption the next big thing?

The latest reports on the NSA's surveillance could raise awareness on a practice that is regularly recommended but frequently ignored.

GPS spoofing

Yacht hijacking shows the potential power of GPS spoofing

Last year, a University of Texas professor's team took control of a drone in flight. This year, it was a super yacht on the Ionian Sea. But they’re also evaluating ways to prevent spoofing.

e-authentication

E-authentication: What IT managers will be focusing on over the next 18 months

The moves to cloud computing and shared databases are among the factors driving e-authentication.

securlert

Seculert upgrades in-cloud security with radar and a sandbox

Seculert's cloud-based advanced threat protection solution features Elastic Sandbox technology, an updated API and a new user interface.

Apricorn

Apricorn USB 3.0 drive certified to FIPS 140-2

The Aegis Padlock Fortress is hardware-encrypted, PIN-authorized and meets 11 cryptographic security metrics.

patch management

Navigating the troubled waters of patch management

NIST offers updated guidance for dealing with the complexity of managing patches in an enterprise.

big data

Big data = big exposure. What can you do about it?

Big data, which involves a lot more than large databases, complicates security, but there are steps agencies can take to protect their information.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.