What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-06 01:00:00 | The Heartbleed bug: How a flaw in OpenSSL caused a security crisis (lien direct) | What is Heartbleed? Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo.OpenSSL is an open source code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.The TLS/SSL standards are crucial for modern web encryption, and while the flaw was in the OpenSSL implementation rather than the standards themselves, OpenSSL is so widely used-when the bug was made public, it affected 17% of all SSL servers-that it precipitated a security crisis.To read this article in full, please click here | Vulnerability | Yahoo | |
|
2022-07-26 02:00:00 | How a sex worker became a defense contractor employee -- and an insider threat (lien direct) | The headline read, “How an unqualified sex worker allegedly infiltrated a top Air Force lab” and our eyes immediately rolled as we read the bizarre case of Dr. James Gord. He maneuvered a 32-year-old sex worker into a position of trust within Spectral Energies, a government contractor associated with the U.S. Air Force Research Laboratory located at Wright Paterson Air Force Base. His motivation? He wished to keep his sexual liaison sub rosa.Stuff right out of Ripley's Believe It or Not. While we sit and smirk at the ridiculousness of the situation, a deeper dive gives CISOs and their organizations food for thought as we dissect how Gord was able to manipulate his business partner and others to successfully place an individual within his company who had no business being there. Specifically, it underscores the value of background checks on individuals being placed into sensitive roles.To read this article in full, please click here | Threat | Yahoo | |
|
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
|
2016-10-10 03:29:00 | 17 tools to protect your online security (lien direct) | Last month's news about the massive data breach at Yahoo, which affected at least 500 million user records, making it the largest data breach on record, might finally be what it takes to get the average internet user to take online security into their own hands - if only they knew how.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 12:33:00 | What CSOs can learn from the Yahoo data breach (lien direct) | The IT security industry is still buzzing after news of a data breach at Yahoo in 2014, in which more than 500 million user accounts were hacked. In the latest episode of Security Sessions, I spoke with Kevin O'Brien, CEO and founder of GreatHorn, about the key takeaway topics that CSOs should learn from the Yahoo breach. Among the highlights of the video are the following sections: 1:09 Why is there such a gap between when the breach happened (2014) and when it was discovered/reported (now). 2:50 How CSOs can change/adjust their existing security policies around email. 4:40 What new phishing attacks can CSOs expect to see in the future based on this breach (and how will attacks get more sophisticated)?To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-05 07:13:00 | Cybersecurity companies\' stock rises in face of post-Yahoo hack (lien direct) | Major hacks, data breaches, and a rise in global cybercrime damages are seemingly responsible for a surge in the share prices of some publicly-traded cybersecurity companies.The Cybersecurity Stock Report, published quarterly by Cybersecurity Ventures, notes the PureFunds HACK ETF -- which covers 35 cyber firms -- is up 35 percent since February 2016, when it hit a low for the year.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-26 03:00:00 | Yahoo\'s compromised records likely hidden within encrypted traffic, vendor says (lien direct) | LOUISVILLE, KY – As Derby Con was winding down, an interesting email hit Salted Hash's inbox form Venafi. The security firm, known for their tools that secure digital keys and certificates, outlined a number of cryptographic issues at Yahoo.The email then claimed they're not saying these flaws led to the massive data breach that impacted 500 million users. Yet, that's exactly what their statements hint at.In Venafi's experience, an emailed statement from Alex Kaplunov, Venafi's vice president of engineering explains, breaches like the one suffered by Yahoo are often accompanied by weak cryptographic controls.Granted, Venafi has a horse in the race, so this isn't an unusual statement for them to make, but it's interesting – as it could explain how Yahoo failed to notice half-a-billion records moving into criminal hands over time.To read this article in full or to leave a comment, please click here | Yahoo |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
