What is one of the most popular blogging systems in use on the web? Answer, WordPress. It is used by 14.7% of Alexa Internet’s “top 1 million” websites powering over 60 million internet sites worldwide. Due to this popularity, abjectly this makes WordPress an open target for hackers.
rbadmin
There’s more to security risk management than just patching
With an increasing number of critical systems being placed within virtual environments, security is now understandably a prime concern. Systems can be attacked, and valuable information and assets can be compromised. Vulnerability management systems are designed to address these issues. Vulnerability assessment is the process of identifying how vulnerable an infrastructure is to known vulnerabilities—the number one threat to all networks today. The threats/risks found in the vulnerability assessment are then ranked and prioritized to expose the current security position, and to facilitate the re-mediation process.
Security risk management: BYOD and the way forward
Whether you’re an end user or an IT administrator, Bring Your Own Device (BYOD) is becoming a reality in many workplaces these days. Advances in technology have now made this possible. There’s no doubting that BOYD can deliver rewards and have positive impacts on productivity. However, these rewards can also involve risk. Although BYOD may be convenient for your employees, businesses will also need to consider its potential impact on corporate security models and data.
Extending the scope of your organisation’s Information Security Management System: information for organisations
The majority of organisations now generally have a number of information security controls in place. Whilst this is laudable, there is, unfortunately, still a problem which Krypsys sees on a recurring basis. Without a formal Information Security Management System (ISMS), these security controls have a tendency to be disorganized, haphazard or disjointed. The reason for this is simply down to the fact that the controls have usually been implemented partly as specific solutions for specific situations, or introduced as a matter of convention. The security controls in operation today, unfortunately, only typically address certain aspects of IT or data security, leaving non-IT information assets like paperwork and proprietary knowledge less protected and vulnerable. Sometimes business continuity planning and physical security might be managed independently of IT or information security, whilst Human Resources practices may not recognise the need to define and assign information security roles and responsibilities throughout the organization. The ISO/IEC 27001 standard was introduced to address these issues.
Walking through Walls, 2013: protecting your business’ IT infrastructure from cyber-intrusion
Krypsys, a leading UK information security company which focuses on the next generation of emerging security threats in the Information and IT security market, is delighted to announce the launch of a series of free events: Walking through Walls 2013 – protecting your business’ IT infrastructure from cyber-intrusion. The Walking through Walls events promise to be of interest to any company or business that takes its information security seriously, and will highlight three common methods of attack used against companies every day somewhere in the world, and demonstrate and discuss the best methods of identifying and countering these threats.
Will vulnerability assessments and penetration testing find all the security vulnerabilities in your systems?
Will vulnerability assessments and penetration testing find all the security vulnerabilities in your network and systems? Well, the simple answer to that is probably not; that is, of course, unless you are prepared to spend an awful lot of time, effort and money on it. So why bother having your systems tested then? Well, because it is still vitally important to protect your network from vulnerabilities. What is required is closer co-operation between the client and the pen tester. From a client’s perspective it’s about the importance of setting expectations and defining the requirements for penetration testing. From a tester’s point of view it’s a question of gathering as much information as possible about the internal workings of the business and the systems to be able to do a comprehensive vulnerability assessment.
Walking Through Walls
Attend this FREE event and find out why your network firewall may not save you. You are invited to attend a Demonstration and Discussion on methods used to bypass your network firewall, followed by a light lunch and a Security Q&A Session in:- London Victoria | Tue 15th October 2013 | 11:00am – 1:00pm Hacking …
UK launches Fusion Cell to combat cyber-attacks
The UK government has launched a scheme designed to promote greater information sharing on cross-sector cyber threats between businesses and government. The Cyber Security Information Sharing Partnership (CISP) will establish a cyber-attack monitoring operations room, known as a Fusion Cell, where cyber security experts from industry will operate alongside the experts from GCHQ, MI5 and the police for the first time in an attempt to combat the growing online threat to Britain’s firms.
DDOS attack on Spamhaus: biggest network security attack in history slows down internet access across the world
The internet around the world was slowed down last week in what network security experts are describing as the biggest cyber-attack of its kind in history. As network security attacks go, they can’t have come much bigger than this one. The slow-down was caused because of an escalating row between the spam-fighting group, Spamhaus, and a hosting firm, Cyberbunker. This led to a series of retaliation attacks which eventually affected the wider internet. Experts are now expressing concerns that this row has the potential to escalate even further and could eventually affecting global banking and email systems. The threat of the retaliation attacks was so overwhelming that five national cyber-police forces are now running investigations.
Cyber threats and the Cloud: Check Point’s new solution
You may never have heard of Gil Shwed, yet there’s every likelihood that your home or business is using internet security software that has been designed, or influenced, by the company he founded, Check Point. Shwed is an Israeli programmer and entrepreneur who is rightly regarded as one of the founding fathers of modern Internet security.
Government to launch a consultation on effective cyber risk management
The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information. However there is still confusion around which standards are best followed. As a consequence the government has announced that it plans to select and endorse a preferred organisational standard that best meets the requirements for effective cyber risk management.
Hackers target European governments using MiniDuke malware
Cyber criminals have targeted government officials in more than 20 countries in a complex online assault rarely seen since the turn of the millennium. The attack, dubbed ‘MiniDuke’ by researchers, has infected government computers in an attempt to steal geopolitical intelligence, according to security experts.
Facebook and Apple are the latest companies to fall victim to cyber-attack
Facebook and Apple have become the latest companies to reveal they had been the target of a “sophisticated cyber-attack” by hackers last month. Although security was breached both companies confirmed that they had found no evidence any user data had been compromised.
In a blog post on its website Facebook explained what it knew of the cyber-attack:
Deception Point 23rd April 2013 – Manchester
* BOOKING NOW CLOSED FOR THIS EVENT * Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat …
Deception Point 16th April 2013 – London
* BOOKING NOW CLOSED FOR THIS EVENT * Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat …