PhNOG
julho 12, 2022
Philippine Network Operators Group 2022 June 11-13, 2022 New World Hotel Makati, Philippines
RSA Conference 2022
junho 6, 2022
RSA Conference 2022 June 6-9, 2022 Moscone Center, San Francisco, CA
Enterprise Blockchain Security 2020-6
fevereiro 5, 2021
Regulatory Policies
With years of development, the blockchain industry has taken shape, but enterprise blockchain applications are still at an exploratory stage. The blockchain ecosystem contains SPs, application vendors, and users. SPs in this context provide blockchain information services, whose compliance
requirements are surely different from those for other information services (such as cloud services) due to the blockchain technology’s unique characteristics of non-deletability and support for post-event forensics.
Information Disclosure-Incurred Asset Compromise and Detection and Analysis
fevereiro 4, 2021
According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of anonymity, rendering pattern-based network traffic analysis and terminal security log analysis fruitless. Combining user entity behavior analysis (UEBA) with dissection of network traffic logs and terminal security logs, we can identify abnormal behaviors, associate the behaviors with attack alerts, and present readable threat event analysis, offering users a new approach to discovering stealthy threats.
(mais…)Enterprise Blockchain Security 2020-5
fevereiro 3, 2021
The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains.
In terms of the enterprise blockchain security situation, historically, blockchains were mainly public ones at the initial stage. Therefore, most vulnerabilities disclosed and security events detected are related to public blockchains. Consortium blockchains are still infants, so research on their security is conducted tentatively, explaining why there are so few vulnerabilities and security events related to them.
(mais…)Risk Assessment for Industrial Control Systems
fevereiro 2, 2021
ICS security professionals should report ICS vulnerabilities to the vendor before attackers discover them and offer the vendor with remediation suggestions, mitigation measures, and security solutions to avoid network attack risks before the vulnerabilities are malicious exploited.
Compared with Windows systems, a quite different method is used to assess ICS systems due to their heterogeneity. In other words, ICS systems involve various protocols and hardware configurations and more than one vendor, making it easier to develop exploits that are challenging to develop otherwise.
Before creating exploits, you must have a full grasp of ICSs. Introduction to ICSs is not a key focus of this document and therefore omitted here.
(mais…)Enterprise Blockchain Security 2020-4
fevereiro 1, 2021
This chapter analyzes security threats facing enterprise blockchains.
(mais…)Annual IoT Security Report 2019-18
janeiro 29, 2021
Introduction
IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of IoT security events, asset exposure, and IoT threats, cybercriminals have begun to leverage vulnerabilities and weaknesses in IoT devices to impose severe threats on individuals, enterprises, and even countries. In response to the grave security situation, we put forward an IoT security protection approach with the focus on device protection to improve the security of the entire IoT.
(mais…)Adobe Security Bulletins for January 2021 Security Updates
janeiro 28, 2021
Overview
On January 12, 2021, local time, Adobe officially released January’s security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge, Adobe Captivate, Adobe InCopy, Adobe Campaign, Classic,Adobe Animate, Adobe Illustrator, and Adobe Photoshop.
For details about the security bulletins and advisories, visit the following link:
