Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog

Cyber Attacks on Manufacturing Spiked Last Year: Homeland Security
01/29/2016

Department of Homeland Security investigations of cyber attacks on the nations critical manufacturing sector nearly doubled in the year ended Sept. 30, according to the agency.

The Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team, or ICS-CERT, said in a report distributed this week that it investigated 97 incidents at critical manufacturers during its most-recent fiscal year.

Biggest Security Threats of 2016
01/27/2016

You can hardly look at tech news without seeing reports of viruses, Trojans, data breaches, ransomware, remote hacking, ATM skimmers and plenty of other threats to your money and information. According to security company Kaspersky, 34.2% of computer users experienced at least one Web attack in 2015. More than 750,000 computers were infected with ransomware, with a steady increase every quarter.

1. Dataware
2. Ransomware
3. Browser plug-ins

Global Cloud Security Network Market 2015-2021 - Cyber Talent is a Big Opportunity
01/25/2016

Demand for Cloud computing is strong from corporate data centers as it enables data centers to work in similar manner to the Internet through the process of enabling computing resources to be accessed and shared. Among diverse end-use commercial ventures, IT and telecom fragment is the biggest and represent total market. Besides, IT and telecom portion is required to witness solid development amid the estimate period.

The utilization of distributed computing among telecom transporters is relied upon to increment because of expanding reception of android-based telephones among end-clients. Cloud computing helps SMBs to access these resources and minimize or expand services as the requirements change. Thus, growing demand for cloud computing by SMBs is propelling the market growth for cloud security solutions and services during the forecast period. However, skeptical nature of the enterprises towards the adoption of cloud services and lack of awareness are some of the factors restraining the market growth.

Why Thinking like a Criminal is Good for Security
01/22/2016

Defending a network and the critical assets of an enterprise is a lot like safeguarding a home. There are layers of security in homes just as there are in the enterprise. From the windows to the doors to the locks and alarm systems, home owners know the vulnerabilities and put protections in to keep criminals out.

Criminals are always after the weakest link, and they search for anything on the internet that might provide some kind of access. Information is out there, and security teams who use what criminals learn as part of their strategic security plan might be lucky enough to act before a breach.

WISeKey and Kaspersky Pair On Wearables Security
01/20/2016

Global digital security solutions company WISeKey and cybersecurity firm Kaspersky Lab are joining forces to help protect wearable devices from the threat of cyberthieves.

As the use of mobile and contactless payments with wearables continues to increase, it is inevitable that the devices will become a growing target for cyberattacks, a statement from the companies explained.

The two firms announced they are developing technology that will bring authentication and data encryption to wearable devices and enable them to securely connect and exchange payment data.

This cooperation between WISeKey and Kaspersky Lab represents a breakthrough in IoT cybersecurity.

Network Security Sandboxes Driving Next-Generation Endpoint Security
01/18/2016

Anti-malware gateways are driving next-generation endpoint security implementation and antivirus replacements at large organizations.

The cybersecurity chickens had come home to roost.  CISOs realized that network-based anti-malware gateways were only part of a next-generation solution and that they had to do more to protect endpoints themselves.

From a cybersecurity market perspective, this trend makes a lot of sense.  The Google Aurora attack led to APT awareness and the need to take action.  

Airport Identification
01/14/2016

Traveling by air within the US in 2016? You may need to show more than a drivers license. That is because the feds are threatening to finally enforce a 10-year-old law requiring states to have higher standards when issuing those licenses, the New York Times reports. Called the Real ID Act, it requires states to demand immigration status, a Social Security number, and documents proving identity when granting a drivers license. Not all States current driver licenses are considered valid by the TSA

Internet of Things Security
01/13/2016

There was once a time when people distinguished between cyberspace, the digital world of computers and hackers, and the flesh-and-blood reality known as meatspace. Anyone overwhelmed by the hackable perils of cyberspace could unplug and retreat to the reliable, analog world of physical objects.

But today, cheap, radio-connected computers have invaded meatspace. They are now embedded in everything from our toys to our cars to our bodies. And this year has made clearer than ever before that this Internet of Things introduces all the vulnerabilities of the digital world into our real world.

A Look Back at Mobile Security in 2015
01/12/2016

As 2015 draws to a close and a new and exciting 2016 looms, we wanted to review some of the top themes around mobile security: surviving the mobile phenomenon, mobilephobia, bring-your-own-device and the mobile enterprise. Set your new year up for success with a stroll down memory lane.

A Big Year in Mobile Security
We are living in the mobility age, and it’s a matter of survival for companies to catch up — and stay current — with the phenomenon. It is not all device management, either; there are multiple mobile security areas that businesses need to consider.

In 2015, our IBM Security experts created the Surviving the Mobile Phenomenon webinar series in order to share recommendations and best practices for building a holistic mobile security strategy. There were a number of concepts discussed as part of this series, including…

Content and Collaboration
Identifying At-Risk Mobile Devices
Risk Based Authentication
Protection Without Disruption
Shielding Mobile Apps

Security Predictions for 2016
01/11/2016

Here are few security predictions for the year 2016.
1. Privacy concerns
2. Attack on mobile devices and Point of sale (POS) to intensify
3. Hacktivism will continue to grow
4. Cyberspying will continue to grow
5. Critical infrastructure to be targeted
6. Ransomware to increase
7. Attack on communication channels

10 Security Best Practice Guidelines for Businesses
01/09/2016

Encrypt your data: Stored data, filesystems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.

Use digital certificates to sign all of your sites: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities.

Implement DLP and auditing: Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.

Implement a removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network.

Secure websites against MITM and malware infections: Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation.

Use a spam filter on email servers: Use a time-tested spam filter such as SpamAssassin to remove unwanted email from entering your users inboxes and junk folders. Teach your users how to identify junk mail even if it's from a trusted source.

Use a comprehensive endpoint security solution: Symantec suggests using a multi-layered product (theirs, of course) to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection.

Network-based security hardware and software: Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other over the network attacks and attempts at security breaches.

Maintain security patches: Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems.

Educate your users

Android Malware Uses Built-in Firewall to Block Security Apps
01/08/2016

Even if some malware families never get to cause worldwide damage, it's sometimes interesting to read about new techniques that certain malware authors employ to create their threats.

One of the most recent cases is a malware family that targets Android devices in China, discovered by Symantec and named Android.Spywaller.

The uniqueness of this threat is the fact that, during infection, the malware looks for Qihoo 360, a popular security app among Chinese Android users.

Security Risks for 2016
01/07/2016

As we fast approach 2016, my security team and I have been compiling a forecast of mobile security trends and vulnerabilities that concern us most. My goal in outlining these threats is not to raise alarm or panic, but to paint a picture of the gravest security concerns we face in the coming year, and hopefully, encourage the industry at large to prepare for them now.With the proper precautions, most of them can be minimized, or forestalled altogether.

1. Terrorism
2. Hackers Target Mobile Payments
3. The Rise of Mobile Web Browser-Based Hacking
4. Remote Device Hijacking - Eavesdropping
5. DDoS Attacks: Evolved
6. The Internet of (Vulnerable) Things

Where To Secure Profits in Security
01/06/2016

Cybersecurity stocks like Palo Alto Networks up 46% year to date and Juniper Networks up 24% year to date entered 2015 as one of the safest industries to bet on, owing to -- among numerous cyber threat-related events -- Sonys controversial movie The Interview, released at the end of 2014 and the subsequent hack of Sonys internal network. In terms of cyber-espionage fears, investors learned Sonys hack was just the beginning.

From Chinas hack of federal employee personal data to the large-scale breach carried out against website Ashley Madison in July -- where names, email addresses, dating preferences and some credit card details from more than 36 million global user accounts were released -- the importance of cybersecurity protection could not be overstated in 2015. And to say nothing about the ongoing threat to retailers, where hackers -- looking for quick cash -- target consumers credit and debit card data.

The Rise Of Community-Based Information Security
01/05/2016

Security has evolved into a game of detection and response, and the greatest weapon in this new world order is timely threat intelligence sharing. This is true primarily because details about an attack campaign provided by a peer organization can accelerate the response time to threats and limit their damage.

- Cyber threats have become too diverse and too dynamic to completely eliminate cyber risk;
- Businesses need to identify potential risks in their IT systems, prioritize them, and allocate security resources accordingly;
- Cybersecurity is now a data analytics challenge.

Border Patrol Control
01/04/2016

Previous attempts to use technology to secure the U.S.-Mexico border have blown through more than $1 billion and have missed their mark.

But border officials say they have it right this time. After several delays, the first phase of Arizonas technology plan to secure the border is finished — and others will soon follow.

Seven of 52 planned Integrated Fixed Towers are functional in Nogales. The solar-powered towers are about 80 feet tall, with radar and day-and-night cameras that send real-time video footage to a Border Patrol command post.

Officials estimate they can start construction in Douglas and possibly Sonoita by January, after the Chief of the Border Patrol certifies that they work.

The towers are part of a larger Arizona border-surveillance plan announced in 2011 after the government canceled a failed $1 billion program. The plan includes a combination of ground sensors, long-range night-vision scopes mounted on trucks, binoculars, and fixed towers with and without radar.

The Arizona Border Surveillance Technology Plan is expected to be fully operational by fiscal 2020.

Voting Security Breach
01/02/2016

A security researcher with a knack for uncovering data breaches says he has discovered a trove of information including names, addresses, phone numbers, and dates of birth for more than 191 million U.S. voters on a publicly available server.

Researcher Chris Vickery says the database, which appears to be stored on a server accidentally configured to be accessible to the public, does not contain information like Social Security numbers or driver's license numbers, according to a Monday post on DataBreaches.net, an anonymously published watchdog site that frequently shares his findings. The database lists whether voters are registered with a particular party but not how they've actually voted in particular elections.

Lazy Authentication
01/01/2016

On Christmas Eve morning, I received an email from PayPal stating that an email address had been added to my account. I immediately logged into my account from a pristine computer, changed the password, switched my email address back to to the primary contact address, and deleted the rogue email account.

I then called PayPal and asked how the perpetrator had gotten in, and was there anything else they could do to prevent this from happening again? The customer service person at PayPal said the attacker had simply logged in with my username and password, and that I had done everything I could in response to the attack. The representative assured me they would monitor the account for suspicious activity, and that I should rest easy.

Twenty minutes later I was outside exercising in the unseasonably warm weather when I stopped briefly to check email again: Sure enough, the very same rogue email address had been added back to my account. But by the time I got back home to a computer, my email address had been removed and my password had been changed.



Current Blog

2016 Security Blog Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.