Aggregator

Key lessons from martial arts translate to cyber-defense, including preparation, taking falls, proper stance, diligent practice, sparring, and continuous growth.

It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.

Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK.

Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.

This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Recent events1,2 have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted3, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are […]

The post Revisiting How Registrants Can Reduce the Threat of Domain Hijacking appeared first on Verisign Blog.

F5 Labs' David Warburton writes for Professional Security, discussing how your stereotypical perception of cybercrime is all wrong - and what to do about it.

Everyone and everything on the Internet depends on the Domain Name System (DNS) being functional. The DNS has been a common vector for attacks in recent years, and 2019 seems to be no different. Many of these attacks have goals far more sinister than simply taking a company offline or defacing a website; reported attacks include redirecting some or all of an organization's domain to gain access to protected resources, intercept traffic, and even obtain TLS certificates for that domain. Organizations should perform regular DNS reviews and audits. The following guidelines provide a starting point for your review.

More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.

When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally....

What You Can Do Today to Help Create a Better Internet   Today is Safer Internet Day (SID) – an...

The post Safer Internet Day 2019 – Together for a Better Internet appeared first on McAfee Blog.

这部分详细讲讲syslog-ng服务器上的配置

对cobalt strike常见aggressor脚本的简单收集和介绍。

How certificate transparency can help you spot fraudulently registered TLS certificates that exploit your domain or brand name.

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple...

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blog.

Gozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection.