Cybersecurity
85 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Elastica
Scoop.it!

Bash Code Injection Vulnerability

Bash Code Injection Vulnerability | Cybersecurity | Scoop.it
A security weakness was just discovered that impacts the popular software application Bash. Zulfikar Ramzan, CTO of Elastica, discusses the ramifications.
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Security Analytics: Challenges, Opportunities, and New Directions

Security Analytics: Challenges, Opportunities, and New Directions | Cybersecurity | Scoop.it
2014 U. of Washington and MS Research Summer Institute – “Security Analytics: Challenges, Opportunities, and New Directions.” Zulfikar Ramzan, CTO Elastica discusses.
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Largest Data Breach of Health-Related Information

Largest Data Breach of Health-Related Information | Cybersecurity | Scoop.it
Zulfikar Ramzan, CTO of Elastica, discusses the largest data breach of  health information: 4.5 million patients' data exposed by Chinese hackers.
more...
No comment yet.
Scooped by Elastica
Scoop.it!

July 21st Cloud App Security Webcast with Rich Mogull of Securosis

July 21st Cloud App Security Webcast with Rich Mogull of Securosis | Cybersecurity | Scoop.it
Join Elastica and Securosis on July 21st for a Cloud App Security webcast and get a chance to win a Ducati Monster Bike
more...
No comment yet.
Rescooped by Elastica from Patents and Patent Law
Scoop.it!

Q&A: Elastica CTO Zulfikar Ramzan, on Heartbleed and online security - San Jose Mercury News

Q&A: Elastica CTO Zulfikar Ramzan, on Heartbleed and online security - San Jose Mercury News | Cybersecurity | Scoop.it
Q&A: Elastica CTO Zulfikar Ramzan, on Heartbleed and online security San Jose Mercury News Ramzan, the chief technology officer at a San Jose-based, cloud-security company called Elastica, dug into the Heartbleed program and instantly saw the...

Via Kenneth Carnesi,JD
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Why "China's Hacker Army" Affects Most Organizations

Why "China's Hacker Army" Affects Most Organizations | Cybersecurity | Scoop.it
The New York Times published a fascinating article on China’s Hacker Army. On the face …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Musings on Third-Party Testing (Part 2): The Caveats - Elastica

Musings on Third-Party Testing (Part 2): The Caveats - Elastica | Cybersecurity | Scoop.it
In a previous post, I embarked on a discussion of third-party testing with regard to …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Is Anti-Virus Really Dead?

Is Anti-Virus Really Dead? | Cybersecurity | Scoop.it
A recent article in the Wall Street Journal featured a quote from Symantec stating that …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Open SSL Reverse Heartbleed Vulnerability

Open SSL Reverse Heartbleed Vulnerability | Cybersecurity | Scoop.it
The devastating heartbleed vulnerability has caused a significant stir in the security community. It turns …
Elastica's insight:

The devastating heartbleed vulnerability has caused a significant stir in the security community. It turns out that the same attack concept in the heartbleed vulnerability can be applied in reverse. In other words, instead of applying heartbleed to steal data from a web server, the same idea can be applied in reverse to steal data directly from a user’s computer. In this video, Elastica CTO Dr. Zulfikar Ramzan describes this reverse heartbleed vulnerability. This video builds upon Zulfikar’s previous video where he described the mechanics of the basic heartbleed vulnerability.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics - Elastica

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics - Elastica | Cybersecurity | Scoop.it
There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160).
Elastica's insight:

There was a devastating security flaw in the OpenSSL implementation of the SSL / TLS protocol (CVE-2014-0160), known as the heartbleed vulnerability. The vulnerability occurs in what is known as the heartbeat extension to the SSL / TLS protocol, and it specifically impacts version 1.0.1 and beta versions of 1.0.2 of OpenSSL. Even though OpenSSL is just one implementation of the SSL / TLS protocol, it is the most widely deployed implementation. In this SOC Talk, Elastica’s CTO Dr. Zulfikar Ramzan walks through the mechanics of the flaw (at a high level), how an attacker can exploit it, and its underlying ramifications. It is important to stress that the flaw is not inherent to the SSL / TLS protocol itself, but rather to the specific OpenSSL implementation.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

Cisco's Intercloud, Google's Cloud Pricing Cut, and the Next Wave of Cloud Services - Elastica

Cisco's Intercloud, Google's Cloud Pricing Cut, and the Next Wave of Cloud Services - Elastica | Cybersecurity | Scoop.it
Unless you’ve been living in a cave this past week (which isn’t even over, mind …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Google Docs Phishing Scam - Elastica

Google Docs Phishing Scam - Elastica | Cybersecurity | Scoop.it
Users of Google Drive are at significant risk of having their accounts hijacked, by a …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Gartner Public Cloud Security Management Lifecycle (Part 2): Choose and Apply Compensating Controls - Elastica

Gartner Public Cloud Security Management Lifecycle (Part 2): Choose and Apply Compensating Controls - Elastica | Cybersecurity | Scoop.it
In my last blog post, I talked about the first element of Gartner’s Public Cloud …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Dyreza / Dyre Malware Potentially Targeting Salesforce

Dyreza / Dyre Malware Potentially Targeting Salesforce | Cybersecurity | Scoop.it
Salesforce announced that the Dyreza malware (aka Dyre) may pose a risk for its customers. Zulfikar Ramzan, CTO of Elastica, discusses its ramifications.
more...
No comment yet.
Scooped by Elastica
Scoop.it!

SSLv3 Poodle Vulnerability (CVE­-2014­-3566)

SSLv3 Poodle Vulnerability (CVE­-2014­-3566) | Cybersecurity | Scoop.it
A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known …
Elastica's insight:

A remarkable flaw was found in version 3 of the SSL protocol. The vulnerability known as Poodle (Padding Oracle On Downgraded Legacy Encryption) allows attackers to decrypt data that you may have thought was being transmitted over a secure HTTPS / SSL connection. The result is that attackers can use this flaw to compromise your online accounts (e.g., by stealing authentication cookies) via a man-in-the-middle attack. The flaw exploits a shortcoming in how padding is handled within the use of the Cipher Block Chaining (CBC) mode within SSLv3. The vulnerability was assigned Common Vulnerabilities and Exposures / CVE-2014-­3566. And it was discovered by Bodo Moller, Thai Duong, Krzysztof Kotowicz. In this SOCTalk Video, Elastica's CTO Dr. Zulfikar Ramzan walks through the mechanics of the Poodle vulnerability and explains its implications.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

Cybersecurity Demands New Framework - InformationWeek

Cybersecurity Demands New Framework - InformationWeek | Cybersecurity | Scoop.it
Cybersecurity development has been a piecemeal process. It's time for a stronger, more cohesive approach.
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Did Target Make a Mistake With the CISO's Reporting Structure?

Did Target Make a Mistake With the CISO's Reporting Structure? | Cybersecurity | Scoop.it
A recent piece published by Antone Gonsalves (@antoneg) in CSO magazine surveyed a number of folks …
Elastica's insight:

A recent piece published by Antone Gonsalves (@antoneg) in CSO magazine surveyed a number of folks about whether Target made a mistake by having its recently hired Chief Information Security Officer (CISO), Brad Maiorino, report to the Chief Information Officer (CIO), Bob DeRodes, rather than directly the CEO of the company. Although the people surveyed generally disagreed with Target’s course of action, I think it’s important to examine a more fundamental consideration first.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

The eBay Password Breach and Its Implications

The eBay Password Breach and Its Implications | Cybersecurity | Scoop.it
On May 21, 2014, eBay announced that attackers had breached its network and were able …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

The eBay Password Breach and its Implications

The eBay Password Breach and its Implications | Cybersecurity | Scoop.it
eBay announced to its customers on May 21, 2014 that its network had been breached …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Internet Explorer Zero Day Threat: High-Level Mechanics

Internet Explorer Zero Day Threat: High-Level Mechanics | Cybersecurity | Scoop.it
During the last week of April, there were numerous active attacks on various versions of …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

IE Zero Day CVE 2014 1776 High Level Mechanics

IE Zero Day CVE 2014 1776 High Level Mechanics | Cybersecurity | Scoop.it
On April 26, 2014, a new Internet Explorer Zero Day Vulnerability (CVE-2014-1776) was discovered. The …
Elastica's insight:

On April 26, 2014, a new Internet Explorer Zero Day Vulnerability (CVE-2014-1776) was discovered. The exploit involves taking advantage of a use-after-free vulnerability in Internet Explorer that leverages a heap feng shui (a version of heap spray). In this video, Elastica CTO Dr. Zulfikar Ramzan walks through the high level mechanics of the vulnerability and also discusses best practices as well as where more information can be obtained.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

Rethinking Business Implications in a Post Heartbleed World - Elastica

Rethinking Business Implications in a Post Heartbleed World - Elastica | Cybersecurity | Scoop.it
The heartbleed vulnerability has, in no uncertain terms, created a maelstrom of activity. Beyond just …
Elastica's insight:

The heartbleed vulnerability has, in no uncertain terms, created a maelstrom of activity. Beyond just trying to understand the scope and ramifications of the attack, it’s important for us to take a step back and think through its broader implications.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

Musings on Third-Party Testing (Part 1): The Good - Elastica

Musings on Third-Party Testing (Part 1): The Good - Elastica | Cybersecurity | Scoop.it
Last week there was a considerable amount of media attention regarding the recent set of …
Elastica's insight:

There was a considerable amount of media attention regarding the recent set of NSS test results on breach detection. In addition to the original announcements, there were concerns raised regarding the validity of the results, and even a subsequent rebuttal to those concerns.

more...
No comment yet.
Scooped by Elastica
Scoop.it!

Gartner Public Cloud Security Management Lifecycle (Part 4): Incident Response Management - Elastica

Gartner Public Cloud Security Management Lifecycle (Part 4): Incident Response Management - Elastica | Cybersecurity | Scoop.it
What I’d like to do in this post is talk about the fourth (and final) …
more...
No comment yet.
Scooped by Elastica
Scoop.it!

Account Hijack to Steal Files in Your Google Drive - Elastica

Account Hijack to Steal Files in Your Google Drive - Elastica | Cybersecurity | Scoop.it
Researchers at Symantec  came across a clever phishing scam on Google Docs. In the scam, the …
more...
No comment yet.