Les Assises 2014 Conference Takeaways, Building a Yellow Brick Road in France

Recently, I had the good fortune to be invited to present the keynote speech at the 2014 Les Assises Security Conference held in the beautiful city state of Monaco. Les Assises is the largest information-security gathering in France and year-in and year-out it proves to be not only a huge information sharing opportunity, but also a time of self-reflection and strategy affirmation for the thousands of security executives that attend.

read more

CVE 2014-3566 POODLE: A New Vulnerability

Radware’s Emergency Response Team (ERT) is reporting a new vulnerability published under CVE 2014-3566 named POODLE (Padding Oracle on Downgraded Legacy Encryption). This SSLv3 POODLE vulnerability can force a client to negotiate SSLv3 instead of TLS and then carry out BEAST (Browser Exploit Against SSL/TLS) attacks to obtain information from an encrypted stream.

read more

Tsunami SYN Flood Attack – A New Trend in DDoS Attacks?

Over the past week Radware’s Emergency Response Team (ERT) detected a new type of SYN flood which is believed to be specially designed to overcome most of today’s security defenses with a TCP-based volume attack. Within a 48-hour period two different targets in two different continents were targeted with this new technique and have experienced very high attack volumes.

read more

Can Your Business Meet the Demands of Cyber-Ransom?

Online criminality has become a big business and new faces of social engineering and fraud are sweeping the globe. News articles regularly report on major breaches and outages, but rarely, if ever, do we see the underlying ransom demands that are presented before a business is attacked. The stand that organizations often take is that they do not negotiate with terrorists or pirates. But this approach, while noble, can become costly to a business, some may lose everything.

read more

Cyber Security Regulations Pull on the Purse Strings – and those Affected Agree it’s Necessary

Financial institutions, such as banks and credit unions, have long been a target of cyber and DDoS attacks. These attacks are designed to disrupt operations and access sensitive information, becoming a constant threat, to not only those businesses but to the customers they serve.

read more

My Takeaways from This Year’s AT&T Cyber Security Conference

Last week, I was invited to speak at the 16th annual AT&T Cyber Security Conference in NYC where over the span of two days, speakers kept the audience immersed with engaging topics.  Surrounded by security executives, I learned that we all share similar concerns.  There were resounding messages that resonated with me that I’d like to share as my key takeaways from the event.

read more