Beware of Bleeding Hearts (Updated)

by Ken Bechtel on April 8, 2014

A recently discovered vulnerability, identified as Common Vulnerabilities and Exposures (CVE) CVE-2014-0160, but more commonly called HeartBleed Vulnerability, has been acknowledged by the Open SSL Organization and the Finnish Cert Team. This is an attack against the transport layer security...

Understanding NIST’s Cybersecurity Framework

by Cris Thomas on April 8, 2014

NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at...

PVS 4.0.2 is now available for download

by Sherry Quinn on April 2, 2014

This maintenance release addresses the following issues: An expired PVS license or activation code sends the user to the Quick-Setup wizard to allow entry of the new license Hosts with Internet facing vulnerabilities were missing the “External Access” tag Filtering issue on the “Affected Host List...

True White-Knuckled Stories of Metrics in Action: Sylvan

by Marcus J. Ranum on April 2, 2014

In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs...

Malware’s Journey from Hobby to Profit-Driven Attacks

by Ken Bechtel on March 24, 2014

While most of my posts focus on malware attacking systems today, the history of malware is a fascinating topic that provides insights into the current landscape. As one of the authors of the Avien Malware Defense Guide , I contributed to the book's chapter on history and will be leveraging and...