Why China Wants Your Sensitive Data

LinuxSecurity.com: Leading into 2015, the cybersecurity community was still reeling from the impact of a destructive attack unlike any other we have seen in terms of visibility, scale, and impact. Already halfway into 2015, there is no shortage of breaches. We have already witnessed major compromises in healthcare, the US government, the Bundestag, and media being attacked by sophisticated adversaries, in most cases, roaming freely on networks for months at a time.

From: Linux Security

First look at the Pwn Pad 3, the latest in mobile security mayhem

LinuxSecurity.com: Pwnie Express, the company that began as a builder of “drop boxes” for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set.

From: Linux Security

Why We Encrypt

LinuxSecurity.com: Encryption protects our data. It protects our data when it’s sitting on our computers and in data centers, and it protects it when it’s being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

From: Linux Security

Default SSH Key Found in Many Cisco Security Appliances

LinuxSecurity.com: Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

From: Linux Security

IT: Forget the device, secure the data

LinuxSecurity.com: Last June, Wisegate, a crowd sourced IT research company, surveyed hundreds of its senior-level IT professional members to assess the current state of security risks and controls in business today. The respondents considered malware and breaches of sensitive data to be the primary security risks/threats, followed by malicious outsider risk.

From: Linux Security

Hundreds of .Gov Credentials Found In Public Hacker Dumps

LinuxSecurity.com: It’s no surprise that careless government employees use their .gov email addresses to sign up for all sorts of personal accounts. But when those insecure third party services are breached by hackers-and if those employees were foolish enough to reuse their .gov passwords, too-that carelessness can offer a dead-simple backdoor into federal agencies, with none of the usual “sophisticated Chinese attackers” required.

From: Linux Security