Home

“Penetration testers need to advance their skills” says expert

A solid understanding of advanced penetration testing techniques and exploit mitigation controls helps testers as simple vulnerability scans often fail to deliver accurate results or address more than low-hanging fruit.

London, UK: Ahead of SANS London 2012, Europe’s largest IT security training event, a top security expert and trainer is warning that a big challenge and knowledge gap for penetration testers is the growth of operating systems that include new anti-exploitation defences, “Although developers and operators still make coding and configuration mistakes, discovering or adapting an exploit to handle modern-day defences is more difficult than ever,” comments Stephen Sims, an industry expert with over 15 years of experience in information technology and security and the author of SANS' only 700-level course, SEC710: Advanced Exploit Development.

: DAWN NICHOLLS; InfoSecurity; Posted On Tuesday, 09 October 2012 10:32

SecurEnvoy, Sophos Partner to deliver world's first Tokenless Two Factor Authentication for Disk Encryption

SecurAccess provides strong 2FA for Sophos full disk encryption eliminating the need for expensive physical tokens or smartcard readers

Berkshire (UK): SecurEnvoy, the inventor of tokenless authentication, is Sophos’ first technical partner to offer a tokenless two-factor authentication solution for laptops and other devices encrypted using Sophos SafeGuard Enterprise. This removes the need for hardware tokens or smartcards and readers – making it more cost-effective for companies and easier for users to work securely, wherever they are using SMS messages to the user’s mobile phone.

: CATHERINE EYRES; InfoSecurity; Posted On Tuesday, 09 October 2012 10:23

Tatanga Attack Exposes chipTAN Weaknesses

Below is a media alert from Trusteer’s CTO on a new Tatanga attack against chipTAN systems used by banks in Germany to generate unique transaction authentication numbers (TAN).

Tatanga checks the user account details including the number of accounts, supported currency, balance/limit details. It then chooses the account from which it could steal the highest amount and initiates the transfer.

Trusteer has discovered a new Tatanga attack against chipTAN systems used by banks in Germany to generate unique transaction authentication numbers (TAN). chipTAN requires that the bank card for the account be inserted in the device to generate a TAN that is specific to the current transaction.

: AMIT KLEIN, CTO, TRUSTEER; InfoSecurity; Posted On Tuesday, 09 October 2012 10:14

Varonis reduces costs and takes pain out of data governance

Varonis unveils new, flexible architecture designed to boost efficiency, reduce overheads and simplify management

London: Varonis Systems Inc. has released version 5.8 of Varonis DatAdvantage, offering even more flexible, easier to manage and cost effective data governance for unstructured and semi-structured data while reducing system and network overhead. The latest enhancements are the result of continued improvements to the software to help organizations even more effectively audit and manage data access control, identify and classify data owners, and oversee entitlement and authorization processes for their sensitive data.