Network Security

  • Most Topular Stories

  • Analysis of a Cybercrime Infrastructure

    Latest Security Articles from Techworld
    6 Mar 2015 | 6:40 am
    Security researchers have finally published an analysis that exposes the inner workings of Cybrecrime operations targeting online banking credentials for banks in the US and Europe. Download this white paper get a rare glimpse at the inside view of the infrastructure, tools and techniques used by cybercriminals
  • New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast

    Dark Reading:
    Sara Peters
    5 Mar 2015 | 12:15 pm
    OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use.
  • Introducing Nessus Manager and Nessus Cloud

    Tenable Network Security Blog
    Diane Garey
    25 Feb 2015 | 7:00 am
    Recently, Tenable announced the new Nessus® Manager and Nessus Cloud vulnerability management solutions. This article introduces you to these new solutions and their unique features.
  • US Data Breaches Reach Record High in 2014

    Seculert Blog on Breach Detection
    Liora R. Herman
    24 Feb 2015 | 5:38 am
    According to a new report from the Identity Theft Resource Center (ITRC), the number of US data breaches reached a record high of 783 in 2014 — a 28% jump over 2013, and 18% higher than the previous record of 662 data breaches tracked in 2010. Other key findings from the ITRC report include: For […] The post US Data Breaches Reach Record High in 2014 appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • How Safe Is Cloud Security?

    blackstratus.com
    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
 
 
  • add this feed to my.Alltop

    Tenable Network Security Blog

  • CISOs Face Tough Challenges When Procuring Security Technologies

    Craig Shumard
    5 Mar 2015 | 8:00 am
    CISOs face several internal challenges when procuring security solutions:
  • Tenable Responds to CVE-2015-0204: FREAK Vulnerability

    Kelly Prevett
    4 Mar 2015 | 4:40 pm
    It seems that in recent history, the SSL library continues to give security teams plenty of opportunities to interface with systems/application administrators and vendors to upgrade SSL in their environments.
  • Introducing Nessus Manager and Nessus Cloud

    Diane Garey
    25 Feb 2015 | 7:00 am
    Recently, Tenable announced the new Nessus® Manager and Nessus Cloud vulnerability management solutions. This article introduces you to these new solutions and their unique features.
  • Counting Vulnerabilities

    Gavin Millard
    23 Feb 2015 | 7:00 am
    When talking with infosec professionals about gaining insight into how vulnerable their organisations are, I’ve noticed that many often reply with one simple statement: “We have N number of vulnerabilities.” Whilst it’s trivial to count the actual number of vulnerabil
  • Tenable Introduces Agent-Based Scanning in Nessus Manager

    Diane Garey
    17 Feb 2015 | 7:00 am
    Today, Tenable announced Nessus Agents, a new scanning method available in Nessus Manager, an improved version of the award-winning Nessus vulnerability management platform designed with enterprise users in mind.
 
  • add this feed to my.Alltop

    Feed: Blogs

  • March Newsletters Teaser

    George Chetcuti
    5 Mar 2015 | 6:32 am
    Topics covered in CloudComputingAdmin.com, VirtualizationAdmin.com, MSExchange.org, WindowsNetworking.com and WindowSecurity.com monthly newsletters...
  • UserGate Web Filter 4.1 released

    George Chetcuti
    3 Mar 2015 | 4:57 pm
    New features for ISPs and corporate IT departments
  • The KEMP Free LoadMaster

    George Chetcuti
    3 Mar 2015 | 5:06 am
    Free LoadMaster is a new free product from KEMP Technologies.
  • How to remove Superfish

    George Chetcuti
    2 Mar 2015 | 6:59 am
    Superfish is a piece of software that Lenovo has admitted to pre-installing on many of its laptops to "enhance the shopping experience" of its users.
  • Cloud malware analysis services

    George Chetcuti
    26 Feb 2015 | 7:45 am
    Malicious attackers are constantly on the lookout for new and advanced attacks, which they use to spread malware around the world.
  • add this feed to my.Alltop

    TaoSecurity

  • Why Would Iran Welcome Western Tech?

    2 Mar 2015 | 7:10 pm
    I noticed an AFP story posted by Al Jazeera America titled Iran could allow in Google, other tech companies if they follow rules. It included the following:Iran could allow Internet giants such as Google to operate in the the country if they respect its "cultural" rules, Fars news agency said on Sunday, quoting a senior official."We are not opposed to any of the entities operating in global markets who want to offer services in Iran," Deputy Telecommunications and Information Technology Minister Nasrollah Jahangard reportedly told Fars."We are ready to negotiate with them and if…
  • Boards Not Briefed on Strategy?

    19 Feb 2015 | 9:43 am
    I'd like to make a quick note on strategy, after reading After high-profile hacks, many companies still nonchalant about cybersecurity in the Christian Science Monitor today. The article says:In a survey commissioned by defense contractor Raytheon of 1,006 chief information officers, chief information security officers, and other technology executives, 78 percent said their boards had not been briefed even once on their organization’s cybersecurity strategy over the past 12 months...The findings are similar to those reported by PricewaterhouseCoopers in its Global State of…
  • Elevating the Discussion on Security Incidents

    19 Feb 2015 | 8:20 am
    I am not a fan of the way many media sources cite "statistics" on digital security incidents. I've noted before that any "statistic" using the terms "millions" or "billions" to describe "attacks" is probably worthless.This week, two articles on security incidents caught my attention. First, I'd like to discuss the story at left, published 17 February in The Japan Times, titled Cyberattacks detected in Japan doubled to 25.7 billion in 2014. It included the following:The number of computer attacks on government and other organizations detected in Japan doubled in 2014 from the previous…
  • Five Reasons Digital Security Is Like American Football

    14 Feb 2015 | 1:42 pm
    Butler's Interception (left) Made Brady's Touchdowns (right) CountIn Kara Swisher's interview on cyber security with President Obama, he makes the following comment:"As I mentioned in the CEO roundtable, a comment that was made by one of my national security team — this is more like basketball than football in the sense that there’s no clear line between offense and defense. Things are going back and forth all the time,” he said.I understand why someone on the President's national security team would use a basketball analogy; we all know the President is a big hoops fan. In this post I…
  • Learning the Tufte Way to Present Information

    14 Feb 2015 | 6:00 am
    Source: The Economist, 31 Jan 2015TaoSecurity Blog readers know I am a fan of Edward Tufte. When I see a diagram that I believe captures the tenets of his philosophy of presenting information, I try to share it with readers.Two weeks ago in its 31 January 2015 edition, The Economist newspaper published Saudi Arabia: Keeping It in the Family. The article discussed the ascension of King Salman to the Saudi crown. The author emphasized the advanced age of Saudi kings since the founding of the monarchy in 1932.To make the point graphically, the article included the graphic at left. It…
  • add this feed to my.Alltop

    Uncommon Sense Security

  • We need to talk about attribution.

    10 Feb 2015 | 7:09 pm
    One of the InfoSec community’s greatest distractions lately has been attribution, both specifically and generically. Let’s start with the Sony fiasco and the FBI’s pinning the attribution tail on the North Korean donkey.  Many people have beaten this to death, there has even been name calling over it.  And I don’t care.  There are certainly questions unanswered, but I’m not opposed to the idea that it was North Korea, I’m just not convinced “beyond a reasonable doubt”.  The argument is lost in the greater public, everyone believes it, just like they believe…
  • But Jack, community and stuff…

    30 Jan 2015 | 4:40 am
    A few folks have asked me about my roles on the advisory board for Intelligent Defence and as a judge for RSA’s new crowdsourced track.  I’m often thought of as “Mr. BSides”, which is unfair to a lot of people who do a lot more than I do to build and sustain the Security BSides movement and community, and unfair to the thousands of organizers, volunteers, speakers, sponsors, and participants who make BSides what it is.  This also overlooks the fact that I have long been engaged with a variety of groups and events, and I work in the security industry. The short version of the…
  • RSA Conference’s new crowdsourced submissions program

    28 Jan 2015 | 10:06 pm
    The US RSA Conference is adding something new for 2015, a crowdsourced submissions track.  RSA gets a stunning number of submissions each year, and it takes a long time to sort through them all- leading to a common grumble about the long lead time between submissions and the conference.  And as with almost any event, some question why certain talks were accepted over others.  RSA has been listening, and is trying this new crowdsourced track to address some of the feedback they have received.  You want a short leadtime for talks to allow for recent topics?  You want a…
  • Infosecurity Europe’s new “Intelligent Defence” conference

    26 Jan 2015 | 11:35 am
    My friends over at Infosecurity Europe have been listening to their attendees- and that’s pretty cool.  From the Intelligent Defence site: “Infosecurity Europe's meticulous research revealed that attendees of the Number 1 exhibition and conference in Europe require more in-depth, technical research sessions.” The folks at Infosecurity listened, and then acted, creating this new conference which will run parallel with Infosecurity Europe.  Again from the Intelligent Defence site: “Infosecurity Intelligent Defence 2015 is a two-day, technical security conference, focusing on…
  • Update on Security BSides

    2 Jan 2015 | 5:50 pm
    Another year is gone, and it was a pretty amazing one for Security BSides.  It is hard to believe that this adventure began five and a half years ago, with the first event happening in July of 2009.  BSides has exploded since then, there have been a total of 167 BSides events globally- with 58 in 2014 alone.  BSides have now been held in 74 cites in 16 countries, on every continent except Antarctica.  2014 brought BSides to more than a dozen new cities across the world, including the first events in Asia.  Some of 2014’s new BSides cities included Dubai (UAE),…
 
  • add this feed to my.Alltop

    Schneier on Security

  • FREAK: Security Rollback Attack Against SSL

    schneier
    6 Mar 2015 | 8:46 am
    This week we learned about an attack called "FREAK" -- "Factoring Attack on RSA-EXPORT Keys" -- that can break the encryption of many websites. Basically, some sites' implementations of secure sockets layer technology, or SSL, contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can force the website to use the weaker encryption algorithms and then decrypt the traffic. From Ars Technica: In recent days, a scan of more than 14 million websites that support the secure sockets layer or…
  • The TSA's FAST Personality Screening Program Violates the Fourth Amendment

    schneier
    6 Mar 2015 | 4:28 am
    New law journal article: "A Slow March Towards Thought Crime: How the Department of Homeland Security's FAST Program Violates the Fourth Amendment," by Christopher A. Rogers. From the abstract: FAST is currently designed for deployment at airports, where heightened security threats justify warrantless searches under the administrative search exception to the Fourth Amendment. FAST scans, however, exceed the scope of the administrative search exception. Under this exception, the courts would employ a balancing test, weighing the governmental need for the search versus the invasion of personal…
  • Now Corporate Drones are Spying on Cell Phones

    schneier
    5 Mar 2015 | 4:33 am
    The marketing firm Adnear is using drones to track cell phone users: The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns. "Let's say someone is walking near a coffee shop," Kataria said by way of example. The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to…
  • Tom Ridge Can Find Terrorists Anywhere

    schneier
    4 Mar 2015 | 4:40 am
    One of the problems with our current discourse about terrorism and terrorist policies is that the people entrusted with counterterrorism -- those whose job it is to surveil, study, or defend against terrorism -- become so consumed with their role that they literally start seeing terrorists everywhere. So it comes as no surprise that if you ask Tom Ridge, the former head of the Department of Homeland Security, about potential terrorism risks at a new LA football stadium, of course he finds them everywhere. From a report he prepared -- paid, I'm sure -- about the location of a new football…
  • Data and Goliath: Reviews and Excerpts

    schneier
    3 Mar 2015 | 11:03 am
    On the net right now, there are excerpts from the Introduction on Scientific American, Chapter 5 on the Atlantic, Chapter 6 on the Blaze, Chapter 8 on Ars Technica, Chapter 15 on Slate, and Chapter 16 on Motherboard. That might seem like a lot, but it's only 9,000 of the book's 80,000 words: barely 10%. There are also a few reviews: from Boing Boing, Booklist, Kirkus Reviews, and Nature. More reviews coming. Amazon claims to be temporarily out of stock, but that'll only be for a day or so. There are many other places to buy the book, including Indie Bound, which serves independent…
  • add this feed to my.Alltop

    Security Uncorked

  • Jack Daniel: 3 Books that Changed My Life

    jj
    17 Feb 2015 | 4:59 pm
    In this series, I asked infosec professionals to name 3 books that changed their life. This entry features picks from Jack Daniel, the self-proclaimed security curmudgeon and peer-described “glue” of our industry. Perhaps best known as the co-founder of Security BSides, there are many accolades of Jack’s professional success, and I might say the more subtle, softer side of Jack is often overshadowed by his well-developed curmudgeonly persona. The short version is that he wins awards, does great things, helps lots of people, and will never turn a blind eye or hurried goodbye…
  • IT Hot Topics Conference & Trainings 2015- Celebrating 30 years!

    jj
    17 Feb 2015 | 2:17 pm
    2015 marks the 30th anniversary of Carolina Advanced Digital, and the 13th anniversary of our annual IT Hot Topics Conference. New for 2015, we have a great lineup of certification trainings, extended social activities, new content, and special guest speakers. The venue is beautiful and easy to access. The content is driven by the attendees. The speakers are always top-notch. In recent years, we’ve had the pleasure of hosting Katie Moussouris, Chris Hoff, Chris Nickerson, Mike Rothman, Zach Lanier, Deviant, Mike Murray, Shannon Tufts, Johnny Long, John McCumber, Ryan Linn, Tyler…
  • Getting Involved in the Community- Join us live or later on Dark Reading Radio 2/18

    jj
    17 Feb 2015 | 1:21 pm
    Wednesday, February 18th at 1pm Eastern- listen live, or download and enjoy later, as Josh Corman and I join Dark Reading’s Tim Wilson, Sara Peters, and Curtis Franklin to challenge listeners to get more involved in the security community. How To Get More Involved In the IT Security Community with Jennifer Minella and Josh Corman on Dark Reading Radio Date: 2/18/2015 1:00 PM New York/10:00 AM San Francisco More information and registration How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at…
  • Dave Kennedy: 3 Books that Changed My Life

    jj
    4 Feb 2015 | 7:09 am
    In this series, I asked infosec professionals to name 3 books that changed their life. This entry includes picks from our favorite as-Seen-on-TV security consultant, author and friend, Dave Kennedy. Dave is another person I’d consider to be a bit of an anomaly in our world; combining finely-tuned technical skills with a keen business sense. He’s just one of those guys you can’t help but like. An ex-Marine… err, sorry… a no-longer-active-duty Marine, husband and father, Dave loves long walks on the beach, Dr. Who, and videos of cute animals. I didn’t know…
  • Illena Armstrong: 3 Books that Changed My Life

    jj
    3 Feb 2015 | 6:58 am
    In this series, I asked infosec professionals to name 3 books that changed their life. This entry features picks from Illena Armstrong, editorial mastermind behind SC Magazine. You don’t work in the information security industry for long before you see Illena’s name everywhere. We’ve met in passing many times, and I am always struck by how down-to-earth and accessible she is. One thing you’ll notice about Illena immediately is an uncommon balance of strength and softness — yang and yin, if you will. The energy that exudes from her is simultaneously calming,…
  • add this feed to my.Alltop

    Infosec Events

  • Week 9 In Review – 2015

    md
    2 Mar 2015 | 5:53 am
    Resources BSides Tampa 2015 Videos – irongeek.com These are the videos from the BSides Tampa conference. You can watch and download the videos from here. Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) – gemalto.com The analysis of the documents shows that the NSA and GCHQ targeted numerous parties beyond Gemalto. The published documents are real and refer accurately to events that occurred during 2010 and 2011. Honeypot…
  • Information Security Events For March

    sheila
    28 Feb 2015 | 2:09 am
    Here are information security events in North America this month: 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015) : March 2 to 4 in San Antonio, TX, USA   Cyber Risk Insights Conference San Francisco 2015 : March 3 in San Francisco, CA, USA   Global Privacy Summit 2015 : March 4 to 6 in Washington, DC, USA   SecureWorld Boston 2015 : March 4 to 5 in Boston, MA, USA   DakotaCon 2015 : March 6 in Madison, SD, USA   BSides Austin 2015 : March 12 to 13 in Austin, TX, USA   CactusCon 2015 : March 13 in Tempe, AZ, USA   BSides…
  • Week 8 In Review – 2015

    md
    25 Feb 2015 | 5:03 am
    Resources Equation Group: The Crown Creator of Cyber-Espionage – kaspersky.com Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group. Russian researchers expose breakthrough U.S. spying program – reuters.com The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to…
  • Week 7 In Review – 2015

    md
    16 Feb 2015 | 11:59 am
    Resources Today I Am Releasing Ten Million Passwords – xato.net A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So Mark Burnett built a data set of ten million usernames and passwords that he is releasing to the public domain. BSides Huntsville 2015 Videos – irongeek.com These are the videos from the BSides Huntsville conference. You can watch and download the videos from here. CA Alternative Whitepapers – isecpartners.github.io Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC…
  • Week 6 In Review – 2015

    md
    9 Feb 2015 | 11:54 am
    Resources OWASP Proactive Controls – owasp.org This document was written by developers for developers, to assist those new to secure development. It aims to guide developers and other software development professionals down the path of secure web application software development. Anthem-From the Desk of CEO To Members – anthemfacts.com Anthem was the target of a very sophisticated external cyber attack. Based on what they know now, there is no evidence that credit card or medical information were targeted or compromised. Tools AirPcap Channel Hopping With Python –…
 
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Monthly Blog Round-Up – February 2015

    2 Mar 2015 | 8:01 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. SIEM requires a lot of work, whether you paid for the software, or not. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the…
  • Links for 2015-02-27 [del.icio.us]

    Anton Chuvakin
    28 Feb 2015 | 12:00 am
    BBC News - Cybersecurity: Defending 'unpreventable' cyber attacks
  • Monthly Blog Round-Up – January 2015

    2 Feb 2015 | 3:59 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools, BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “Top 10 Criteria for a SIEM?” came from…
  • Annual Blog Round-Up – 2014

    20 Jan 2015 | 10:19 am
    Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2014. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools (ELK FTW!), BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth…
  • Monthly Blog Round-Up – December 2014

    6 Jan 2015 | 2:34 pm
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools, BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always…
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2015-02-27

    ssimpson
    4 Mar 2015 | 12:15 pm
    This week was a light week as far as intelligence collections go, or at least it seemed that way to the VCIC. That’s not necessarily a bad thing in the InfoSec space. Some of our more notable collections dealt with updates to several highly publicized breaches. Anthem confirmed 78.8 million individuals were impacted by the incident it disclosed earlier this year, including anywhere between 8.8 and 18.8 million non-customers. Target pegged the cost of its late 2013 payment card breach at $252 million, only $90 million of which has been covered by insurance. Hackers affiliated with Lizard…
  • Weekly Intelligence Summary Lead Paragraph: 2015-02-20

    dkennedy
    24 Feb 2015 | 11:42 am
    Risks impacting the financial services vertical were the subjects of collections affecting Verizon Enterprise clients within that vertical, as well as almost all of our other clients and ourselves.  Dyre continues its surge to replace Zeus as the leading financial fraud Trojan as evidenced by intelligence this week from IBM, Bitdefender and Malcovery.com.  We also collected new intelligence on one of Dyre’s leading competitors, Vawtrak, courtesy of our colleagues at Trend Micro and Cisco.  Kaspersky expanded our intelligence on the Anunak cybercrime actor that’s using malware Kaspersky…
  • Easy Breach Analysis with Association Rules

    Gabe Bassett
    18 Feb 2015 | 8:26 am
    Introduction A significant amount of the analysis we do around breach data revolves around understanding how often features are seen together.  For example, in the DBIR, Figure 19 on page 15 looks at how often different incident types occur within industry verticals.  These can be described as antecedents (the things that we choose) and the succedents (the things we predict). Today we’re going to discuss a different approach to finding features that occur together: association rules.  Association Rules look for sets of of values that commonly occur together in a record.  While…
  • Weekly Intelligence Summary Lead Paragraph: 2015-02-13

    dkennedy
    16 Feb 2015 | 6:43 am
    Microsoft’s Patch Tuesday led this week’s intelligence collections as the company released nine bulletins to address 56 vulnerabilities, including critical issues in Internet Explorer, Windows Kernel-Mode Driver and Group Policy. The vulnerabilities in Internet Explorer and Group Policy will be of special interest to enterprises, given the fact that iSight Partners and Invincea both reported on a watering hole attack exploiting one of the flaws patched by the Internet Explorer bulletin. The attack, attributed to the Sunshop group, was hosted on Forbes.com at the end of November 2014 and…
  • Weekly Intelligence Summary Lead Paragraph: 2015-02-06

    dkennedy
    6 Feb 2015 | 3:45 pm
    This week’s intelligence summary is brought to you by the letter “A” (with apologies to Sesame Street).  Anthem, the second-largest health insurance company in the U.S.A. reported they discovered a data breach last week.  As with other recent, major data breaches like those at Sony Pictures Entertainment (SPE), JP Morgan and Community Health Systems, collections during the first few days are short on details and long on “experts” analogizing (versus analyzing), and abusing Occam’s razor.  The VCIC focused collection activities on this event, but we have no Actionable…
 
  • add this feed to my.Alltop

    Optimal Security

  • Does Open Source Mean Open Season?

    Orion
    2 Mar 2015 | 5:30 am
    There has long been a debate over whether open source software is generally more secure or less secure than commercial software. Proponents of open source say it’s more secure because more people are looking at the code, increasing the chances that problems will be seen, documented, and corrected. Proponents of commercial software claim that vendors are more accountable than a team of volunteers, and obscurity of the code helps protect it. And you can find plenty of studies which support either side of the debate. But I’m not talking about using Open Office vs. Microsoft Office,…
  • Infosec Haiku

    Chris Merritt
    1 Mar 2015 | 1:25 pm
    Anata no joho sekyuritei konshu no haiku Psychology Tool Profiles Users at Risk of Cyberattacks   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

    Graham Cluley
    26 Feb 2015 | 9:43 am
    For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference in Vancouver to compete in Pwn2Own (a separate bug-hunting competition) to run their own, separate Chrome-specific contest that offered up to $60,000 for working exploits. But now, Google has announced that Pwnium, as we know it, is no more.
  • What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

    Graham Cluley
    24 Feb 2015 | 5:58 am
    Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept encrypted HTTPS traffic for every website users visited – replacing legitimate site certificates with its own. As a result, a major security vulnerability was introduced, potentially allowing online criminals to launch man-in-the-middle…
  • Hacking (Protecting) Your POS System

    Orion
    23 Feb 2015 | 5:30 am
    In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS systems of small- to mid-sized companies. There are fewer cards with each target, but they are easier to compromise and there are many more targets to draw from. If a target becomes too time-consuming to breach, I’ll simply move on to the next one. And that’s the key…
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Meet TRUSTe: Jannette L. Cabardo, Data/Database Analyst – Lead

    kfreeman
    4 Mar 2015 | 9:00 am
    Our latest series will introduce you to a new TRUSTe employee every week to give you an inside look at the talented, knowledgeable and friendly people who work at TRUSTe. Name: Jannette L. Cabardo Job Title: Data / Database Analyst – Lead How long have you worked at TRUSTe? Almost 3 years Tell us about … Continue reading »
  • New Automated Assessment Manager Privacy Tool Now Available

    kfreeman
    4 Mar 2015 | 6:00 am
    We’re excited to announce that our automated privacy assessment tool, Assessment Manager, is now generally available for businesses after a successful beta program. This new module, part of our Data Privacy Management Platform, will reduce man-hours needed for privacy assessments and streamline the entire process. We recently released our Privacy Assessments Benchmarking Study, which found … Continue reading »
  • March Monthly Spotlight – Mobile World Congress, IAPP Global Privacy Summit, Webinars & More!

    kfreeman
    2 Mar 2015 | 9:00 am
    March 2 “A Question of Trust” Roundtable  Barcelona TRUSTe is delighted to be joining AdTruth at their Privacy Roundtable supported by IAB Europe during Mobile World Congress (MWC). The roundtable, titled “A Question of Trust,” will aim at improving the relationship between brands and consumers by identifying and addressing the most important questions relating to … Continue reading »
  • Privacy Roundtable at Mobile World Congress

    kfreeman
    27 Feb 2015 | 12:14 pm
    As our connection with our devices becomes more personal, the data collected more powerful, and the legislative framework more complex, the saying “trust takes years to build and seconds to break” has never been more relevant for digital marketers and their audiences. TRUSTe is delighted to be joining AdTruth at their Privacy Roundtable supported by … Continue reading »
  • End-of-Month Recap: What You Might Have Missed

    kfreeman
    27 Feb 2015 | 9:00 am
    At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month we touched on a number of topics — from COPPA to APEC and global privacy laws. There’s always a … Continue reading »
  • add this feed to my.Alltop

    Networking

  • Does Your Tablet Have GPS, A-GPS, or aGPS? The Differences Are Big

    1 Mar 2015 | 10:19 am
    Tablet computers can be incredibly empowering for a number of professional and hobby applications that depend on location accuracy. Beware though- some tablet makers play fast and loose with reality when it comes to onboard GPS capabilities.
  • Many Choices For Wireless Display Mirroring- Choose Wisely

    22 Feb 2015 | 2:46 am
    The evolution of getting content to the big screen at the front of the room has brought us to an interesting place. We now have a range of choices when it comes to remote display-- but like everything in the network world, the devil is in the details.
  • Eavesdropping TVs Are Just The Tip Of The Iceberg

    15 Feb 2015 | 12:43 pm
    News recently broke about Samsung's latest smart TVs deviously recording what they hear and sending it all back to "third parties". Warped as this is, the bigger story is even more disturbing.
  • Got a Tough Outdoor Wireless Challenge? Try 900 MHz

    7 Feb 2015 | 3:44 pm
    In this day of 802.11ac and faster-than-ever wireless, there's actually still a place for an oddball wireless technology when nothing else will work. But it's applicability is limited to difficult outdoor scenarios, and there are constraints.
  • Big Numbers For Network Performance Can Be Deceiving

    1 Feb 2015 | 8:58 am
    Big is better when it comes to network speeds. At the same time, it's easy to draw faulty conclusions on expected performance when you drill into the claims for various components. Let's talk about how to cut through the fog.
 
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • Siemens Fixes Vulnerabilities in Several ICS Products

    Eduard Kovacs
    6 Mar 2015 | 10:08 am
    Siemens has produced updates to address security flaws in several of the company’s solutions. ICS-CERT and Siemens have published a total of five advisories providing information on the vulnerabilities. read more
  • Financial Firms Searching for Cloud Strategy: CSA Survey

    Fahmida Y. Rashid
    6 Mar 2015 | 7:49 am
    While a growing number of financial services organizations are moving their data and applications to the cloud, most of them do not have a concerted cloud strategy with appropriate controls and security, according to a new report from the Cloud Security Alliance. read more
  • FREAK Vulnerability Affects All Windows Versions: Microsoft

    Eduard Kovacs
    6 Mar 2015 | 7:43 am
    Initially, experts believed that the recently disclosed SSL/TLS vulnerability dubbed “FREAK” doesn’t affect Windows, but Microsoft confirmed on Thursday that all supported versions of its operating system are impacted. read more
  • Suspected Pentagon Hacker Held in UK Cybercrime Raids

    AFP
    6 Mar 2015 | 6:01 am
    British authorities have arrested a 23-year-old man over a hacking attack on the US Department of Defense, one of 56 people detained in a week-long crackdown on cyber-crime, officials said Friday. read more
  • Reconnaissance Tool Linked to French Intelligence Malware Babar

    Eduard Kovacs
    6 Mar 2015 | 4:23 am
    Researchers at security firms ESET and Cyphort continue to analyze the malware families believed to have been developed by a French intelligence agency. The latest threat uncovered by experts has been dubbed “Casper.” read more
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Securing Applications for a Safer Cloud Environment

    5 Mar 2015 | 12:00 am
    This white paper explains how an effective application security program can help organizations protect their assets in the cloud. It will also discuss how a secure-by-design approach to application security can help reduce risk across the IT infrastructure, in the cloud and beyond.Request Free!
  • The Client Mandate on Security

    5 Mar 2015 | 12:00 am
    Unlike many other organizations, however, law firms must also protect their client's confidential information. They have long been required to secure private information due to legal and regulatory requirements. Email is a key area of a firm's IT infrastructure when it comes to vigilance for security and governance.Request Free!
  • Balancing Security, Compliance and Cost

    5 Mar 2015 | 12:00 am
    Learn how cloud-based technologies for core productivity tools such as email and collaboration can help healthcare organizations be more efficient with IT dollars and focus on strategic initiatives such as the EMR.Request Free!
  • The State of Mobile Security Maturity

    5 Mar 2015 | 12:00 am
    In this study, we set to explore, with the help of ISMG, how enterprises view mobile security risks, what capabilities they are currently deploying vis-à-vis the four pillars of the framework and what their short-to-medium-term plans are to extend these capabilities.Request Free!
  • Recognizing Five Sources of High-Profile Data Security Breaches

    5 Mar 2015 | 12:00 am
    The average cost of a breach jumped 15% in 2014 to $3.5 million, and 43% of firms report having experienced a data breach in the past year. Meanwhile, businesses feel that their annual security budgets are only about 50% of what they need to adequately address the problem.This white paper discusses the 5 major categories of vulnerabilities that IT and security professionals need to account for in their solutions planning.Request Free!
  • add this feed to my.Alltop

    IT-Security

  • Updates to the Definition of Cardholder Data Post

    Branden Williams
    5 Mar 2015 | 6:57 am
    Put Them Together, by garryknight I wrote a post in 2009 that is now the all-time, third most popular post on this blog entitled, The Definition of Cardholder Data. I wrote it after leaving the 2009 PCI Community Meeting where there was more bickering and positioning on what constitutes cardholder data than I had ever seen. My experiences there prompted the post, and I figured it was time to go back and revisit it for PCI DSS 3.0. Go check out the updates and see if it is any more helpful! On a side note, I have formally accepted a new, exciting position with an amazing company. More on that…
  • IT Security Blog. Mitigating Risks. Enabling Business Strategies. W. Mark Brooks

    Mark Brooks
    4 Mar 2015 | 2:53 pm
    If you’re responsible for protecting your company’s Intellectual Property or Trade Secrets from Cyberattacks, you can improve your Information Security Program by understanding some of the key Strategic givens I’ve found at my Fortune 500 clients on Nation-State Adversaries. I assist companies and organizations that are dealing with known compromises or companies that suspect they have been compromised.  These compromises are increasingly driven by Nation-State Adversaries and often include companies that have physically deployed their high value company assets directly…
  • February 2015 Roundup

    Branden Williams
    3 Mar 2015 | 5:57 am
    Stay Classy, San Diego! How much snow do you have? Can it be measured in feet or inches? February kept piling it on for many of you, and it even affected the kids here in Texas! Snow days! Don’t forget, the latest edition of our book finally hit the shelves. Thanks for sending pictures of you with your new books! If you need to order your copy, head over to the website at www.pcicompliancebook.info. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. It’s the holidays, and possibly the time when we encounter trouble with…
  • The Impacts of Breaches: New Research!

    Branden Williams
    11 Feb 2015 | 11:25 am
    Part of the reason why I went through the enlightening process of my third run through academia as a learner was to be able to contribute research back to the field. I’m happy to announce that my first paper is now public for download. Starbucks : Birmingham : England : UK : Enjoy!, by uggboy Available for download through the Merchant Acquirers’ Committee is this piece that examines the economic impacts of breaches entitled, The Impacts of Breaches: A Survey of MAC Members on the Realities of Data Breaches. In it, I reveal research that helps to explain some of the economic…
  • Top 5 Facts You Need to Know About Healthcare and Risk Management

    Bob Chaput
    9 Feb 2015 | 10:00 am
    Throughout the past month, we’ve received several questions regarding Information Risk Management in healthcare. These questions come from both HIPAA Covered Entities as well as Business Associates. Many of these organizations are hearing different things about the upcoming OCR Audits from various sources. We at Clearwater want to be a guide to help navigate the often complicated world of compliance, so we have rounded up some of the common questions below along with some guidance and resources. Here are the top 5 facts you should know about Risk Management. 1. What’s the difference…
 
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Malware Author Pleads Guilty

    Sue Walsh
    5 Mar 2015 | 5:30 am
    The admitted author of Blackshades, a RAT malware variant, plead guilty in a Manhattan court room yesterday. Alex Yucel of Sweden did not hesitate to enter his plea, admitting he knew the software was designed to cause damage. He sold his creation to other cybercriminals, racking up hundreds of thousands in sales while over 500,000 computers across the globe were infected with it. Spread via spam messages and drive by injections, Blackshades allowed hackers to talk over the infected PC, log keystrokes, activate the camera, steal passwords, and access files. It also acts as ransomware, sending…
  • FBI Teases $3 Million Reward for GameOver Zeus Creator

    Malcolm James
    3 Mar 2015 | 6:00 am
    Looking to make a little quick cash? You could buy lottery tickets, but you have a better chance of being struck by lightning than winning the big one. Keep telling yourself that someone has to win. In modern society, the quick payout isn’t necessarily a real thing. Sure, it happens, but it usually requires a ton of luck or a willingness to do something illegal. No, in today’s society, knowledge is worth something, and it can be exchanged for money if you have the correct knowledge. Case in point: if you have some specific information, the Federal Bureau of Investigation is willing to pay…
  • February Spam Roundup

    Sue Walsh
    28 Feb 2015 | 5:30 am
    February may be a short month, but it was long enough for plenty of spam news. Here’s a look at the month’s top headlines: Spam Falls, Phishing Rises http://www.cbronline.com/news/security/spam-falls-phishing-rises-as-hackers-change-tack-4519077 New Email Service Fights Spam With Bitcoin http://www.coindesk.com/new-email-service-fights-spam-bitcoin-micropayments/ Healthcare Organizations and Banks Fail Miserably When It Comes to Phishing Protection http://www.cso.com.au/article/568844/healthcare-banks-fall-short-spam-phishing-protection/ Microsoft Shuts Down Another Botnet, With a…
  • Spam Campaigns Target Banks, $1 Billion Losses Projected

    Malcolm James
    25 Feb 2015 | 6:00 am
    There was a time when keeping your money in a bank was the safe thing to do. We learned it from childhood: get a check from grandma, deposit it directly in the bank. Even though no child in her right mind really wanted to put the money somewhere it couldn’t be used for anything tangibly wonderful, that’s how we were conditioned. It was safe in the bank, and that’s what we grew to believe. Unfortunately, the landscape has changed. Consumer confidence in banks has taken a beating around the world, due in part to global economic woes and the economic mismanagement that led to a worldwide…
  • Cutwail and Pushdo Botnets Are Back

    Sue Walsh
    23 Feb 2015 | 6:00 am
    Data breach investigation company Crowdstrike warns in a new report that infamous botnets Cutwail and Pushdo are roaring back to life this year along with several others, and IT departments had better be prepared. Cutwail and Pushdo have been repurposed and are now pumping out phishing attacks, and new botnets like Drydex and Dyreza are being used as replacements for the once dominant Zeus, stealing financial information and other sensitive data. The company says users should be on alert for attacks during big events like elections, global sporting events and natural disasters, and to watch…
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Malware Author Pleads Guilty

    Sue Walsh
    5 Mar 2015 | 5:30 am
    The admitted author of Blackshades, a RAT malware variant, plead guilty in a Manhattan court room yesterday. Alex Yucel of Sweden did not hesitate to enter his plea, admitting he knew the software was designed to cause damage. He sold his creation to other cybercriminals, racking up hundreds of thousands in sales while over 500,000 computers across the globe were infected with it. Spread via spam messages and drive by injections, Blackshades allowed hackers to talk over the infected PC, log keystrokes, activate the camera, steal passwords, and access files. It also acts as ransomware, sending…
  • FBI Teases $3 Million Reward for GameOver Zeus Creator

    Malcolm James
    3 Mar 2015 | 6:00 am
    Looking to make a little quick cash? You could buy lottery tickets, but you have a better chance of being struck by lightning than winning the big one. Keep telling yourself that someone has to win. In modern society, the quick payout isn’t necessarily a real thing. Sure, it happens, but it usually requires a ton of luck or a willingness to do something illegal. No, in today’s society, knowledge is worth something, and it can be exchanged for money if you have the correct knowledge. Case in point: if you have some specific information, the Federal Bureau of Investigation is willing to pay…
  • February Spam Roundup

    Sue Walsh
    28 Feb 2015 | 5:30 am
    February may be a short month, but it was long enough for plenty of spam news. Here’s a look at the month’s top headlines: Spam Falls, Phishing Rises http://www.cbronline.com/news/security/spam-falls-phishing-rises-as-hackers-change-tack-4519077 New Email Service Fights Spam With Bitcoin http://www.coindesk.com/new-email-service-fights-spam-bitcoin-micropayments/ Healthcare Organizations and Banks Fail Miserably When It Comes to Phishing Protection http://www.cso.com.au/article/568844/healthcare-banks-fall-short-spam-phishing-protection/ Microsoft Shuts Down Another Botnet, With a…
  • Spam Campaigns Target Banks, $1 Billion Losses Projected

    Malcolm James
    25 Feb 2015 | 6:00 am
    There was a time when keeping your money in a bank was the safe thing to do. We learned it from childhood: get a check from grandma, deposit it directly in the bank. Even though no child in her right mind really wanted to put the money somewhere it couldn’t be used for anything tangibly wonderful, that’s how we were conditioned. It was safe in the bank, and that’s what we grew to believe. Unfortunately, the landscape has changed. Consumer confidence in banks has taken a beating around the world, due in part to global economic woes and the economic mismanagement that led to a worldwide…
  • Cutwail and Pushdo Botnets Are Back

    Sue Walsh
    23 Feb 2015 | 6:00 am
    Data breach investigation company Crowdstrike warns in a new report that infamous botnets Cutwail and Pushdo are roaring back to life this year along with several others, and IT departments had better be prepared. Cutwail and Pushdo have been repurposed and are now pumping out phishing attacks, and new botnets like Drydex and Dyreza are being used as replacements for the once dominant Zeus, stealing financial information and other sensitive data. The company says users should be on alert for attacks during big events like elections, global sporting events and natural disasters, and to watch…
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Ransomware Report: The Rise of BandarChor

    6 Mar 2015 | 7:02 am
    This week, we have received a number of reports on yet another ransomware, BandarChor.This ransomware is not exactly fresh. The first infections that we've noticed related to this family came in already last November.We have had reports of BandarChor being spread via email and have seen indicators that it may have been distributed by exploit kits.Upon execution, the malware drops a copy of itself in Startup directory as well as the ransom notification image.Then it proceeds in its attempt to encrypt files with various file extensions such as: doc, xls, jpg and the like.After encryption, the…
  • Low Hanging Fruit: Flash Player

    6 Mar 2015 | 7:02 am
    Flash Player version 16.0.0.296 is now available.In Windows, you can check what version you have installed via Flash's Control Panel applet.According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.And not only that, but more. At this point, we recommend enabling "click-to-play" options. Here's an example from Firefox with the "Ask to Activate"…
  • Is Babar a Bunny?

    6 Mar 2015 | 7:02 am
    Lately there has been a lot of research and publicity around a strange case of Babar, a malware connected to suspected high-level espionage operation called SNOWGLOBE.SNOWGLOBE was first brought to media attention about a year ago by French newspaper Le Monde, when they wrote about top secret SCEC slides leaked by, who else than Edward Snowden himself. In the set of slides, there are numerous claims about French-originating malware which internally calls itself Babar. It didn't take a long time for the security community to dig out samples resembling Babar [1] [2] [3].What exactly can we say…
  • The Message: Consent Matters

    6 Mar 2015 | 7:02 am
    Go read this: Privacy is non-negotiable: We have the right to cover our arse — or expose itA post by Laura — whom I'm very proud to have as a colleague. On 02/02/15 At 05:15 PM
  • Malicious DNS Servers Deliver Fareit

    6 Mar 2015 | 7:02 am
    Last year we wrote about Fareit being massively spammed.A couple of months later, they added another means of infecting systems - via malicious DNS servers.When the DNS server settings has been changed to point to a malicious server used by Fareit, the unsuspecting user visiting common websites gets an alert saying "WARNING! Your Flash Player may be out of date. Please update to continue".A "Flash Player Pro" download page will be shown pretending to be served from the website that the user is trying to visit.Downloading the "setup.exe" file does not really pull any binary from Google.
 
  • add this feed to my.Alltop

    Pcthreat.com

  • luckysearches.com

    5 Mar 2015 | 5:29 pm
    Luckysearches.com is not a search engine many users are familiar with it. This is a good thing, because this is not a trustworthy or beneficial search tool. On the contrary, many believe that it works as a...
  • PC Optimizer Pro

    5 Mar 2015 | 5:29 pm
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    5 Mar 2015 | 5:29 pm
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Luckey Coupon

    5 Mar 2015 | 5:29 pm
    Luckey Coupon is one of the names of LuckyCoupon. As you probably know, the program can randomize its name; however, the presence of Luckey Coupon simply means that you have encountered LuckyCoupon adware. You...
  • V9 Redirect Virus

    5 Mar 2015 | 5:29 pm
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    PC1News.com

  • Rvfrm2008.com Removal Guide

    admin
    6 Mar 2015 | 7:31 am
    Rvfrm2008.com is a page which assists adware. It is known as a scam website which helps distribute unwanted programs. The main activity of this page is to display ads. It will flood you with many intrusive messages which will appear every time you launch your browser. These pop-ups contain potentially harmful links which carry adware applications. To avoid getting your system compromised, you must never follow any of the advertisements displayed by Rvfrm2008.com. It is essential to remove this scam website from your system to block its activity and eliminate the possibility of having…
  • Output.systems Removal Guide

    admin
    6 Mar 2015 | 7:27 am
    In case that you are taken to the Output.systems website, you will see a scary message telling you your computer may not be protected. You may not know what was the reason for you to be taken to this page and this is why security specialists believe they need to warn you that this may not be just an accident. Usually, redirects to such suspicious sites are caused by the work of potentially unwanted programs and browser hijackers. This is why, in case that you see the Output.systems page, you have to take immediate measures to clean your system from any intruders or threats. Eliminate…
  • Coupon Signal Removal Guide

    admin
    6 Mar 2015 | 6:57 am
    Is your browser flooded with ads and banners you do not remember having asked to see? This may be a result of the work of the adware tool Coupon Signal. Even if you have no idea how it has made its way to your browser, the tool may be already running on your computer. Although this program is not a computer virus, the services it provides may lead to serious security problems and may make your PC vulnerable to hackers' attacks. Of course, this would pose a serious threat to the security of your personal and financial details, too. This is why it is recommended that, instead of trying to stop…
  • Red Ball Аds Removal Guide

    admin
    6 Mar 2015 | 6:48 am
    Red Ball ads is an intrusive program which bombards you with many advertisements each time you launch your browser. The incessant flow of ads will likely slow down your machine's performance and cause you great inconvenience. This is by far not the biggest problem with Red Ball ads, though, as the ads the program displays are not confirmed to be safe. They may lead to malware infections or other unnecessary programs entering your computer. For this reason, Red Ball ads has been labeled as a potentially unwanted program (PUP). This tool does not provide the useful service it claims to, but…
  • Perfect Navigator Removal Guide

    admin
    6 Mar 2015 | 6:41 am
    Perfect Navigator is a program, developed by Moniker Online Service LLC. It is one of the many adware applications which present themselves as helpful tools that assist in finding products at discount prices. Upon being installed to your system, the program will flood you with many offers to attract your attention. Perfect Navigator is ad-supported which explains why it tries to trick you into opening as many pop-up windows as possible. Following any links provided by this software is up to your own risk, as their legitimacy is not guaranteed. It is likely for them to contain malware and…
 
  • add this feed to my.Alltop

    NSS Labs

  • Detecting the Invisible Part 3: "Retreat from the Breach"

    5 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the final in a three-part series on the impact of the breach detection system (BDS). As the breach detection market continues to mature, several points are worth noting:
  • The Best Place for Yesware is Nowhere

    5 Mar 2015 | 12:00 am
    A talented security colleague came across a tweet from a company called Yesware and remarked to me that it could be construed as spear phishing with specific language for legal protection. I can see his point, but in pedantically technical language, no, this is not spear phishing. Yesware certainly could be a tool in a spear phisher’s toolbox, but that is not what it is designed for. Is Yesware Spyware?
  • Detecting the Invisible Part 2: "Once More Unto the Breach, Dear Friends"

    4 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the second in a three-part series on the impact of the breach detection system (BDS).
  • Breached? Continuous Forensic Analytics Speeds Incident Response

    3 Mar 2015 | 12:00 am
    Over the course of the last few years, the number of publicized breaches has risen dramatically, ultimately costing some CXOs their jobs. The irony is that in many cases, the breach itself is not the cause of their dismissal, but rather it is the handling of the situation after the breach is discovered and how quickly the executives can assemble the answers. It takes considerable talent and time (often weeks or months) to work through the incident response (IR) process within most organizations.
  • Detecting the Invisible

    2 Mar 2015 | 12:00 am
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the first in a three-part series on the impact of the breach detection system (BDS).
  • add this feed to my.Alltop

    Private WiFi

  • FTC Says Hotel WiFi is Dangerous

    Kent Lawson
    23 Feb 2015 | 8:15 am
    Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure. We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago.  This is an important topic because hotel travelers rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms. Why Hotel WiFi is Dangerous The FTC’s announcement is important because many travelers assume that using a WiFi network at a…
  • How Are You Celebrating Safer Internet Day 2015?

    Jared Howe
    9 Feb 2015 | 2:18 pm
    Safer Internet Day (SID), which falls on February 10th this year, helps promote safe and more responsible use of technology and mobile phones, especially for young children and teenagers.   This day of awareness and education gets more important every year because, for better or worse, the Internet is a part of our everyday lives; it’s become commonplace to upload selfies to Instagram, tweet our every thought, and check-in at our local coffee shop everyday. But what exactly can be done to really ensure our online privacy and security? That is where Safer Internet Day comes in. Created in…
  • Managing BYOD Security Threats: VPNs Mitigate The Risks

    Kent Lawson
    28 Jan 2015 | 7:35 am
    Small- and medium-sized businesses are facing the struggles of a  constantly changing technical landscape: they must provide the latest and greatest devices to their employees in order to stay competitive, and at the same time figure out how to do this with smaller budgets. One solution to this dilemma has been for companies to establish a BYOD (bring your own device) policy that allows employees to use their own mobile phones and tablets while doing work remotely. But while BYOD has allowed more employee freedom in terms of how and where they get work done, it’s also created huge security…
  • Identity Protection: 5 Tips to Stay Mobile Secure in 2015

    Eva Velasquez
    8 Jan 2015 | 9:10 am
    We do love our mobile devices, don’t we? We love them so much, in fact, that last year some industry estimates predicted there would be more smartphones than humans on the planet. At just over 7.3 billion anticipated devices, that’s a lot of connectivity happening. Living a mobile lifestyle does not come without risk, especially where our identities are concerned. But staying mobile secure doesn’t have to be complicated. Consider this: 94.2% of identity victims say they are still highly engaged online and via their mobile devices despite having had their personally identifiable…
  • Don’t Get Hacked At CES

    Jan Legnitto
    2 Jan 2015 | 2:58 am
    It’s that time of year again – when more than 150,000 gadget geeks, techies, businesses and journalists from around the world descend on Las Vegas for the mother of all trade shows – the International Consumer Electronics Show. With over 3,200 exhibitors previewing and showcasing their high tech products, CES is the perfect place for tech enthusiasts to network. So you’d think it would be safe for attendees to connect their laptops and mobile devices to the event’s public WiFi hotspot. But you would be wrong. Do You Know What You’re Connecting To At CES? The fact is, events like…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • Are you a Target for Cyber Attack? (Hint: Check Your Client List)

    Andrew Shumate
    5 Mar 2015 | 7:30 am
    The recent hack on Sony Pictures is being called the most destructive cyber attack reported to date against a company on US soil. The scope of the attack is unique, in that it was designed to (at a minimum) destroy property, curtail business activities, harass employees and others, and make confidential information public to inflict both reputational and financial damage. While the extent of the damage to the studio’s network, reputation and bottom line remain unknown—as does the identity and motivation of the perpetrators—two things are clear. First, the attackers were a highly…
  • The Cybersecurity Canon: Books Every Cybersecurity Professional Should Read

    Kelly Player
    3 Mar 2015 | 8:01 am
    Rick Howard, the Chief Security Officer at Palo Alto Networks, has a project going called The Cybersecurity Canon. It’s a list of “must-read” books that “…if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete.” Provocative words! Who is Rick Howard to say that you or I am incomplete as a practitioner just because we haven’t read the books he recommends? These must be some pretty darn good books… And, indeed, they are good books. Maybe even great books. To make it into Rick’s canon, a book “must accurately depict…
  • How to Store Usernames and Passwords for Web Applications

    Bhaumik Shah
    6 Jan 2015 | 4:00 am
    A few days ago I tried to login to a website that I hadn’t visited for quite some time. I didn’t recall the password I’d originally created, and none of the guesses I tried worked. So I clicked the “Forgot your password?” link and quickly received a reply to the email address I’d registered earlier. In the reply email, my original password was included in cleartext. This almost certainly means that the application owner is storing all the passwords associated with that application in a database in cleartext—not even encrypted. Never mind what an embarrassment this is for the web…
  • Physical Penetration Testing in a Retail Environment

    John
    30 Dec 2014 | 4:00 am
    It’s interesting to me that we can start to pick up shifts in our industry through the “Contact Us” form on our website. One unexpected (and at this point still unexplained) recent trend is an emphasis on physical penetration testing. Part of why it’s unexplained is that it has been “hot” across diverse verticals including retail, manufacturing, banking, healthcare and critical infrastructure. The surge in retail makes a lot of sense to me, however. The evolution from standalone cash registers to increasingly connected and sophisticated point-of-sale (POS) systems has increased…
  • Physical Penetration Testing as Security Concerns are on the Rise

    David Newman
    23 Dec 2014 | 4:00 am
    In our practice at Pivot Point Security we’re seeing a distinct increase in the demand for physical penetration testing and a heightened interest in physical security controls. I asked a former coworker about this, and he said his firm is experiencing the same thing. The only explanation we could come up with was that there has been an increase in attention in the news about physical security. The recent “fence jumper” physical security breach at the White House is a well-publicized case in point. The fact that even one of the world’s most highly secured and guarded buildings can be…
  • add this feed to my.Alltop

    HOTforSecurity

  • A bad week for UK cybercriminals

    Graham Cluley
    6 Mar 2015 | 7:56 am
    56 suspected hackers have been arrested by the UK’s National Crime Agency (NCA) as part of what British police are calling “strike week” against cybercriminals. In 26 separate operations across the country, people were arrested in connection with a variety of offences related to distributed denial-of-service (DDoS) attacks, internet fraud, phishing attacks, the theft of intellectual property, and malware. Those arrested include a 22-year-old man, suspected of involvement in a hack by “D3DDs Company” that saw over 400,000 email addresses and passwords stolen from…
  • Google does a U-turn over Android Lollipop full disk encryption

    Graham Cluley
    3 Mar 2015 | 9:07 am
    Ever felt let down by someone who you made a promise, and then broke it? That’s what millions of Android users must be feeling right now when it comes to Google and Android. Last September, Google announced that mobile devices running the new version of Android (5.0, also known as Lollipop) would have full-disk encryption enabled by default. Here is how Google announced the news to the media in a statement: “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement. As part of our next Android…
  • Net Neutrality Voted To Keep Internet Fair, Fast and Open

    Alexandra Gheorghe
    27 Feb 2015 | 12:38 pm
    After a decade-long battle, the Federal Communications Commission (FCC) approved new rules to keep broadband Internet in the United States “Fair, Fast and Open.” The Internet will be reclassified as a public utility under Title II of the Communications Act, which means broadband providers will be banned from creating so-called “fast lanes” to block or slow down traffic online. Net neutrality principles state that Internet service providers (ISPs) should give consumers access to all contents and applications evenly, treating all Internet traffic equally. It’s a red letter…
  • A Taste of Its Own Medicine? Lizard Squad Claims Hack on Lenovo after Adware Scandal

    Alexandra Gheorghe
    26 Feb 2015 | 8:30 am
    Lenovo.com was hijacked and email communications were intercepted by hackers just days after the company admitted to installing dangerous adware on many of its computers before shipping them to unsuspecting customers. “Unfortunately, Lenovo has been the victim of a cyber-attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects,” the company said in a statement to Ars Technica. The site displayed a blank page and the message “unavailable due to system maintenance,” but some users were redirected to a slideshow…
  • New Android Adware on Google Play More Aggressive than Ever

    Liviu Arsene
    25 Feb 2015 | 11:54 pm
    Bitdefender has found 10 Google Play apps that have been packed full of aggressive adware  to either subscribe users to premium-rated numbers using scareware messages or install additional apps that pack in even more ads. The apps (including the “What is my ip?” app still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them. Once installed, they create a desktop shortcut named “System Manager.” If someone figures out that one of these apps is responsible for all the browser redirects and scareware…
  • add this feed to my.Alltop

    Data In Motion

  • What It Feels Like to Take Control of Your Files

    Tom Scearce
    3 Mar 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this Over the last several weeks, we’ve examined the risks of using the public cloud in the enterprise workplace. From unauthorized file access to regulatory noncompliance, the potential scenarios vary from dire to more dire – and it’s up to decision makers to take control of their organization’s enterprise file sync-and-share (EFSS) procedures. But what does it feel like to have that control? If you’re currently trying to figure out how and where users are keeping their files, regaining control may…
  • 4 Benefits of Automating File Management Tasks

    Tom Scearce
    17 Feb 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this In an effort to address an array of file-related challenges, many organizations automate file management tasks. Automation can enhance security, free up IT resources, and help you achieve order and control in an otherwise inadequately regulated file transfer environment. Let’s take a closer look at how automating file management can improve IT processes. Here are four fundamental benefits of ditching manual file maintenance in favor of automation. 1.   Save administration hours Your IT staff is busy.
  • Passing the Audit: Which Reports Demonstrate Compliance?

    Tom Scearce
    3 Feb 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this Come audit time, many organizations must demonstrate that data security protocols align with regulatory standards. In an era when consumer applications in the public cloud are hijacking enterprise file sync-and-share (EFSS) processes, how can you ensure your organization will pass a compliance audit? While requirements vary by industry, there are a few data-related standards that nearly every compliance-burdened organization should be able to demonstrate. Here, we’ll examine all of those, paying…
  • How to Make a Business Case for Secure EFSS

    Tom Scearce
    20 Jan 2015 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this When properly implemented and managed, secure enterprise file sync-and-share (EFSS) applications can improve project management and empower your workforce. Unfortunately, making the business case for secure EFSS isn’t always easy – especially when users and management aren’t aware of the risks existing applications pose. Don’t get discouraged, though! The arguments in favor of change are strong. If you’re pushing your organization to eliminate public cloud use from the workplace, the following…
  • 3 Ways to Crank More Value Out of Existing IT Infrastructure

    Tom Scearce
    9 Dec 2014 | 9:16 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this From an IT manager’s perspective, there’s only one thing better than investments in valuable new infrastructure: getting more value from the IT assets you already have. Unfortunately, finding ways to harness that value isn’t always obvious. If you’re like most organizations we work with, you’re probably not sure how much of your utilized server capacity consists of files nobody needs or uses. What’s more, you may not be aware of how available server space can be utilized to increase security and…
 
  • add this feed to my.Alltop

    Video Surveillance

  • How Effective Are IR Illuminators?

    27 Feb 2015 | 3:23 pm
    Cameras need light to record video, so how can your record at night? IR illuminators, either built-in like with the Axis M1144-L camera or as addition equipment you can mount near the cameras, provide infrared light that is invisible to the human eye but bright enough for a camera to see. At night your camera records in black and white because it does not have enough light to record clear colors, but that doesn't mean you need to sacrifice clear video. In the sample video below, recorded with the Axis M1144-L, IR illuminators allow you to clearly see the man as he moves around the store…
  • Do You Need a Vandal-Proof Camera?

    26 Feb 2015 | 4:25 pm
    When shopping for a new or updated video surveillance system, it's important to consider whether or not vandal-proof (also referred to as a "vandal resistant") security cameras will benefit your installation. VideoSurveillance.com features a broad range of vandal-proof surveillance cameras outfitted with exceptionally heavy-duty enclosures to withstand physical mistreatment such as blows from objects. If your surveillance application is susceptible to vandalism or other damage, then we recommend investing in a vandal-proof system. Here are three preemptive measures you can take if you haven't…
  • What's Unique About Industry-Leading Milestone Software?

    26 Feb 2015 | 10:17 am
    Milestone has garnered a reputation as a game-changer in video management software for delivering modern features for IP and hybrid IP-CCTV video surveillance systems. At VideoSurveillance.com you can find a wide selection of Milestone XProtect software and servers to meet your security needs. What makes Milestone XProtect video management software so unique? Let's take a look at some of the software's key features: Three Viewing Clients: Milestone offers three viewing clients to allow users to access their video surveillance systems from virtually any location on a mobile device, laptop or…
  • New 4/8 Camera Systems Featuring Milestone Husky NVR

    23 Feb 2015 | 3:49 pm
    A complete video surveillance system comes with everything you need in one package, ensuring that all the equipment will work together right out of the box. We've added two new systems to the VideoSurveillance.com featuring professional Optica cameras and the Milestone Husky NVR with Milestone XProtect software. The Milestone Husky M10 4 Camera System includes both indoor and outdoor Optica cameras, ideal for securing the entrances and exits of a small business or office. The Outdoor B122 mini bullet camera and D122 dome camera both come standard with 720p HD resolution and day/night…
  • New Axis Cameras with User-Friendly Installation Tools

    19 Feb 2015 | 2:50 pm
    Installing an IP camera may sound daunting, but two Axis cameras recently added to the VideoSurveillance.com store come with user-friendly installation tools to make the process easy. The Axis Q1653 fixed network camera features 1080p HD resolution, and can record at up to 60 fps for clear video even with fast moving traffic or objects. With WDR and an IR-cut filter, you can confidently record video any time of the day. To make installation easy, this camera has five important features. Power over Ethernet uses a single cord to supply power and network connectivity. Leveling assistant guides…
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • US Data Breaches Reach Record High in 2014

    Liora R. Herman
    24 Feb 2015 | 5:38 am
    According to a new report from the Identity Theft Resource Center (ITRC), the number of US data breaches reached a record high of 783 in 2014 — a 28% jump over 2013, and 18% higher than the previous record of 662 data breaches tracked in 2010. Other key findings from the ITRC report include: For […] The post US Data Breaches Reach Record High in 2014 appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Spamhaus Botnet: No Signs of a Slowdown Ahead

    Liora R. Herman
    18 Feb 2015 | 6:13 am
    The Spamhaus Project, an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, has published its “Spamhaus Botnet Summary 2014” — and the synopsis isn’t inspiring, to say the least. According to the report, Spamhaus researchers found: 7,182 distinct IP addresses that hosted a botnet controller (C&C server) — a […] The post Spamhaus Botnet: No Signs of a Slowdown Ahead appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity Tips for Financial Advisory Firms

    Liora R. Herman
    17 Feb 2015 | 5:48 am
    While safeguarding assets has always been core priority for financial advisory firms, in today’s world the list of threats isn’t comprised of just brazen thieves and rogue employees: it must also include hackers who want nothing more than to slip past their cybersecurity defenses, breach their network, and steal their private data for financial gain. […] The post Cybersecurity Tips for Financial Advisory Firms appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Seculert Named to CRN’s “100 Coolest Cloud Security Vendors” List

    Dudi Matot
    9 Feb 2015 | 5:40 am
    On behalf of my colleagues worldwide, I am thrilled to share that Seculert has been named as one of the “100 Coolest Cloud Security Vendors” by The Channel Company’s CRN, which is the global online and print media leader in the IT channel. This award recognizes the innovation behind the Seculert Platform, which is powered […] The post Seculert Named to CRN’s “100 Coolest Cloud Security Vendors” List appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • “Wiper” Malware Use Means Breach Detection Even More Important

    Liora R. Herman
    5 Feb 2015 | 2:00 am
    In recent months, most headline-grabbing advanced malware attacks — such as those at Target and Staples — involved multi-stage infections designed to quietly steal data for as long as possible. But in a recent article for ComputerWeekly.com, Mike Gillespie, the director of cyber research and security at The Security Institute, is warning enterprises to be […] The post “Wiper” Malware Use Means Breach Detection Even More Important appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • How To Delete Old Files From Your Server

    John Carl Villanueva
    3 Mar 2015 | 5:47 pm
    Overview Here's another task many customers want to automate on their SFTP, FTPS, or FTP server. They want their server to monitor certain directories and delete old files found there as soon as the files have reached a certain age. In this tutorial, we're going to show you how to automatically delete old files from JSCAPE MFT Server using triggers. These instructions apply irrespective of the file transfer protocol you activate on the server, so if you think this is something you can use, feel free to read along.
  • What Is TFTP?

    John Carl Villanueva
    1 Mar 2015 | 6:12 pm
    Overview Like its more popular and more versatile cousin, FTP, TFTP or Trivial File Transfer Protocol is also a protocol for transferring files. However, it's targeted at certain tasks. In this post, you'll learn about the basic properties of TFTP, where it's commonly used, its vulnerabilities, how it differs from FTP, and other essential information about it.
  • How To Get An Email Each Time An Admin Account Logs In To Your Server

    John Carl Villanueva
    24 Feb 2015 | 12:42 am
    Overview A compromised file transfer server admin user account is always a huge problem. In the hands of a person with malicious intentions, a user account with administrative privileges can turn into a massive data breach. Thus, there may be cases when you'll want to be notified whenever an admin gains access to your system. If the login looks suspicious, you'll still have time to take appropriate action. In this post, I'll show you how to configure JSCAPE MFT Server so that it can automatically send an email to anyone who needs to know each time an admin logs in. 
  • It's Time To Disable All SSL

    John Carl Villanueva
    22 Feb 2015 | 1:27 am
    Earlier this month, the PCI SSC (Payment Card Industry Security Standards Council) published a bulletin on impending revisions to PCI DSS (Payment Card Industry Data Security Standard) and PA DSS (Payment Application Data Security Standard). The bulletin focused on SSL's failure to meet PCI SSC's definition of "strong cryptography" and the move to revise the two standards in light of this development.
  • Using Regular Expressions To Download Files With Date Formats In Their Filenames

    John Carl Villanueva
    18 Feb 2015 | 12:28 am
    Overview Some of the most common download-related questions people ask at our help desk are probably those that have to do with filenames that have dates on them. I encountered another one yesterday, so I thought it would be a good idea to write a blog post about the subject and build on it as I encounter different solutions along the way. Who knows? Some of you folks out there might find it useful. Better yet, you might be able to contribute your own expressions so that we can all benefit from them. Sounds like a plan? Let's get this ball rolling. Still new to regular expressions? Check out…
 
  • add this feed to my.Alltop

    Radware Blog

  • Meet Radware’s New Commercial-Grade Attack Mitigation Platform – Built to Defeat the Largest Cyberattacks

    Yotam Ben-Ezra
    3 Mar 2015 | 2:45 am
    Modern cyberattacks are sophisticated and are often launched over long periods of time.  The complexity of these attack campaigns can result in attack detection and mitigation algorithms becoming less effective.  This in turn, can create an increased need for talent and staffing as well as drive large processing needs for service providers and large enterprises. Organizations that used to rely on their service provider’s in-the-cloud protection service to stop DDoS found that the attacks that hit their business were bypassing the provider’s protection layer.  Why?  Because…
  • Can a CDN Stop Cyber-Attacks?

    David Hobbs
    26 Feb 2015 | 10:25 am
    In previous articles, we’ve reviewed content delivery networks (CDNs) from a variety of security perspectives – from how hackers have used them as weapons of DDoS to how bad actors can use free services to create astronomical billing issues.  CDNs are often used as a mask, to levy API abuse and web reflector attacks that plague the Internet via bots and scrapers.  Today, it is estimated that 65% of the traffic on the Internet is from such abuse.  If you were to reflect on that idea, would you think that a CDN can protect you?  That is the falsehood that is often believed. At a…
  • SDN Use Cases: Myths and Realities

    Jim Frey
    25 Feb 2015 | 7:21 am
    Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger. There were a lot of promises made when software-defined networking (SDN) first came onto the scene, and while some real benefits have been experienced, not all promises have been realized, or were even realistic. Such is commonly the case with new technologies: the initial hype exceeds the reality of the situation, but usually there are reasons to hold firm to the trend and take advantage of what the technology does deliver successfully.   While SDN concepts…
  • Welcome To the Age of the Constant Attack

    Ben Desjardins
    24 Feb 2015 | 7:25 am
    Time has a way of changing our perspective on things. New experiences and the evolution of everything around us can’t help but cause us to reconsider past ideas and outlooks. It is a truism of life that extends into many areas, including the way we look at IT. The perspectives on how best to address cyber security threats have gone through their own evolution. Headlines suggest that in the case of a threat like DDoS the challenge is simply having enough capacity to handle volumetric attacks. We know from experience that it just isn’t that simple. What’s needed to solve the…
  • Vote by February 23rd for Radware’s OpenStack Vancouver Session Submissions

    radware
    20 Feb 2015 | 10:50 am
    Voting is open and Radware session submissions for the OpenStack Summit Vancouver are in! If you’re registered on https://www.openstack.org you can vote until Monday February 23rd. Here are the session candidates: Leveraging the power of OpenDaylight and OpenStack for comprehensive and cost-effective Cyber-Defense Networks Mike O’Malley (Radware Vice President of Strategy) Powerful open source platforms like OpenDaylight and OpenStack are creating opportunities for Carriers to drastically redefine network level intelligence and agility. This presentation will discuss how Carriers can…
  • add this feed to my.Alltop

    blackstratus.com

  • Security Investment Trends: What’s New for 2015

    Rich Murphy
    9 Feb 2015 | 1:00 am
    There’s no question that cyber security was a hot topic in 2014. As we begin a new year, the economic impacts will be felt even more strongly, with ambitious startups and investors working together to find new solutions to a problem that has reached its cultural tipping point. In 2015, you can expect to see cyber security investment trends such as: Increased security spending — Security spending has risen steadily through 2014, a trend that is expected to continue throughout the next year and beyond. As high-profile attacks continue to draw scrutiny on the security postures of some of…
  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • add this feed to my.Alltop

    Milton Security

  • Mandarin Oriental Hotels Breached

    Milton Security Group
    5 Mar 2015 | 10:54 am
    Popular hotel group, Mandarin Oriental, has confirmed that some of their credit card systems have been accessed without authorization. Mandarin Oriental, which originally began as a prominent hotel group in Asia, has since spread across the world with with 20 hotels in Asia, ten in The Americas and 15 in Europe, Middle East and North Africa.  The group discovered that there was malware on credit card systems in the US and in Europe only, though they have yet to determine the exact numbers and therefore do not want to release any specifics. Mandarin Oriental immediately contacted the…
  • Freak: A Crack in the Pillar

    Milton Security Group
    4 Mar 2015 | 1:45 pm
    One of, if not simply the most, important layers of security is the encryption around the traffic that we send.  Currently, the TLS/SSL servers and clients that work to secure our traffic while it’s on the wire are nearly everywhere we go.  However, while the encryption is still strong, there have been some cracks in this pillar of security as of late and it has caused quite a storm. Before we can understand why this is such a big deal we have to understand what TLS/SSL are trying to do.  When we send data from one location to another we do so by sending packets.  These packets hold…
  • Vulnerability Discovered in GoPro

    Milton Security Group
    3 Mar 2015 | 9:10 am
    A vulnerability has been discovered in the website of GoPro, a popular wearable high definition camera manufacturer, that could potentially expose thousands of customer usernames and passwords. GoPro’s claim to fame is their lightweight cameras that are meant to be highly durable.  People use them for mountain biking, motorcycling, and even water sports.  There’s even a mobile app that gives you remote control over your GoPro so that you can set it anywhere, and even automatically upload your photos to social media. Ilya Chernyakov, a security researcher in Israel, discovered the flaw…
  • Rogers Hacked, Large Number of Corporate Docs Dumped

    Milton Security Group
    3 Mar 2015 | 8:37 am
    Rogers, a giant communications and media firm in Canada, has been breached by three hackers referring to themselves as TeamHans. TeamHans announced on Twitter(@TeamHans_) that they had hacked the giant, and had dumped corporate contracts, sensitive emails, employee ID’s and documents, Rogers’ VPN, and an employee profile which would allow access to the company’s intranet. TeamHans members told Databreaches.net that they had originally gained access to the information on February 20th via social engineering. “We went searching for a medium- level Rogers employee, and we ended up with…
  • Password Security Requirements

    Milton Security Group
    2 Mar 2015 | 3:51 pm
    What do you think of when you hear password security? You think of complex strings of random characters that are meant to be memorable to the person and not to anyone else, right? You will hear most security experts tell you that a good password is at least 16 characters long mixed with capital, lowercase letters as well as numbers and some special characters. Most of us will agree that that will make a good strong password. But why at least 16 characters long? Today’s everyday computer can crack a 10-12 character password in about 24 hours. Each character after that slows the cracking down…
 
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • $1 Billion stolen…and yes, it’s the hackers!

    Kalpesh Devmurari
    25 Feb 2015 | 4:38 am
    George Clooney…Brad Pitt…Matt Damon……what am I referring to? You got it right. I am talking about the great comedy heist movie Ocean’s 11. I am sure most of you have seen that movie in which, Danny Ocean wants to score the biggest heist in history by robbing three big casinos at the same time. It sounds unreal and most of us think that this can only happen in movies and not in real life. But something similar happened in past few days when a hackers ring stole $1 Billion!! Yes, hundreds of millions of dollars were stolen from 100 banks in 30 countries. Would you believe it? There…
  • Memory Corruption Vulnerability found in Samba smbd daemon

    Cyberoam Threat Research Labs
    25 Feb 2015 | 3:54 am
    A memory corruption vulnerability (CVE-2015-0240) has been detected in Samba smbd daemon, which provides SMB (Server Message Block) services. SMB is a network protocol native to Windows systems which allows sharing of files and printers across a network. Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious NetLogon packets to the target server. Successful exploitation could lead to arbitrary code execution with the root…
  • Big Opportunities for Cyber Security in Big Data

    Cyberoam
    24 Feb 2015 | 2:44 am
    The US Department of Homeland Security (DHS) is working on an ambitious project which a DHS official reportedly claims is about creating “Weather Maps” for cyber threats. The agency hopes to develop threat prediction capabilities with the use of Big Data Analytics. Understandably, the finer details of this program are not yet public, as it is still in its very early stages. It is safe to say that one may have to wait for a while before the “Weather Map” comes into existence. However, the scope of Big Data Analytics in cyber security has become a talking point in recent years. A study…
  • Emotet spam campaign targeting banking credentials of Europeans

    Anurag Singh
    12 Feb 2015 | 1:48 am
    Malware Emotet first found in June last year by Trend Micro has resurfaced, according to security researchers of Microsoft. Spammers are sending the malware with spam emails, to steal financial and banking credentials of users. The spam primarily seems to be designed to target the Germans, as the spammers have used German language. But they also seem to be interested in other European countries as they have also used different local European languages to lure users to the trap. Reports state that users in Austria, Switzerland, Hungary, Poland, the Netherlands, Slovenia, Czech Republic,…
  • Spooky ‘Ghost Vulnerability’ (CVE-2015-0235) keeps Linux users on guard

    Cyberoam
    31 Jan 2015 | 12:44 am
    A buffer overflow vulnerability has been discovered that can allow an attacker to remotely execute code on a Linux computer. It was found in the GNU C Library (glibc)__nss_hostname_digits_dots() function, which is accessible from gethostbyname*() functions. The function can overflow sizeof(*char) bytes 4 or 8 for 32-bit or 64-bit architectures, respectively. A remote attacker can exploit this vulnerability by providing crafted input to an application that uses a gethostbyname function with user controlled input; the exact mechanism will depend on the application using the vulnerable function.
  • add this feed to my.Alltop

    blackstratus.com

  • Security Investment Trends: What’s New for 2015

    Rich Murphy
    9 Feb 2015 | 1:00 am
    There’s no question that cyber security was a hot topic in 2014. As we begin a new year, the economic impacts will be felt even more strongly, with ambitious startups and investors working together to find new solutions to a problem that has reached its cultural tipping point. In 2015, you can expect to see cyber security investment trends such as: Increased security spending — Security spending has risen steadily through 2014, a trend that is expected to continue throughout the next year and beyond. As high-profile attacks continue to draw scrutiny on the security postures of some of…
  • Cloud Security Trends for 2015

    Rich Murphy
    26 Jan 2015 | 9:40 am
    A new year is upon us once again. If 2014 was any indication, cloud security will continue to be something on almost everyone’s mind. Last year saw several high profile hacks that brought concepts like social engineering and two-factor authentication out of the tech sphere and into the public discussion. So where do we go from here? Here’s a look at what some experts are saying will be the most important trends in cloud security and compliance for 2015: The rise of SaaS — By far the biggest trend in cloud computing in the coming year will continue to be the rise of security-as-a-service…
  • Regulatory Compliance Management by Industry

    Rich Murphy
    22 Dec 2014 | 1:00 am
    SIEM monitoring can and should be a part of the network security posture of any organization. But what are your legal requirements? The answer varies by industry, with state and federal regulations mandating different levels of compliance for different types of organizations. Legal requirements change often and can vary from one region to the other. While it’s always best to confirm before making any major decisions, there are some broad industry-specific considerations that should go into regulatory compliance management and planning: Energy — Legal compliance requirements for businesses…
  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • add this feed to my.Alltop

    Cognoscape, LLC

  • 5 Critical Technologies To Keep Your Business Running During the Zombie Apocalypse

    Cognoscape
    4 Mar 2015 | 7:03 am
    It’s no secret that zombies have taken over the entertainment world in the past few years, thanks to The Walking Dead. You don’t have to be a fan of the show to appreciate zombies, since they have been a fascination of humans since the B.C. era. The question is: when the apocalypse happens, will you be ready? Everyone will be running for food and water, but how will you protect your business from the invasion of these flesh-eating monsters? Here are 5 critical technologies your business needs to stay afloat during the zombie apocalypse.   Cloud Storage Storing your…
  • Welcome To Our New Website

    Cognoscape
    19 Feb 2015 | 10:09 am
    We’re pleased to announce our new and improved website! We’ve been working hard to make sure that we’ve made the necessary adjustments to make this a more aesthetically pleasing and user-friendly version of our website. Since the announcement of our original site, several things have changed, and we’ve learned that our presentation and documentation needed a little updating, so we’ve spent significant time improving our site with more modern tools and principles in mind. Aside from the beautiful, new layout, we’ve also implemented a more modern and user-friendly design that’s…
  • 3 Tips To Help You Prevent Data Loss

    Cognoscape
    22 Jan 2015 | 1:00 am
    Data loss has been a hot issue lately, especially after the hacking of iCloud and the resulting leak of celebrity photos, as well as the attack on Sony Pictures, releasing massive amounts of confidential and personal employee data. Whether you’re a large multinational corporation or an independent technology company, your information is important and should be kept as safe as possible. Here are a few basic tips on how to make sure your data is secure and remains that way.   Backup Your Data By now, backing up your data should be common sense. Too many things can go wrong not to have…
  • 3 Leadership Lessons Learned From NBA Basketball

    Cognoscape
    8 Jan 2015 | 1:00 am
    It is undeniable that sports offer invaluable lessons and offer essential leadership roles for people of all ages. The NBA provides many essential examples for success. Ifyou consider yourself a leader, or you are in the beginning stages of becoming one, at work, home, in the community, or in an educational setting, the NBA offers more than entertainment; it is a critical leadership model for every stage of life for high-end results. 1. Adopt the three Cs: charisma, challenge, and control To be an effective leader, you need to know how to inspire and challenge others to do their very best.
  • How Our Technology Roadmap Leads You to Business Success

    Cognoscape
    18 Dec 2014 | 1:00 am
    How do you get to your destination without a roadmap to guide you? When you travel alone, you can run into unexpected roadblocks and turbulence, but an effective roadmap is like a sophisticated GPS that leads you down the right path so you can feel safe, secure and supported as you navigate through the business world. You envision the success, and we will guide you toward it with our trusty technology roadmap. Discover how the Cognoscape technology roadmap leads you to business success.   No more downtime and roadblocks When companies switch to new programs, face an IT crisis, or…
 
  • add this feed to my.Alltop

    TutorialsLodge

  • Styling Your Links With CSS

    Chimezie Michael
    27 Feb 2015 | 9:03 am
    Welcome guys, today we will be looking at styling your links with CSS. In my last post, I showed you all you need to know about HTML links. Missed theRead More → The post Styling Your Links With CSS appeared first on TutorialsLodge.
  • Split PST Software To Split Large Outlook PST File Into Small Parts

    Chimezie Michael
    25 Feb 2015 | 2:18 am
    How often have you come across the issues of PST file corruption in Outlook? Practically speaking, well it could be every other day. Reason being the large-sized PST files whichRead More → The post Split PST Software To Split Large Outlook PST File Into Small Parts appeared first on TutorialsLodge.
  • All You Need To Know About HTML Links

    Chimezie Michael
    18 Feb 2015 | 10:56 am
    In this tutorial, I will try as much as possible to discuss all you need to know about HTML links. I will be covering various types of links and howRead More → The post All You Need To Know About HTML Links appeared first on TutorialsLodge.
  • WHY WRITE YOUR OWN SCRIPTS

    Uche Gozie
    12 Feb 2015 | 1:30 pm
    A lot of us who work with computers at home or in offices develop a distinct order of use. One peculiar to the kind of work we do everyday orRead More → The post WHY WRITE YOUR OWN SCRIPTS appeared first on TutorialsLodge.
  • Working with Databases-Creating Connection

    temmydahyour
    9 Feb 2015 | 3:27 am
    Creating Connection to a Database using ADO.NET In Visual Basic 2013, we need to create connection to a database before we can access its data. Before we begin, let’s createRead More → The post Working with Databases-Creating Connection appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • Important Specs to Look for in Antivirus Programs for your Business

    Cody Blake
    25 Feb 2015 | 11:43 am
    Antivirus program is a very important requirement for all businesses that use computers. Yet, no Antivirus Program can be said to be the best. If one program tops the list, it may lose its ranking the very next month. Yet, … Continue reading >>> The post Important Specs to Look for in Antivirus Programs for your Business appeared first on Guardian Network Solutions.
  • 5 Things Businesses Need to Know About Internet of Things

    Cody Blake
    13 Feb 2015 | 9:45 am
    Internet of things or IoT refers to all those devices and sensors, apart from tablets, computers and smart phones that transmit information or communicate with each other using internet. They include many wearable fitness trackers and also camera and televisions … Continue reading >>> The post 5 Things Businesses Need to Know About Internet of Things appeared first on Guardian Network Solutions.
  • 7 Typical IT Disasters Caused By Employees

    Cody Blake
    11 Feb 2015 | 9:34 am
    The IT industry is all about maintaining security. Smart phones and tablets pose a huge risk when it comes to protecting the sensitive information of IT industries. Most of the contributors to this risk are usually the very employees of … Continue reading >>> The post 7 Typical IT Disasters Caused By Employees appeared first on Guardian Network Solutions.
  • 5 Ways to Improve Mobile Security at Your Business

    Cody Blake
    4 Feb 2015 | 8:57 pm
    In today’s world of technology, one thing that can constantly pose a security threat is your mobile. With more and more people going for smart phones and tablets, it is becoming a real headache for the IT people, who are … Continue reading >>> The post 5 Ways to Improve Mobile Security at Your Business appeared first on Guardian Network Solutions.
  • add this feed to my.Alltop

    Trend Micro Simply Security

  • Point-of-Sale. Point-of-Compromise

    Rik Ferguson (VP, Security Research)
    3 Mar 2015 | 9:48 am
    2014 saw a significant jump in the quantity, quality and prevalence of point-of-sale malware attacks. These malicious creations, commonly referred to as PoS RAM Scrapers are designed to compromise the terminals used by businesses the world over to carry out retail transactions. Tens of millions of payment card details are routinely stolen, sometimes in a single operation. These card details are then sold on underground carding forums where they are used to make fraudulent purchases, transfers or withdrawals. These large-scale heists have become the backbone of the supply chain to the globally…
  • Safety and Soundness Must Evolve: Trend Micro Addresses Much Needed Regulations for Targeted Financial Industry

    Tom Kellermann (Chief Cybersecurity Officer)
    2 Mar 2015 | 11:55 am
    Earlier this week, Ben Lawsky, head of The New York State Department of Financial Services (NYDFS), addressed attendees at Columbia Law School where he stated that he is currently considering new rules for banks and insurance companies regulated by NYDFS to raise cybersecurity standards. Lawsky also noted his concern that the financial industry could face a crippling “Armageddon-style” attack that could possibly affect the entire U.S. economy, unless changes were made to the current security status quo. This proclamation is long overdue from policy makers and is a welcome development. As…
  • How Secure is your Password?

    Rik Ferguson (VP, Security Research)
    2 Mar 2015 | 7:36 am
    Every day it seems we need to create a new account online and with each new account comes the added risk of our personal information being stolen. Managing passwords to online accounts is not a simple matter. We could all use a little help. Using a password manager like Trend Micro™ Password Manager to help you with this important task keeps it simple and secure. Trend Micro Password Manager adds extra security by identifying weaker passwords, providing keystroke encryption to defend against keyloggers, and includes a secure web browser for financial transactions on the web. The best part…
  • Please, DO Sweat the Small Stuff!

    JD Sherry (VP, Technology and Solutions)
    26 Feb 2015 | 8:26 am
    Many across the globe have read the stress management and self-help book series by Richard Carlson, Don’t Sweat the Small Stuff. Certainly the basic premise is to make sure you focus on the important things in life. Important is rather subjective to us all. Just as it is difficult to determine what is absolutely critical to our business as those requirements change frequently. It is very much dependent on your unique and individual perspective and circumstances. These techniques and tactics can be applied not only in our personal lives but also our professional lives to create balance.
  • Revenge Porn – Despicable Online Behavior Doesn’t Pay

    Richard Medugno
    25 Feb 2015 | 8:56 am
    It’s not as concise as just three words but I think the slogan “crime doesn’t pay” should be expanded to include “…and neither does despicable online behavior.” About a year and a half ago, I wrote a blog about revenge porn – a form of cyberbullying. At the time, a number of US states were creating laws to punish spiteful people (mostly maladjusted and/or immature men). Again, for those who don’t know, revenge porn is the online posting of embarrassing, racy, or nude photos and videos of an ex-lover or former spouse – without their consent. Often the victim’s name,…
 
  • add this feed to my.Alltop

    Effect Hacking

  • Adobe Launches 'Fame Only' Bug Bounty Program

    Gokul G
    6 Mar 2015 | 2:24 am
    Software giant Adobe launched a bug bounty program that promises public recognition (not cash) for finding and reporting vulnerabilities in the company’s websites and other online services. <!-- adsense --> Pieter Ockers, the security program manager at Adobe said in a blog post, "Bug hunters who identify a web application vulnerability in an Adobe online service or web property can
  • Hackers Targets Subdomains Of GoDaddy Customers

    Gokul G
    4 Mar 2015 | 5:55 pm
    Cisco’s Talos intelligence team has identified an Angler Exploit Kit campaign that's using subdomains of GoDaddy customers to serve malwares or redirect victims to attack sites. Researchers says the Angler campaign is using a technique called "Domain Shadowing" to carry-out the malicious activities. DOMAIN SHADOWING Domain shadowing is the process of using users domain registration
  • Be Invisible On Security Cameras With "Glasses"

    Gokul G
    3 Mar 2015 | 8:34 am
    Want to play James bond in real life ? You can be invisible on security cameras by wearing glasses. It is not a science-fiction any more. Technically the glasses will not make you invisible from the security camera footage, but it will protect your identity from security cameras and facial recognition softwares.  <!-- adsense --> Security firm AVG has developed "invisibility glasses"
  • U.S. Air Traffic Control Systems Vulnerable To Hackers

    Gokul G
    2 Mar 2015 | 6:38 pm
    The U.S. air traffic control system is more vulnerable to hackers, according to a government watchdog report released on Monday. The Federal Aviation Administration has take steps to prevent hacking on air traffic control systems, but some significant security control weaknesses remains. <!-- adsense --> One of the weakness is at the area of detecting and preventing unauthorized access
  • Blu-ray Disk Could Install Malware Into Your Computers

    Gokul G
    2 Mar 2015 | 3:52 am
    Stephen Tomkinson of NCC Group, a U.K.-based security consultancy, have identified a pair of security flaws in Blu-ray players that could be exploited to install malwares on victims computers. He engineered a Blu-ray disc which detects the type of player the disc is running on and then picks one of two exploits to install malwares on a computer. <!-- adsense --> Tomkinson presented the
Log in