Network Security

  • Most Topular Stories

  • Gartner: 75 percent of mobile apps will fail security tests through end of 2015

    Latest articles from SC Magazine
    SC Magazine
    18 Sep 2014 | 2:12 pm
    As BYOD and mobile computing become more critical to business, app downloads will raise security risks.
  • eBay Falls Victim to Cross-Site Scripting Attack

    HOTforSecurity
    Alexandra Gheorghe
    18 Sep 2014 | 7:32 am
    The British website of online retailer eBay was compromised through a cross-site scripting (XSS) vulnerability, exploited to steal customers’ login credentials, according to the BBC. Attackers apparently planted malicious Javascript code in product listings to redirect eBay customers interested in cheap Apple smartphones to a spoofed eBay welcome page. Once there, they were asked to enter their account username and password. The incident was first reported by Paul Kerr, an IT worker from Scotland who contacted eBay and was told that the matter would be considered “of the highest level of…
  • 7 Reasons To Love Passwords

    Dark Reading:
    Sara Peters
    17 Sep 2014 | 4:25 pm
    Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
  • Home Depot Says 56 Million Payment Cards Compromised in Data Breach

    SecurityWeek RSS Feed
    Mike Lennon
    18 Sep 2014 | 5:25 pm
    read more
  • Cybercriminals Abuse New TLDs in Phishing, Malware Attacks

    SecurityWeek RSS Feed
    Eduard Kovacs
    19 Sep 2014 | 3:35 am
    The recent expansion of generic Top-Level Domains (gTLDs) has attracted the attention of cybercriminals who have started abusing them for their malicious operations, researchers warned this week. read more
  • add this feed to my.Alltop

    Network Security Blog

  • Limiting online time

    netsecpodcast@mckeay.net (Martin McKeay)
    14 Sep 2014 | 10:55 pm
    I limit online time.  Not for me, for my children.  Apparently I’m among a fairly prestigious group of people who do so, since many of the C-level execs in Silicon Valley also limit their children’s time with tech.  Though it looks like many of them are even stricter than I am about how much time the children get to interact with their computers. We’ve always limited the amount of time our children can spend on the computer.  We found from an early age, they’d spend every waking moment playing games and surfing the internet if they could.  I wonder who…
  • Buffer between Target and banks

    netsecpodcast@mckeay.net (Martin McKeay)
    8 Sep 2014 | 11:10 pm
    We all know that Target got compromised last year, but what some of you might not know is that the banks who issued the credit cards that were compromised are suing Target.  They’re saying that because Target didn’t take sufficient measures to protect the card data the banks had to spend millions of dollars in order to re-issue every one of the cards that were compromised.  It makes sense on the surface, since the banks incurred the cost due to the insecurity of Target’s systems.  But here’s the rub: there’s no direct relationship between the issuing banks and…
  • Is pay rising with demand in security?

    netsecpodcast@mckeay.net (Martin McKeay)
    7 Sep 2014 | 11:23 pm
    If you follow me on twitter, you know I like to throw out questions occasionally just to stir things up.  On Friday I asked the following question about jobs in the security realm: We keep hearing about how desperate companies are to hire infosec professionals. So how come we still see so many low ball salary offers? This hit a nerve with quite a few people, many of who mentioned that besides having low salaries for the apparent demand, we also see low stature in the company and that while there’s a demand, companies still don’t see how paying a security professional leads to…
  • Congratulations, Rich

    netsecpodcast@mckeay.net (Martin McKeay)
    4 Sep 2014 | 10:53 pm
    Wow, it’s been seven years since Rich Mogull left Gartner and started Securosis.  I met him shortly before he took the leap, introduced by a mutual friend, Richard Stiennon.  I worked with Rich and a host of others to organize the first Security Bloggers Meetup at RSA, which is still going, and when I heard he was leaving Gartner, I invited him to participate in the Network Security Podcast with me, a partnership that lasted over six years.  He’s  a good person, a good friend, and someone I truly feel lucky to have met in the security community. It’s interesting to see…
  • An American in London

    netsecpodcast@mckeay.net (Martin McKeay)
    25 Aug 2014 | 3:15 am
    Almost exactly a year ago my family and I moved from Northern California to 20 miles west of the capital of the United Kingdom, London.  It was the start of an adventure that’s exposed us to a new culture, cut us off from most of our friends and family and made massive changes to how we see the world.  We’ve had to make huge adjustments in our expectations, our lifestyle and how we drive, but my wife and I both think it’s been worth it.  The children seem to disagree, if you believe their loud and frequent complaints.  But these seem to be fewer and fewer as time goes…
 
 
  • add this feed to my.Alltop

    Network Security Podcast

  • Last Hacker Standing, Episode IV, Part II – Revenge of the Katie!

    martin
    3 Sep 2014 | 2:44 am
    Last Hacker Standing, Episode 4 – Part 2 Despite popular belief (and a certain amount of Jar Jar Binks level confusion on the episode numbering and release timeline), we’re back with Episode 4 Part II of our interview with Katie Moussouris from HackerOne… Sit back and listen as Katie lays it out like it is! Planning is already underway for our next podcast… watch this space… tell your friends… tell your enemies… heck you can even tell @hackingmexico if you want to be really comical!
  • Black Hat 2014 – Lucas Zaichkowsky

    martin
    25 Aug 2014 | 8:46 am
    I sat down with Lucas Zaichkowsky from AccessData to talk about his presentation at Black Hat this year. It’s a little depressing to hear about how poor the security is for small to medium businesses who take credit cards and what the consequences are for not knowing how to security yourself. His one piece of advice for SMB’s? Use two factor authentication (2FA) for the administration of your POS systems and you’ll be better off than 99% of the businesses out there. Black Hat 2014 – Lucas Zaichkowsky
  • Last Hacker Standing – Vegas Recovery Edition, Episode 5

    martin
    24 Aug 2014 | 3:37 am
    Last Hacker Standing – Vegas Recovery Edition, Episode 5 “This is not the Last Hacker Standing: Episode IV – Part II Revenge of the @k8em0 that you’re looking for!” To fill the void in your lives before we release the epic that is Episode IV Part II we got the crew together to chat about hacker summer camp and our personal recovery plans… In a break from the norm (not sure we have a norm yet, but I’m gonna stick with that) we chat randomly about BlackHat, BSidesLV, DEF CON and the burning hell that is Las Vegas. You may also note that we’ve got an RSS feed now… and…
  • Last Hacker Standing, Episode IV – The Last Hope

    martin
    17 Aug 2014 | 3:43 am
    Sorry if this is a repeat for you, I’m putting it in the NetSec Podcast page as well. Well, I told you I couldn’t go that long without recording a podcast.  And a couple of weeks ago I got together with my friends Chris John Riley and Dave Lewis and started a new project, Last Hacker Standing.  In the inaugural podcast, we talk news (straight up, with a twist), alongside our wonderful guest Katie Moussouris from Hacker One.  I’m going to try to have fun with this one, not taking it too seriously.  Not that I ever took the Network Security Podcast all that seriously,…
  • Network Security Podcast, Episode 332

    martin
    18 Jun 2014 | 1:39 am
    We’d suspected this day would come for quite some time, but it’s time to make it official: The Network Security Podcast will no longer be a regular, weekly podcast, Rich Mogull and Zach Lanier will not be a consistent part of the podcast. The podcast will continue in some form, but it’ll be Martin doing any of the publishing.  Which isn’t really all that big of a change anyway. Basically, all three of us have become incredibly busy in the last year.  Zach has a wedding to plan, a new job and has moved again.  Rich has more business and work than any time in living…
 
  • add this feed to my.Alltop

    Tenable Network Security Blog

  • The Current State of PCI

    Jeffrey Man
    16 Sep 2014 | 12:50 pm
    The Payment Card Industry has been shaken recently by numerous breaches that have successfully exploited malware on Point-of Sale (POS) systems to steal payment card data at retailers of all sizes around the country.
  • Current State of IT Security in the Financial Services Sector

    Jack Daniel
    15 Sep 2014 | 3:06 pm
    Financial services organizations are some of the most highly protected institutions in the nation, but, at the same time, are under constant attack. As a result, financial institutions have to be prepared to handle any security disaster.
  • On the Security of “Things”

    Paul Asadoorian
    15 Sep 2014 | 2:02 pm
    The security ramifications of the "Internet of Things" (IoT) is a hot topic lately. That’s not to say the security community has not been aware of this problem; and dealing with it for some time (or ignoring it as the case may be).
  • Tenable Blog Greatest Hits Volume 1

    Joanne Rasch
    15 Sep 2014 | 1:55 pm
    Today we launched a new look for our blog with the goal of making it easier for you to find the security content you’re looking for.
  • Should Your Board of Directors be Managing Your Security?

    Craig Shumard
    15 Sep 2014 | 12:57 pm
    Should your board of directors be managing your security? This is not a rhetorical question. Ensuring a good security posture requires that your board of directors and senior management are on board and support your efforts at securing corporate data. Let’s pose a few questions:
 
  • add this feed to my.Alltop

    TaoSecurity

  • We Need More Than Penetration Testing

    16 Sep 2014 | 9:47 am
    Last week I read an article titled  People too trusting when it comes to their cybersecurity, experts say by Roy Wenzl of The Wichita Eagle. The following caught my eye and prompted this post:[Connor] Brewer is a 19-year-old sophomore at Butler Community College, a self-described loner and tech geek...Today he’s what technologists call a white-hat hacker, hacking legally for companies that pay to find their own security holes. When Bill Young, Butler’s chief information security officer, went looking for a white-hat hacker, he hired Brewer, though Brewer has yet to complete…
  • A Brief History of Network Security Monitoring

    16 Sep 2014 | 9:07 am
    Last week I was pleased to deliver the keynote at the first Security Onion Conference in Augusta, GA, organized and hosted by Doug Burks. This was probably my favorite security event of the year, attended by many fans of Security Onion and the network security monitoring (NSM) community.Doug asked me to present the history of NSM. To convey some of the milestones in the development of this operational methodology, I developed these slides (pdf). They are all images, screen captures, and the like, but I promised to post them. For example, the image at left is the first slide from a…
  • Bejtlich Teaching at Black Hat Trainings 8-9 Dec 2014

    4 Sep 2014 | 8:41 am
    I'm pleased to announce that I will be teaching one class at Black Hat Trainings 2014 in Potomac, MD, near DC, on 8-9 December 2014. The class is Network Security Monitoring 101. I taught this class in Las Vegas in July 2013 and 2014, and Seattle in December 2013. I posted Feedback from Network Security Monitoring 101 Classes last year as a sample of the student commentary I received.This class is the perfect jumpstart for anyone who wants to begin a network security monitoring program at their organization. You may enter with no NSM knowledge, but when you leave…
  • Air Force Leaders Should Read This Book

    21 Aug 2014 | 6:56 pm
    I just finished reading The Icarus Syndrome: The Role of Air Power Theory in the Evolution and Fate of the U.S. Air Force by Carl Builder. He published this book in 1994 and I wish I had read it 20 years ago as a new Air Force second lieutenant. Builder makes many interesting points in the book, but in this brief post I'd like to emphasize one of his concluding points: the importance of a mission statement.Builder offers the following when critiquing the Air Force's mission statement, or lack thereof, around the time of his study:[Previous] Air Force of Staff, General John P. McConnell,…
  • On the Twenty Years Since My USAFA Graduation

    1 Jun 2014 | 4:00 pm
    Twenty years ago today, on 1 June 1994, 1024 of us graduated from the United States Air Force Academy, commissioned as brand new second lieutenants. As of September 2012, over 600 members of the class of 1994 were still in uniform. I expect that number is roughly the same today. Reaching the 20 year mark entitles my classmates still in uniform to retire with lifetime benefits, should they choose to do so. I expect some will, but based on patterns from earlier classes I do not expect a massive exodus. The economy is still in rough shape, and transitioning from the military to the private…
  • add this feed to my.Alltop

    Spyware news

  • Hackers relaunch multi-name rogues to steal people’s money!

    8 Sep 2014 | 11:52 pm
    Just imagine: you start your computer one day and see a window showing how Win 7 Antivirus 2014 scans your PC system. After performing it, this program informs you about a long list of viruses, including trojans, adware and other threats. Naturally, it offers you to remove these threats from your computer in exchange for […]
  • Good news from Google Chrome! We will be warned about deceptive downloads!

    22 Aug 2014 | 6:02 am
    Annoyed by adwares, browser hijackers and similar potentially unwanted programs? It seems that soon we will be capable of getting more power against infiltration of these programs. Of course, under one condition – we will have to choose Google Chrome web browser for doing our browsing on the Internet. We say so because of the […]
  • Got an email from Bank of America? It might be infected with Cryptowall virus!

    6 Aug 2014 | 5:25 am
    If you are interested in viruses, you must have heard about Cryptowall virus. This is a serious ransomware that has ability to encrypt specific files and then display a warning message asking people to pay a ransom for their decryption. At the moment of writing, this virus has ability to affect only those computers that […]
  • Tor warns its users about ‘relay early’ attack and says that they may have been unmasked

    31 Jul 2014 | 6:57 am
    Tor has always been loved by those who seek to hide their location, protect information about their browsing habits and fight for their anonymity. However, if you have been using this program from February 2014 to July 4, you should be concerned because it has been announced that Tor software was probably deanonymizing its users during […]
  • Security experts warn about reappearance of Delta Homes virus!

    31 Jul 2014 | 5:59 am
    Delta-homes.com, a search engine that was originally created for collecting revenue from advertising, has recently renewed its activity. According to the latest news, it has already hijacked thousands of devices in Russia, Turkey, Denmark, Poland and the U.S. Unfortunately, who exactly is responsible for this outbreak is still unknown. It is believed that it originates […]
 
  • add this feed to my.Alltop

    Schneier on Security

  • Fake Cell Phone Towers Across the US

    schneier
    19 Sep 2014 | 4:11 am
    Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US These seems to be ISMI catchers, like Harris Corporation's Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone towers in politically interesting places around Washington DC. In both cases, researchers used by security software that's part of CryptoPhone from the German company GSMK. And in both cases, we don't know who is running these…
  • Terrible Article on Vernam Ciphers

    schneier
    18 Sep 2014 | 12:09 pm
    If there's anything that confuses wannabe cryptographers, it's one-time pads.
  • The Full Story of Yahoo's Fight Against PRISM

    schneier
    18 Sep 2014 | 5:13 am
    In 2008, Yahoo fought the NSA to avoid becoming part of the PRISM program. It eventually lost the court battle, and at one point was threatened with a $250,000 a day fine if it continued to resist. I am continually amazed at the extent of the government coercion.
  • Identifying Dread Pirate Roberts

    schneier
    17 Sep 2014 | 12:30 pm
    According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location.
  • Tracking People From their Cell Phones with an SS7 Vulnerability

    schneier
    17 Sep 2014 | 5:15 am
    What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability.
  • add this feed to my.Alltop

    Infosec Events

  • Week 37 In Review – 2014

    md
    15 Sep 2014 | 4:46 pm
    Events Related ArchC0n ’14 Report – www.digitalbond.com Dale Peterson spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason he chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that he wrote down. Inside the Super Bowl of lying – dailydot.com This is the 2014 Def Con hacker conference at the Rio Casino in Las Vegas. The people are in one of the tiniest rooms in the casino to see the Super Bowl of lying. Here is the wrap up of the event by…
  • Week 36 In Review – 2014

    md
    8 Sep 2014 | 6:56 am
    Resources iCloud keychain and iOS 7 Data Protection – slideshare.net If you are concerned about cloud security, read this presentation by Andrey Belenko Sr. Security Engineer @ viaForensics and Alexey Troshichev @hackappcom founder. Leveraging WMI for shells – secabstraction.com secabstraction always try to think about how he might get something done by leveraging WMI, since it’s usually always on and available. When he read that somebody had beat him to the punch he decided to start writing a powershell implementation. Alberto’s GSoC 2014 Project for ZAP: SOAP Scanner…
  • Week 35 In Review – 2014

    md
    1 Sep 2014 | 12:32 pm
    Resources InfowarCon TV – infowarcon.com Here are some of the amazing talks given in January. InfowarCon TV highly suggest you listen to them all; lots of great information, questions, and demonstrations about the most important issues facing us today. Shakacon LLC – www.youtube.com Shakacon, an Information Technology (IT) Security Conference. Here are some of the talks at the conference. You can watch and download the videos. Announcing Scumblr and Sketchy – Search, Screenshot, and Reclaim the Internet – techblog.netflix.com Netflix is pleased to announce the open source…
  • Information Security Events For September

    sheila
    1 Sep 2014 | 4:42 am
    Here are information security events in North America this month:   Day-Con 7 : September 3 to 9 in OH, USA   BSides Cape Breton 2014 : September 5 in Sydney, NS, Canada   BSides Ottawa 2014 : September 5 to 6 in Ottawa, ON, Canada   HP Protect 2014 : September 8 to 11 in Washington, DC,USA   BSides Los Angeles 2014 : September 11 to 12 in Los Angeles, CA, USA   BSides Augusta 2014 : September 13 in GA, USA   BSides Memphis 2014 : September 13 in TN, USA   New Security Paradigms Workshop (NSPW 2014) : September 15 to 18 in Victoria, BC, Canada  …
  • Week 34 In Review – 2014

    md
    26 Aug 2014 | 10:09 am
    Events Related USENIX Security ’14 Technical Sessions – usenix.org The full Proceedings published by USENIX for the symposium are available for download here. Individual papers can also be downloaded from the presentation page. WOOT ’14 Workshop Program -usenix.org The full papers published by USENIX for the workshop are available for download as an archive or individually below. DEF CON 22 ICS Village -digitalbond.com Corey Thuen’s first blog post at Digital Bond and he’s going to break The Rule and talks about what happened in Vegas. Hacktivism & Radical…
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Monthly Blog Round-Up – August 2014

    2 Sep 2014 | 10:46 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list. My classic PCI…
  • Monthly Blog Round-Up – July 2014

    1 Aug 2014 | 8:10 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list. My classic PCI…
  • Monthly Blog Round-Up – June 2014

    1 Jul 2014 | 8:15 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open sources log search tools, BTW, does not break the logic of that post. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth…
  • Monthly Blog Round-Up – May 2014

    2 Jun 2014 | 9:45 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list. “Why No Open…
  • Monthly Blog Round-Up – April 2014

    1 May 2014 | 7:55 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is popular as well. The series of 18 posts cover a comprehensive log review approach, useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book.
 
  • add this feed to my.Alltop

    Security Blog

  • Weekly Intelligence Summary Lead Paragraph: 2014-09-12

    dkennedy
    15 Sep 2014 | 12:21 pm
    Actionable intelligence in this week’s VCIC collections included security bulletins from Adobe and Microsoft.  Leading the latter was MS14-052 for Internet Explorer that Kaspersky reported was part of the watering hole attack on VFW.org in February. The PCI Council updated their Skimming Prevention: Best Practices for MerchantsThe 36-page document provides risk mitigations for retail payments infrastructures, and is not limited to just the skimming risk. Also in Governance, Peter Hustinx, the EU Data Protection Supervisor wrote, European Leadership in Privacy and Data Protection. Among the…
  • Weekly Intelligence Summary Lead Paragraph: 2014-09-05

    ssimpson
    5 Sep 2014 | 11:33 am
    Bad news from the retail sector yet again: Brian Krebs reported Home Depot may have suffered a breach of payment card data that may have originated from nearly all of its stores across the United States. The company says it’s investigating unusual activity but hasn’t yet confirmed a breach. That being said, Krebs’ track record is pretty good when it comes to announcing data breaches. The leak of celebrity photos this week, presumably from Apple’s iCloud, opened up the company’s cloud security to increased scrutiny from security researchers. While the attacks were limited to…
  • Regardless of the length or complexity, passwords can’t do it alone.

    Marc Spitler
    2 Sep 2014 | 10:39 am
    It is amazing to reminisce about my childhood and the lack of risk reduction applied to me as a potential victim of inertia while riding in a car. My typical seating arrangement was lowering the armrest between the two back seats of the Oldsmobile Delta 88 and sitting on top of it, providing an outstanding view. I am sure that many of you have similar memories, perhaps sitting in your parent’s lap (as they drove) or running around in the back without a care in the world. If we saw that type of behavior in 2014, we would have similar reactions to if we were witnessing the King of…
  • Weekly Intelligence Summary Lead Paragraph: 2014-08-29

    dkennedy
    29 Aug 2014 | 1:41 pm
    The Verizon Cyber Intelligence Center (VCIC) collected actionable intelligence in Fox IT’s “Malvertising: Not all Java from java.com is legitimate,” Kaspersky’s “Sinkholing the Backoff POS Trojan,” and SecureWorks, “CryptoWall Ransomware” from this week’s OSINT. About half of the citizens of the Republic of Korea are the victims of the latest mega-breach in that country due to hacking six major online games. Fifty of Norway’s largest oil and gas companies have been compromised and another 250 have been asked to check their systems for signs that they too have been…
  • Weekly Intelligence Summary Lead Paragraph: 2014-08-22

    dkennedy
    26 Aug 2014 | 9:52 am
    Community Health Systems dominated InfoSec headlines this week when it disclosed in its 8-K filing with the SEC that it suffered a data breach that involved the personal information of 4.5 million patients. Mandiant (owned by FireEye), who conducted the investigation, attributed the breach to a Chinese group it labels APT 18. Additional details of the breach were scarce until TrustedSec, citing sources close to the investigation, reported that the initial vector for the attack was the exploitation of the Heartbleed vulnerability in OpenSSL. Back in April Mandiant reported one of its customers…
  • add this feed to my.Alltop

    symantec.com

  • Snifula banking Trojan battles local Japanese security product

    Symantec Security Response
    17 Sep 2014 | 3:34 am
    Summary:  Snifula variant blocks image on bank’s website advising users to install PhishWall security software. read more
  • New iPhone could herald change to payments security landscape

    Dick O'Brien
    11 Sep 2014 | 10:07 am
    Summary:  The arrival of Apple Pay could help improve point-of-sale security but attackers are also likely to severely test the security of the new technology. read more
  • Microsoft Patch Tuesday – September 2014

    himanshu_mehta
    9 Sep 2014 | 1:53 pm
    This month the vendor is releasing four bulletins covering a total of 42 vulnerabilities. Thirty-six of this month's issues are rated Critical. Summary:  This month the vendor is releasing four bulletins covering a total of 42 vulnerabilities. Thirty-six of this month's issues are rated Critical. read more
  • Significant security challenge for new vehicle communication standard

    Dick O'Brien
    8 Sep 2014 | 5:57 am
    Summary:  While V2V communications will enable a range of safety applications, securing the protocol will require a system of unprecedented complexity. read more
  • Apple IDs targeted by Kelihos botnet phishing campaign

    Symantec Security Response
    5 Sep 2014 | 9:46 am
    Summary:  Botnet targets Apple customers, launching phishing email campaign to lure victims into disclosing their Apple IDs and passwords. Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign aimed at luring victims into disclosing their Apple ID’s and passwords. read more
 
  • add this feed to my.Alltop

    Optimal Security

  • Critical Updates for Adobe Reader and Acrobat Released – You Can Breathe Again

    Graham Cluley
    18 Sep 2014 | 9:28 am
    You can stop holding your breath now, the wait is over. Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software. Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its scheduled security updates for Reader and Acrobat, because of issues that had sprung up during testing. To be honest, it was hard not to feel grateful. After all, the last thing you want is for a vendor to push out a security update that causes conflicts and…
  • Doom-Playing Canon Printer Raises Security Concerns About IoT

    Graham Cluley
    16 Sep 2014 | 4:41 pm
    If you can hack a wireless printer to play one of the most famous videogames of all time, what else can you do with it? And if printer hardware can be reprogrammed by hackers to perform functions far beyond its intended use, what does it say about other the other devices that make up “the internet of things”? Those are the obvious concerns raised by security researcher Michael Jordon, who was able to install a playable version of Doom on a wireless Canon Pixma printer to raise concerns about poor security on internet-enabled devices. Jordon, who works for Context Information…
  • Infosec Haiku

    Chris Merritt
    13 Sep 2014 | 7:55 am
    Anata no joho sekyuritei konshu no haiku Dyre Malware Strikes Salesforce Users Be Wary Your Creds Are At Risk ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • 5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?

    Graham Cluley
    12 Sep 2014 | 10:42 am
    When news reports broke earlier this week about a massive leak of Google account passwords, there must have been plenty of users who took a big gulp. Would their email address and password be amongst the alleged five million published on a Russian web forum? Was it possible that Google itself had been hacked, spilling secret information about its users? There was certainly a lot of panic, but the truth was rather less traumatising. No, Google didn’t suffer a security breach. Instead, it’s most likely that the credentials were amassed by hackers through a combination of keylogging…
  • Microsoft Delivers Light Patch Load for September Patch Tuesday

    Russ Ernst
    9 Sep 2014 | 10:38 am
    September delivers a light patch load from Microsoft – just 4 bulletins were released in today’s Patch Tuesday with 1 rated critical and 3 important. In total, September covers off on 42 CVEs with 37 of those found in MS14-052, another cumulative update for IE and your first priority this month. Of the 37 CVEs, just one, CVE-2014-7331, is publicly known at this time and is under active attack. It’s an information disclosure vulnerability being used by the bad guys for targeting vulnerable systems, and has been used in combination with other vulnerabilities to bypass ASLR. Second on…
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • TRUSTe Launches Data Privacy Management Platform to Help Manage Complex Privacy Initiatives

    lgradman
    18 Sep 2014 | 8:00 am
    With the explosion of big data, companies know that successful data collection is crucial to the success of their business.  If collected and analyzed properly, the use of big data can help companies outperform the competition by leveraging new data-driven strategies, uncovering new trends and benefits. However, the use of this data also brings significant … Continue reading »
  • Apple & Box Show Commitment to Cross-Border Data Privacy through APEC Certification

    lgradman
    17 Sep 2014 | 2:18 pm
    As Apple released the latest update to their privacy policy today, it included the new TRUSTe APEC Privacy Seal certifying that Apple abides by the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System. Apple joins Box as the latest in a growing list of companies who are choosing APEC Certification to demonstrate their commitment … Continue reading »
  • EU Cookie Inspections – Are You Ready?

    lgradman
    10 Sep 2014 | 8:00 am
    Many companies have been focused on preparing for the EU Cookie Inspections ever since the “Cookie Sweep” day was announced to determine compliance with cookie regulations across the EU on September 15-19 of this year. Given the recent fines due to violations in Spain and the Netherlands over the last few months, companies have been … Continue reading »
  • TRUSTe To Develop Guidelines For Whitelisting Sites On New Disconnect Mobile App

    eleanor
    8 Sep 2014 | 4:56 am
    Earlier today, Disconnect launched the first mobile app to block malvertising –and confirmed that the app is available for iOS and Android after an initial ban by Google caused public outcry. Malvertising is a major cause of identity theft and is impossible for consumers to identify because malicious tracking and malware often looks like a … Continue reading »
  • September Monthly Spotlight

    lgradman
    2 Sep 2014 | 10:25 am
    September 4 EU Cookie Inspections: Are You Ready? Webinar There has been significant focus on the EU Cookie Directive ever since the announcement of a “Cookie Sweep” to determine compliance levels with cookie regulations across the EU in mid-September. Since the Directive has been implemented in different ways across the EU, many companies need guidance … Continue reading »
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Managing Access to SaaS Applications

    18 Sep 2014 | 12:00 am
    First, cloud computing provides easy and dynamic access to information technology.Next, the ecosystem of cloud-based SaaS applications has exploded thanks to cloud computing.Finally, this SaaS ecosystem has helped power an even bigger boom of consumer-friendly mobile devices and apps that access SaaS.This Essential Guide examines the opportunities and challenges of empowering, yet controlling, user access to SaaS applications. Specifically, identity management as a service promises to simplify secure access, and management of SaaS applications while reducing password sprawl. This guide will…
  • Continuous Monitoring (CM): A New Approach to Proactively Protecting Your Global Perimeter

    17 Sep 2014 | 12:00 am
    In this guide, network security managers will learn how to automatically leverage vulnerability scans with CM for stronger security. Also covered:Requirements—why CM is vitalScanning—value of continuous vulnerability scansBest Practices—for using CMBenefits—examples of how CM improves securityDownload this guide now to learn how to use automation to achieve continuous security and compliance.Request Free!
  • SANS Critical Security Controls: From Adoption to Implementation

    17 Sep 2014 | 12:00 am
    The Critical Security Controls (CSCs), a well-known roadmap for enterprise information assurance published and maintained by the Council on CyberSecurity, is being widely adopted across financial and government sectors, according to the second SANS survey on CSC adoption.Download this report from SANS to find out why more and more organizations of various types consider the CSCs a reliable mechanism to reduce attack surfaces, increase visibility and improve protection and response.Request Free!
  • A Cybercriminal's Guide to Exploiting DNS for Fun and Profit

    15 Sep 2014 | 12:50 pm
    Your customer data—and your business reputation—are undoubtedly secure, but is it? Take a look at yourself through the eyes of the cybercriminals who are making today's headlines. They know that there is a hole in most defenses and how to exploit it. Carrying out a DNS attack is relatively simple for the bad guys because the DNS protocol is easy to exploit. Additionally, there are dozens of types of DNS attacks for them to choose from. These attacks can be used to hijack your systems, steal your data (or your customers' money), or bring your business to a screeching halt. For a look at a…
  • IaaS Public Clouds and the Perceived Security Threat

    2 Sep 2014 | 12:00 am
    Present concerns about cloud security are reminiscent of the fears in the 1980s of LANs and a highly distributed IT infrastructure, and they also echo the efforts in the 1990s to stop Internet usage at work. But the issue really isn't security; it's governance to ensure interoperability and portability. We will review these concerns and discuss how the industry dealt with them, and then explore how these same concerns can be mitigated with a proper cloud strategy.Request Free!
 
  • add this feed to my.Alltop

    IT-Security

  • Will this Band-Aid help?

    Branden Williams
    4 Sep 2014 | 8:01 am
    You know when you get a paper cut in the webbing of your fingers? How many of you just shuddered at the thought of such a minor, but memorable malady? Now, think about one of the times that you got in there really deep and had to find a band-aid. Those normal ones just don’t work! You need a special band-aid with the butterfly flaps on it. Then you can get on with your day without spreading more of your DNA on everything you touch. Insalt to Injury, by Uri Baruchin With all these POS breaches (like Home Depot this week), we need to address a paper cut. The paper cut here is the POS…
  • August 2014 Roundup

    Branden Williams
    3 Sep 2014 | 8:30 am
    Stay Classy, San Diego! We wrapped up the survival tips for young (and sometimes experienced) professionals series and got back to information security! While you are all still very interested in getting great customer service, my posts on the effectiveness of PCI DSS also made the rounds this time around. I hope this sets us up for a great discussion in a couple of weeks at the PCI Community Meeting in Orlando! Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. The economy is humming along quite nicely. How do we know? Because people…
  • Guest Post: PCI Compliance Fees, Fines, and Penalties – What Happens After a Breach

    Branden Williams
    2 Sep 2014 | 7:45 am
    The following is a guest post by Mark Burnette. You can reach him directly here.   Transforming Nature Exhibition, by Val Kerry The PCI Data Security Standards are a set of rules designed by the credit card brands to enforce card data security. Though these are industry rules rather than laws, they can result in stiff fines and penalties for businesses, and even cost a business the ability to process credit cards. What’s more, these rules impact every business that collects, processes, or transmits card data – from mom and pop shops to retail titans. So what exactly happens…
  • So, uh, is PCI DSS effective?

    Branden Williams
    28 Aug 2014 | 7:22 am
    After the last post, I thought I’d describe some of the challenges with measuring the effectiveness of PCI DSS. Some camps argue it is absolutely effective because there has not been a compromise to date of an entity that was fully compliant with PCI DSS at the time of their breach. Others suggest extremely low compliance rates in certain groups of merchants indicate it’s not effective in helping the little guy. A few pick up headlines and just scream that it’s broken. An industry colleague of mine, Steve Levinson, is famous for a number of sayings. One he uses when faced…
  • Is PCI DSS Effective?

    Branden Williams
    26 Aug 2014 | 7:50 am
    Another week, another breach. SuperValu is the latest entity to suffer a breach involving credit cards, and I saw a tweet over the weekend that inspired this post. It was along the lines of “I’d hate to be the guy who has to explain how PCI DSS is effective against breaches.” While there is some humor in the tweet, there is more than just the standard in play here. Laugh as the Sun comes, Arnett Gill PCI DSS by itself is a good baseline for handling cardholder data. I’ve written articles, blogs, books, and given talks on the merits of PCI DSS1. PCI DSS also has flaws,…
  • add this feed to my.Alltop

    AT&T Networking Exchange Blog » Security

  • Cross-Silo Security and Governance

    18 Sep 2014 | 3:45 am
    For modern businesses, big data and analytics can transform operations, enabling better decision-making and offering previously unattainable customer or market insights. However, with the majority of big data initiatives being owned by individual lines of business, security considerations can often fall by the wayside. Join us for a live webinar on September 25 at 1 p.m. EDT and hear from Gartner’s Dr. Brian Lowans and AT&T’s Anne Wolfe, privacy and data management executive director, as they discuss how organizations can nurture an enterprise-wide culture of collaboration and…
  • The Importance of Security Event and Threat Analysis Services

    Andy Daudelin
    17 Sep 2014 | 6:45 am
    Today’s cyber world is plagued with never-ending security risks. We are all familiar with Distributed Denial of Service or DDoS attacks that can bring down a website. But far more dangerous are the silent attacks that slowly enter the environment, often sitting idle for weeks or months before taking action. With the growth of Bring Your Own Device or BYOD, along with cloud applications and storage options, IT departments are greatly challenged. It may seem a daunting task to sufficiently monitor security threats across today’s complex environment. More than ever, it is extremely important…
  • Shoring Up Your Mobile Application Security

    Jennia Hizver
    16 Sep 2014 | 3:45 am
    With the explosive growth of the mobile market, security of enterprise mobile platforms and applications has gained greater attention than ever before. New mobile vulnerabilities are constantly emerging, and new attacks are being developed to subvert existing security mechanisms, making it difficult for IT professionals to follow these developments. Some examples of the recently emerged attacks are discussed below. Attacks on smartphone users Most of today’s smartphones do not have a physical keyboard. The user is instead provided with an on-screen software-based keyboard implemented as a…
  • Choosing a Provider for DDoS Defense

    Charlie Barker
    12 Sep 2014 | 3:30 am
    While Distributed Denial of Service (DDoS) attacks aren’t new, they are still a destructive “go to” tool for many cyber criminals. In addition to flooding your servers with even more traffic than before, and frustrating your customers trying to access them, these organized attacks are now being used as a diversionary tactic, an effective smoke screen for more sinister activity. As your IT staff is busy fighting off a DDoS event, cyber thieves may be taking advantage of their shift in focus to break in and steal sensitive data. As the level of risk rises for DDoS defense, the cost and…
  • MDM and MAM: Two Peas in a Pod

    Velera Wilson
    11 Sep 2014 | 3:45 am
    It goes without saying, mobile devices and applications are now synonymous with everyday life. Apps are used for just about everything – from taxi service to food delivery – and the trend is not slowing down, for consumers or businesses. Companies in particular are excited about the possibilities of applications because they allow organizations to extend their reach to end users and customers, while accelerating transactions, streamlining operations, and increasing responsiveness. As mobility continues to change, the natural progression for organizations is to figure out “what do we do…
  • add this feed to my.Alltop

    Anti spam and general email security in a business environment

  • JPMorgan Chase Phishing Attack Packs a Double Whammy

    Malcolm James
    27 Aug 2014 | 6:00 am
    Two words you never want to hear together are ‘massive’ and ‘phishing.’ They’re normally followed by ‘attack,’ and then you could be in for a world of hurt, especially for users who aren’t predisposed to vigilance. So when several media outlets reported this week that US mega bank JP Morgan Chase was hit with a massive phishing campaign, we thought it was worth a look. According to SC Magazine, customers of JP Morgan Chase, the largest US bank by assets, were targeted in a “multifaceted phishing campaign impacting mostly people in the U.S., according to security firm…
  • Canadians Speak Out: We Don’t Want Your Spam

    Malcolm James
    20 Aug 2014 | 1:00 am
    Considering what a pain in the posterior this thing called spam truly is, it doesn’t seem particularly newsworthy to write an article reporting that a group of people admit to hating the stuff. That’s like writing an article entitled “Rob Ford, We Want You to Go Far, Far, Away,” or “Justin Bieber, Defect to Russia Already.” True, such platitudinous stories might have some entertainment value, but they don’t really tell us anything we don’t already know. So why bother, you ask. Why write a story ‘revealing’ that Canadians hate spam? For starters, because less than 60…
  • E-Z Pass Users Targeted in Phishing Attack

    Sue Walsh
    18 Aug 2014 | 8:00 am
    If you’re a driver with E-Z Pass, you’re not alone. Over 24 million people across 15 states use the handy gadget to make going through tolls fast and easy. There’s no waiting in line behind some jerk who waited until he got to the window to search for change or who decided the toll booth clerk was a travel agent too and decided to ask a million questions. Instead drivers just add cash to their online account and the E-Z Pass deducts the required amount as they pass through. Recently though E-Z Pass users have been hit with a new phishing attack. The attack is so widespread the FTC…
  • Is Spam Free Speech?

    Sue Walsh
    15 Aug 2014 | 6:00 am
    Is spam actually a form of protected speech? Some people think so. “The 1950s anti-communist blacklists, assembled without due process, have essentially returned in a new form on the Internet,” James McGrath Morris wrote in The Washington Post, incensed that his newsletter (the “Biographer’s Craft”) got snagged in a spam filter. The argument is that spam filters are actually a form of censorship and that spam should fall under the constitutional protections of the 1st amendment. It may sound foolish to most of us but those who believe it are quite serious: “‘Free speech’ is…
  • FTC Fines Spammer $350K

    Sue Walsh
    14 Aug 2014 | 2:30 am
    A man Spamhaus has listed as the #2 spammer in the world has been hit with a hefty fine for violating the CAN-SPAM and FTC Acts. Yair Shalev of Florida and his company, Kobeni Inc. must pay $350,000 for the mountain of spam they sent regarding the Affordable Care Act. The messages lied about the deadlines for signing up and tried to scare recipients by telling them if they didn’t click the links and “activate” their coverage they would be breaking the law. In reality the only one breaking the law was Shalev. The links lead websites plastered with ads for various insurance companies.
 
  • add this feed to my.Alltop

    AT&T Networking Exchange Blog » Security

  • Cross-Silo Security and Governance

    18 Sep 2014 | 3:45 am
    For modern businesses, big data and analytics can transform operations, enabling better decision-making and offering previously unattainable customer or market insights. However, with the majority of big data initiatives being owned by individual lines of business, security considerations can often fall by the wayside. Join us for a live webinar on September 25 at 1 p.m. EDT and hear from Gartner’s Dr. Brian Lowans and AT&T’s Anne Wolfe, privacy and data management executive director, as they discuss how organizations can nurture an enterprise-wide culture of collaboration and…
  • The Importance of Security Event and Threat Analysis Services

    Andy Daudelin
    17 Sep 2014 | 6:45 am
    Today’s cyber world is plagued with never-ending security risks. We are all familiar with Distributed Denial of Service or DDoS attacks that can bring down a website. But far more dangerous are the silent attacks that slowly enter the environment, often sitting idle for weeks or months before taking action. With the growth of Bring Your Own Device or BYOD, along with cloud applications and storage options, IT departments are greatly challenged. It may seem a daunting task to sufficiently monitor security threats across today’s complex environment. More than ever, it is extremely important…
  • Shoring Up Your Mobile Application Security

    Jennia Hizver
    16 Sep 2014 | 3:45 am
    With the explosive growth of the mobile market, security of enterprise mobile platforms and applications has gained greater attention than ever before. New mobile vulnerabilities are constantly emerging, and new attacks are being developed to subvert existing security mechanisms, making it difficult for IT professionals to follow these developments. Some examples of the recently emerged attacks are discussed below. Attacks on smartphone users Most of today’s smartphones do not have a physical keyboard. The user is instead provided with an on-screen software-based keyboard implemented as a…
  • Choosing a Provider for DDoS Defense

    Charlie Barker
    12 Sep 2014 | 3:30 am
    While Distributed Denial of Service (DDoS) attacks aren’t new, they are still a destructive “go to” tool for many cyber criminals. In addition to flooding your servers with even more traffic than before, and frustrating your customers trying to access them, these organized attacks are now being used as a diversionary tactic, an effective smoke screen for more sinister activity. As your IT staff is busy fighting off a DDoS event, cyber thieves may be taking advantage of their shift in focus to break in and steal sensitive data. As the level of risk rises for DDoS defense, the cost and…
  • MDM and MAM: Two Peas in a Pod

    Velera Wilson
    11 Sep 2014 | 3:45 am
    It goes without saying, mobile devices and applications are now synonymous with everyday life. Apps are used for just about everything – from taxi service to food delivery – and the trend is not slowing down, for consumers or businesses. Companies in particular are excited about the possibilities of applications because they allow organizations to extend their reach to end users and customers, while accelerating transactions, streamlining operations, and increasing responsiveness. As mobility continues to change, the natural progression for organizations is to figure out “what do we do…
  • add this feed to my.Alltop

    The Redspin Report

  • Redspin Events in September

    mmak
    29 Aug 2014 | 1:43 pm
    Redspin will be participating in several great healthcare and security conferences this September. Make sure you tune in to get useful information about IT security, policy compliance, and penetration testing! Stanford Medicine X  (Palo Alto, CA) "Practical Information and Security Risk Management for ePatients" by Redspin VP Chris Campbell September 6 @ 9:20am HIMSS Privacy and Security Forum (Boston, MA) Look for Redspin's co-exhibition with EMC September 8-9 The Summit of the Southeast [ Read More ]
  • OIG Finds NASA Web Application Security Lacking. Is it Time to Assess Yours?

    Dan Berger
    26 Jul 2014 | 5:24 am
    We may be able to send a man to the moon but we still have a long way to go before all of our web applications are sufficiently protected from hackers. [ Read More ]
  • Why I Disagree With Google’s Founders About the Healthcare Market

    Dan Berger
    25 Jul 2014 | 5:08 am
    Google's founders, Sergey Brin and Larry Page, were recently asked at a conference if they could imagine Google becoming a healthcare company. They both said "no" and explained their reasoning as follows. Brin felt the regulatory obstacles would "dissuade a lot of entrepreneurs" from entering the market and added "it's just a painful business to be in." Page gave an example of what he thought could be a useful medical research tool and said "that's almost impossible to do because of HIPAA." Well, [ Read More ]
  • The Risks of a HIPAA Security Risk Analysis

    Dan Berger
    8 Jul 2014 | 2:43 pm
    The risk of a HIPAA risk analysis is in not selecting the right team for the job. [ Read More ]
  • BYOD Security – The Next Problem? Data Sprawl

    David Carlino
    20 May 2014 | 5:27 pm
    Submitted by David Carlino Mobile devices are designed to store less data than traditional laptops and desktop workstations. Cloud-based storage continues to enable a steady migration away from local device storage. Due to local storage limits, mobile users are increasingly turning to a wide array of cloud storage options to maintain and access their data. This is very helpful when a device is lost or stolen but there are unintended consequences in complexity, security, and risk... Enabling [ Read More ]
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • CosmicDuke and the latest political news

    18 Sep 2014 | 11:30 am
    After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening the malicious document.The first one discusses the Ukraine crisis and EU sanctions over Russia and the original document was published here less than a week agoThe topic of the second document is definitely focusing on current affairs: Scotland votes on independence today. The original article was published early this week. Here is the decoy document: It is obvious that the…
  • Ransomware Race (Part 4): Adult Content, Browlock's Staying Power

    18 Sep 2014 | 11:30 am
    Lately, our eyes have been caught by the rise of Ransomware families. It is very evident that the bad guys are constantly developing this type of malware family as seen in our previous posts about CryptoWall and CTB-Locker and Synolocker. In addition to these families, we have also been observing a rather simpler type of Ransomware, yet pretty active and very much alive since it was first encountered in 2013 - Browlock. Compared to other Ransomware families, Browlock does not encrypt the victim's files, and does not add nor run any files on the victim's machine. It only scares the user by…
  • Paying For Content

    18 Sep 2014 | 11:30 am
    I remember setting up our first website. That was 20 years ago, in 1994. When the Web was very young and there were only a handful of websites, it was easy to forecast that the Web was going to grow. And indeed, during these past 20 years, it has exploded in size. What’s even more important, the Web brought normal everyday people online. Before the Web, you would only find geeks and nerds online. Now everybody is online.Back in 1994, we were guessing what would fuel the upcoming growth of the Web. For it to grow, there has to be online content—content like news or entertainment. And for…
  • Ransomware Race (part 5): SynoLocker's unkept promises

    18 Sep 2014 | 11:30 am
    We believe you should never pay a ransom to online criminals. The reason is quite simple. File-encrypting ransomware holds the victim's personal files "at ransom" until a payment is made. For the scheme to work, the victim has to believe that paying up will help. However, the only certain outcome from paying criminals is to encourage them to continue their malicious activities: paying the ransom might not actually get you your files back. Case in point, a recent ransomware family commonly known as SynoLocker.SynoLocker targets network attached storage devices manufactured by Synology. Once a…
  • Why do Apple's security questions still suck?

    18 Sep 2014 | 11:30 am
    It's been two weeks, so why do Apple's security questions still suck?Here's an example of questions you'll be asked when you create an Apple ID:And here's the full list…Security Question 1:  •  What is your favorite children's book?  •  What is your dream job?  •  What was your childhood nickname?  •  What was the model of your first car?  •  Who was your favorite singer or band in high school?  •  Who was your favorite film star or…
 
  • add this feed to my.Alltop

    Pcthreat.com

  • istsearch.com

    19 Sep 2014 | 12:29 am
    Do not wait but take some action if your Internet browsers are affected by the browser hijacker promoting istsearch.com, also known as Spellso. This search engine changes the home page of Internet Explorer,...
  • PC Optimizer Pro

    19 Sep 2014 | 12:29 am
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    19 Sep 2014 | 12:29 am
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • atajitos.com

    19 Sep 2014 | 12:29 am
    atajitos.com is a search engine that might act as a browser hijacker because this software might replace your homepage without your permission and modify the settings of your Internet Explorer, Google Chrome,...
  • V9 Redirect Virus

    19 Sep 2014 | 12:29 am
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • 56 Million Payment Cards At Risk in Home Depot Data Breach

    Michael Mimoso
    18 Sep 2014 | 2:46 pm
    The Home Depot data breach put 56 million payment cards at risk, the company said today, adding that the attackers used custom malware in the breach.
  • OWASP Releases Latest App Sec Guide

    Chris Brook
    18 Sep 2014 | 11:24 am
    OWASP published the latest iteration of its Testing Guide, an informational manual designed to teach developers how to build and maintain secure application.
  • CVE Identifiers Make Room For a Few More Digits

    Michael Mimoso
    18 Sep 2014 | 10:37 am
    The deadline for a syntax change for CVE identifiers is coming on Jan. 13 when the four-digit format will support five or more. Vendors must update vulnerability management products to support the new syntax.
  • Chinese Penetrate TRANSCOM Amid Lack of Data Sharing

    Brian Donohue
    18 Sep 2014 | 9:18 am
    TRANSCOM, the Defense Department command that handles wartime military logistics was compromised repeatedly over a one-year span by a handful of Chinese APT groups.
  • New Initiative Simply Secure Aims to Make Security Tools Easier to Use

    Dennis Fisher
    18 Sep 2014 | 8:43 am
    The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of interest to technophiles and activists. But many of those tools are difficult to use […]
  • add this feed to my.Alltop

    VRT

  • Looking Glasses with Bacon

    Mariano Graziano
    11 Sep 2014 | 10:37 am
    This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian third-year Ph.D. student at the Software and Systems Security Group at Institut Eurecom in Sophia-Antipolis (France) under the supervision of professor Davide Balzarotti. My research interests are memory forensics and automated malware analysis and currently I am an intern at Cisco in the Talos Security Intelligence and Research Group under the guidance of Alain Zidouemba for the next three months. This post is not about my current project at Cisco but is about my DEF CON talk.At DEF…
  • Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin

    Yves Younan, PhD
    9 Sep 2014 | 10:04 am
    This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability…
  • Malware Using the Registry to Store a Zeus Configuration File

    Shaun Hurley
    4 Sep 2014 | 10:00 am
    This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from and writing a significant amount of data to the registry. Initially, it was thought that the file may be a binary, but after some analysis it was determined that the file is a configuration file for Zeus. Within this blog post we take a look at our analysis of the data I/O in the registry.Initial Stages of InfectionThe scope of this paper is the analysis of the registry write. This section is a brief overview of what happens when the malware is executed.UnpacksCreates a copy of…
  • Discovering Dynamically Loaded API in Visual Basic Binaries

    Angel M. Villegas
    20 Aug 2014 | 7:30 am
    Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, becomes an exercise of source code analysis. Unfortunately when Visual Basic is compiled to a Windows Portable Executable (PE) file it can become a nightmare for many malware analysts and reverse engineers.Why is it used by malware?Visual Basic binaries have a reputation for making an analysts job difficult due to the many aspects of its compilation that differ from standard C/C++ binaries. To analyze a VB PE binary it helps to be familiar with the VB scripting syntax and semantics since…
  • The Windows 8.1 Kernel Patch Protection

    Andrea Allievi
    14 Aug 2014 | 12:22 pm
    In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spreads in the wild and specifically targets Windows 7 64-bit). Curiosity lead me to start analyzing the code for Kernel Patch Protection on Windows 8.1. We will take a glance at its current implementation on that operating system and find out why the Kernel Patch Protection modifications made by Uroburos on Windows 7 don’t work on the Windows 8.1 kernel. In this blog post, we will refer to the technology known as “Kernel Patch Protection” as “Patchguard”. Specifically, we will…
 
  • add this feed to my.Alltop

    PC1News.com

  • WebCheck Removal Guide

    admin
    28 Aug 2014 | 1:39 am
    The official website of WebCheck claims to protect your system against phishing scams and private data thieves when browsing the web, however, the truth about the application turns out to be quite different. The download link on its homepage webcheck1.com is active, but the program can also be offered to you after activating a bundled installer. In case you don't want to bother about having to delete the WebCheck related software, you should install it from its official website only. In any case, this program is not considered as beneficial for you, thus its presence on your system is not…
  • ShopNDrop Removal Guide

    admin
    28 Aug 2014 | 1:28 am
    ShopNDrop is a typical adware application which usually infiltrates your PC bundled with other potentially unwanted programs. In many cases, you probably install the app accidentally, while setting up some other program on your system. Even though ShopNDrop is not considered as a dangerous computer infection, it appears to be completely useless application which should not be kept on your PC. You should also scan your system for any identical infections because ShopNDrop usually does not travel alone. ShopNDrop is a semi-random name adware application which comes from one and the same family…
  • Screentool Removal Guide

    admin
    28 Aug 2014 | 1:09 am
    Screentool is another questionable program which malware specialists do not recommend being used. Even though that it is not categorized as a dangerous one, the activity of the application is rather suspicious. The experts suggest Screentool to be removed as an advertising-supported program due to its ability to promote shopping deals and other commercials. In case you find the removal of the application too difficult, you can check out the instructions bellow this article. According to the malware specialists, Screentool never intended to be a reputable and reliable program. The first proof…
  • Nana10 Removal Guide

    admin
    27 Aug 2014 | 8:02 am
    Despite the fact that the experts have categorized Nana10 as a potentially unwanted program, computer users consider it as a browser hijacker. The application functions as a toolbar, but as it appears to be a potential security threat, you'd better remove it from your system as soon as possible. Besides, you have to be aware that Nana10 does not travel alone, thus you should also check whether there are any other similar programs running on your computer and erase them all. Nana10 comes from the Conduit family of browser toolbars. In fact, it is not a real computer infection, nor it is a…
  • Surf Safely Removal Guide

    admin
    18 Jul 2014 | 7:45 am
    Surf Safely has been presented as a useful add-on which tries to optimize your Internet security by blocking the potentially unwanted and malicious programs. However, instead of protecting your PC, you will suffer the adverse behavior which will probably cause you some serious problems. Therefore, the best thing you can do is to uninstall Surf Safely from your computer right away. Be aware that the application usually enters your system with other unwanted programs, thus you have to make sure that you have eliminated them along with Surf Safely. A reliable anymalware tool will scan your PC…
  • add this feed to my.Alltop

    NSS Labs

  • The IPS Market – The Technology Lives On, What About the Products?

    18 Sep 2014 | 12:00 am
    Along with firewalls, intrusion prevention systems (IPS) are among the most well understood security appliances available on the market today. As part of our recently announced Competitive Intelligence Research offering, NSS Labs has released its first Market Intelligence Brief on the IPS market.
  • Cyber Resilience – It’s Not the 98% You Catch That Matters, It’s the 2% You Miss!

    6 Aug 2014 | 12:00 am
    Where the goal of cyberprevention has been to reduce the probability of an attack against the organization, cyber resilience looks to reduce the impact of these attacks through cyber risk management. Assuming that a breach is likely, cyber resiliency of systems and networks is needed to ensure mission survivability in a cyber-compromised environment.
  • It’s Time to Expect More from Your Research

    23 Jul 2014 | 12:00 am
    As any enterprise research manager or IT buyer will attest, finding the right information – and at the right time – is difficult at best. Oftentimes, multiple sources are used to answer one particular question – and then additional tools must still be used to validate those initial sources. Market share data, product comparisons, product roadmap implications, and insights into vendor strategy are separate services, and enterprises must sign up for these different services and then aggregate the data themselves, which can be a formidable task. 
  • Data Privacy Concerns Go Mainstream

    15 Jul 2014 | 12:00 am
    While one might expect to hear about security, privacy, and compliance at the security-oriented RSA Conference in San Francisco, these are less likely to be headline topics at the annual consumer electronics show, Cebit, or the eclectic South by SouthWest (SXSW) event in Austin, TX. But this year, privacy and security were hot topics at Cebit and at SXSW.
  • Understanding Risk and Adjusting Premiums

    8 Jul 2014 | 12:00 am
    As the volume and value of customer and corporate data increases, attackers are more determined than ever. This data has value attached to it, which can be insured, much like any asset would be. However, it can be more difficult to assess the value of digital assets, and more importantly, it is much more difficult to assess the risk that the storage and use of digital assets represents to an organization.This uncertainty in risk transfers to the insurance carrier because of the difficulty in calculating.
  • add this feed to my.Alltop

    VRT

  • Looking Glasses with Bacon

    Mariano Graziano
    11 Sep 2014 | 10:37 am
    This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian third-year Ph.D. student at the Software and Systems Security Group at Institut Eurecom in Sophia-Antipolis (France) under the supervision of professor Davide Balzarotti. My research interests are memory forensics and automated malware analysis and currently I am an intern at Cisco in the Talos Security Intelligence and Research Group under the guidance of Alain Zidouemba for the next three months. This post is not about my current project at Cisco but is about my DEF CON talk.At DEF…
  • Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin

    Yves Younan, PhD
    9 Sep 2014 | 10:04 am
    This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability…
  • Malware Using the Registry to Store a Zeus Configuration File

    Shaun Hurley
    4 Sep 2014 | 10:00 am
    This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from and writing a significant amount of data to the registry. Initially, it was thought that the file may be a binary, but after some analysis it was determined that the file is a configuration file for Zeus. Within this blog post we take a look at our analysis of the data I/O in the registry.Initial Stages of InfectionThe scope of this paper is the analysis of the registry write. This section is a brief overview of what happens when the malware is executed.UnpacksCreates a copy of…
  • Discovering Dynamically Loaded API in Visual Basic Binaries

    Angel M. Villegas
    20 Aug 2014 | 7:30 am
    Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, becomes an exercise of source code analysis. Unfortunately when Visual Basic is compiled to a Windows Portable Executable (PE) file it can become a nightmare for many malware analysts and reverse engineers.Why is it used by malware?Visual Basic binaries have a reputation for making an analysts job difficult due to the many aspects of its compilation that differ from standard C/C++ binaries. To analyze a VB PE binary it helps to be familiar with the VB scripting syntax and semantics since…
  • The Windows 8.1 Kernel Patch Protection

    Andrea Allievi
    14 Aug 2014 | 12:22 pm
    In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spreads in the wild and specifically targets Windows 7 64-bit). Curiosity lead me to start analyzing the code for Kernel Patch Protection on Windows 8.1. We will take a glance at its current implementation on that operating system and find out why the Kernel Patch Protection modifications made by Uroburos on Windows 7 don’t work on the Windows 8.1 kernel. In this blog post, we will refer to the technology known as “Kernel Patch Protection” as “Patchguard”. Specifically, we will…
 
  • add this feed to my.Alltop

    Private WiFi

  • Infographic: Protecting Yourself and Your Mobile Device

    Elaine Rigoli
    19 Sep 2014 | 1:00 am
    While most people secure their laptops with the latest security updates, there's still a large segment of society who seems to think security issues do not affect their mobile phones. That couldn't be further from the truth, as threats from malware and phishing definitely exist in the world of mobile apps -- and especially in WiFi hotspots. (As just one example of how people don't pay attention? Before her phone was hacked, actress Jennifer Lawrence famously said, “My iCloud keeps telling me to back it up, and I’m like, I don’t know how to back you up. Do it yourself.”) In an effort…
  • Will WiFi Replace Cable and Fiber Networks?

    Jared Howe
    17 Sep 2014 | 8:10 am
    In a recent blog post, we mentioned that the next generation of WiFi technology will be able to transmit over 7 Gbps (gigabytes per second), and that by 2018, worldwide WiFi traffic will overtake wired traffic for the first time ever. So while we are using WiFi networks more and more, you probably have noticed that some of these networks are unreliable and many are downright slow at times when compared to cable and fiber broadband networks. A network company called Mimosa, co-founded by Brian Hinman and Jaime Fink in 2012, is looking to change the perception of WiFi as something slow and…
  • OpenSignal’s U.S. WiFi Study Looks at Speed, But Not Network Security

    Jared Howe
    15 Sep 2014 | 9:52 am
    OpenSignal is a small startup with a very interesting mission: they are creating a database of WiFi access points around the world and are hoping to become the global authority on wireless networks. Their website contains analysis of all of the data they have collected, including the WiFi signal strength of all access points in a given area. How do they do it? They have a mobile app that Android and iPhone users can download which provides raw data to OpenSignal about the WiFi access points the users come into contact with and the signal strength at any particular location. This app strips…
  • Home Depot Hit by Data Thieves, Similar to Target Breach

    Eva Velasquez
    12 Sep 2014 | 8:51 am
    Security analysts say the damage with Home Depot’s recent data breach may be even more widespread than Target’s, and it may affect more customers. In fact, some news reports are pondering if this could be one of the largest breaches in history. A Home Depot spokesperson told cyber security expert Brian Kreb: “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for…
  • Android Apps Susceptible to Man-in-the-Middle Attacks

    Jared Howe
    11 Sep 2014 | 6:59 am
    Recently an online security company named FireEye published an alarming blog post about how many Android apps are susceptible to man-in-the-middle (MITM) attacks. Of the 1,000 most downloaded apps on Google Play, FireEye found that 68% had at least one serious vulnerability. Who’s This Man-in-the-Middle? First, a short primer on MITM: this kind of attack happens when a hacker inserts his computer between your device and the web server you (or in this case, your Android app) are trying to communicate with. Your app thinks it is communicating with the app’s web server, but in fact, all of…
  • add this feed to my.Alltop

    Pivot Point Security

  • How to Keep Mobile Communications Safe from Rogue Cell Phone Towers

    Robert Oliver
    9 Sep 2014 | 8:46 am
    From a risk management perspective, the increasingly inventive approaches taken by cyber criminals, foreign agencies, and business competitors to compromise information security place an organization’s data at escalating levels of risk. In particular, as more businesses adapt to a mobile workforce and institute Bring Your Own Device (BYOD) policies, significant questions arise about the security of mobile communications and the suitability of certain options. New mobile attack vectors make the news all the time. But a recent news clip in Forbes about the proliferation of rogue cell phone…
  • Leveraging an Existing SOC 2 to Simplify ISO 27001 Certification

    John
    9 Sep 2014 | 7:00 am
    What is the most efficient way to get ISO 27001 certified if you already have your SOC 2 attestation? It’s not uncommon for an organization that had previously used (somewhat incorrectly) SAS 70 as its primary means of demonstrating its security posture to have (correctly) migrated to a SOC 2 attestation when the American Institute of CPAs (AICPA) cleared up that issue by offering both SSAE 16 SOC 1 and SOC 2 auditing standards. While SOC 2 is a useful form of attestation, there are certain verticals (e.g., financial services, healthcare, technology, legal) and geographies (non-US) where…
  • Discussing ISO 27001 Concerns with Your Law Firm’s Partners

    John
    26 Aug 2014 | 4:00 am
    Law firms have a unique political environment.  I know that from working with many of them, yet somehow I was still a little surprised by what transpired at a Partners Meeting I recently attended.  I think there is a lesson to be learned here, which I thought was worth sharing. The ISO 27001 team thought it would be a good idea to update the Partners on its progress, as we were on the verge of finishing the first phase of the project.  Our Lead Implementer was travelling for another certification audit so he asked me to give the presentation on his behalf. Things started well.  We…
  • Ansel Adams and My Long-Lost Picture of Bigfoot

    John
    21 Aug 2014 | 4:00 am
    I don’t write many off-topic blog posts. But there were no blogs back when I took that picture and then lost it for twenty years… When I was in college I took up black-and-white photography. Part of the allure of it all came from fond childhood memories of working with my dad in our windowless bathroom developing pictures in the bathtub. Watching images emerge ghostlike as I rocked the paper in the film bath was akin to magic. But I was also drawn to black-and-white photography because I admired Ansel Adams’ landscape photographs, especially those he shot in Yosemite National Park. So…
  • Will Nonconformities Prevent My Firm from Achieving ISO 27001 Certification?

    John
    19 Aug 2014 | 4:00 am
    One of the most frequently misunderstood elements of the ISO 27001 certification process is the area of “findings” and/or nonconformities. One of our ISO 27001 Lead Implementers recently shared his observations on the types/levels of findings he has seen in his audits, which are worth passing along: N/A — Effectiveness of controls could not be measured at the time of the audit due to lack of information, timing, etc. Effective –The requirement is met. Observation — Notes on a benign, anomalous event; a non-mandatory recommendation. Opportunity for Improvement —…
 
  • add this feed to my.Alltop

    HOTforSecurity

  • Home Depot Breach Exposes 56 Million Credit Cards

    Lucian Ciolacu
    19 Sep 2014 | 5:39 am
    An estimated 56 million credit cards have been exposed in the Home Depot security breach from September 2, according to Home Depot’s investigation update Home Depot detected the breach in early September after law enforcement and some of its banking partners reported the problem. “Criminals used unique, custom-built malware to evade detection,” the company said in a press release. “The malware had not been seen previously in other attacks, according to Home Depot’s security partners.” The malware that put at risk “approximately 56 million unique payment…
  • eBay Falls Victim to Cross-Site Scripting Attack

    Alexandra Gheorghe
    18 Sep 2014 | 7:32 am
    The British website of online retailer eBay was compromised through a cross-site scripting (XSS) vulnerability, exploited to steal customers’ login credentials, according to the BBC. Attackers apparently planted malicious Javascript code in product listings to redirect eBay customers interested in cheap Apple smartphones to a spoofed eBay welcome page. Once there, they were asked to enter their account username and password. The incident was first reported by Paul Kerr, an IT worker from Scotland who contacted eBay and was told that the matter would be considered “of the highest level of…
  • Adobe Fixes Eight Critical Vulnerabilities in Adobe and Acrobat Reader

    Lucian Ciolacu
    18 Sep 2014 | 4:28 am
    Adobe has issued a new patch for Adobe and Acrobat Reader to fix eight critical-rated vulnerabilities that could lead to a remote-code-execution attack, according to the Adobe APSB14-20 security bulletin. The vulnerabilities occur on both Windows and OSX operating systems. “These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions,” the advisory said. Image Credit: Adobe Reader Presentation web page The newly issued patch resolves the following…
  • Apple Adds Two-Factor Authentication for iCloud

    Alexandra Gheorghe
    18 Sep 2014 | 1:29 am
    Amid a nude picture leak scandal that exposed hundreds of private photos of female celebrities through an alleged iCloud breach, Apple has extended the two-factor authentication feature to its iCloud backup service, according to PC World. In an email to Apple ID account users, the company announced that, in addition to protecting Apple ID account information, two-step verification is also available to secure data stored and updated using iCloud. Each time users sign in to iCloud from a new device, they will need to verify their identity by entering the account password and a 4-digit…
  • Download this Kindle eBook, and have your Amazon account cookies stolen

    Graham Cluley
    16 Sep 2014 | 5:53 am
    A security researcher has reported what appears to be an embarrassing flaw on Amazon’s website that could put Kindle users at risk. Benjamin Daniel Mussler claims that the “Manage Your Content and Devices” and “Manage Your Kindle” services on Amazon’s web-based Kindle Library are vulnerable to a cross-site scripting (XSS) attack, which can be exploited by a boobytrapped eBook title. Anyone wanting to target a Kindle user would go about go about their attack by creating an eBook with a specially-crafted title: <script…
  • add this feed to my.Alltop

    Data In Motion

  • The Attachmate Group announces intention to merge with Micro Focus

    Bret Fitzgerald
    14 Sep 2014 | 11:34 pm
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this The Attachmate Group a privately-held software holding company owned by an investment group led by Francisco Partners, Golden Gate Capital, Elliott Management and Thoma Bravo, today announced that it has entered into a definitive agreement to merge with Micro Focus. The transaction is expected to close on November 3, 2014. It is subject to customary closing conditions, including Micro Focus shareholder approvals and regulatory approvals under the Hart-Scott-Rodino Act. The Attachmate Group and Micro Focus…
  • Give Users the Productivity Tools They Want and Secure Your Data Too

    Tom Scearce
    9 Sep 2014 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this  Applications like Google Drive, Box, and Dropbox combine an intuitive look and feel with convenient, cross-platform compatibility. Users can access files from any device, 24/7, which makes the apps great for small business and personal use. But for large organizations with a need for top-notch data security, the same applications present a dilemma. With growing frequency, employees are using them to share files with or without company authorization. At the same time, the platforms don’t offer sufficient…
  • How to Make Everyone Happy: Learn to Balance the Needs of Users and IT at BrainShare

    Tom Scearce
    3 Sep 2014 | 3:08 pm
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this As more collaboration and filesharing apps hit the market, IT is deluged with requests from employees wanting to bring outside applications into the enterprise. It’s your job to make things as easy as possible for your employees, but to say yes to end users you also must balance your organization’s need for security and control. How do you do all that while keeping total cost of ownership low? Join us at BrainShare 2014, the premier user and technical training conference for Attachmate, NetIQ and Novell…
  • Drinking your own champagne (or eating your own dog food)

    Tom Scearce
    16 Aug 2014 | 8:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this  By Stuart Meyers, APAC Regional Product Manager, Attachmate and Novell “Today’s post comes from Down Under. It was written by our esteemed colleague Stuart Meyers (au.linkedin.com/in/stuartmeyers). Stuart shares his unique perspective on what it’s like for Attachmate and Novell employees to ‘eat their own dogfood’ – use the products we sell.” One of the most enjoyable parts of working for a software company is when you actually get to use and enjoy using the products that you develop and…
  • 3 Ways to Maximize the Value of Your MFT Consultant

    Tom Scearce
    12 Aug 2014 | 8:30 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this Experienced consultants can help you deliver an effective, comprehensive managed file transfer (MFT) implementation to IT, management, and users. But what level of expertise should your consultant offer? And what should MFT consulting services include? Here are three different ways to get the most value from your MFT consultant or consulting team: 1. Invest in a bundle. If your MFT solution provider bundles consulting services with software, take advantage. Why bundles? Because they can lower the price of…
  • add this feed to my.Alltop

    Video Surveillance

  • New HD Onboard Surveillance

    10 Sep 2014 | 4:26 pm
    Onboard recording is becoming a popular security measure by recording video evidence of altercations between passengers on public transportation, driver misconduct, and even police activity when pulling over cars. When it comes to onboard surveillance, there are a few key features to look for: HD quality, a protective housing, and audio recording. With 720p HD resolution, the Axis P3904-R M12 camera can record clear, detailed surveillance video. Ideal for use on city busses, subway trains, and cars, this camera comes with a rugged M12 connector to ensure that the bumps and shocks of driving…
  • 2014 VideoSurveillance.com Scholarship Winner

    20 Aug 2014 | 12:50 pm
    VideoSurveillance.com is pleased to announce that Jackson Kelner of Minnetonka, Minnesota is this year's winner of our annual college scholarship program. Jackson will be attending Washington University in St. Louis this fall as a freshman. The VideoSurveillance.com scholarship asked students to answer in a 250-word essay how surveillance cameras can help increase campus safety. Here's an excerpt from Jackson's essay: "I would assign multiple officers to the main control center to monitor cameras 24/7. Although it would certainly be difficult to monitor every single camera, I would implement…
  • VideoSurveillance.com Featured on Yahoo!

    4 Jun 2014 | 10:29 am
    Again and again, VideoSurveillance.com continues to fortify its reputation as a true expert in IP video technology. Yahoo Tech! featured an article on June 4, 2014 highlighting the domestication of surveillance cameras, and utilized VideoSurveillance.com as a source for information on the latest trends. You can read the article here - Yahoo Tech! Article.
  • VideoSurveillance.com Featured on GovernmentVideo News

    27 May 2014 | 10:05 am
    Public transit systems across the country are increasing the number of video surveillance cameras on buses and subways to deter criminal activity and reduce liability lawsuits. An article featured on GovernmentVideo.com highlighted how virtual security integrators like VideoSurveillance.com are playing a critical role in helping mass transit departments switch from less dependable analog video systems to IP surveillance. As a result, public transit systems are able to gather stronger video evidence, attributable to HD resolution, only found on IP camera systems. Read the full article on the…
  • New Pre-configured Video Surveillance Systems Now Available

    14 May 2014 | 4:49 pm
    Our pre-configured 4 and 8 camera video surveillance systems have been updated with new IP cameras and NVRs for easy installation and professional-level surveillance. Each system comes with cameras, a NVR featuring Milestone Essential VMS software, and all the cables you need to install the system. The 4-camera systems are specially designed to monitor a small business or home, and come with a variety of indoor and outdoor cameras. For larger businesses, our 8-camera systems make it easy to monitor a lobby, back room, and parking lot. Our wireless systems also received an update, with a new…
 
  • add this feed to my.Alltop

    Seculert Blog on Advanced Threats and Cyber Security

  • Zeus Malware Variants Designed to Evade Client-Side Security Software

    Liora R. Herman
    18 Sep 2014 | 6:18 am
    As reported by Zero Day’s Charlie Osborne, threat actors are using new variants of the notorious Zeus malware Trojan in an email campaign designed to steal financial data from (so far) a Canadian bank and several US business targets. The Zeus malware variants, which were spotted by researchers at Websense Security Labs, are a fusion […] The post Zeus Malware Variants Designed to Evade Client-Side Security Software appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Cyber Security Professionals are Sheep Awaiting Slaughter

    Liora R. Herman
    15 Sep 2014 | 1:20 am
    In a recent article, New York Times technology reporter Nicole Perlroth recounts a gag that, in one variation or another, is racing its way through the cyber security community as only droll jokes can. It goes like this: An eager young CISO meets the wise old predecessor who he replaced. This predecessor hands his successor […] The post Cyber Security Professionals are Sheep Awaiting Slaughter appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Hackers Slip Past Two-Factor Authentication Security at 20+ Banks

    Liora R. Herman
    11 Sep 2014 | 6:56 am
    Think that the heralded two-factor authentication is enough to thwart today’s hackers? Well, so did cyber security professionals at 34 banks across Europe and Asia – that is, until, their customers’ online accounts were ransacked in new campaign that appears to be the handiwork of cyber criminals operating out of Russia and Romania. The campaign, […] The post Hackers Slip Past Two-Factor Authentication Security at 20+ Banks appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Possible Point-of-Sale Attack at Goodwill Prompts Joint Investigation

    Liora R. Herman
    10 Sep 2014 | 7:14 am
    Quiz: What does it take get the US Secret Service to waltz into a Goodwill store? Hint: It’s not to shop for previously-enjoyed charcoal suits, pick up a used DVD of “Men in Black”, or make a donation (how much does a used wristwatch microphone go for these days?). Give up? Sadly, the answer is […] The post Possible Point-of-Sale Attack at Goodwill Prompts Joint Investigation appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Enterprise Cybersecurity Strategy Moves CEOs “Front & Center”

    Liora R. Herman
    19 Aug 2014 | 6:10 pm
    In what he hails as a wake-up call for his fellow CEOs, Sentek Global’s Eric Basu latest article on Entrepreneur.com pointedly entitled “CEOs Can No Longer Sit By on Cybersecurity” is also must-read for all executives who want their enterprise to avoid becoming the next example of failed cybersecurity – and making the headlines for […] The post Enterprise Cybersecurity Strategy Moves CEOs “Front & Center” appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • How To Automatically Decrypt PGP-Encrypted Files Upon Upload

    John Carl Villanueva
    16 Sep 2014 | 5:33 pm
    Overview Whenever PGP files uploaded to your server happen to contain data needed for business processes, you might want to have those files decrypted automatically. That way, they can then be forwarded to the applications waiting to process them. JSCAPE MFT Server has an easy way of doing that and it's what we're going to show you today.   What we'd like to do   Figure 1   How to do it   In a nutshell, this method consists of creating a trigger that: 1. Listens to a file upload event,  2. Limits the succeeding action to files that end with "pgp" (the file extension…
  • PGP Encrypting Every Single File Uploaded By Members Of A Group

    John Carl Villanueva
    14 Sep 2014 | 5:32 pm
    Overview Some company activities - such as product development or eDiscovery - require a high level of security. The people involved in these activities have to make sure the information they share with one another are kept confidential at all times. In JSCAPE MFT Server, it's possible to secure a group folder in such a way that all files uploaded to that folder are automatically encrypted with OpenPGP. In this post, we'll show you how to do that.   What we'd like to do   In our example, Sam is a member of TeamGold, a special group formed to handle a project involving sensitive…
  • How To PGP Encrypt Every Single File Uploaded By A Particular User

    John Carl Villanueva
    12 Sep 2014 | 10:07 pm
    Overview Some guys in your organization may have to handle lots of sensitive information. Because there's always a good chance their files are going to contain confidential data, it would be best to ensure that every single file they upload to your server get utmost protection. On JSCAPE MFT Server, you can do that by applying OpenPGP encryption on all virtual paths owned by that user.   What we'd like to do       Learn how to do it   In the succeeding steps, you'll learn how to select a user, modify that user's virtual paths, and enable those paths for OpenPGP…
  • Required MFT Server Password Settings for PCI DSS Compliance - Part 2

    John V.
    11 Sep 2014 | 7:24 pm
    In part 1, we enumerated all PCI-DSS requirements that directly affected password settings and practices. Here, we're going to show you how and where in JSCAPE MFT Server you can configure settings in order to meet those requirements. All I'll have here are the numbers corresponding to those PCI DSS requirements, each immediately followed by the setting that will help you meet them. So I suggest you open Part 1 in another tab so it will be easier for you to refer to the details of a requirement on which a particular setting is based on.  Ready? Let's begin. Requirement #2 Although…
  • Required MFT Server Password Settings for PCI DSS Compliance - Part 1

    John V.
    11 Sep 2014 | 7:22 pm
    Overview Certain PCI-DSS requirements dictate how passwords should be generated, managed and used in file transfer systems located within or connected to your cardholder data environment. In this post, we'll identify what those requirements are and then point to ways you can meet them when using JSCAPE MFT Server. Let's jump into those requirements now.     Requirement #2: Prohibiting the use of vendor-supplied defaults for system passwords Requirement #2 prohibits the use of vendor-supplied defaults for system passwords. This is to counter attackers who take advantage of the usual…
  • add this feed to my.Alltop

    Radware Blog

  • New Findings: The Wrong Image Format Measurably Hurts the User Experience

    Tammy Everts
    16 Sep 2014 | 6:52 am
    Faster load times correlate with improved business metrics (ranging from page views to revenues). With images comprising more than half of a typical page’s weight, it only makes sense that optimizing images so that they render more quickly in the user’s browser should be a priority for every site owner. Selecting the best image rendering format is the first step on the path toward fully optimized images, but even this first step is fraught with debate. At the core of the debate is this seemingly simple question: Should we use baseline or progressive images? If you’re not a…
  • My Takeaways from This Year’s AT&T Cyber Security Conference

    Carl Herberger
    11 Sep 2014 | 8:44 am
    Last week, I was invited to speak at the 16th annual AT&T Cyber Security Conference in NYC where over the span of two days, speakers kept the audience immersed with engaging topics.  Surrounded by security executives, I learned that we all share similar concerns.  There were resounding messages that resonated with me that I’d like to share as my key takeaways from the event. #1:  There is no singular problem when it comes to bolstering security The problems that plague information security are clearly distributed throughout the organization. Depending on where you sit and what…
  • Beyond Free Calls — Protecting Your Business from Phone System Fraud

    Patrick McNeil
    8 Sep 2014 | 7:08 am
    Denial of Service (DoS) has reigned as the most headline-grabbing network attack over the past three years.  However, the truth is that attacks come in all different flavors ranging from Distributed DoS (DDoS) to low-volume application-layer attacks that target user credentials, financial information, trade secrets, or abuse of services to commit fraud.  At the application layer we most often think of HTTP, however, there are almost an immeasurable number of Layer 7 applications available for exploit. While at a security conference early this year, I got into a discussion with a few fellow…
  • Every Political Action Causes a Cyber Reaction

    Carl Herberger
    28 Aug 2014 | 12:33 pm
    Just as Newton’s Third Law of motion states “for every action, there is an equal and opposite reaction” a similar notion can be applied to the recent news of financial organizations being hacked. Just this week, it has been widely reported that Russian hackers were the source of attacks on JP Morgan and four other financial organizations. One can surmise that this was politically motivated by U.S. sanctions against the Russian government.  If you take a step back and look at the bigger picture, for every real world government action, there will be a cyber-reaction. This is…
  • Improving Customer Value with Collaborative Design

    Travis Volk
    13 Aug 2014 | 8:41 am
    One challenge all business leaders have in common is the expectation to customize products and services for their largest customers.  Reflecting on several collaborative designs with my most demanding customers, I recognized a benefit in the process that was not obvious from the beginning — mutually beneficial relationships have gone beyond good support and competitive pricing.  Providing extensibility of solutions allowing customers to differentiate services has become necessary as framework consolidation and service velocity increases. Going further to meet the demands of our…
 
  • add this feed to my.Alltop

    pfSense Setup HQ

  • Suricata Intrusion Detection: Part Four

    admin
    16 Sep 2014 | 6:00 am
    Configuring app parser settings in Suricata. In the previous articles on Suricata, we covered installation, configuring global settings and pass lists, and began looking at setting up an interface. In this article, we will continue setting up our first Suricata interface. In this example, we are configuring the WAN interface. Configuring App Parsing The next tab after “WAN Flow/Stream” is “WAN App Parsers“. This tab deals with parsers that operate on the application layer of the TCP/P model, the layer that specifies certain protocols that cover major aspects of…
  • Suricata Intrusion Detection System: Part Three

    maximumdx
    13 Sep 2014 | 4:00 am
    Interface settings in Suricata. In the previous article, we covered some additional Suricata configuration details, including downloading rules and setting up your first Suricata interface. In this article, we will continue to configure that interface. Since we already covered the “WAN Settings” tab, we’ll move on to the “WAN Categories” tab. The first heading covers automatic flowbit resolution. Flowbits are a powerful tool that were first implemented in Snort. Many times, you need to look at more than just one packet to know whether an event is occurring.
  • Suricata Intrusion Detection System: Part Two

    maximumdx
    9 Sep 2014 | 2:00 pm
    Defining a pass list in Suricata. In the first article about Suricata, we covered basic installation as well as global settings. In this article, we will continue our look at configuration. In Global Settings, you must choose a set of rules to download, as well as update settings for those rules. Once you do that and save the settings, you can move on to the “Update Rules” tab. I chose the ETOpen rule and Snort VRT rules, set my update interval to 12 hours, and my update start time to 04:00, and saved the settings. By clicking on the “Update Rules” tab, you can…
  • August 2014 Amazon Affiliate Purchases

    admin
    4 Sep 2014 | 1:00 pm
    Here’s some of the products that people have purchased through my Amazon affiliate links: Allstar ALL90040 Red Anodized 1/4″ Mounting Hole In-Line Oil Temperature 10AN Male 1/2 NPT Female Tee Fitting Asus Black 12X BD-ROM 16X DVD-ROM 48X CD-ROM SATA Internal Blu-Ray Drive (BC-12B1ST) Lamptron CW611 Water Cooling Controller 6CH X 36W LCD Six2510-3pin Sunbeamtech PL-RS-6 Rheosmart 6 Fan Controller San Francisco Bay Coffee, Breakfast Blend, 80 OneCup Single Serve Cups DNSSEC Mastery: Securing the Domain Name System with BIND A special thank you to everyone who purchased something…
  • Suricata Intrusion Detection System: Part One

    maximumdx
    4 Sep 2014 | 6:00 am
    The global settings tab in Suricata. Suricata is an open source-based intrusion detection system (IDS). There are several advantages to running Suricata. [1] It is multi-threaded, so you can run one instance and it will balance the load processing across every processor. [2] The most common protocols are automatically recognized by Suricata as the stream starts, allowing rule writers to write a rule to the protocol, not to the port expected. [3] Suricata can identify thousands of file types on your network, and you can tag files for extraction so the file will be written to disk with a…
  • add this feed to my.Alltop

    Tips4Tech Blog

  • Don’t Forget Security When Developing Corporate Mobile Apps

    Allan Pratt
    9 Sep 2014 | 8:28 pm
    With the rise in mobile device usage, bring your own devices to work (BYOD), the Internet of Things (IoT), combined with the decline of personal computers, many corporate leaders believe that their businesses should develop a mobile application, or in tech lingo, an app. An Appcelerator survey of enterprise leaders released in January 2013 reported that 73% of enterprises built fewer than five applications, and 39% built none or just one. (1) (2) But does your business really need an app to be competitive, or do you simply want to be able to SAY you have one? Will an app fill a critical hole…
  • Privacy, Security and Voice Search: Does Your Company Know What It’s Getting Into?

    Allan Pratt
    22 Aug 2014 | 7:09 pm
    These days, everyone is using the voice search function across all platforms on all devices. Look no further than an iPhone to an Android phone to the Windows tablet, and you’ll see most people speaking questions instead of typing them. Without a doubt, it’s much easier to speak a request or question rather than typing it on a small keyboard. But do you know the reason that your device gets more accurate? The reason is because all of your voice commands are stored on servers that are owned by Microsoft, Apple or Google. As you speak, those servers are accessed and an algorithm is used…
  • Is Your Business Ready for the Cloud?

    Allan Pratt
    2 Aug 2014 | 10:17 am
    These days, wherever you go, there’s always someone extolling the virtues of cloud computing. How often has someone at your monthly C-Suite meeting said, “Cloud computing is the answer to XYZ?” But then the conversation takes an unintended turn, and the focus never returns to defining either the question or the answer. According to Wikipedia, cloud computing is “the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility (like the electricity grid) over a network…
  • Does Your Business Conduct Regular Security Audits? Here Are 3 Tips

    Allan Pratt
    15 Jul 2014 | 5:36 pm
    Thanks to the numerous security breaches in the news, the C-suite members of your business should be thinking about regular security audits. While size does matter, the more employees you have and the more data you generate, security audits are critical to the long-term stability of your business. And remember, no one is immune to a data breach. Wondering where to start? Check physical security first. Then work your way in. The simplest way to steal data is to steal the device where it’s stored. You would be surprised by the number of businesses that don’t do the easy things. They…
  • Address Books, Webmail and the Cloud

    Allan Pratt
    9 Jul 2014 | 8:17 pm
    To All businesses Who Use Address Books on Webmail: stop and learn why your data may be at risk. Instead of Webmail, use a third-party email client such as Outlook or Thunderbird. Recently, I was hacked. No one is immune – even those of us in the infosecurity field can get hacked. The situation occurred in an email account that I use for professional correspondence outside of my day job. I have a client in the medical profession who uses Gmail for his email correspondence, and recently, the doctor was hacked. He keeps all of his patient email addresses as well as friends and family in the…
  • add this feed to my.Alltop

    Milton Security

  • 56 Million Cards Compromised in Home Depot Breach

    Bethany Nolan
    18 Sep 2014 | 3:03 pm
    Home Depot, the world’s largest home improvement retailer, has released an update on their breach. The threat has been removed, but the damage is staggering. Home depot began an investigation in to a possible data breach in early September after receiving reports of “unusual activity” from its banking partners. Home Depot informed the public of the possibility, and asked all customers to closely monitor their finances. Sadly, they announced today that 56 million credit cards were compromised, making this possibly the largest retail credit card breach in current history. As you may…
  • Security Flaw Found in Amazon Kindle

    Bethany Nolan
    17 Sep 2014 | 8:55 am
    A security flaw in Amazon’s Kindle software could be compromising your Amazon account details. Benjamin Daniel Musser, a German security researcher who discovered the issue, posted a proof-of-exploit online. The vulnerability, a stored cross-site script(XSS) is included in the metadata of e-books. This malicious line of code triggers a security hole as soon as these books are opened on the Amazon Library page on Amazon.com.  Once a Library has been infected, hackers can access and transfer cookies, which contain Amazon account credentials. Musser claims that he discovered the issue in…
  • Massive Malware Campaign Stopped After 12 Years

    Bethany Nolan
    16 Sep 2014 | 9:52 am
    What many believe to be the longest running malware campaign in existence, has finally been shut down. The major data breach scam targeted banks, corporations and governments in Germany, Switzerland, and Austria for 12 whole years without detection. Dubbed the ‘Harkonnen Operation’, the malware campaign involved more than 800 registered front companies based in the UK, all with the same IP address, installing malware on servers and networks belonging to a total of 300 banks, large corporations and government agencies. CyberTinel, a security platform developer based out of Israel,…
  • Is there a “Treasure Map” of the Internet?

    Bethany Nolan
    15 Sep 2014 | 1:37 pm
    The National Security Agency of the United States, the British Government Communications Headquarters and similar agencies in Australia, Canada, and New Zealand have supposedly gained access to German telecom companies’ internal networks in an attempt to map the internet. According to Der Spiegel, a German news publication, Edward Snowden has leaked new documents that chronicle five major intelligence agencies collaborating on an operation dubbed “Treasure Map”.  The idea behind this map is to gain real-time access to individual routers, computers, smartphones, and tablets that are…
  • Australian Police use Spyware on Citizens

    Milton Security Group
    15 Sep 2014 | 11:18 am
    Though some us may think that the only government that enjoys spying on its citizens is ours, it turns out that police in the Australian state of New South Wales may have spent over $2 million on spy programs in order to monitor smartphones and notebooks of the citizens of Australia. According to the latest from WikiLeaks,  Australian police have been using spyware from Gamma International, a German company that specializes in developing spyware for remote computer monitoring. The specific software that the Australian police were utilizing, FinSpy or FinFisher, allows them to access…
 
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Hackers Exploiting SNMP Clients Using Google’s Public DNS Server Spoofed IP (8.8.8.8)

    Anurag Singh
    18 Sep 2014 | 6:51 am
    What is it? On 15th September 2014, SANS ISC reported that hackers are using Google’s Public DNS Server IP (8.8.8.8) to launch SNMP amplification DDoS attack against vulnerable devices available on the Internet. These packets actually do not originate from Google’s server but these are crafted or spoofed packets where the source IP is changed or translated to Google’s IP to make it look authentic as 8.8.8.8 is a widely used Public DNS server and even network experts will mistakenly consider it as genuine traffic. Which devices are vulnerable to this attack? Simple Network Management…
  • Change in the Internet Architecture -NDN

    Sandeep Wadekar
    15 Sep 2014 | 11:41 pm
    The University of California, Los Angeles – UCLA recently hosted a consortium of universities and leading technology companies on the 4-5th September, to promote the development and adoption of Named Data Networking – NDN[1]. For those among us, who aren’t aware about NDN, it is an emerging Internet architecture that promises to increase network security, accommodate growing bandwidth requirements and simplify the creation of increasingly sophisticated applications[2]. As per reports, the consortium aims to generate a vibrant ecosystem of research and experimentation around NDN;…
  • Malware Alert – Apple OS X affected by XSLCmd Backdoor

    Cyberoam
    12 Sep 2014 | 12:45 am
    An APT backdoor named “Backdoor.MacOS.Xslcmd.A” has been found affecting all Apple OS X systems. It has been seen that the malware contacts a remote server to receive commands to execute on the infected system. This is in line with tactics adopted by APT threat actors which are now clearly bringing in focus the Apple computing platform. It is reported that the malware is similar to the XSLCmd backdoor designed for Windows platform. However, with additional key logging and screen capturing abilities it may be more lethal than the Windows versions. Moreover, it creates a plist file to…
  • Vulnerability Alert – Use-After-Free condition detected in Mozilla Firefox

    Cyberoam
    12 Sep 2014 | 12:39 am
    A use-after-free condition affects Mozilla Firefox and can lead to a potential crash on a successful exploit. The condition currently affects Mozilla Foundation Thunderbird prior to 31.1, Mozilla Foundation Firefox ESR prior to 31.1 and Mozilla Foundation Firefox prior to 32. According to Mozilla advisory, the condition “… was found in interactions with the SVG content through the document object model (DOM) with animating SVG content.” CVE ID: CVE-2014-1563 CVSS Scoring: CVSS Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSS Temporal Score: 5.3 (E:POC/RL:OF/RC:C) The…
  • First android ransomware reported

    Cyberoam
    5 Sep 2014 | 3:21 am
    The Cyberoam Internet Threats Trends Report for Q2 2014, prepared in collaboration with CYREN, is out. While attacks on the Android operating system continued to predominate this quarter, the big news is the debut of the first type of Android ransomware, which encrypts and locks valuable user files, such as photos and documents, using strong encryption. 2013, saw PC-based ransomware repeatedly making news, but ransomware were not found to threaten mobile users until now. As most of us know, a typical ransomware encrypts files on a particular system thereby blocking access to user files. The…
Log in