Network Security

  • Most Topular Stories

  • 11 signs you've been hacked -- and how to fight back

    Computerworld Network Security News
    25 Jul 2014 | 6:13 am
    Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned
  • Evan Schuman: The data dangers of free public Wi-Fi

    Computerworld Network Security News
    29 Jul 2014 | 5:51 am
    New York's plan to turn pay phones into free Wi-Fi stations could be a template for other cities, and bad news for IT departments trying to protect corporate data and intellectual property.
  • 11 signs you've been hacked -- and how to fight back

    Computerworld Security News
    25 Jul 2014 | 6:13 am
    Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned
  • Replay Attacks and Possible Countermeasures

    pfSense Setup HQ
    maximumdx
    23 Jul 2014 | 2:00 pm
    Replay attacks are a variation on the man-in-the-middle theme. In a replay attack an agent is once again placed within the client/server line of communication. In the case of a replay attack, however, the transaction data is recorded for the express purpose of allowing the data to be modified and replayed to the server at a later time for nefarious purposes. An example of a replay attack is an instance where one party wants to prove their identity to a another party. If a third party eavesdrops on the conversation, they can intercept the password. Once the exchange is over, the eavesdropper…
  • Mobile security: A mother lode of new tools

    Computerworld Security News
    28 Jul 2014 | 3:30 am
    A gold rush of next-gen authentication technologies yields biometric systems, ID bracelets, new standards and more. Insider (registration required)
 
  • add this feed to my.Alltop

    Network Security Blog

  • “Your cons are just an excuse to drink and party”

    netsecpodcast@mckeay.net (Martin McKeay)
    28 Jul 2014 | 11:38 pm
    I’m sure we’ve all heard it before when trying to get approval to travel to conventions:  “This is just a boondoggle and you’re going to party the week away!”  Many people believe that the only thing that gets done at security conferences is that a lot of alcohol gets consumed and people get silly at night.  If you go by some of the things we talk about publicly, it’s no surprise that managers might believe that.  While there’s a little bit of truth in accusations, the reality is that there’s so much more going on at conferences that we…
  • Balancing digital privacy

    netsecpodcast@mckeay.net (Martin McKeay)
    27 Jul 2014 | 10:35 pm
    I had an interesting conversation with a relative this week about privacy.  Which is, of course, why I’m writing about it on the blog.  The irony of the situation doesn’t escape me.   “I’ve been listening to you and it’s made me very careful about what I put on the Internet.  I have almost no digit presence, I’ve used very little social media and what few accounts I do have are under pseudonyms, with no direct link to me.  When I do a Google search on my name, it turns up a few hits on me, then the rest of the results are of you and and a friend of…
  • Can I use Dropbox?

    netsecpodcast@mckeay.net (Martin McKeay)
    21 Jul 2014 | 11:07 pm
    I know security is coming to the public awareness when I start getting contacted by relatives and friends about the security of products beyond anti-virus.  I think it’s doubly telling when the questions are not about how to secure their home systems but about the security of a product for their business.  Which is exactly what happened this week; I was contacted by a family member who wanted to know if it was safe to use Dropbox for business.  Is it safe, is it secure and will my business files be okay if I use Dropbox to share them between team members? Let’s be honest that…
  • Root my ride

    netsecpodcast@mckeay.net (Martin McKeay)
    17 Jul 2014 | 11:36 pm
    If you’ve never watched the anime Ghost in the Shell(GITS) and you’re in security, you’re doing yourself a great disfavor.  If nothing else, watch the Stand Alone Complex series as a primer of what we might expect from Anonymous in the future.  I know my friend Josh Corman tries to sit down to watch it every year or two in order to refresh his memory and help him understand what might be coming down the pipeline from chaotic actors.  And the authors of the manga/anime have a impressive understanding of what the future of hacking might bring in the long term.  Probably a…
  • Patching my light bulb?

    netsecpodcast@mckeay.net (Martin McKeay)
    16 Jul 2014 | 10:59 pm
    You know things are getting a bit out of hand when you have to patch the light bulbs in your house.  But that’s exactly what the Internet of Things is going to mean in the future.  Everything in the household from the refrigerator to the chairs you sit in to the lights will eventually have an IP address (probably IPv6), will have functions that activate when you walk into the room and will communicate that back out to a database on the Internet.  And every single one of the will have vulnerabilities and problems with their software that will need to be patched.  So patching your…
 
  • add this feed to my.Alltop

    Dark Reading:

  • Black Hat USA 2014: Virtual Reality Check

    Black Hat Staff
    29 Jul 2014 | 10:00 am
    Virtualization is the future (and often the present) of large-scale IT, but like any technology, it has its share of flaws and shortcomings. Today, as we near the beginning of Black Hat USA 2014, we highlight three Briefings that explore the world of virtualized systems... more specifically, how to break and/or protect them.
  • The Perfect InfoSec Mindset: Paranoia + Skepticism

    Corey Nachreiner
    29 Jul 2014 | 9:00 am
    A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
  • Internet Of Things Contains Average Of 25 Vulnerabilities Per Device

    Ericka Chickowski
    29 Jul 2014 | 6:15 am
    New study finds high volume of security flaws in such IoT devices as webcams, home thermostats, remote power outlets, sprinkler controllers, home alarms, and garage door openers.
  • DHS-Funded 'SWAMP' Helps Scour Code For Bugs

    Kelly Jackson Higgins
    28 Jul 2014 | 6:15 pm
    Cloud-based platform offering free secure coding tools for developers in government, enterprises, academia, gaining commercial attention as well.
  • Weak Password Advice From Microsoft

    Andrey Dulkin
    28 Jul 2014 | 10:30 am
    Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
 
  • add this feed to my.Alltop

    Techwatch Tech News

  • PMC offers new business calls, lines, and broadband services

    Brian Turner
    10 Jul 2014 | 8:04 am
    PMC Telecom has announced a new package of calls, lines, and broadband services for business, with tariffs claimed to beat BT prices. It means the company becomes the latest ISP for small businesses, now able to offer both lines and … Continue reading →Originally posted here: PMC offers new business calls, lines, and broadband services at Techwatch Tech News - Digital & Satellite TV, 3DTV, HDTV, IPTV, Computers, Mobiles, Gaming, Internet, and Telecoms NEW! Also see the Techwatch Glossary
  • Outsourcing by small businesses increases

    Brian Turner
    10 Jul 2014 | 8:03 am
    A survey of 2200 small businesses in the UK for Freelancer.co.uk reveals that the rate of outsourcing to the developing world by UK small businesses grew by 35% this year. Most jobs were outsourced to India, Pakistan and the Phillippines, … Continue reading →Originally posted here: Outsourcing by small businesses increases at Techwatch Tech News - Digital & Satellite TV, 3DTV, HDTV, IPTV, Computers, Mobiles, Gaming, Internet, and Telecoms NEW! Also see the Techwatch Glossary
  • Sony Xperia Z2 to launch

    Brian Turner
    27 Feb 2014 | 12:40 pm
    Sony are about to launch the Xperia Z2 – the successor to the highly successful Xperia Z1 – less than a month after releasing the Z1 compact. However, if you’re looking for an innovative upgrade you may be disappointed – … Continue reading →Originally posted here: Sony Xperia Z2 to launch at Techwatch Tech News - Digital & Satellite TV, 3DTV, HDTV, IPTV, Computers, Mobiles, Gaming, Internet, and Telecoms NEW! Also see the Techwatch Glossary
  • Amazon offers 20% off all Kindles

    Brian Turner
    27 Feb 2014 | 12:16 pm
    Amazon have announced 20% off all Kindles – including the Kindle Fire HD and HDX editions. This results in the following current new prices for the different Kindle models: Kindle Fire HD: from £95.20 Kindle Fire HDX: from £159.20 Kindle … Continue reading →Originally posted here: Amazon offers 20% off all Kindles at Techwatch Tech News - Digital & Satellite TV, 3DTV, HDTV, IPTV, Computers, Mobiles, Gaming, Internet, and Telecoms NEW! Also see the Techwatch Glossary
  • Xbox 720 and PS4 to go more free-to-play

    Darren Allan
    10 May 2013 | 2:57 am
    Apparently both Microsoft and Sony are going to focus more on free-to-play games, and in-app purchases, with their next-generation consoles due out at the end of the year. In other words, they are moving further towards the tablet/smartphone/casual model of … Continue reading →Originally posted here: Xbox 720 and PS4 to go more free-to-play at Techwatch Tech News - Digital & Satellite TV, 3DTV, HDTV, IPTV, Computers, Mobiles, Gaming, Internet, and Telecoms NEW! Also see the Techwatch Glossary
 
  • add this feed to my.Alltop

    Tenable Network Security Blog

  • Tenable Integrates with AirWatch

    Manish Patel
    21 Jul 2014 | 4:45 pm
    Organizations have adopted mobile devices as essential part of their business and rely on MDM solutions like AirWatch to track and manage them as well as certain applications that run on them.
  • Tenable and Amazon Web Services (AWS) Announce Nessus® Enterprise for AWS

    Manish Patel
    15 Jul 2014 | 7:52 am
    Amazon Web Services (AWS) allows organizations to shift key compute, storage, and network resources from on-premise to the cloud, offering an on-demand delivery of IT resources with pay-as-you-go pricing.   While organizations have deployed vulnerability and security solutions to protect their on-premise assets, they face challenges in monitoring and securing their AWS instances in the cloud.  If you operate your company's business critical applications in the AWS (Amazon Web Services) cloud, you’re likely facing challenges such as:
  • Installing and Using Nessus on Kali Linux

    Paul Asadoorian
    10 Jul 2014 | 8:10 am
    If you are using Nessus for vulnerability scanning activities, consider installing Nessus on Kali Linux. Kali Linux is a fantastic distribution specifically designed for penetration testing.
  • Nessus Now Audits Huawei VRP Configurations

    Paul Asadoorian
    8 Jul 2014 | 10:59 am
    As part of Tenable's Continuous Monitoring Solution, Nessus, Nessus Enterprise and Nessus Enterprise Cloud users can now perform configuration audits against Huawei devices running the Versatile Routing Platform (VRP).
  • Announcing Singapore MAS Technology Risk Management Dashboard

    Dick Bussiere
    1 Jul 2014 | 10:42 am
    Tenable is pleased to announce a dashboard designed to assist our Singapore Financial Services Industry customers to comply with the Monetary Authority of Singapore Technology Risk Management Guidelines. The Monetary Authority of Singapore (MAS) has published a refreshed set of Technology Risk Management (TRM) Guidelines. These TRM Guidelines have a strong regional and global impact, and now affect any organization that can be classified as a Financial Institution (FI), not just banks. Types of organizations impacted include:
 
  • add this feed to my.Alltop

    Spyware news

  • Helpful tips on how to protect your smartphone/tablet

    2-spyware.com
    25 Jul 2014 | 4:55 am
    You have probably heard the term ‘Adware’. This term describes an advertising-supported software, which seeks to make a profit out of commercial advertisements. There is a small line between legitimate advertising, illegal advertising and annoying advertising. Nonetheless, the fact is that the majority of free programs and apps are supported by advertising. That is how […]
  • Different approach on internet security: ‘Project Zero’ by Google

    2-spyware.com
    18 Jul 2014 | 2:01 am
    It looks like Google is taking a new approach in order to make internet safer. Project Zero is an initiative that is heading in the right direction. To begin with, Google is recruiting elite security specialists and hackers in order to find various bugs, vulnerabilities, exploits and software flaws all over the web. According to one […]
  • Security industry members collaborate to stop Shylock virus

    2-spyware.com
    11 Jul 2014 | 6:57 am
    Several years ago we warned you about Shylock virus, which was actively used by hackers for stealing people’s banking data and other sensitive information. It is believed that this virus has already affected more than 30.000 computers. Unfortunately, how much money it managed to steal is still unknown… Luckily to all PC users, security experts […]
  • How to stay protected after Microsoft ends support for Windows XP?

    2-spyware.com
    6 Jul 2014 | 4:53 am
    Like it or not, April is just around the corner. It should be especially important for those who are still using Windows XP OS. If you are one of those people who keep relying on this operating system, beware that April 8, 2014 is the date when Microsoft will stop supporting it. That means that […]
  • Facebook: 4 security tips that you may not know

    2-spyware.com
    27 Jun 2014 | 7:14 am
    There is no question that Facebook is the only social network that likes updates so much. If you are confused about its latest modifications, you should definitely dedicate some time on this tutorial. Here we will reveal our top 5 tips for Facebook security. First of all, set up your Login Notifications and get ability […]
  • add this feed to my.Alltop

    cissp CISSP training Certified Information Systems Security Professional

  • The CCCure Holistic Computer Based Tutorials (CBT) for the CISSP Exam

    Posted by
    29 Jul 2014 | 3:57 am
    Good day to all, I am pleased to say that I have just uploaded Part 3 of my Telecommunication and Network Security CBT tutorial to our Learning portal at http://cccure.training/index.php a few minutes ago.   I am now working on the 4th and last portion and it should be ready soon. That's a total of 24 hours of tutorial developed by CCCure/Clement for the CISSP CBK alone. The tutorials are available to Gold and Siver members at: http://cccure.training//m/articles/browse/category/CISSP+Online+CBT The MP3 files were uploaded as well and you can download them to listen while mobile on…
  • Prevent Your Network Getting Hacked with a Free Acunetix Security Scan

    Posted by cdupuis
    18 Jun 2014 | 2:21 pm
    Acunetix Free Scan will identify network security issues including the feared Heartbleed to allow businesses to fix them in time London, UK - 17th June 2014 – The recent Heartbleed vulnerability has highlighted the urgent need for more network level security scanning. In view of this, Acunetix has announced that it will be offering 10,000 Free Network Security scans with Acunetix Online Vulnerability Scanner (OVS) in a bid to make it easier for businesses to take control of their network security. Acunetix Online Vulnerability Scanner is a hosted security scanner that will scan a…
  • Secure Coding and Advanced Android and IOS exploitation

    Posted by
    17 Jun 2014 | 8:03 am
    VIEW THIS MAIL IN BROWSER -- CLICK HERE NOW -->  --> NotSoSecure Trainings Secure Coding for Web Developers What can you expect from this class? Covers latest industry standards such as OWASP Top 10 (2013). Insight into latest security vulnerabilities like the heartbleed bug. Thorough guidance on security best practices. References to real world analogy. Hands-on labs. Taught by the Industry's leading expert and Black Hat Trainer. --> Advanced Android and iOS Exploitation What can you expect from this class? Learn advanced techniques to audit mobile apps for security…
  • Very interesting and FREE security tools from Qualys

    Posted by
    4 Jun 2014 | 3:13 am
    Hi Clement, Hope you’re doing well. I wanted to let you know that we’ve announced a few new tools recently and thought you may be interested in testing them out. Specifically, we released: BrowserCheck –  For anyone, this will detect and help you correct security issues in your web browser. SSL Test – Allows your business to audit SSL implementations on your websites. BlindElephant – An open source web application fingerprinting engine that identifies application and plugin versions via static files. FreeScan – Tests the perimeter security of your…
  • White papers and documents on security

    Posted by
    30 May 2014 | 12:14 am
    Good day to all, Below you have a list of white paper that may be of interest to you: SUVEYS Global Application & Network Security Report http://cccure.tradepub.com/free/w_radw02 2013 Cyber Risk Report Executive Summary http://cccure.tradepub.com/free/w_hp421 DDOS ATTACKS Securing Your Business Against SSL-Based DDoS Attacks http://cccure.tradepub.com/free/w_radw06 Mitigating the DDoS Threat http://cccure.tradepub.com/free/w_radw07 The Bot Threat http://cccure.tradepub.com/free/w_hp414 Protecting Critical DNS Infrastructure Against Attack http://cccure.tradepub.com/free/w_radw05 INTRUSION…
  • add this feed to my.Alltop

    Schneier on Security

  • The Costs of NSA Surveillance

    schneier
    29 Jul 2014 | 10:10 am
    New America Foundation has a new paper on the costs of NSA surveillance: economic costs to US business, costs to US foreign policy, and costs to security. News article.
  • Conference on Deception

    schneier
    29 Jul 2014 | 4:29 am
    There was a conference on deception earlier this month. Sophie Van Der Zee has a summary of the sessions.
  • Russia Paying for a Tor Break

    schneier
    28 Jul 2014 | 4:06 am
    Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can't.
  • Friday Squid Blogging: Build a Squid

    schneier
    25 Jul 2014 | 2:04 pm
    An interactive animation from the Museum of New Zealand Te Papa Tongarewa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Building a Legal Botnet in the Cloud

    schneier
    25 Jul 2014 | 8:33 am
    Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers.
 
  • add this feed to my.Alltop

    Infosec Events

  • Week 30 In Review – 2014

    md
    28 Jul 2014 | 4:01 pm
    Resources BSides Cleveland 2014 Videos – irongeek.com These are the videos from the Bsides Cleveland conference. You can watch and download the videos from here. Dispelling Confusion and Myths: iOS Proof-of-Concept – zdziarski.com A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS device wirelessly, and bypassing user backup encryption. iOS File Relay POC – youtube.com A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS…
  • Week 29 In Review – 2014

    md
    21 Jul 2014 | 10:55 am
    Resources BGA talk slides – twitter.com Marshall twitted his BGA talk slides on twitter. You can download the pdf from here. Building a Modern Security Engineering Organization – slideshare.net Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes. Car Hacker’s Handbook – opengarages.org Here you can download the book in several different formats for free! CONFidence 2014 video from our talk on CTFs – gynvael.coldwind.pl The video from j00ru’s…
  • Week 28 In Review – 2014

    md
    15 Jul 2014 | 2:21 am
    Resources Vendor Checklist app / Trust Metric app – archon.thewatchers.net ISECOM (the Institute for Security and Open Methodologies) began with the release of the OSSTMM, the Open Source Security Testing Methodology Manual. It was a move to improve how security was tested and implemented. Dumping Data from Memcached Servers – breenmachine.blogspot.com Memcached servers provide a dynamic, distributed memory object caching system to improve application performance. Stephen breen have developed a python script to dump data from memcached servers. Videos from the 15th Annual CERIAS…
  • Information Security Twitter Lists

    ggee
    31 Dec 1969 | 4:00 pm
    I’m not sure about yourself, but for me I find it hard to consume information from the twitter fire hose which is why they created the lists feature. Looking around there are several lists made for information security only people, but those lists were big and only slightly reduced the noise. Over the weekend I attempted to replicate my sieve / filtering system on rss sites to twitter and came up 20 or so different lists. This is still a work in progress, but already it has helped me consume information, be aware of conversation, etc. You can see the complete set on Infosec Events twitter…
  • Printable Agenda for Black Hat and DEFCON

    ggee
    7 Jul 2014 | 7:08 pm
    With the two big conferences (Black Hat USA and DEFCON 22) coming up, we started to look into what awesome presentations will be occurring, but we noticed that the schedule is not very printer friendly. So we spent some time to replicate the agenda and put it into a format that will print. Black Hat USA 2014 Agenda (Printer Friendly) DEFCON 22 Agenda (Printer Friendly) Note that because there are a ton of tracks at Black Hat, that the agenda will need to be printed on legal paper. All the page lines are setup so it should print fine. The presentation descriptions are also included for…
  • add this feed to my.Alltop

    Security Catalyst

  • DtR Security Newscast: pin those certs, cyber insurance, gmail in the courts

    Michael Santarcangelo
    29 Jul 2014 | 8:12 am
    I invite you to listen to the latest episode of the Down the Rabbithole (DtR) Security Newscast for July 28, 2014 — with Raf Los (@Wh1t3Rabbit) and James Jardine (@JardineSoftware). We record the DtR Newscast every other Monday to engage in spirited discussion about security topics in the news. More than a run-down of the news, it’s our unfiltered (but safe for work) discussion of top stories. We usually inject some passion and and some divergent thinking to fuel your week. This episode has a cool energy and flow that I think makes for a good listen. Let me know if you agree.
  • Monday Motivation – the context counts

    Michael Santarcangelo
    28 Jul 2014 | 10:24 am
      Something to think about In the drive for more content, often overlooked is the desire for more context. Despite the finite number of words and smaller subset we use routinely, the key to understanding is context. To establish context, consider the lenses available to us. What lens do we look through? Is that the lens through which we project? What about our audience? What lenses do they have? When we take the time to consider our lens and those of others, context is easier to establish. From that, we reach understanding. Take time this week to work on the context over the content.
  • Monday Motivation – Do what you can

    Michael Santarcangelo
    21 Jul 2014 | 5:19 am
      Something to think about Sometimes in the pursuit of perfection, we wish for more time, more resources, or a different situation. Instead of focusing on perfection (even through a change in constraint), embrace progress. When I discussed this concept with a renowned sculptor, he simply pointed out that ours is to the do the best we can with the time we have. His life experience matched the sage words of Roosevelt. Today, choose progress over perfection. Be present in the moment and embrace whatever opportunity arrives.   The post Monday Motivation – Do what you can appeared…
  • Monday Motivation – Don’t Wait!

    Michael Santarcangelo
    23 Jun 2014 | 5:34 am
      Something to think about I often hear clients (and friends) suggesting they’ll take a different/better course of action… when the time is right. While Napoleon Hill wisely points out there is no “just right” time, it means the time is always right. In life, and in business, now is the perfect time for you. Today is a great day to take action. Use this week to take the first step on a new journey. Or perhaps to recommit to something. Start simple. Smile. Take a deep breath. Thank someone with genuine gratitude. Just be. Embrace the moment and how right it is for…
  • DtR Security Newscast: wifi attacks, APT (evolved), the need for practice and Target’s new CISO

    Michael Santarcangelo
    17 Jun 2014 | 3:13 am
    I invite you to listen to the latest episode of the Down the Rabbithole (DtR) Security Newscast for June 16, 2014 — with Raf Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and guest Will Gragido (@wgragido). We record the DtR Newscast every other Monday to engage in spirited discussion about security topics in the news. More than a run-down of the news, it’s our unfiltered (but safe for work) discussion of top stories. We usually inject some passion and and some divergent thinking to fuel your week. This week, we covered: The slippery slope of “jamming”…
 
  • add this feed to my.Alltop

    Security Blog

  • Modeling Geographic Ambiguity with VERIS

    kevin.thompson
    24 Jul 2014 | 11:17 am
    Often times when we’re modeling an incident with VERIS we get ambiguous information about an actor or a victim. This is most often the case when we are modeling incidents for the VERIS Community Database or when processing contributions from some of our partners. In many cases we will get a report that says “a threat actor from Eastern Europe” was attacking “a victim in South America.” Unfortunately it was really difficult to represent this in VERIS. Recently our team had some internal meetings to propose changes to the VERIS framework. These proposals were opened for public comment…
  • Weekly Intelligence Summary Lead Paragraph: 2014-07-18

    ssimpson
    18 Jul 2014 | 2:37 pm
    Reports on targeted campaigns and malware, both old and new, led the VCIC’s intel collections this week. More reports surfaced on the Pitty Tiger campaign reported in last week’s INTSUM, including intel from McAfee linking an attack on a French company to the Pitty Tiger group. The Havex RAT, and the Energetic Bear group behind it, continued to gain attention this week with reports from RSA, FireEye and Palo Alto Networks. Expect a follow-up to Palo Alto’s report in the coming days. Vulnerability intel collections were dominated by Oracle, which released its July 2014 Critical Path…
  • Weekly Intelligence Summary Lead Paragraph: 2014-07-11

    dkennedy
    18 Jul 2014 | 2:34 pm
    This week’s intelligence spanned an unusually wide range of aspects of InfoSec risk.  Samsung experienced a US$38 million dollar theft of products from their manufacturing facility outside São Paulo.  Attacks on international affairs think tanks, the U.S. government’s Office of Personnel Management and shipping and logistics companies were all attributed to threat actors in the People’s Republic of China.  Someone, probably not Anonymous, launched DDoS attacks on the web sites of several large companies in Norway on Tuesday.  Social investment network eToro also suffered a DoS…
  • How ICS Security can Impact Retail Business

    admin_sec
    17 Jul 2014 | 1:22 pm
    by Rafeeq U Rehman Although it may seem to be the most visible thing given the recent mega breaches, security of credit card data should not be the only concern on the mind of a CISO in the retail and transportation sectors. Big retail and transportation companies rely on very sophisticated and highly automated warehouses to deliver goods to their customers on time. By some estimates, online spending reached $42.8 billion dollars between November 1 and December 22, 2013. Warehouse and transportation automation, which fuels this business, is enabled by Industrial Control Systems (ICS). These…
  • Weekly Intelligence Summary Lead Paragraph: 2014-07-04

    ssimpson
    10 Jul 2014 | 5:18 pm
    Microsoft was the focus of several InfoSec headlines this week, some of which weren’t particularly flattering. It all started when the company announced it was discontinuing its email security notifications due to new anti-spam laws in Canada. Fortunately, they reversed the decision on Monday. Microsoft also announced a takedown of the dynamic domain name services provider used by actors behind the NJrat and NJw0rm malware families. It turns out they also took down some legitimate domains in the process, which caused another uproar. The company closed out the week by pre-announcing six…
  • add this feed to my.Alltop

    symantec.com

  • Snifula Banking Trojan Back to Target Japanese Regional Financial Institutions

    Symantec Security Response
    28 Jul 2014 | 8:21 am
    Summary:  New Snifula variant focuses on smaller Japanese regional banks Symantec Security Response has found that a new variant of Trojan.Snifula (Neverquest) is targeting more than 30 Japanese financial institutions, including 12 regional banks. read more
  • New Back Door Trojan Program is No Fool

    Symantec Security Response
    25 Jul 2014 | 6:41 am
    Summary:  Malware authors leave an interesting message in the code of a new threat. read more
  • Fake US Anti-Spam Law Used in Latest Phishing Campaign

    Binny Kuriakose
    23 Jul 2014 | 4:28 pm
    Summary:  Phishers posing as banks are redirecting victims to a fake website then requesting logon credentials in order to compromise bank accounts. Contributor: Mayur Deshpande read more
  • Facebook Scam Leads to Nuclear Exploit Kit

    Ankit Singh
    22 Jul 2014 | 3:25 pm
    Summary:  Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user’s system. Contributor: Himanshu Anand read more
  • Neverquest Evolves Again and Seeks New Targets

    Symantec Security Response
    16 Jul 2014 | 4:01 pm
    Summary:  Trojan.Snifula has continued to evolve and develop new features to steal more confidential online banking information. Despite Japan's isolated adoption of unique and sometimes incompatible technological standards, often described as Galapagosization, the country still seems to be open game when it comes to banking malware. read more
  • add this feed to my.Alltop

    Optimal Security

  • 2015 Endpoint and Mobile Security Procurement: 10 Questions to Ask New Vendors

    C. Edward Brice
    29 Jul 2014 | 10:34 am
    Originally published on ITBusinessEdge. » Read the full article In the spirit of 2015 planning, now is the time of year when IT teams start to tackle big, complicated issues like: what are the coming situational issues surrounding the security of our data? How are we as an organization really doing in securing our valuable information today? What do we need to in the future to do better? How will we pay for it? From BYOD to Windows XP end of life, there is no shortage of situational issues. Meanwhile, the bad guys are getting better and data breaches around the world and across industries…
  • Infosec Haiku

    Chris Merritt
    28 Jul 2014 | 6:56 am
    Anata no joho sekyuritei konshu no haiku More Data Breaches This Time: Goodwill Industries How Low Will They Go?   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Infosec Haiku

    Chris Merritt
    21 Jul 2014 | 6:25 am
    Anata no joho sekyuritei konshu no haiku Energetic Bear Attacking ICS Space Havex is Havoc   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Google’s Project Zero – Targeting Zero-Day Vulnerabilities

    Graham Cluley
    16 Jul 2014 | 1:48 pm
    Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software. According to Google security engineer Chris Evans, the group – which has been dubbed “Project Zero” – aims to uncover unpatched security vulnerabilities before they are exploited in targeted internet attacks. “Our objective is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically-minded security researchers and contributing 100% of their time toward improving…
  • July Java Jamboree

    Chris Merritt
    15 Jul 2014 | 9:31 am
    The latest Critical Patch Update (CPU) from Oracle has been released today. Based on the pre-release information, the July 2014 CPU contains 113 new security vulnerability fixes, covering everything from its flagship database and Fusion Middleware to Hyperion and Solaris. [See update below.] Of particular interest to endpoint administrators will be the 20 vulnerabilities in Java SE. These are all remote access vulnerabilities, meaning they can be exploited over the network without needing login credentials. Impacted versions include: Oracle Java SE, versions 5.0u65, 6u75, 7u60, 8u5. According…
 
  • add this feed to my.Alltop

    Naked Security - Sophos

  • Hacker turns ATM into ‘Doom’ arcade game

    Lisa Vaas
    29 Jul 2014 | 2:51 am
    Its screen now eschews balances and transfers in favor of the familiar sight of a hand wrapped around a gun, going around dark corners and blasting stuff. Where did scrap metal hacker "Aussie50" pick this thing up? Do we have to worry about threats to our bank balances? And is he going to rig it with a coin mechanism so we can all play?
  • One hoax press release, one $300 million hole in mining company

    Lisa Vaas
    29 Jul 2014 | 2:18 am
    The fake press release was pretty convincing: it was sent from a domain that riffed on the ANZ Bank name, used the bank's logo, and included the name of a PR person, along with his (NOT!) phone number. It's yet another example of how easy it is to scam people online.
  • 1,000,000 lost credit cards = £150,000 fine

    Paul Ducklin
    28 Jul 2014 | 4:44 pm
    A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first. The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.
  • Anatomy of an iTunes phish – tips to avoid getting caught out

    Paul Ducklin
    28 Jul 2014 | 4:46 am
    Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...
  • Panopticlick reveals the cookie you can’t delete

    Mark Stockley
    28 Jul 2014 | 4:06 am
    You know about cookies, and how to delete them, but what if there was a cookie you couldn't delete, and what if the steps you took to guard your privacy made you easier to track? The EFF's Panopticlick tool determines how easy you are to identify based on your web browser's 'fingerprint'.
  • add this feed to my.Alltop

    Naked Security - Sophos

  • Hacker turns ATM into ‘Doom’ arcade game

    Lisa Vaas
    29 Jul 2014 | 2:51 am
    Its screen now eschews balances and transfers in favor of the familiar sight of a hand wrapped around a gun, going around dark corners and blasting stuff. Where did scrap metal hacker "Aussie50" pick this thing up? Do we have to worry about threats to our bank balances? And is he going to rig it with a coin mechanism so we can all play?
  • One hoax press release, one $300 million hole in mining company

    Lisa Vaas
    29 Jul 2014 | 2:18 am
    The fake press release was pretty convincing: it was sent from a domain that riffed on the ANZ Bank name, used the bank's logo, and included the name of a PR person, along with his (NOT!) phone number. It's yet another example of how easy it is to scam people online.
  • 1,000,000 lost credit cards = £150,000 fine

    Paul Ducklin
    28 Jul 2014 | 4:44 pm
    A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first. The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.
  • Anatomy of an iTunes phish – tips to avoid getting caught out

    Paul Ducklin
    28 Jul 2014 | 4:46 am
    Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...
  • Panopticlick reveals the cookie you can’t delete

    Mark Stockley
    28 Jul 2014 | 4:06 am
    You know about cookies, and how to delete them, but what if there was a cookie you couldn't delete, and what if the steps you took to guard your privacy made you easier to track? The EFF's Panopticlick tool determines how easy you are to identify based on your web browser's 'fingerprint'.
  • add this feed to my.Alltop

    TRUSTe Blog

  • FTC Revises FAQ Guidance on COPPA and Verifiable Parental Consent

    lgradman
    25 Jul 2014 | 8:43 am
    This week the FTC released updates to its Children Online Privacy Protection Act (COPPA) Frequently Asked Questions. The FAQs provide specific guidance for COPPA compliance and the updates reflect new and clarified guidelines on parental consent methods. If your website, Mobile App, or other online service collects data from children under the age of 13, … Continue reading »
  • TRUSTe Supports Intuit’s Move to Open Source Mobile Privacy Code and Make It Available to Developers

    lgradman
    24 Jul 2014 | 7:18 am
    Intuit and Application Developers Alliance today announced the availability of open source software code for developers to implement short-form privacy notices—simple, easily understandable screens that clearly inform consumers what data the app is collecting and with whom the data is shared.  With this open source code, small app developers can use the same template for their mobile … Continue reading »
  • Bluelock Makes Privacy and Data Security a Top Priority

    lgradman
    23 Jul 2014 | 10:25 am
    By Megan Gish, Bluelock We’re proud to announce that Bluelock has completed self-certification of compliance with the United States – European Union Safe Harbor Framework. This completion of this framework allows customers to use Bluelock’s service with confidence that personal information will be secure. Bluelock undertook several internal audits to comply with the U.S.-EU Safe … Continue reading »
  • Last Chance to Register for Webinar on Privacy Investment Success Stories

    lgradman
    23 Jul 2014 | 8:00 am
    Time is running out! Don’t forget to register for the third and final session of the TRUSTe webinar series with Forrester Research on Thursday, July 24th at 10am PDT, titled “Making the Most of your Data Privacy Management Investment.” Attend to learn about the benefits of privacy investment, what resources are needed for ongoing management … Continue reading »
  • European Cookie Sweep Initiative: Are You Compliant?

    lgradman
    17 Jul 2014 | 1:55 pm
    By Eleanor Treharne-Jones, CIPP/E, Director, Global Communications & EU Marketing, TRUSTe In our data-driven world, it is vital that businesses know how to win and maintain consumer trust online. In the EU this can sometimes seem even more complicated because of the increasing complexity of privacy regulations and the different approaches to implementation across 28 … Continue reading »
 
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Protecting Your Brand & Reputation: A Guide To Email Security For IT

    28 Jul 2014 | 12:00 am
    This document provides an overview of a few of the things you can do to help protect yourself from these attacks. There are two major areas of protection this paper will discuss: Secure transmission and reception of an email Authentication of email messages by worldwide receivers Request Free!
  • 5 DNS Security Risks That Keep You Up At Night

    28 Jul 2014 | 12:00 am
    In this whitepaper, we discuss 5 common and treacherous security threats that can completely debilitate your DNS, and subsequently, your online business. From DNS Amplification Attacks to Registrar Hijacking, we explain exactly what goes on during these attacks, what threat do they pose to you, and how you can prevent becoming a target yourself. Don’t let your DNS fend for itself; give it the protection it needs to hide from the Internet monsters.Request Free!
  • Data Centers in the Crosshairs: Today's Most Dangerous Threats

    24 Jul 2014 | 12:00 am
    Comprising the most valuable assets in your organization – your web, DNS, database, and email servers - data centers have become the number one target of cyber criminals, hacktivists and state-sponsored attackers. This paper analyzes the top five most dangerous threats to your data center. It also describes the impact of these threats and it reveals the latest methods, tools and techniques used by attackers to exploit data center resources.Request Free!
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    21 Jul 2014 | 10:50 am
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:Citrix NetScaler: A Powerful Defense against Denial of Service AttacksPC Security Handbook - 2nd EditionVirtual Patching: Lower Security Risks and CostsPractical Guide to Secure File TransfersRequest Free!
  • Data-Leakage, Regulatory Compliance & BYOD

    21 Jul 2014 | 12:00 am
    Enabling employees to BYOD (i.e., use their personal smartphones for work) offers significant benefits to businesses in the form of increased productivity and flexibility. However, enabling BYOD carries increased information security risk, violating regulatory compliance. Traditional security solutions are limited in their ability to solve these problems due to inherent architectural challenges, requiring new technology to meet these needs for today's enterprise.Request Free!
  • add this feed to my.Alltop

    IT-Security

  • Monday Motivation – the context counts

    Michael Santarcangelo
    28 Jul 2014 | 10:24 am
      Something to think about In the drive for more content, often overlooked is the desire for more context. Despite the finite number of words and smaller subset we use routinely, the key to understanding is context. To establish context, consider the lenses available to us. What lens do we look through? Is that the lens through which we project? What about our audience? What lenses do they have? When we take the time to consider our lens and those of others, context is easier to establish. From that, we reach understanding. Take time this week to work on the context over the…
  • From Celebrities to the Ex-Factor, Snooping is a Serious Issue

    Bob Chaput
    24 Jul 2014 | 10:00 am
    Have you cataloged “Snooping” among your risk factors in your Risk Analysis? Humans are curious beings by nature. With a little motivation we can get really nosy …which often leads to very bad outcomes for those tasked with safeguarding protected health information. Snooping, where individuals gain access to PHI as a result of curiosity or malicious intent, is a prevalent problem that can land your organization in serious trouble under HIPAA. The regulators have made it quite clear that a covered entity or business associate is required to conduct a breach risk assessment and notify…
  • Medical Devices at Clinical Facilities: A Hacker’s Playground

    Bob Chaput
    24 Jul 2014 | 10:00 am
    A recent Wired article on the vulnerabilities of hospital equipment should be a wake up call to the health care industry. What may be completely obvious to an information security professional may simultaneously stun healthcare executives. The number of new medical devices at clinical facilities connected to or accessible from the clinical network is exploding.  Many aren’t designed to be secure; some were actually designed under the assumption they would never be accessible from the Internet.  However, networks to which these devices are attached often turn out to have one (or more)…
  • Corporate Survival Tips for Young Professionals: Calendars

    Branden Williams
    24 Jul 2014 | 6:56 am
    I can remember the old days when my dad kept a Daily Planner on his desk with his appointments penciled in for the day. He is incredibly efficient and one of the best at following up that I know (to this day). With teams spread across multiple floors, sites, states, or continents, the paper method does not work anymore without an army of assistants to keep it all straight. So instead, we use the calendar functions in our electronic devices to keep our day’s straight. Calendar, by Andreanna Moya Photography Just like with any network-enabled system, there is some etiquette required to…
  • Corporate Survival Tips for Young Professionals: Finding Information

    Branden Williams
    22 Jul 2014 | 6:57 am
    This tip may be less for the newbies, but I’m shocked at how poor people are at using the tools around them to find information. Your first step should be taking a look at how to use Google. Eye Eye, by mrmanc I mean, REALLY how to use Google. Google is great because it can cast both a wide net and be tweaked to surgically deliver a single finding. It incorporates multiple sources (for example, did you know about the treasure trove of information to be found on books.google.com or scholar.google.com?) and allows for all kinds of detailed views and alerts when it finds new things. There…
 
  • add this feed to my.Alltop

    AT&T Networking Exchange Blog » Security

  • Weighing the Pros and Cons of a SaaS Solution

    Shelley OBrien
    28 Jul 2014 | 3:45 am
    Much like individuals who are questioning whether to rent or buy in a fluctuating real estate market, many organizations today are weighing similar options in a rapidly changing technology market. Does it make sense to buy, or to choose software-as-a-service (SaaS), a model that lets you pay a service fee for use of the product? The Pros In light of decreasing technology budgets, a per-seat subscription base price for software makes it easier to know and allocate costs for different departments or business units. Updates and upgrades are easier and faster, too. Instead of downloading and…
  • Network Security: The Moving Line of Defense

    David Strom
    25 Jul 2014 | 3:45 am
    The days of defending the perimeter are over. Look at what happened to a major retailer in late 2013 as an example. Someone posing as a trusted contractor was able to enter the retailer’s network and do all sorts of damage — to the tune of 40 million compromised customers. This attack occurred because the retailer wasn’t looking at insider threats carefully enough. Indeed, the perimeter has become more and more porous, and network defenses based on this traditional barrier are no longer enough to protect an organization’s business interests and objectives. Instead,…
  • AT&T is an IDC MarketScape Leader Worldwide

    Paula Waldron
    22 Jul 2014 | 3:45 am
    Leading research and advisory firm, IDC, has published the long awaited IDC MarketScape: Worldwide MSS MarketScape Report, where AT&T was named a “Leader”.  Published in June, the 2014 Vendor Assessment compared 11 organizations that offer managed security services (MSS) worldwide using the IDC MarketScape model. The findings were based on in-depth managed security services provider (MSSP) interviews and more than 20 surveys with providers’ customers. Recognized managed security strengths As noted in the IDC MarketScape report, “the company is investing heavily in cloud…
  • Malicious Email: Think Before You Click

    Paula Waldron
    18 Jul 2014 | 3:45 am
    On your screen, an email with an urgent tone, seemingly from your bank, grabs your attention. Bright red text spills across the screen, in a large font. “We’ve detected unauthorized access. Your account has been frozen. Click now to verify!” The email looks legitimate. All the right logos are in all the right places. Your name is spelled correctly. Should you click the link? That’s a question the AT&T Chief Security Office trains employee to ask themselves. A large volume of emails sent to AT&T each day are either spam or potentially dangerous. Most are caught by existing…
  • Big Worries about Wearables in the Workplace

    10 Jul 2014 | 3:45 am
    Just when IT pros felt like they had control around the tablets and smartphone devices that comprised the “D” in BYOD, employees are introducing a new class of devices to the workplace: wearables. These small devices can include anything from smart watches to fitness-focused wristbands to eyewear such as Google Glass. Wearables have giant computing power and can carry big security risks. Big data meets wearable devices  If wearables have not made their way into your organization, they soon will. If the proper procedures and tools are put into place early, there can be significant…
  • add this feed to my.Alltop

    AT&T Networking Exchange Blog » Security

  • Weighing the Pros and Cons of a SaaS Solution

    Shelley OBrien
    28 Jul 2014 | 3:45 am
    Much like individuals who are questioning whether to rent or buy in a fluctuating real estate market, many organizations today are weighing similar options in a rapidly changing technology market. Does it make sense to buy, or to choose software-as-a-service (SaaS), a model that lets you pay a service fee for use of the product? The Pros In light of decreasing technology budgets, a per-seat subscription base price for software makes it easier to know and allocate costs for different departments or business units. Updates and upgrades are easier and faster, too. Instead of downloading and…
  • Network Security: The Moving Line of Defense

    David Strom
    25 Jul 2014 | 3:45 am
    The days of defending the perimeter are over. Look at what happened to a major retailer in late 2013 as an example. Someone posing as a trusted contractor was able to enter the retailer’s network and do all sorts of damage — to the tune of 40 million compromised customers. This attack occurred because the retailer wasn’t looking at insider threats carefully enough. Indeed, the perimeter has become more and more porous, and network defenses based on this traditional barrier are no longer enough to protect an organization’s business interests and objectives. Instead,…
  • AT&T is an IDC MarketScape Leader Worldwide

    Paula Waldron
    22 Jul 2014 | 3:45 am
    Leading research and advisory firm, IDC, has published the long awaited IDC MarketScape: Worldwide MSS MarketScape Report, where AT&T was named a “Leader”.  Published in June, the 2014 Vendor Assessment compared 11 organizations that offer managed security services (MSS) worldwide using the IDC MarketScape model. The findings were based on in-depth managed security services provider (MSSP) interviews and more than 20 surveys with providers’ customers. Recognized managed security strengths As noted in the IDC MarketScape report, “the company is investing heavily in cloud…
  • Malicious Email: Think Before You Click

    Paula Waldron
    18 Jul 2014 | 3:45 am
    On your screen, an email with an urgent tone, seemingly from your bank, grabs your attention. Bright red text spills across the screen, in a large font. “We’ve detected unauthorized access. Your account has been frozen. Click now to verify!” The email looks legitimate. All the right logos are in all the right places. Your name is spelled correctly. Should you click the link? That’s a question the AT&T Chief Security Office trains employee to ask themselves. A large volume of emails sent to AT&T each day are either spam or potentially dangerous. Most are caught by existing…
  • Big Worries about Wearables in the Workplace

    10 Jul 2014 | 3:45 am
    Just when IT pros felt like they had control around the tablets and smartphone devices that comprised the “D” in BYOD, employees are introducing a new class of devices to the workplace: wearables. These small devices can include anything from smart watches to fitness-focused wristbands to eyewear such as Google Glass. Wearables have giant computing power and can carry big security risks. Big data meets wearable devices  If wearables have not made their way into your organization, they soon will. If the proper procedures and tools are put into place early, there can be significant…
  • add this feed to my.Alltop

    Redspin Security Blog

  • OIG Finds NASA Web Application Security Lacking. Is it Time to Assess Yours?

    Dan Berger
    26 Jul 2014 | 5:24 am
    We may be able to send a man to the moon but we still have a long way to go before all of our web applications are sufficiently protected from hackers.
  • Why I Disagree With Google’s Founders About the Healthcare Market

    Dan Berger
    25 Jul 2014 | 5:08 am
    Google's founders, Sergey Brin and Larry Page, were recently asked at a conference if they could imagine Google becoming a healthcare company. They both said "no" and explained their reasoning as follows. Brin felt the regulatory obstacles would "dissuade a lot of entrepreneurs" from entering the market and added "it's just a painful business to be in." Page gave an example of what he thought could be a useful medical research tool and said "that's almost impossible to do because of HIPAA." Well, [ Read More ]
  • The Risks of a HIPAA Security Risk Analysis

    Dan Berger
    8 Jul 2014 | 2:43 pm
    The risk of a HIPAA risk analysis is in not selecting the right team for the job.
  • BYOD Security – The Next Problem? Data Sprawl

    David Carlino
    20 May 2014 | 5:27 pm
    Submitted by David Carlino Mobile devices are designed to store less data than traditional laptops and desktop workstations. Cloud-based storage continues to enable a steady migration away from local device storage. Due to local storage limits, mobile users are increasingly turning to a wide array of cloud storage options to maintain and access their data. This is very helpful when a device is lost or stolen but there are unintended consequences in complexity, security, and risk... Enabling [ Read More ]
  • Largest HIPAA Compliance Settlement – A Prescription for IT Security Health

    Dan Berger
    11 May 2014 | 8:36 am
    The key to Redspin’s rapid rise as the leader in HIPAA compliance for healthcare providers has been our unyielding focus on IT security. Last week’s news that OCR had reached a $4.8 million settlement agreement with New York-Presbyterian hospital and Columbia University Medical Center relating to HIPAA compliance violations further affirms our position. What started as an investigation of a 6,800 record ePHI breach became a multi-million dollar black-eye for those providers. At the source [ Read More ]
 
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Diving Deep into Mayhem

    23 Jul 2014 | 9:29 pm
    Malware targeting Linux servers has been increasingly hitting the headlines over the past year. In this post we will present research on an advanced and highly versatile malware operation targeting Linux and FreeBSD servers. We have named the malware family at the heart of this operation GalacticMayhem, as a reference to some of the C&C urls. It is the same family of malware that was written about by a team of researchers from Yandex.OverviewInfection of a server with Mayhem begins with a PHP dropper script. This script is responsible for dropping a malicious ELF shared object file and…
  • BlackEnergy Rootkit, Sort Of

    23 Jul 2014 | 9:29 pm
    A sample of the BlackEnergy family was recently uploaded to VirusTotal from Ukraine. The family is allegedly the same malware used in the cyber attack against Georgia in 2008. The malware provides attackers full access to their infected hosts. Check out SecureWorks' detailed analysis from 2010 for more information about the family.The new sample is not much of a rootkit anymore, in the sense that it no longer hides files, registries, etc. The build is now "0D0B15aaa" according to the embedded XML:Although not used, the sample still has a routine which hides processes. This time it uses DKOM.
  • Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages

    23 Jul 2014 | 9:29 pm
    In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex whitepaper.Facebook's own investigation into Lecpetex lead to an operation to take down the botnet. More…
  • Necurs - Rootkit For Hire

    23 Jul 2014 | 9:29 pm
    Necurs is a kernel mode driver best known at the moment for being used by Gameover Zeus (GOZ) to hinder attempts to detect and remove the malware. The technical details of the Necurs driver have already been exhaustively covered in a writeup by Peter Ferrie, but during our analysis we came across some interesting details of Necur's gradual uptake as a "crimeware for sale" module.We saw the earliest version of the Necurs driver as a standalone malware in May 2011; it didn't become associated with another malware until early 2012, when we observed it being dropped by a trojan-downloader, also…
  • Do you take your coffee with "Free" Wi-Fi?

    23 Jul 2014 | 9:29 pm
    Colleagues of ours recently visited a Starbucks in San Francisco and used the Wi-Fi.And while there, they grabbed a copy of AT&T's T&C. It's rather standard stuff, nothing there as surprising as last week's post.Here's the bit about security:"The unsecured nature and ease of connection to public Wi-Fi hotspots increases the risk that unauthorized persons can access your phone, laptop or other device or your communications over the Wi-Fi network. Wi-Fi customers should take precautions to lower the security risks. If you have VPN, AT&T recommends that you connect through it for…
  • add this feed to my.Alltop

    Pcthreat.com

  • VideoX

    28 Jul 2014 | 4:51 pm
    VideoX may seem like a useful application that will help you stream online videos in HD quality. Unfortunately, our computer security specialists label this program as adware. It means that VideoX collects...
  • PC Optimizer Pro

    28 Jul 2014 | 4:51 pm
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    28 Jul 2014 | 4:51 pm
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Browser Guard

    28 Jul 2014 | 4:51 pm
    Even though Browser Guard promises to help you avoid malicious software that might be hiding on corrupted websites, the truth is that this piece of software is not as beneficial as it might seem at first...
  • V9 Redirect Virus

    28 Jul 2014 | 4:51 pm
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
 
  • add this feed to my.Alltop

    VRT

  • Apple ID Harvesting, now this is a good phish.

    Joel Esler
    9 Jul 2014 | 8:07 am
    Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was very well done, so I thought I'd write it up.  Chances are, you've seen these before:If you are familiar with Apple Verification emails, you'll notice the format is almost exactly what Apple uses.  You'll notice that there are hardly any grammar, punctuation or capitalization errors.  Usually, something as simple as the "Dear Customer" would give it away by the insertion of a space between the word "Customer" and ",".  Those of you that look at phish emails all day…
  • Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer

    Yves Younan, PhD
    8 Jul 2014 | 10:15 am
    This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’re getting a total of six bulletins this month, two marked critical, three as important and finally one moderate. These six bulletins cover a total of 29 CVEs, most of which are, as is usual, in Internet Explorer.Let’s start off with the Internet Explorer bulletin, MS14-037. It covers a total of 24 CVEs, 23 of which are memory corruption vulnerabilities that could result remote code execution vulnerabilities and most of those memory corruptions are the result use-after-free…
  • Threat Spotlight: "A String of Paerls", Part 2, Deep Dive

    Joel Esler
    8 Jul 2014 | 7:00 am
    This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas GoddardIn part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables. The Attachment (that your IT department would tell you not to…
  • Exceptional behavior: the Windows 8.1 X64 SEH Implementation

    Andrea Allievi
    26 Jun 2014 | 10:37 am
    In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7. I was recently looking into how Patchguard is implemented in Windows 8.1 and decided to dig into Exception Handling on x64. As a matter of fact, all the new 64-bit Windows operating systems have entirely changed the way they manage error conditions from their state in older 32-bit versions of Windows (C++ exceptions and OS Structured Exception handling). There are a lot of papers available on 64-bit Windows exception handling on the web, but I decided to increase my knowledge on this…
  • Detection for PutterPanda, we got this.

    Joel Esler
    13 Jun 2014 | 12:00 pm
    Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486".  The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.You can read Crowdstrike's post here:http://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/index.htmlNaturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:15cae06fe5aa9934f96895739e38ca26(there are others like it)The VRT can confirm that we've had coverage for the…
  • add this feed to my.Alltop

    PC1News.com

  • Surf Safely Removal Guide

    admin
    18 Jul 2014 | 7:45 am
    Surf Safely has been presented as a useful add-on which tries to optimize your Internet security by blocking the potentially unwanted and malicious programs. However, instead of protecting your PC, you will suffer the adverse behavior which will probably cause you some serious problems. Therefore, the best thing you can do is to uninstall Surf Safely from your computer right away. Be aware that the application usually enters your system with other unwanted programs, thus you have to make sure that you have eliminated them along with Surf Safely. A reliable anymalware tool will scan your PC…
  • SaveMass Removal Guide

    admin
    18 Jul 2014 | 7:37 am
    SaveMass is claimed to provide you with the best deals and offers on the web. The application was published by Cyber C.S.G. Soft Ltd, and it is compatible with the major web browsers Internet Explorer, Google Chrome, and Mozilla Firefox. The browser add-on is promoted at its official website savemassit.info, but it could infect your system bundled with other free programs as well. You should be aware that SaveMass can randomize its name, meaning that the name of the program may contain additional letters, for example, SaveeMass, etc. Due to its function to display numerous third-party…
  • Play Now Radio Removal Guide

    admin
    18 Jul 2014 | 7:31 am
    Play Now Radio is a browser extension that computer users usually download from its official website playnowradio.com. The program has been created by Montiera Technologies Ltd, and it is compatible with Google Chrome web browser. Other applications developed by Montiera are Shop-wit, Wizebar and Buenosearch.com, however, none of them have a good reputation, thus they should be removed from your system. You have to uninstall Play Now Radio as well because this browser extension is not as innocent as it's been presented. In fact, malware researchers have investigated and found out several…
  • Complitly Removal Guide

    admin
    18 Jul 2014 | 7:17 am
    Complitly is an adware program whose purpose is not to infect your system with malware. However, the problem is that adware applications usually become malware distributors. Cyber crooks are these who know how to exploit Complitly for their malicious purposes, thus you should not take this risk. The best thing you can do is to remove the adware application in order to protect your PC from any potential threats. In addition, you'd better scan your computer for other exisiting dangerous programs, as adware does not travel alone. Similarly to the other adware applications, Complitly has been…
  • Deeal Removal Guide

    admin
    18 Jul 2014 | 4:26 am
    Deeal is a browser add-on which can be found on its official website deeal.net, however, it certainly should not be trusted at all. The reason for this is the ability of Deeal to set up a Trojan horse on some computers. This browser add-on is considered as adware because it promotes third-party advertisements and installs Optimizer Pro and Bubble Dock on your system, which are classified as potentially unwanted programs and can be erased from your PC by a legitimate malware removal tool. Deeal is a French program built using the BestToolbars engine and published by Kreapixel Inc. The browser…
  • add this feed to my.Alltop

    NSS Labs

  • It’s Time to Expect More from Your Research

    23 Jul 2014 | 12:00 am
    As any enterprise research manager or IT buyer will attest, finding the right information – and at the right time – is difficult at best. Oftentimes, multiple sources are used to answer one particular question – and then additional tools must still be used to validate those initial sources. Market share data, product comparisons, product roadmap implications, and insights into vendor strategy are separate services, and enterprises must sign up for these different services and then aggregate the data themselves, which can be a formidable task. 
  • Data Privacy Concerns Go Mainstream

    15 Jul 2014 | 12:00 am
    While one might expect to hear about security, privacy, and compliance at the security-oriented RSA Conference in San Francisco, these are less likely to be headline topics at the annual consumer electronics show, Cebit, or the eclectic South by SouthWest (SXSW) event in Austin, TX. But this year, privacy and security were hot topics at Cebit and at SXSW.
  • Understanding Risk and Adjusting Premiums

    8 Jul 2014 | 12:00 am
    As the volume and value of customer and corporate data increases, attackers are more determined than ever. This data has value attached to it, which can be insured, much like any asset would be. However, it can be more difficult to assess the value of digital assets, and more importantly, it is much more difficult to assess the risk that the storage and use of digital assets represents to an organization.This uncertainty in risk transfers to the insurance carrier because of the difficulty in calculating.
  • Sharpen Your Machete and Prepare for the Jungle

    17 Jun 2014 | 12:00 am
    Looking back to the end of 2013 and reviewing 2014 thus far, any security professional would wonder if it is possible to navigate the security landscape successfully. Target announced a serious data breach late last year; Neiman Marcus announced its own breach at the start of this year; and eBay just recently announced a password breach issue. Add to this the same data security and privacy concerns that we had at the end of 2013, and security in 2014 is resembling a jungle, complete with hungry tigers, malaria, and poisonous spiders.
  • Don’t Use a Screwdriver to Do a Hammer’s Job

    10 Jun 2014 | 12:00 am
    We have to get smart about how we perform security: sophisticated threats require sophisticated countermeasures. The premise sounds simple enough, but the security market is being turned on its head as the effectiveness of legacy technologies such as antivirus is questioned and as new technologies shift to real-time analysis and behavior-based approaches for malware identification. A review of the tools on the market today reveals two distinct approaches:
 
  • add this feed to my.Alltop

    VRT

  • Apple ID Harvesting, now this is a good phish.

    Joel Esler
    9 Jul 2014 | 8:07 am
    Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was very well done, so I thought I'd write it up.  Chances are, you've seen these before:If you are familiar with Apple Verification emails, you'll notice the format is almost exactly what Apple uses.  You'll notice that there are hardly any grammar, punctuation or capitalization errors.  Usually, something as simple as the "Dear Customer" would give it away by the insertion of a space between the word "Customer" and ",".  Those of you that look at phish emails all day…
  • Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer

    Yves Younan, PhD
    8 Jul 2014 | 10:15 am
    This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’re getting a total of six bulletins this month, two marked critical, three as important and finally one moderate. These six bulletins cover a total of 29 CVEs, most of which are, as is usual, in Internet Explorer.Let’s start off with the Internet Explorer bulletin, MS14-037. It covers a total of 24 CVEs, 23 of which are memory corruption vulnerabilities that could result remote code execution vulnerabilities and most of those memory corruptions are the result use-after-free…
  • Threat Spotlight: "A String of Paerls", Part 2, Deep Dive

    Joel Esler
    8 Jul 2014 | 7:00 am
    This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas GoddardIn part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables. The Attachment (that your IT department would tell you not to…
  • Exceptional behavior: the Windows 8.1 X64 SEH Implementation

    Andrea Allievi
    26 Jun 2014 | 10:37 am
    In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7. I was recently looking into how Patchguard is implemented in Windows 8.1 and decided to dig into Exception Handling on x64. As a matter of fact, all the new 64-bit Windows operating systems have entirely changed the way they manage error conditions from their state in older 32-bit versions of Windows (C++ exceptions and OS Structured Exception handling). There are a lot of papers available on 64-bit Windows exception handling on the web, but I decided to increase my knowledge on this…
  • Detection for PutterPanda, we got this.

    Joel Esler
    13 Jun 2014 | 12:00 pm
    Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486".  The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.You can read Crowdstrike's post here:http://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/index.htmlNaturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:15cae06fe5aa9934f96895739e38ca26(there are others like it)The VRT can confirm that we've had coverage for the…
  • add this feed to my.Alltop

    Private WiFi

  • ‘Free Social WiFi’ Isn’t Exactly Free

    Jared Howe
    29 Jul 2014 | 6:24 am
    The idea behind the concept of social WiFi is pretty simple: merchants offer free WiFi service to customers who visit their stores in exchange for customers logging into their network using their Facebook or LinkedIn accounts or by giving the merchant their email address. Once the consumer gets access to the WiFi network, they are asked to like the merchant’s Facebook page, or subscribe to a mailing list. But what you (the consumer) may or may not understand is this: by logging into the merchant’s social WiFi network, you are implicitly entering into a business arrangement with the…
  • Facial Recognition: The Scariest Privacy Issue

    Kent Lawson
    28 Jul 2014 | 1:10 am
    If you use Facebook, you probably know about one of the most prominent facial recognition technologies currently being used: tagging our friends and family in our photos that we upload to the site. But facial recognition has potentially thousands of other uses: companies are beginning to use facial recognition technology (what they call biometric identification) for preventing unauthorized access to computers or facilities. Likewise, law enforcement uses facial recognition to identify possible criminals and terrorists in large crowds of people, potentially stopping an attack before it…
  • Wireless Safety Tips for Travelers from PRIVATE WiFi and STOP.THINK.CONNECT.: [INFOGRAPHIC]

    Jillian Ryan
    24 Jul 2014 | 8:32 am
    Warning: There is an invisible security threat that you will encounter on your next vacation. No matter where you are going or when, you will likely encounter WiFi on your journey. While the convenience of such a connection is alluring to any vacationer, understanding the dangers associated with using that wireless hotspot are paramount. Remember that WiFi is just radiowaves and anyone can listen in to anything you send and receive on that connection. So whether you are using WiFi at your hotel, the airport, or a tourist attraction, you can potentially be exposed. If you are checking your…
  • TRUSTe’s Survey Shows That We Are Concerned about Mobile Device Privacy

    Jared Howe
    22 Jul 2014 | 1:36 am
    These days we are using mobile phones and tablets more and more, and this trend away from computers to mobile devices will continue in the years to come, according to a survey about consumer attitudes and mobile device privacy released by TRUSTe, a leading privacy services provider. Our mobile devices present unique risks. For example, did you know you could be tracked by nearly anyone (including the government and businesses) if you leave your WiFi activated? This allows anyone with simple tools to track your location. And of course advertisers track us by installing cookies on our devices…
  • Can Google Glass Steal Your Online Banking Passwords Just By Looking?

    Alok Kapur
    21 Jul 2014 | 1:30 am
    Privacy expectations have been evolving or changing for several years. As younger generations become more comfortable sharing personal information with less expectation that it will remain private, it’s no secret that our online privacy expectations are fading fast. But the shocking claims reported by CNN Money that Google Glass wearers can allegedly steal pretty much everything, including your bank account details, credit card account, or even your Social Security number is reigniting the debate about our collective privacy expectations. CNN pointed out that security researchers at the…
 
  • add this feed to my.Alltop

    Pivot Point Security

  • Charles Dickens, the Target Breach and Being a CISO

    John
    29 Jul 2014 | 4:00 am
    Major data breaches aren’t uncommon. Think TJX, Sony, Heartland Payment Systems, RSA, etc. The Target Corporation’s data breach was different. The breach itself was entirely unremarkable. It was the ramifications of the breach that were truly noteworthy, as the CEO of the company lost his job over it. If you’re a CISO, your CXO suite is suddenly keenly aware of your Information Security posture. No one likes to lose their job, especially one whose salary includes two commas. Being a CISO is one of the hardest roles in our industry.  Without the CXO suite’s commitment and…
  • Still Think You Don’t Need to Patch Internal Systems?

    Mike
    8 Jul 2014 | 4:00 am
    If Pivot Point Security’s clients are any indication, there are a lot of SMBs out there—even in highly vulnerable and heavily regulated verticals like banking—where patching internal systems is seen as a low priority and rarely happens. This is because “hackers would have to get on our network” to do any damage, so why bother? This attitude reflects a lack of understanding about the true risk associated with running outdated software. Unless you’re locking down access to internal systems using some pretty sophisticated technology, you’re highly vulnerable to rogue entities that…
  • The Rising Cost of ISO 27001 Certification

    John
    1 Jul 2014 | 4:00 am
    As ISO 27001 and related attestation standards have grown in importance and popularity, so too has the cost of getting ISO 27001 certified. In July 2012, I penned a blog post in which I estimated the cost of ISO 27001 certification at that time at $48,000. Based on a quick review of the ISO 27001 projects that Pivot Point Security has done over the last year, the average is now in the $80,0000 range. That is a remarkable change in a very short period of time. Why has the cost of ISO 27001 certification gone up by about 60% in less than two years? As I see it, there are two primary reasons:…
  • TrueCrypt and Security Risks in Your IT Supply Chain

    Mosi
    27 Jun 2014 | 11:29 am
    The announcement that the popular, free disk encryption tool TrueCrypt is no longer secure illustrates the risk every organization faces in its IT supply chain. How do you know whether the commercial or open source software your organization relies on to deliver its information services meets security requirements? Matthew Green, a security researcher from the Johns Hopkins University Information Security Institute, crowdsourced funds for a security audit report of the TrueCrypt bootloader in February, so users had some idea about the security of that part of TrueCrypt since that time. But…
  • The OWASP Application Security Verification Standard (ASVS) 2013—New, Improved and Worth a Look

    Bob
    8 May 2014 | 4:00 am
    The Open Web Application Security Project (OWASP) is no one-trick pony. Already well known for its OWASP Top 10 list of security vulnerabilities, the worldwide nonprofit has been actively working on version 2 of its Application Security Verification Standard (ASVS), now in beta. ASVS 2.0 refocuses and reorganizes the initial version released in 2008, making it much more useful to information security professionals. Here at Pivot Point Security, we plan to leverage the ASVS 2.0 guidance both to inform our methodology for testing against Top 10 vulnerabilities, and to expand our reporting to…
  • add this feed to my.Alltop

    HOTforSecurity

  • Open Redirect Vulnerability on MasterCard’s Australia Web Site

    Lucian Ciolacu
    29 Jul 2014 | 8:32 am
    An open redirect vulnerability has been found on MasterCard’s Australia web site (mastercard.com.au), according to an advisory by researcher Anastasios Monachos from Packet Storm. An open redirect vulnerability consists of the malfunction of a web app that, according to the Common Weakness Enumeration dictionary, “accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.” “Certain unspecified input is not properly verified before being used,” Monachos says in the advisory. “This can be exploited to redirect…
  • Game On! Bitdefender 2015 Boosts Your Gaming Experience

    Alexandra Gheorghe
    29 Jul 2014 | 7:48 am
    The new Bitdefender 2015 loves gamers. It now protects your in-game life from the outside risks of a sluggish computer, not trading protection for optimum performance. Bitdefender 2015 boasts a set of impressive features, including Bitdefender Activity Profiles, a new technology that automatically detects when you play games and tweaks your system so you enjoy it to the fullest. The Gaming Profile kicks in during your battles and races to maximize your gaming experience, by allocating more system resources to your favorite game. Your game will run automatically with very high priority in the…
  • Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System

    Lucian Ciolacu
    29 Jul 2014 | 7:26 am
    Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerabilities, the company said in an advisory. Impacted products include SIMATIC WinCC before version 7.3, and SIMATIC PCS7 before version 8.1. “The most severe of these vulnerabilities could allow privilege escalation in the WinCC Project administration application under certain conditions,” the advisory said. The SIMATIC WinCC is a SCADA system mostly used on a large scale in infrastructure and industry for controlling and monitoring physical processes. The five vulnerabilities are listed from…
  • Fancy $110,000? Easy! Just be Russian and find a way of cracking Tor

    Graham Cluley
    28 Jul 2014 | 4:02 pm
    It looks like Russia is looking for a way to crack down on those who try to hide their activities from law enforcement agencies and government censors. The Russian Ministry of Internal Affairs (MVD) has announced that it is offering prize money totalling nearly four million rubles ($114,000) to anyone who can find a way to identify normally anonymous Tor users. Tor, of course, was originally developed by the United States as a way of helping people access the internet anonymously, and without fear of censorship – using a volunteer network of thousands of computers to conceal the…
  • Bug-Free MicroKernel for Protecting Drones Goes Open Source

    Lucian Ciolacu
    28 Jul 2014 | 8:25 am
    The alleged mathematically proven bug-free microkernel for drone protection is going open source, according to The Register. This piece of code, developed by the National ICT Australia (NICTA), was used to stop hackers from compromising unmanned drones. Development was also part of the High-Assurance Cyber Military Systems program patronized by the US Defense Advanced Research Projects Agency (DARPA). “If your software runs the seL4 kernel, you have a guarantee that if a fault happens in one part of the system it cannot propagate to the rest of the system and in particular the critical…
  • add this feed to my.Alltop

    Dice News » Security

  • Internet of Things Increases Need for Security Pros

    Susan Hall
    21 Jul 2014 | 8:56 am
    The sheer number of “things” to be secured in the Internet of Things is expected to create a rash of jobs in cybersecurity over the next several years. “You’re going to have to secure the device or the sensor, you need to secure the data, and you’re going to have to secure that across an open network,” Intel’s head of business marketing, Stuart Dommett, told an IoT roundtable in May. “It really is a massive, massive change.” Click here to find cybersecurity jobs. Intel has argued previously that the IoT, which is expected to see 26 billion connected devices by 2020,…
  • Is This New Cyber Forensics Certification Worth the Investment?

    Myra Thomas
    21 Jul 2014 | 8:14 am
    Continued pressure on cybersecurity systems is making professionals with security and forensic experience extremely attractive to employers. Not surprisingly, related certifications are gaining more attention, including one of the newer ones: the CCFP, or Certified Cyber Forensics Professional from the (ISC)². According to (ISC)² Executive Director W. Hord Tipton, the organization saw a need for a certification that was broader than those available for professionals working in and around law enforcement, intelligence, litigation, consulting and computer security. The CCFP’s target…
  • Cyberattacks Focus Employers on Security Certifications

    Myra Thomas
    9 Jul 2014 | 7:13 am
    Continuing cyberattacks like those mounted against Target, eBay and Apple are pressuring companies to emphasize security even more than they have been to date. When it comes to hiring, that’s adding to the importance of certifications in IT audit, security, governance and risk. In many cases, that importance is translating into pay premiums for professionals that hold the credentials. Click here to see security jobs. Among the certifications in greatest demand are those from ISACA, an international association that focuses on IT governance. Indeed, according to the most recent IT Skills and…
  • More Than 300k Servers Still Threatened by Heartbleed

    Nick Kolakowski
    23 Jun 2014 | 8:31 am
    When security researchers unveiled the “Heartbleed” security bug in April, it kicked off a worldwide freak-out. For years, the online world had operated on the assumption that OpenSSL was a secure protocol, trustworthy enough for people to use it for everything from email to financial transactions; thanks to Heartbleed, however, an attacker with a moderate level of programming knowledge could exploit a loophole to grab anything from passwords to encryption keys. Click here for security jobs. Following the announcement, developers around the world rushed to patch their systems. But…
  • Network Concerns Drive Hiring for Security Professionals

    Mark Feffer
    4 Jun 2014 | 7:35 am
    Demand for the skills necessary to secure networks and data continues to drive opportunities for security specialists. During April, job postings for security-related positions rose 20 percent year-on-year, according to business intelligence firm Wanted Analytics. Click here to search security jobs. More than 7,800 security-related postings were available during the month, the company said. The most commonly advertised jobs that included a need for security knowledge were cyber security analyst, software engineer, systems engineer, systems administrator and network engineer. Previously, we…
 
  • add this feed to my.Alltop

    Seculert Blog on Advanced Threats and Cyber Security

  • Malware, Would You Install it for One Cent?

    Liora R. Herman
    28 Jul 2014 | 6:07 am
    A research study report entitled “It’s All About The Benjamins: An empirical study on incentivizing users to ignore security advice,” has revealed that 22% of users will knowingly download and run what their operating system warns them could be malware, if they’re paid one cent — provided that they don’t think it will diminish their […] The post Malware, Would You Install it for One Cent? appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Botnet Evading Traditional Security Methods

    Liora R. Herman
    24 Jul 2014 | 6:40 am
    While it’s unlikely that we’ll see a Cyber Crime Awards Ceremony anytime soon (although anything is possible with the rise of enterprise-class malware), if threat actors did bestow such honors upon each other, then this year’s winner of “Most Innovative APT Campaign” might be the Asprox Botnet. That’s because, as analyzed by researchers, on a […] The post Botnet Evading Traditional Security Methods appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Extended APT Campaign Targeted US Airports

    Liora R. Herman
    23 Jul 2014 | 3:08 am
    In its 2013 Annual Report, the Center for Internet Security (CIS), a nonprofit group that works closely with state and local governments, has revealed that last year US airports were targeted by an unnamed nation state in a prolonged Advanced Persistent Threat (APT) campaign. The APT campaign, which was designed to spy on sensitive aviation […] The post Extended APT Campaign Targeted US Airports appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • Ransomware Trojan Delivered via Fake Dropbox Email

    Liora R. Herman
    21 Jul 2014 | 5:10 am
    Cyber attacks on enterprises via Dropbox aren’t new – in fact, we were warning about them last year. However, bad actors routinely adjust their tactics, and this latest ransomware variation is a doozy. As investigated by PhishMe, bad actors are sending ordinary-looking emails that claim to deliver a fax or invoice. However, when victims click […] The post Ransomware Trojan Delivered via Fake Dropbox Email appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • NY Times Article Ushers in the Era of Cloud Computing

    Liora R. Herman
    9 Jul 2014 | 4:38 am
    According to a new article by New York Times journalist Quentin Hardy, the practice of linking and distributing data across multiple machines, and leveraging their collective power to achieve remarkably cost-effective levels of performance, access, speed, and scalability — or more simply put: cloud computing — has now become so prevalent, that it could be […] The post NY Times Article Ushers in the Era of Cloud Computing appeared first on Seculert Blog on Advanced Threats and Cyber Security. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • Rotating and Archiving Logs in JSCAPE MFT Server

    John Carl Villanueva
    23 Jul 2014 | 4:15 pm
    Overview Last week, a client wanted to know if there was a more efficient way of archiving and/or deleting old log files to clear up some storage space on their managed file transfer server. They were currently doing things manually and he understandably wanted to adopt some form of automation. Fortunately, JSCAPE MFT Server offers a solution and we'd like to detail the steps here so that anyone else interested may also follow it. Warning We do not recommended you to delete logs. These can be very important for audit purposes, especially for companies who are subject to regulatory compliance.
  • What is an SSL File Transfer?

    John V.
    19 Jul 2014 | 5:50 pm
    Overview SSL file transfer is a term sometimes used in referring to a secure file transfer protocol known as FTPS or FTP-SSL. FTP is a network protocol used for transferring files, while SSL is a protocol for encrypting information sent over a network. This post is meant to help users understand what FTPS is and what it is capable of doing, particularly in terms of enhancing the security of your file transfers. The term "SSL file transfer" is also used to refer to file transfers using HTTPS, another secure network protocol. However, to keep this post concise, we'll just focus on FTPS.
  • What is an AS2 MDN?

    John Carl Villanueva
    17 Jul 2014 | 3:50 pm
    Overview An MDN is an electronic return receipt which a trading partner can optionally request during an AS2 interchange. The use of MDNs help enforce data integrity and non-repudiation in AS2. In this post, we'll talk more about the value of issuing an AS2 MDN, what options you have when using it, and an overview of the usual configurable MDN settings in a managed file transfer server.  Why use an MDN After transmitting an EDI message to a trading partner, we usually want to confirm whether the message - in all its entirety - actually went through. More so if our EDI (Electronic…
  • Active v.s. Passive FTP Simplified

    John V.
    16 Jul 2014 | 2:10 pm
    When a client experiences problems when connecting to your FTP server, one thing you might want to look into is whether you've set your FTP data transfer mode to either active or passive.  Active and passive are two possible modes that an FTP connection can operate on. Taking into consideration the network configurations and security controls in place, you should choose one mode over the other. But before we discuss which mode is best for what scenario, let's first talk about the basics of these two modes, which can best be explained if we start our discussion with the two channels an…
  • How to Reverse Proxy HTTP In 3 Simple Steps

    John Carl Villanueva
    14 Jul 2014 | 8:48 am
    Overview There may be instances when you'd want external users to access HTTP servers located behind your corporate firewall. A secure way of doing that is by allowing access to those servers through a HTTP reverse proxy. In this short tutorial, we'll show you how this can be achieved using JSCAPE MFT Gateway.  To proceed, first you'll need to download and install an instance of JSCAPE MFT Gateway. Second, you'll have to set it up between an HTTP server and your Internet-based users as shown on Figure 1. Once ready, proceed to Step 1    Figure 1  …
  • add this feed to my.Alltop

    Radware Blog

  • REPORT: State of the Union for Ecommerce Page Speed & Web Performance [Summer 2014]

    Tammy Everts
    22 Jul 2014 | 6:37 am
    Here at Radware, our latest research into the performance and page composition of top retail sites finds that the year-over-year trend toward bigger pages that take longer to load has continued. The median top 100 ecommerce page takes 6.2 seconds to render its primary content, 10.7 seconds to fully load, and weighs in at 1677 KB. The result? The median page takes 27% longer to begin rendering than it did just one year ago. Keep reading to find out how to mitigate the impact of “page bloat” and deliver the best possible user experience to online customers. Click to enlarge In…
  • 6 Types of DDoS Protection for Your Business

    David Monahan
    14 Jul 2014 | 7:55 am
    David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger. DDoS attacks have become commonplace these days.  The offending attackers may be hacktivists, cyber-criminals, and nation states or just about anyone else with an Internet grudge and a PayPal or Bitcoin account.  These attacks themselves often require no technical skill.  Someone with a bone to pick can simply purchase the use of any number of nodes on one or more botnets for an hourly fee (long term rate discounts available); use a Graphical User Interface (GUI) to organize the…
  • Cyber Attacks on Oil and Gas

    David Hobbs
    11 Jul 2014 | 9:11 am
    A few weeks ago, news agencies shared reports on the Energetic Bear attack. This cyber-attack, or rather virus, was reportedly introduced by a Russian hacking group and it targeted oil, gas, power, and energy investment companies. The threatening malware had the ability to shut down major power grids, oil pipelines, gas, and energy traders. Analysts speculate that the attack motive was to gain competitive advantage in state-sponsored espionage against global oil and energy producers. This attack started by hacking into the websites of software companies that provide industrial control…
  • Five Burning Security Issues in Cloud Computing

    Bill Lowry
    20 Jun 2014 | 11:29 am
    As companies accelerate their adoption of cloud technologies – like infrastructure as a service (IaaS) or software as a service (SaaS) – the need for solutions that provide secure access and reliable operations in the cloud increase in importance. Since your data will now reside in several different facilities, with different providers or partners, you now have a new “security perimeter” to monitor and defend. As such, the need to closely evaluate how cloud-based data is protected should be part of the overall security strategy. A top area of concern is defending applications from…
  • A 5 Step Plan on How to Protect Yourself from Cybercrime

    Adrian Crawley
    16 Jun 2014 | 7:14 am
    Recently, I wrote an article for Help Net Security to discuss the modus operandi of cybercriminals and how this can lead to different types of cyber attacks.  While we have previously encountered huge distributed denial of service (DDoS) attacks that appear to come from nowhere and flood the victim’s network security, we have begun to see much more stealth and more sophisticated attacks causing just as much, if not more, damage. In the latest report from the Radware Emergency Response Team (ERT), we tracked the rise of these web stealth attacks.  One of the most common is a…
 
  • add this feed to my.Alltop

    pfSense Setup HQ

  • Replay Attacks and Possible Countermeasures

    maximumdx
    23 Jul 2014 | 2:00 pm
    Replay attacks are a variation on the man-in-the-middle theme. In a replay attack an agent is once again placed within the client/server line of communication. In the case of a replay attack, however, the transaction data is recorded for the express purpose of allowing the data to be modified and replayed to the server at a later time for nefarious purposes. An example of a replay attack is an instance where one party wants to prove their identity to a another party. If a third party eavesdrops on the conversation, they can intercept the password. Once the exchange is over, the eavesdropper…
  • Man-in-the-Middle Attacks

    maximumdx
    22 Jul 2014 | 6:00 am
    Man-in-the-middle attacks are perhaps one of the more complex and sophisticated forms of security breaching approaches. As the name implies, such an attack involves the surreptitious placement of a software agent between the client and server ends of a communication. In this scenario, neither end of the communication is aware that the malicious agent is in the line of communication. For the most part, the man in the middle simply relays the data transmissions between client and server as though nothing is happening. What is generally happening in parallel with this process is that the agent…
  • IP Spoofing and Defenses

    maximumdx
    17 Jul 2014 | 6:00 am
    IP address spoofing is the creation of IP packets with a source IP address with the purpose of concealing the identity of the sender or impersonating another computer system. The basis of spoofing involves masquerading as a trusted system in order to gain unauthorized access to a secure environment. IP spoofing involves modifying data to make it appear to originate from the IP address of a system that is trusted by a server or firewall. Using this approach, a host is able to pass through the IP filtering that would otherwise serve to prevent access. The objective of IP spoofing in most, but…
  • Phishing: Common Variations

    maximumdx
    14 Jul 2014 | 6:00 am
    Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details be masquerading as a trustworthy entity in electronic communications. Communications purporting to be from popular social networking sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting people. A phishing attack is most often initiated with a special type of spam containing a link to a misleading domain name, which appears to be a legitimate site. The e-mail tricks the recipient into visiting the spoofed web site, which…
  • Back Door Attacks

    maximumdx
    8 Jul 2014 | 2:00 pm
    Back Orifice in action. Back door attacks utilize programs that provide a mechanism for entering a system without going through the usual authentication process. This can either take the form of hidden access points intentionally put into an application by the original developers to aid in maintaining and debugging the software which were then left in when the software was installed by customers, or a malicious program that is placed on a system via a virus or other method which opens up the system to unauthorized access. Back Door Attacks: Back Orifice, NetBus and Sub7 A number of back door…
  • add this feed to my.Alltop

    Tips4Tech Blog

  • Does Your Business Conduct Regular Security Audits? Here Are 3 Tips

    Allan Pratt
    15 Jul 2014 | 5:36 pm
    Thanks to the numerous security breaches in the news, the C-suite members of your business should be thinking about regular security audits. While size does matter, the more employees you have and the more data you generate, security audits are critical to the long-term stability of your business. And remember, no one is immune to a data breach. Wondering where to start? Check physical security first. Then work your way in. The simplest way to steal data is to steal the device where it’s stored. You would be surprised by the number of businesses that don’t do the easy things. They…
  • Address Books, Webmail and the Cloud

    Allan Pratt
    9 Jul 2014 | 8:17 pm
    To All businesses Who Use Address Books on Webmail: stop and learn why your data may be at risk. Instead of Webmail, use a third-party email client such as Outlook or Thunderbird. Recently, I was hacked. No one is immune – even those of us in the infosecurity field can get hacked. The situation occurred in an email account that I use for professional correspondence outside of my day job. I have a client in the medical profession who uses Gmail for his email correspondence, and recently, the doctor was hacked. He keeps all of his patient email addresses as well as friends and family in the…
  • Does Your Business Fail the Customer Privacy Test?

    Allan Pratt
    27 Jun 2014 | 10:01 pm
    I had a recent experience where my privacy was compromised, and based on the inaction by the company, I wonder how many experiences I encounter that are not as obvious. I visited a local branch of a national financial institution to make a deposit (yes, I still walk into banks every now and then), and after I gave my endorsed check and deposit slip to the teller, he placed them face down into a clear plastic box that was in front of him. The box was in clear view of the customer opposite him (me). If the next customer did not make a deposit, no papers would go into the box to cover my items.
  • 5 Ways to Prepare for Data Breaches – Before It’s Too Late

    Allan Pratt
    2 Jun 2014 | 8:34 pm
    I read a recent post that has stuck with me. The question raised was how do businesses, especially midsize businesses, budget for insider threats: “Midsize firms simply cannot afford data breaches, no matter what the cause. [But] a company that considers insider threats can take preventive steps. Employees may require access to sensitive information to remain productive, but ensuring that appropriate security steps are taken is KEY to keeping a firm running as smoothly as possible.” While applying policies such as “least privilege” or “implicit deny” may help keep the…
  • Want a Competitive Advantage? Then Protect Your Customers’ Privacy

    Allan Pratt
    22 May 2014 | 8:56 pm
    It seems as if we hear about a major data breach every day, whether it’s a government entity, hospital or other medical institution, or a large retail outlet. Whether the breach occurs due to malware or a lack of external protections, companies are getting sloppy with their data. In today’s highly competitive environment, all companies need to be proactive when it comes to protecting their customers’ confidential data. But the reality is, many companies aren’t proactive. They act as if a data breach won’t happen to them. They aren’t willing to spend the money or allocate the…
  • add this feed to my.Alltop

    blackstratus.com

  • Understanding Cloud Security Models

    Rich Murphy
    22 Jul 2014 | 2:00 am
    When speaking about security and cloud computing, it’s important to distinguish among three separate models for service delivery: public, private and hybrid. Each model represents a different approach to software-as-a-service and can have different security implications. The public cloud — Public cloud service is delivered over the Internet, typically on a pay-per-use model, meaning a business is charged only for the storage it needs. Public cloud models are ideal for small- or medium-sized organizations that prioritize collaboration. Because public cloud service providers rely on…
  • How to Implement Server Virtualization in Your Business

    Rich Murphy
    1 Jul 2014 | 3:00 am
    In a business environment where IT managers are constantly being asked to do more with less, server virtualization represents an easy way to maximize your existing resources. Although server virtualization has gained popularity in recent years, there’s still some confusion about how it works, what the benefits are and how to get started. Let’s take a look at some of the best ways to implement server virtualization in a small or medium sized business environment. What Is Server Virtualization? Server virtualization is a process when a physical server is segmented into a number of…
  • Security and Operational Efficiency

    Rich Murphy
    27 Jun 2014 | 11:47 am
    Too often, IT managers think of their job in terms of striking a balance between institutional security and operational efficiency. The truth is, however, that an agile security posture will be easy and cost-effective to maintain while still providing complete protection of your data, applications and other valuable assets. In fact, the key to efficient, effective security is not necessarily to throw money at the problem, but to prioritize how and when resources are deployed. Some areas to focus on include: User training: Many IT managers assume that users will know how to securely access…
  • 17 Best Practices for Maintaining Data Security in a Business Environment

    Rich Murphy
    9 Jun 2014 | 6:57 am
    No matter what business you’re in, protecting your data from threats and accidental compromises is a critical concern. Several recent high-profile incidents have exposed just how vulnerable retailers, educational facilities, government contractors and other organizations are. According to Forbes Magazine, corporate network security is an over $60 billion industry. However, before you invest in the latest expensive technology, it’s important to plan properly. This will help you make the most of your budget without compromising the level of protection your intellectual property,…
  • Peer-to-Peer Communication Challenges in the Cloud

    BlackStratus
    3 Jun 2014 | 3:00 am
    Security practices have changed significantly in the last decade. It used to be sufficient to set up firewall rules to close the intranet off from the internet. Nowadays, companies rely more and more on cloud services, remote access and peer-to-peer communications. This alone makes maintaining company network much more difficult. Especially, the peer-to-peer software applications are posing significant challenge to a network administrator. In order to be able to exchange packets with the hosts outside as directly as possible they use interesting methods to punch holes in firewalls, which…
 
  • add this feed to my.Alltop

    Milton Security

  • Security Vulnerability May Mean Liability

    Brett Nava-Coulter
    25 Jul 2014 | 12:25 pm
    Getting hacked and losing customer data may mean a humiliating news cycle, diminished consumer confidence and a blow to the bottom line, but it also could lead to class action lawsuits. This week documents were filed  in Louisiana for a consumer privacy class-action suit against eBay. Plaintiff Collin Green, claims that the company failed to secure the private information of it users when it was hacked in February or March of this year. The data breach allowed identity thieves access to customer names, encrypted passwords, email addresses, physical addresses, phone and dates of birth. The…
  • New Malware, Mayhem attacks over 1,400 Web Servers

    Bethany Nolan
    25 Jul 2014 | 10:28 am
    Researchers from Yandex, a Russian internet company that runs the largest search engine in Russia with a 60% market share, have discovered a new malware that is targeting Linux and FreesBSD web servers, turning them in to bots. The malware, dubber “Mayhem”,  has all of the functions of a regular Windows bot, but doesn’t need root access in order to use the web servers.    Mayhem is a malware module that includes a multiple payloads to be used for malicious purposes, and to infect only machines that are not updated with recent security patches or that flat out…
  • Goodwill Investigating Possible Data Breach

    Brett Nava-Coulter
    24 Jul 2014 | 12:19 pm
    Federal investigators  are looking into a possible data breach at Goodwill Industries Inc.  The company announced late Monday night that it had been contacted by a fraud unit who said credit card numbers may have been stolen from Goodwill’s U.S. stores. Currently the company is working with the secret service and fraud investigators to determine whether any data was leaked. Brian Krebs, of Krebsonsecurity.com, is reporting that sources  have identified multiple locations that may have been attacked.  The pattern of fraud on cards recently used at Goodwill locations across 21 states…
  • Wall Street Journal Gets Hacked. Was anything taken?

    Bethany Nolan
    24 Jul 2014 | 10:53 am
    On Tuesday, Dow Jones & Company, an American publishing and financial firm that happens to be the publisher of the Wall Street Journal admitted to a breach of their computer systems that house the news giant’s graphics. Journal officials have said that the affected systems were immediately taken offline in  an attempt to minimize any damage done by the attacker(s).  According to a spokeswoman for the Journal, they “are investigating an incident related to wsj.com’s graphics systems. At this point {they} see no evidence of any impact to Dow Jones customers or customer…
  • Are bots going after nana?

    Brett Nava-Coulter
    23 Jul 2014 | 1:58 pm
    Bad bots want to steal your grandma’s web identity…  at least, for a little while.  The latest hacking scheme ‘borrows’ web traffic from unsuspecting users to make them seem as though they have viewed certain websites or web ads in order to gain revenues from advertisers.   “They’re not going after people with secret military documents,” says Dan Kaminsky, founder of White Ops, “They’re going after grandmothers. They’re going after everyone they can. And we were genuinely curious, why? Why hack Grandma?” Advertisers are desperate to…
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • Firewalls turn 25! But are Firewalls ready to deal with current threats?

    Keyur Shah
    25 Jul 2014 | 10:52 pm
    The very concept of Firewalls came about, when connecting trusted internal network systems to internet systems, resulted in the rapid and catastrophic compromise of vulnerable internal systems. We can refer to the incident of Morris Worm attack in 1988, which leads to think and introduce about First generation firewall. First Firewall was introduce in 1991 and was primarily designed to combat computer viruses and malwares. Over the year, attacks and malwares have become more sophisticated and firewalls have grown with each security breach discovered. Here is a list of security incidents year…
  • Third Party Payment Processors Getting Popular Among SMBs

    Cyberoam
    24 Jul 2014 | 3:06 am
    Those who have interest in the payment card industry’s history and evolution should watch Luke Wilson starrer 2009 Hollywood movie Middle Men. Though it bombed on the box office, the movie isbased on the real life events of one of the pioneers of e-commerce, Christopher Mallick and gives a very vivid description of early days of e-commerce transactions. The biopic also tells that it was porn industry which really kicked-off the whole business of credit card payments. Since then credit card payments have become mainstay of e-commerce. However, with increase in number of online data thefts,…
  • Those who thought Linux was secure…Call to rethink!

    Cyberoam Threat Research Labs
    23 Jul 2014 | 12:34 am
    New Linux Backdoor found. Even Linux Users Need to be Aware! Often Linux is assumed to be more secure, but the recently found malware target the Linux platform in particular. The malware namely Backdoor.Linux.Kiler.A contacts a remote server, identifies itself, and sends system information. It receives control commands to download a file and execute it, execute shell commands, terminate a process, among others. To survive a system reboot, it creates a startup service. The malware can capture various aspects including keystrokes, screen snapshots and more,based on the backdoor’s…
  • Recently pulled down Gameover Zeus botnet,re-emerges!

    Cyberoam Threat Research Labs
    18 Jul 2014 | 5:03 am
    A new improved version Backdoor.Win32.Zeus.GOis being used by attackers this time. Just a month back the after the GameOver Zeus botnet was taken down by seizing servers and disrupting its operations, collectively by of FBI and Europol[1]. And within a span of this time, security researchers from Malcovery have reported a newer and improved variant of malware exhibiting similar traits of theGameoverZeuSbotnet. The newly found variant has been found compromising users’ computers, forming a massive botnet. What’s new? The new variant is named as Backdoor.Win32.Zeus.GO and has been ranked as…
  • Cosmic Duke – MiniDuke APT Trojan+ Cosmo family information stealing threat

    Cyberoam Threat Research Labs
    17 Jul 2014 | 11:29 pm
    A malware has been reported, first of his kinds that includes code from both the notorious MiniDuke APT trojan and another longstanding threat, the information stealing Cosmu family. Malware analysts were surprised to notice that themalicious executable being decompressed and loadedinto memory was very similar to the Cosmu family ofinformation-stealers, which was seenway back in 2001. Trojan.Win32.CosmicDuke.A is a Trojan that targets the Windows platform. This malware steals various data from the infected computer and sends out to a control server. The stolen data include passwords stored by…
  • add this feed to my.Alltop

    SenaTechno ~ Give you knowledge more

  • One Thing You Should Consider for Your Account Security

    Nurdin Budi M.
    4 Jul 2014 | 12:32 pm
    When you open an e-mail, social network, internet banking, shopping or other pages that require you to fill out your account password, it is actually all browsers will store information on your computer.Read more »
  • Journey of Life

    Nurdin Budi M.
    4 Jul 2014 | 12:17 pm
    People find that way of life to be passed is long, but the way it will not seem long if we always have a plan in the course of our lives. Tried everything we have planned and always try, even though the failure will happen, then we will always be given the spirit; because the journey of life to something that is both successful plan and plan failure.Read more »
  • Safe Browsing with Chrome Incognito Mode

    Nurdin Budi M.
    4 Jul 2014 | 12:10 pm
    When you browse the internet using someone else's computer, you should be careful; don't forget to sign out of your account, remove cookies or remove website history; because information was left behind can be used by people who are not responsible.Read more »
  • When Social Media is Used Properly

    Nurdin Budi M.
    20 Jun 2014 | 2:52 am
    When something becomes a big thing as social media Facebook, Twitter, Linkedin, Google+, Forsquare and many more, it will be a lot of exposure to negative things that seemed to illustrate that social media not useful for a positive life.Read more »
  • Content is The Best Marketing Ever

    Nurdin Budi M.
    18 Jun 2014 | 10:25 am
    Many ways taken by providers of information on the internet to increase its website traffic; they use all means in order that the desired can be immediately achieved; It doesn't matter whether it's negative or positive ways; and they forget that the essence is actually to be done into oblivion. I also did the same thing and I regret using the wrong way.Read more »
 
Log in