Network Security

  • Most Topular Stories

  • TorLocker ransomware variant designed to target Japanese users

    symantec.com
    Symantec Security Response
    15 Dec 2014 | 12:27 pm
    New file-encrypting ransomware variant is the first to specifically target Japanese users. Twitter Card Style:  summary Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese. read more
  • 4 dangerous methods used by hackers that may turn your Christmas into hell

    Spyware news
    15 Dec 2014 | 6:23 am
    Christmas is just around the corner, so we believe that there are thousands of people who are surfing thru online stores right know. If you are also one of those who are looking for presents that could please their darling ones, then you should do this very carefully. Believe us, we say so for a […]
  • The 10 POS malware families this holiday season

    Latest articles from SC Magazine
    SC Magazine
    19 Dec 2014 | 2:31 am
    This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.
  • MySQL Data Types

    TutorialsLodge
    Chimezie Michael
    15 Dec 2014 | 12:21 am
    We will be looking at some MySQL data types. The VARCHAR Data Type Varchar stands for VARi-able length CHARacter string and the command takes a numeric value that tells MySQLRead More → The post MySQL Data Types appeared first on TutorialsLodge.
  • Knowledge as a Defense Against Malware

    Tenable Network Security Blog
    Ken Bechtel
    11 Dec 2014 | 7:00 am
    Team Anti-Virus, an independent group of anti-virus researchers, published Ten Rules of Common Sense Computing and Virus Defense ten years ago to help educate network security personnel, end users, and the gener
 
 
  • add this feed to my.Alltop

    Tenable Network Security Blog

  • Auditing Red Hat Enterprise Virtualization (RHEV) with Nessus v6

    Mehul Revankar
    16 Dec 2014 | 6:00 am
    There was a time in early 2000 when the word "virtualization" was synonymous with VMware, and rightly so. After all, VMware started the second coming of this revolutionary technology after IBM.
  • Make 2015 a Breach-Free Year

    Eileen Bator
    15 Dec 2014 | 6:15 am
    With 2014 drawing to a close and the New Year almost upon us, it’s the perfect time to reflect on this year’s security events and to plan for changes in 2015.
  • Knowledge as a Defense Against Malware

    Ken Bechtel
    11 Dec 2014 | 7:00 am
    Team Anti-Virus, an independent group of anti-virus researchers, published Ten Rules of Common Sense Computing and Virus Defense ten years ago to help educate network security personnel, end users, and the gener
  • Auditing NoSQL Databases (MongoDB) with Nessus v6

    Mehul Revankar
    9 Dec 2014 | 7:00 am
    To SQL or NoSQL is the big debate among database experts these days. Both types of databases have fundamentally different architectures and support different use cases; hence, they have different pros and cons.
  • The Five Stages of Security Grief


    Gavin Millard
    8 Dec 2014 | 5:58 am
    Gavin Millard is featured in the December 2014 issue of (IN)SECURE magazine for his lead article on The Five Stages of Security Grief.
 
  • add this feed to my.Alltop

    TaoSecurity

  • Nothing Is Perfectly Secure

    5 Dec 2014 | 1:59 pm
    Recently a blog reader asked to enlist my help. He said his colleagues have been arguing in favor of building perfectly secure systems. He replied that you still need the capability to detect and respond to intrusions. The reader wanted to know my thoughts.I believe that building perfectly secure systems is impossible. No one has ever been able to do it, and no one ever will.Preventing intrusions is a laudable goal, but I think security is only as sound as one's ability to validate that the system is trustworthy. Trusted != trustworthy.Even if you only wanted to make sure your "secure"…
  • Bejtlich on Fox Business Discussing Recent Hacks

    2 Dec 2014 | 6:04 pm
    I appeared on Fox Business (video) today to discuss a wide variety of hacking topics. It's been a busy week. Liz Claman and David Asman ask for my perspective on who is responsible, why the FBI is warning about destructive malware, how the military should respond, what businesses can do about intrusions, and more. All of these subjects deserve attention, but I tried to say what I could in the time available.For more on these and other topics, don't miss the annual Mandiant year-in-review Webinar, Wednesday at 2 pm ET. Register here. I look forward to joining Kristen Verderame and Kelly…
  • Response to "Can a CISO Serve Jail Time?"

    17 Nov 2014 | 8:30 am
    I just read a story titled Can a CISO Serve Jail Time? Having been Chief Security Officer (CSO) of Mandiant prior to the FireEye acquisition, I thought I would share my thoughts on this question.In brief, being a CISO or CSO is a tough job. Attempts to criminalize CSOs would destroy the profession.Security is one of the few roles where global, distributed opponents routinely conduct criminal acts against business operations. Depending on the enterprise, the offenders could be nation state adversaries largely beyond the reach of any party, to include the nation state hosting the…
  • Thank You for the Review and Inclusion in Cybersecurity Canon

    10 Nov 2014 | 2:27 pm
    I just read The Cybersecurity Canon: The Practice of Network Security Monitoring at the Palo Alto Networks blog. Rick Howard, their CSO, wrote the post, which marks the inclusion of my fourth book in Palo Alto's Cybersecurity Canon. According to the company's description, the Canon is:a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete.The Canon candidates include both fiction and…
  • We Need More Than Penetration Testing

    16 Sep 2014 | 9:47 am
    Last week I read an article titled  People too trusting when it comes to their cybersecurity, experts say by Roy Wenzl of The Wichita Eagle. The following caught my eye and prompted this post:[Connor] Brewer is a 19-year-old sophomore at Butler Community College, a self-described loner and tech geek...Today he’s what technologists call a white-hat hacker, hacking legally for companies that pay to find their own security holes. When Bill Young, Butler’s chief information security officer, went looking for a white-hat hacker, he hired Brewer, though Brewer has yet to complete…
 
  • add this feed to my.Alltop

    Spyware news

  • 4 dangerous methods used by hackers that may turn your Christmas into hell

    15 Dec 2014 | 6:23 am
    Christmas is just around the corner, so we believe that there are thousands of people who are surfing thru online stores right know. If you are also one of those who are looking for presents that could please their darling ones, then you should do this very carefully. Believe us, we say so for a […]
  • ESET joins Facebook to help it in a fight against malware

    4 Dec 2014 | 6:08 am
    Anti-malware protection is a seriously important thing that was underestimated for years. If you have also been thinking that antivirus is the only tool that you need for keeping your PC safe, you were wrong. In reality, there are lots of viruses that can be eliminated only with a help of anti-malware.. The importance of […]
  • Using expired anti-spyware can be as dangerous as having no anti-spyware!

    21 Nov 2014 | 5:54 am
    We have been saying for ages that you should always keep your anti-spyware up-to-date. No matter how insignificant it seems, it can easily save your time that you might need when trying to fix your infected computer. Of course, money is also a great factor because there are lots of viruses that can’t be eliminated […]
  • What is FBI Android virus and how to get rid of it?

    2-spyware.com
    6 Nov 2014 | 12:52 am
    If you have ever been infected with FBI virus, you will definitely know how serious this infections is. For those who have never heard about it we must say that FBI virus is a dangerous cyber threat that was released several years ago. It was labeled as ransomware because it seeks to trick people into […]
  • Critical Windows vulnerability is used to spread Sandworm malware

    16 Oct 2014 | 6:23 am
    One day it’s Shellshock, the other day it’s Sandworm. What should you know about this malware that was announced with fanfare several days ago? ISIGHT, the company that discovered this virus, says that Sandworm relies on a Windows zero-day vulnerability that is known as CVE-2014-4114. Fortunately, Microsoft patched this vulnerability in October, 2014. It has also been […]
  • add this feed to my.Alltop

    Uncommon Sense Security

  • About that Herbie Hancock book

    16 Dec 2014 | 5:54 pm
    The first Hancock story I mentioned last week is the opening story in his new book.  He tells the story better than I do. I’m not far into the audiobook, but I wanted to hear a bit of it the other day between chapters of Kim Zetter’s new(ish) book on Stuxnet.  That one is good, too- Zetter balances making the story approachable to non-techies with detail enough to keep those with some knowledge of the events engaged.  Unfortunately, the audiobook version means I don’t have access to the extensive footnotes unless I buy a print copy, too- but I spend enough time on the…
  • Computers are efficient. And other lies.

    16 Dec 2014 | 3:07 am
    Sometimes stuff gets put into perspective.  With force. I was recently reminded of a few things which happened several months ago while I was visiting friends in hospitals (this happens more and more as you get old- or they are visiting you). All events occurred at large, modern facilities- the kind with computers in every patient room plus roving computer carts, and all the patient info readily available to authorized personnel.  Of course, by “all” I mean “all information which has already been entered into the right systems”, which leads to my first observation. Hanging…
  • The other Herbie Hancock story

    12 Dec 2014 | 3:10 am
    Herbie Hancock’s other story As promised, the second lesson from Herbie Hancock’s interview a couple of weeks ago. Hancock was asked about the ease of musical creation and experimentation with modern computers and electronics. Not surprisingly, he loves the lower barrier to entry and the ease of experimentation- especially compared to the amazing lengths required for electronic musical experimentation in his early days. Then he said something striking, he talked about having to learn all of the old ways, the basics, the fundamentals- and then having to unlearn them to get the most out of…
  • Herbie Hancock Stories

    11 Dec 2014 | 3:07 am
    Herbie Hancock After the horror of faux country bubblegum abuse of “Crazy” I saw part of an interview with Herbie Hancock, it more than made up for the horror. Hancock has a new book out, “Possibilities”. I haven’t read it yet, but it is in my Audible queue for my next road trip. Based on the interview I heard, I’m really looking forward to hearing the book in his own voice. Miles Davis  The first story came from the days when Hancock played with the great Miles Davis. During one show Herbie played an obviously wrong chord, and he was mortified at his mistake. Miles’…
  • Manual labor and the horrors of television

    10 Dec 2014 | 2:42 am
    Are you either of the people shown above?  If not, please don’t try to sing “Crazy”. The past several weekends have involved a fair amount of manual labor, which has reminded me how happy I am that I don’t do that kind of thing for a living anymore. On one of my beer breaks I flipped on the TV to see what horrors it held for me, and I was reward with one horror, and a couple of great stories. First, the horror: Someone who was neither Patsy Cline nor Willie Nelson was attempting to sing “Crazy” on what passes for country music TV. It was pathetic. (Patsy Cline made that song…
  • add this feed to my.Alltop

    Schneier on Security

  • Friday Squid Blogging: Squid Beard

    schneier
    19 Dec 2014 | 2:04 pm
    Impressive. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
  • Lessons from the Sony Hack

    schneier
    19 Dec 2014 | 10:44 am
    Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment's computer systems and began revealing many of the Hollywood studio's best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama's presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned…
  • SS7 Vulnerabilities

    schneier
    19 Dec 2014 | 4:41 am
    There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network. Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is…
  • ISIS Cyberattacks

    schneier
    18 Dec 2014 | 8:07 am
    Citizen Lab has a new report on a probable ISIS-launched cyberattack: This report describes a malware attack with circumstantial links to the Islamic State in Iraq and Syria. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise. A Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS) was recently targeted in a customized digital attack designed to unmask their location. The Syrian group, Raqqah is being Slaughtered Silently (RSS), focuses its advocacy on documenting human rights abuses by…
  • The Limits of Police Subterfuge

    schneier
    18 Dec 2014 | 4:57 am
    "The next time you call for assistance because the Internet service in your home is not working, the 'technician' who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and -- ­when he shows up at your door, impersonating a technician­ -- let him in. He will walk through each room of your house, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to…
 
  • add this feed to my.Alltop

    Security Uncorked

  • InfoSec Life Lessons from Dr. Seuss- keynote debut and BruCon

    jj
    3 Dec 2014 | 4:56 pm
    Recently I had the pleasure of unveiling my new keynote, “InfoSec Life Lessons from Dr. Seuss” at the BruCon conference hosted each year in Gent, Belgium. The event is absolutely amazing, extremely well-managed, features some of the best speakers, and offers actionable content. The energy and collaboration was off the charts and I would highly recommend any colleagues to attend this conference if given the opportunity. The opportunity to share a new message was a key point of my excitement at this conference. For the first time, I stepped completely outside of my comfort zone of…
  • JJ’s Top 10 Reasons to Vote in (ISC)2 Elections

    jj
    28 Nov 2014 | 6:06 pm
    Each year we go through the same cycle of love and hate during the annual (ISC)2 Board of Directors elections. Across the social media worlds, the apathy and frustration come head-to-head with excitement and hope. Disenfranchised members ask “why vote?” and “who cares?”, or make comments about how “nothing will change”. The more engaged crowd, led by hope and motivated by incremental change pushes for engagement and participation. I don’t know about you, but I was in the former before joining the Board myself. From the outside looking in, things…
  • Give Back: Volunteer Training for Safe and Secure Online in NC December 2nd

    jj
    28 Nov 2014 | 5:00 pm
    As a Board Member of not just (ISC)2, but also of the (ISC)2 Foundation, I’m very excited to share that (ISC)2 is offering a live, in-person Safe and Secure Online Volunteer Training right here in North Carolina on Tuesday, December 2nd. The training runs from 11am-2pm with a break for lunch. It’s definitely worth the drive from Greensboro, Winston-Salem, Raleigh, Sanford, Durham and even Charlotte and Greenville. These live trainings are typically only offered at large industry events such as the RSA Conference and Security Congress. As the event description notes, it really is a…
  • Calling Bull$#** on Women in Infosec

    jj
    25 Feb 2014 | 6:11 pm
    Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof).  Hang tight for that one – the why – that’s coming in my next post. Let me start by saying I haven’t read anyone else’s rants or posts on this topic recently. I don’t want to; they usually infuriate me. From my…
  • JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

    jj
    21 Feb 2014 | 7:20 pm
    Hey everyone, I know I’m a little behind getting my RSA Conference updates out, but, well, s#!7 happens! I hope you’ll accept my better-late-than-never post letting you know where I’ll be during this year’s RSA festivities. This year, be sure to check out the Neuro-hacking 101 session I’m presenting with Mike Rothman. I think it’s safe to say it’s one of the first (if not the only) of it’s kind for an infosec conference. Also, be sure to catch this year’s NAC P2P session. It always fill up quickly and this year we have a new twist. My…
  • add this feed to my.Alltop

    Infosec Events

  • Week 49 In Review – 2014

    md
    19 Dec 2014 | 10:50 am
    Resources Using PowerShell for Client Side Attacks – abofapenetrationtester.com This blog post details everything that Nikhil Mittal spoke about at DeepSec plus much more. With this blog post, a newer version of Nishang with “Client” category of attacks is also being released. Lets have a look at the scripts one-by-one. Operation Cleaver – cylance.com The Operation Cleaver report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries. Cylance report unveils the tactics,…
  • Information Security Events For December

    sheila
    1 Dec 2014 | 9:06 pm
    Here are information security events in North America this month:   CISO Executive Summit Pittsburgh : December 2 in Pittsburgh, PA, USA   CISO Executive Summit San Francisco : December 2 in San Francisco, CA, USA   CISO Executive Summit New Jersey : December 2 in New Jersey, USA   IEEE International Workshop on Information Forensics and Security (WIFS) : Deember 3 to 5 in Atlanta, Georgia, USA   SANS Healthcare Cyber Security Summit : December 3 to 4 in San Francisco, CA, USA   CISO Executive Summit Chicago : December 3 in Chicago, IL, USA   Annual Computer…
  • Week 48 In Review – 2014

    md
    1 Dec 2014 | 10:45 am
    Resources Cyberspectrum: Bay Area Software Defined Radio #1 (Nov 2014) HD – youtube.com A video of DSP topics relevant to implementation of simple software-defined radios. Focuses on visual explanations of fundamental manipulations of digital signals, including analytic signals, frequency shifting, sampling rates, filtering, and the discrete Fourier transform. Tools HDD firmware tools – github.com This repository contains tools for HDD firmware extraction. Tools for viewing and extracting HDD firmware files. Techniques Magnitude Exploit Kit Backend Infrastructure Insight – Part…
  • Week 47 In Review – 2014

    md
    24 Nov 2014 | 12:00 pm
    Resources SHack3rcon 5 Videos – irongeek.com Here are the videos from Hack3rcon^5. You can watch and download the videos from here. Let’s Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools – motherboard.vice.com Last August, at Defcon, the hacker conference in Las Vegas, engineer and security researcher named Michael Ossmann stood on the stage of a lecture hall, about to detail a stunning new set of tools designed for spying on a wealth of electronic devices. He explained to the audience just how he had engineered the kind of surveillance devices that, six months earlier,…
  • Week 46 In Review – 2014

    md
    17 Nov 2014 | 11:02 am
    Events Related Amazon Fire Phone, iPhone, Nexus 5, Samsung S5 All Popped At Mobile Pwn2Own – forbes.com A slew of the world’s most popular smartphones have been prized open at the Mobile Pwn2Own hacking contest in Tokyo, Japan this week. Hosted by the HP Zero Day Initiative, the competition offered up big cash prizes for those who could successfully show off their exploits and a handful whitehats managed to break security protections on the Amazon Fire Phone, iPhone 5S, LG Nexus 5 and the Samsung S5. HP TippingPoint + Mobile Pwn2Own = Zero Day Filter Protection – h30499.www3.hp.com HP…
  • add this feed to my.Alltop

    Security Catalyst

  • Catalyst Weekly Rewind (Dec 15) – preparing for improvement

    Michael Santarcangelo
    15 Dec 2014 | 7:36 am
    Was last week so awesome you want to live it again? Or maybe you’d prefer a do-over. Let’s rewind. Start this week off right by taking a moment to review the best of last week. This is a quick listing of what I published, the articles I curated, and then some insights about where I’m focusing energy. I always welcome the opportunity to connect over good conversation. Have a great week. Go own it! Quote of the week The function of leadership is to produce more leaders, not more followers. ― Ralph Nader Created: published last week The theme of the articles shared last week seems…
  • Catalyst Weekly Rewind (Dec 8) – are you really telling stories?

    Michael Santarcangelo
    8 Dec 2014 | 4:19 am
    Was last week so awesome you want to live it again? Or maybe you’d prefer a do-over. Let’s rewind. Start this week off right by taking a moment to review the best of last week. This is a quick listing of what I published, the articles I curated, and then some insights about where I’m focusing energy. I always welcome the opportunity to connect over good conversation. Have a great week. Go own it! Quote of the week Everyone you meet has something to teach you. Created: What I published this week LinkedIn: 3 basic elements every good story needs CSO: Which security story are you telling?
  • Catalyst Weekly Rewind (Dec 1) – two sides of human kindness

    Michael Santarcangelo
    1 Dec 2014 | 7:20 am
    Did you get a chance to read what I created and curated last week? The weekly rewind is a brief look at last week — the work I published, articles I curated, and insights in where I’m focusing some energy — all in one place. A few of the curated articles (on Friday) really stood out to me; definitely worth a read. I always welcome the opportunity to connect over good conversation. Have a great week. Quote of the week Believe everyone has something they can teach you to make your life better. Created: What I published this week I took the week to enjoy time with family –…
  • Catalyst Weekly Rewind (Nov 24) – more value, less time

    Michael Santarcangelo
    24 Nov 2014 | 4:23 am
    Did you get a chance to read what I created and curated last week? The weekly rewind is a brief look at last week — the work I published, articles I curated, and insights in where I’m focusing some energy — all in one place. A few of the curated articles (on Friday) really stood out to me; definitely worth a read. I always welcome the opportunity to connect over good conversation. Have a great week. Quote of the week “The chains of habit are generally too small to be felt until they are too strong to be easily broken.” -Samuel Johnson Created: What I published this week…
  • Catalyst Weekly Rewind – Value in time and passwords

    Michael Santarcangelo
    17 Nov 2014 | 6:53 am
    As we start another week, take a moment to pause, rewind, and replay the highlights from last week. This captures the work I published, elements I shared, and offers some insights in where I’m focusing some energy. Connection, context, and conversation are encouraged! Quote of the week This week I came across a word that really resonated with me: meraki: (verb) do something with soul, creativity, or love; to put something of yourself into your work I hope you get to experience some this week! Created: What I published this week To increase value, you need to know what your time is really…
 
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Monthly Blog Round-Up – November 2014

    1 Dec 2014 | 8:50 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Donn Parker’s “Risks of Risk-Based Security” Summarized”, an old blog post from 2009, somehow made it to my top list this month. A mystery! “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described…
  • Links for 2014-11-12 [del.icio.us]

    Anton Chuvakin
    13 Nov 2014 | 12:00 am
    How Enterprises Can Get The Most From Threat Intelligence
  • Monthly Blog Round-Up – October 2014

    1 Nov 2014 | 11:11 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the…
  • Links for 2014-10-06 [del.icio.us]

    Anton Chuvakin
    7 Oct 2014 | 12:00 am
    How a bank knows it has been hacked | Marketplace.org
  • Monthly Blog Round-Up – September 2014

    1 Oct 2014 | 8:20 am
    Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list. “Top 10…
  • add this feed to my.Alltop

    Security Blog

  • The 2014 Data [In]Security Hall of Fame

    kevin.thompson
    18 Dec 2014 | 7:36 am
    Ahh the holidays. A time when we think about goodwill towards our fellow man, exchanging gifts, and of course making lists! All the good boys and girls know that one of our projects here at Verizon Security Labs is the VERIS Community Database (VCDB), a free repository of breach incident data available to the public. As we go through the year adding cases to the dataset, we mark some of them as being “Hall of Fame” (HOF) candidates. So this year, instead of making yet another set of predictions of what to expect in 2015, we decided to review our nominees for the 2014 Data Security Hall of…
  • Weekly Intelligence Summary Lead Paragraph: 2014-12-12

    dkennedy
    16 Dec 2014 | 7:37 am
    Let’s get Sony out of the way first.  There has been no significant new actionable intelligence gathered regarding this breach.  The folks at Risk Based Security have an excellent timeline of the Sony Pictures breach that’s full of details, some analysis and no hyperbole. Collections from Symantec and Bluecoat provided significant new intel about Destover malware.  We collected thoughtful analyses of the Sony Breach from Scott Terban’s Krypt3ia blog and from the opinion piece by Ira Winkler and Araceli Gomes opinion IDG publications.  In the rest of the world, InfoSec risk continued…
  • I Made a Million Models

    Gabe Bassett
    15 Dec 2014 | 5:54 am
    1 million, 185 thousand, 960 to be specific.  But let’s back up. The Setup The common thought is that to be able to wield machine learning models, you need three things: deep domain expertise rigorous scientific and statistical acumen technical computer skills The idea is that someone will use their deep domain expertise to hypothesis combinations features which can predict the desired variables.  They will then identify appropriate models to do so based on the features and the underlying data.  Finally, they will use their technical skills to train the model in some language such…
  • Making Informed Decisions by Using Meaningful Security Metrics

    Rafeeq Rehman
    12 Dec 2014 | 8:05 am
    While security metrics are used in a number of ways, the ultimate purpose of security metrics is to support the decision-making process. Making informed decisions is key to effectively manage information security risk. Every year Verizon publishes the Data Breach Investigations Report (DBIR) to help business do exactly that: Make informed decisions based upon real data analysis. The DBIR is a great tool to understand the current state of information security on a strategic level. However, every organization must have a mechanism to measure its own “state of security” on an ongoing basis…
  • When is an Intelligence Feed Record New?

    Gabe Bassett
    4 Dec 2014 | 10:28 am
    A common question we grapple with when evaluating intelligence feeds is “If I see the same observable twice, what does it mean?”  This is probably, actually, two questions in one: “Is my feed sending me the same observation multiple times?” and “Is the second observation an observation of a single incident or a new incident?” These are both tough questions to answer.  In the first case, the intelligence feed may not provide any indicator of uniqueness per record making it impossible to immediately tell if it is a duplicate or not.  The second question is…
 
  • add this feed to my.Alltop

    symantec.com

  • Mobile spyware makers are on shaky ground as the law begins to catch up with them

    Laura O'Brien
    18 Dec 2014 | 5:58 am
    Mobile spyware authors market their products as legitimate, but the software’s secretive nature give stalkers, thieves, and abusive partners the means to spy on their victims’ every move. Twitter Card Style:  summary read more
  • Malicious links: Spammers change malware delivery tactics

    Jo Hurcombe
    16 Dec 2014 | 7:06 am
    Significant spike in malicious spam emails containing links, as attackers move away from attachments in their efforts to spread Downloader.Ponik and Downloader.Upatre. Twitter Card Style:  summary Contributor: Satnam Narang  read more
  • TorLocker ransomware variant designed to target Japanese users

    Symantec Security Response
    15 Dec 2014 | 12:27 pm
    New file-encrypting ransomware variant is the first to specifically target Japanese users. Twitter Card Style:  summary Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese. read more
  • Underground black market: Thriving trade in stolen data, malware, and attack services

    Candid Wueest
    10 Dec 2014 | 3:49 am
    The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of other illegal goods and services has remained stable. Twitter Card Style:  summary_large_image read more
  • Microsoft Patch Tuesday – December 2014

    PraveenSingh
    9 Dec 2014 | 12:08 pm
    This month the vendor is releasing seven bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated 'Critical'. Twitter Card Style:  summary read more
  • add this feed to my.Alltop

    Optimal Security

  • Infosec Haiku

    Chris Merritt
    21 Dec 2014 | 8:39 am
    Anata no joho sekyuritei konshu no haiku Sony Hack Is Called “Snowdon for Corporations” This 5h1t Just Got Real   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • Infosec Haiku

    Chris Merritt
    21 Dec 2014 | 8:39 am
    Anata no joho sekyuritei konshu no haiku Cyberattacks on Physical Plants Are Scary! Iron Works Knocked Out   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, I’ll send you a $20 Starbux card. Please DM me at infosec-haiku@lumension.com. Contest Rules: all rulings by the judge (me) are final, blah blah blah.
  • IT Security Budgets, Destructive Malware and Software Vulns – A 2015 Sneak Peek

    Chris Merritt
    17 Dec 2014 | 1:56 pm
    Even non-security news outlets and bloggers have been writing about 2014 as the year of the mega breach. And for good reason, when you consider cyber criminals’ attacks on Target, JP Morgan, Home Depot and most recently of course, Sony Pictures. Regardless of your opinion on how Sony has handled the breach to-date, no one wants to walk in their shoes. While many significant data breaches occurred in 2014 – and all of them momentous for the organizations, their customers, employees and others that were impacted – the breaches yielding the biggest headlines are those previously…
  • SoakSoak malware hits over 100,000 WordPress websites

    Graham Cluley
    15 Dec 2014 | 8:29 am
    Do you run WordPress on your website?  If so, you’re in good company. Around 19% of the world’s websites are thought to run WordPress, which is even more astonishing when you consider that many sites don’t have any content management system at all. And although running your own self-hosted version of WordPress (as opposed to using the technology at WordPress.com) has many benefits, there are security issues that must always be borne in mind as well. Such as the need to take great care about what third-party WordPress plugins you install.  You need to be confident that the…
  • Problems for Windows 7 and Exchange users as Microsoft warns of buggy security patches

    Graham Cluley
    14 Dec 2014 | 3:44 pm
    On the second Tuesday of every month, regular as clockwork, Microsoft issues security fixes for users of its software – protecting against newly discovered vulnerabilities and bugs. And normally, the advice is to roll them out across your enterprise at your earliest opportunity – particularly in the case of the most serious critical security patches, which could be exploited by malicious hackers to spread a worm or compromise computer systems without the users’ knowledge. In the crudest terms, it’s in Microsoft’s interest for your company to keep itself patched. …
 
  • add this feed to my.Alltop

    TRUSTe Blog

  • Article by TRUSTe’s Joanne Furtsch in IAPP’s ‘Top 10 Privacy Law Stories of 2014′

    kfreeman
    19 Dec 2014 | 10:00 am
    The IAPP’s list of “Top 10 Privacy Law Stories of 2014″ includes an article by TRUSTe’s Director of Product Joanne Furtsch. The author of the IAPP post, IAPP Knowledge Manager Emily Leach, CIPP, writes, “Privacy + law. Some may see good potential for a snooze fest there, but this year’s top Privacy Tracker stories will … Continue reading »
  • New Research into Awareness of OBA Icon in Europe

    lgradman
    18 Dec 2014 | 1:05 am
    Eleanor Treharne-Jones, CIPP/E  Director of Global Communications & EU Marketing A new online study commissioned by the European Interactive Digital Advertising Alliance (EDAA) and TRUSTe, has revealed that awareness of an icon aimed at providing greater transparency and control over behavioural advertising has doubled in Great Britain and in just two years the EU Self-Regulatory … Continue reading »
  • Meet TRUSTe: Josh Harris, Director of Policy

    kfreeman
    17 Dec 2014 | 9:00 am
    In our latest series, “Meet TRUSTe” you’ll be introduced to a TRUSTe employee every week and get an inside look at the talented, knowledgeable and friendly people who work at TRUSTe.  Name: Josh Harris Job title: Director of Policy How long have you worked at TRUSTe?: Nearly three months Location: I work out of the D.C. office and visit … Continue reading »
  • TRUSTe CEO Chris Babel’s Keynote from Pii Conference

    kfreeman
    16 Dec 2014 | 10:30 am
    TRUSTe’s CEO Chris Babel spoke at the Privacy Identity Innovation (Pii) event on Nov. 13 in Silicon Valley. This recently released video shows Chris’ keynote presentation at the event where he touches on the history of TRUSTe and how privacy has evolved during the past 17 years since TRUSTe was founded. Watch the video below … Continue reading »
  • Privacy Priorities in 2015 – Privacy Investment on the Rise?

    lgradman
    11 Dec 2014 | 7:30 am
    According the latest research commissioned by TRUSTe, companies are currently investing millions in privacy. As the number of data breaches in the U.S. reached new heights in 2014, companies are making privacy a company-wide priority to build trust with their consumers and alleviate compliance and brand risks. An independent survey commissioned by TRUSTe of 200 … Continue reading »
  • add this feed to my.Alltop

    Networking

  • Many Ways to Learn About Wi-Fi

    17 Dec 2014 | 4:43 am
    Even those of us who do Wi-Fi for a living have to stay on our toes as technology, trends, and use cases change at a dizzying pace in the wireless world. Whether you are just getting started in wireless or need to stay current, there are lots of ways to further your WLAN knowledge
  • Look Beyond The Big-Box Store For Your Home Network Upgrade

    8 Dec 2014 | 7:36 am
    When it's time to get a new wireless router at home, the convenience of driving to the local mall and grabbing what's on the shelf can't be denied. But if you limit yourself to the same old stores and the brands they carry, you might be missing out on value and features.
  • Is It Time To Upgrade Your Home or SMB Wireless Router?

    4 Dec 2014 | 1:35 pm
    With so many new and recent Wi-Fi devices introduced to the market, it's easy to have dozens of connections even on a home network. But while we add ever more gadgets to the wireless mix, it's easy to forget about the most important component.
  • Tis the Season... For Wi-Fi Streaming And Display Mirroring Frustrations

    1 Dec 2014 | 6:10 am
    There are a growing number of slick content streaming and display mirroring devices available at compelling price points. But what works wonderfully at home may be maddening to try to use at work. Understanding why can help keep the peace for all involved.
  • Let A Pineapple Teach You About Wireless Networking

    19 Nov 2014 | 4:00 am
    A low-cost gadget called the Wi-Fi Pineapple has an incredible amount of teach potential packed under the hood if you want to learn about WLAN from a number of angles.
 
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • ICANN: 'Most Critical' Systems Not Affected in Recent Breach

    Mike Lennon
    21 Dec 2014 | 5:56 pm
    On Dec. 16, Internet Corporation for Assigned Names and Numbers (ICANN) said it fell victim to a spear phishing attack that resulted in email credentials of several ICANN staff being compromised. read more
  • Obama Says Sony Hack Was Not 'An Act of War'

    AFP
    21 Dec 2014 | 10:53 am
    North Korea's alleged hack of Sony Pictures was not an act of war, President Barack Obama said in an interview aired Sunday that appeared aimed at keeping a lid on simmering tensions with Pyongyang. read more
  • US Asked for China's Help on North Korea Cyberattacks: Official

    AFP
    20 Dec 2014 | 5:13 pm
    The United States has asked China to help block cyber attacks from North Korea as it weighs a response to the crippling hack of Sony Pictures, a US official said Saturday. "We have discussed this issue with the Chinese to share information, express our concerns about this attack and to ask for their cooperation," a senior US administration official told AFP. read more
  • North Korea Proposes Joint Probe With US Into Sony Cyber Attack

    AFP
    20 Dec 2014 | 8:29 am
    North Korea called Saturday for a joint investigation with the US into a crippling cyber attack on Sony Pictures, denouncing Washington's "slandering" after President Barack Obama warned Pyongyang of retaliation. read more
  • Staples Finds PoS Malware in 115 Stores; 1.16 Million Payment Cards Affected

    Mike Lennon
    19 Dec 2014 | 3:34 pm
    Office supply giant Staples said on Friday that point-of-sale (PoS) systems at 115 of its more than 1,400 U.S. retail stores were infected by malware as a result of a recently discovered data breach. read more
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • Network Security For Dummies -- eBook (usually $22.99) FREE until January 1st!

    19 Dec 2014 | 12:00 am
    CNN is reporting that a vicious new virus is wreaking havoc on the world’s computer networks. Somebody’s hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that’s got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against…
  • Beyond Security: Biometric Banking in 2015 and Ahead

    19 Dec 2014 | 12:00 am
    Security breaches, fraud, and identity theft threaten banks and their customers. As new technologies emerge and thieves become more sophisticated, banks must update their security practices.Banks around the world are already adopting biometrics to fortify security. In 2015 and beyond, more of them will use biometrics to exploit business opportunities including entering new markets and offering new or enhanced services.This white paper presents some of the common implementation challenges banks face and best practices for overcoming those challenges. It also explains how biometrics can improve…
  • The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

    15 Dec 2014 | 12:50 pm
    The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.The following kit contents will help you get the most out of your Information Security research:PC Security Handbook - 2nd EditionDefending Against Network Based DDoS AttacksService & Security Agility Strategies for SDN & NFV NetworksThree Ways Companies Can Avoid DDoS AttacksRequest Free!
  • Grnde zur Vergabe einer vereinheitlichten Identitt an Insider

    12 Dec 2014 | 12:00 am
    Auf der Liste der acht bedeutendsten Bedrohungen in Sachen Internetsicherheit für das Jahr 2013 führt Forbes interne Bedrohungen unter Beachtung interner Angriffe auf Basis des Schadens, den privilegierte Benutzer verursachen, sowie die Art von Daten, zu denen diese Zugang haben, auf Platz 3 “der Verheerendsten” an. Es ist von äußerster Wichtigkeit, dass Führungskräfte und IT-Richtlinienbeauftragte die Gefahr böswilliger Insider, eine gestiegene Angriffsoberfläche und das Potenzial für durch Angestellte verursachte Fehler durch Bedrohungen oder Fahrlässigkeit erkennen und…
  • Proven Practices for Securing Your Website Against DDoS Attacks

    11 Dec 2014 | 12:00 am
    Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand!Request Free!
  • add this feed to my.Alltop

    IT-Security

  • The Long Arm of the Law: State Breach Notification Rules Creating Additional Headaches for Healthcare Organizations

    Bob Chaput
    19 Dec 2014 | 10:00 am
    A new law in Florida is the latest effort by an individual state to fill the void left by ambiguous federal law regarding breach notification. In Florida, the new law fundamentally changes what information is protected and who is responsible for complying with the law. And for covered entities and business associates, it creates expectations that are separate and in addition to HIPAA regulations. Growing trend emerges for double compliance laws Florida isn’t the first state to take matters into their own hands, and they are not alone in compounding compliance headaches by adding state…
  • CEO-to-CEO – Data Breach Creates Board & C-Suite Risk Management Turmoil

    Bob Chaput
    17 Dec 2014 | 10:00 am
    At the end of May, Fox Business News reported that Institutional Shareholder Services (ISS), a proxy adviser, suggested that seven of 10 directors at the retail giant be removed from office because the board of directors did not do enough to prevent a massive data breach.  In December 2013, a cyber-attack on Target Corporation resulted in unauthorized access of the payment card data of approximately 40 million Target customers and the personal data of up to 70 million Target customers. ISS is urging shareholders to overhaul Target’s (TGT) board in the wake of last year’s wide-scale data…
  • The Surprising Consequences of Health Plan Data Breaches

    Bob Chaput
    15 Dec 2014 | 10:00 am
    With all the commotion surrounding health reform, it’s easy for senior leaders at group health plans to lose focus on data security. They may get lulled into complacency by two fallacies about data breaches: that only big retailers are experiencing costly security breaches – and teenage hackers or international cyber-teams are always to blame. The Department of Health and Human Services has a web page dubbed the “Wall of Shame” that includes the names of hundreds of large and small healthcare organizations – including group health plans – that have been victimized by data breaches…
  • Catalyst Weekly Rewind (Dec 15) – preparing for improvement

    Michael Santarcangelo
    15 Dec 2014 | 7:36 am
    Was last week so awesome you want to live it again? Or maybe you’d prefer a do-over. Let’s rewind. Start this week off right by taking a moment to review the best of last week. This is a quick listing of what I published, the articles I curated, and then some insights about where I’m focusing energy. I always welcome the opportunity to connect over good conversation. Have a great week. Go own it! Quote of the week The function of leadership is to produce more leaders, not more followers. ― Ralph Nader Created: published last week The theme of the articles shared…
  • OCR Welcomes New Director

    Bob Chaput
    12 Dec 2014 | 10:00 am
    As former OCR director, Leon Rodriguez, takes on his new role as the Director of U.S. Citizenship and     Immigration Services, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has   named Jocelyn Samuels as the next director. According to a GovInfoSecurity.com article, Samuels currently serves as the Acting Assistant Attorney General for the Civil Rights Division at the U.S. Department of Justice. Samuels is no stranger to enforcing civil rights. In her role as the Acting Assistant Attorney General, Samuels is responsible for leading the Civil Rights…
 
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Google Unveils New CAPTCHA

    Sue Walsh
    18 Dec 2014 | 4:00 am
    Google has come up with a new kind of CAPTCHA that eliminates the codes that frustrate many and replaces them with a simple checkbox. Called No CAPTCHA reCAPTCHA, it asks the user to check a box next to the statement “I am not a robot”. The company says most users will never have to do anything more than that, much to the relief of visually impaired and other users frustrated by the blurry, squiggly, often impossible to read codes generated by traditional CAPTCHA programs. Google says that tactic is a complete waste of time and resources these days: Earlier this year, members of…
  • Phishing Attack Targets GoDaddy Customers

    Sue Walsh
    17 Dec 2014 | 4:00 am
    GoDaddy customers are the target of a new phishing campaign with the goal of domain thefts. Security experts say emails that look like official ICANN notifications or marketing emails offering $1.99 domain registration are being sent in large volumes, and urge the recipient to click the included link to either verify their email address or redeem the discount: You have registered one or more domains from Godaddy Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until…
  • Ever Wonder What a Spammer’s Template Looks Like? Wonder No More.

    Malcolm James
    15 Dec 2014 | 4:00 am
    Spam is much more than a nuisance. It’s a tremendous source of comedy. And while you might have a hard time most days considering the email that never seems to stop a comedic wellspring, deep down you know it’s true. Spammers probably know it, too, even though we’d like to believe otherwise. After all, how many of us have vented our frustrations at spam and spammers by suggesting that their draft email messages are probably written in crayon? But we know they’re not stupid. We want them to be, but we know why they dumb down much of what they send. And some of them do stupid things, to…
  • UK ISP Ignores Spam Complaints, Denies Data Breach

    Sue Walsh
    12 Dec 2014 | 4:00 am
    Customers of UK ISP Plusnet claim they are being bombarded with spam on email addresses they insist only the company has. They are calling on the company to investigate a possible data breach, but the company has ignored their pleas, adding to their anger. Plusnet officials deny there is any problem and have refused to report the user complaints to the Information Commissioner’s Office as they are required to do within 24 hours of a reported data breach. One customer explained the situation thusly: On 14th November a number of Plusnet customers started receiving marketing emails from a…
  • Microsoft Fights Irish Email Warrant

    Sue Walsh
    11 Dec 2014 | 4:00 am
    Microsoft has filed an appeal of a court decision that demanded it turn over emails stored on a server in Ireland. The warrant, handed down by a New York Magistrate judge, was immediately appealed, and in August, a U.S. District Court judge rejected it and ordered the emails be turned over. Microsoft has now filed another appeal, this time in the U.S. Second Circuit Court of Appeals. The company insists they should not be forced to hand over data located outside of U.S. jurisdiction. “Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press…
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • Google Unveils New CAPTCHA

    Sue Walsh
    18 Dec 2014 | 4:00 am
    Google has come up with a new kind of CAPTCHA that eliminates the codes that frustrate many and replaces them with a simple checkbox. Called No CAPTCHA reCAPTCHA, it asks the user to check a box next to the statement “I am not a robot”. The company says most users will never have to do anything more than that, much to the relief of visually impaired and other users frustrated by the blurry, squiggly, often impossible to read codes generated by traditional CAPTCHA programs. Google says that tactic is a complete waste of time and resources these days: Earlier this year, members of…
  • Phishing Attack Targets GoDaddy Customers

    Sue Walsh
    17 Dec 2014 | 4:00 am
    GoDaddy customers are the target of a new phishing campaign with the goal of domain thefts. Security experts say emails that look like official ICANN notifications or marketing emails offering $1.99 domain registration are being sent in large volumes, and urge the recipient to click the included link to either verify their email address or redeem the discount: You have registered one or more domains from Godaddy Inc. and verification of the Registrant email address is required for these domain name(s) to remain active. Please click the link below to verify the email address. You have until…
  • Ever Wonder What a Spammer’s Template Looks Like? Wonder No More.

    Malcolm James
    15 Dec 2014 | 4:00 am
    Spam is much more than a nuisance. It’s a tremendous source of comedy. And while you might have a hard time most days considering the email that never seems to stop a comedic wellspring, deep down you know it’s true. Spammers probably know it, too, even though we’d like to believe otherwise. After all, how many of us have vented our frustrations at spam and spammers by suggesting that their draft email messages are probably written in crayon? But we know they’re not stupid. We want them to be, but we know why they dumb down much of what they send. And some of them do stupid things, to…
  • UK ISP Ignores Spam Complaints, Denies Data Breach

    Sue Walsh
    12 Dec 2014 | 4:00 am
    Customers of UK ISP Plusnet claim they are being bombarded with spam on email addresses they insist only the company has. They are calling on the company to investigate a possible data breach, but the company has ignored their pleas, adding to their anger. Plusnet officials deny there is any problem and have refused to report the user complaints to the Information Commissioner’s Office as they are required to do within 24 hours of a reported data breach. One customer explained the situation thusly: On 14th November a number of Plusnet customers started receiving marketing emails from a…
  • Microsoft Fights Irish Email Warrant

    Sue Walsh
    11 Dec 2014 | 4:00 am
    Microsoft has filed an appeal of a court decision that demanded it turn over emails stored on a server in Ireland. The warrant, handed down by a New York Magistrate judge, was immediately appealed, and in August, a U.S. District Court judge rejected it and ordered the emails be turned over. Microsoft has now filed another appeal, this time in the U.S. Second Circuit Court of Appeals. The company insists they should not be forced to hand over data located outside of U.S. jurisdiction. “Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press…
  • add this feed to my.Alltop

    The Redspin Report

  • What Do 60 Minutes and the NSA Have in Common?

    Dan Berger
    2 Dec 2014 | 9:54 am
    Over the past two weeks, CBS's 60 Minutes news magazine and the Director of the NSA have both made stunning statements relating to IT security. A segment during the December 1st episode of 60 Minutes left viewers with the basic conclusion that very little could be done to stop hackers from stealing their credit card information. On November 20th, Adm. Michael Rogers, Deputy Director of the NSA and head of the US Cyber Command, testified before the House Intelligence Committee that China and "one [ Read More ]
  • Why Cyber Insurance Isn’t All It’s Cracked Up To Be

    mmak
    27 Oct 2014 | 12:57 pm
    With the number of breach victims in 2014 thus far reaching over 77 million, investing in a cyber insurance policy may sound like a good idea. But before latching on to this safety net and calling it a day, it is important to remember that cyber insurance policies are still in their early stages of development. While cyber insurance should be considered part of your risk management arsenal, it is not a substitute for regular penetration testing and vulnerability assessments. As it turns out, [ Read More ]
  • Helpful Reminders About HIPAA Security Risk Analysis

    mmak
    21 Oct 2014 | 1:20 pm
    If protecting the integrity of patient health care information were not already sufficient incentive to improve IT security, being HIPAA compliant comes with even more perks for most providers. Medicare and Medicaid Electronic Health Care Record (EHR) Incentive Programs have been implemented to provide financial incentives to eligible medical professionals and hospitals that demonstrate they have satisfied the requirements of the HIPAA Security Rule. The core objective of “Protect Electronic [ Read More ]
  • All Roads in the Digital Future Lead Through Security Says Gartner

    Dan Berger
    20 Oct 2014 | 11:09 am
    Gartner recently released their Top 10 Strategic Technology Trends for 2015. These aren't your run-of-the-mill trends mind you. These are the disruptive (and often distressing) realities that appear to be just 'round the corner and will require organizations and individuals to adapt and invest or risk being left in the evolutionary dust. While some trends have been percolating along quite nicely such as cloud computing and software-defined infrastructures and applications, I don't think the real [ Read More ]
  • 4 Things You Should Know About Social Engineering

    mmak
    16 Oct 2014 | 11:03 am
    No matter how many firewalls are put up or how complex passwords may be, if your employees are unknowingly giving out their credentials to strangers, your information security will never be immune to breach. A recent flash poll conducted on security professionals by Dark Reading found that the biggest social engineering threat to organizations is not a specific type of scam, but a general lack of employee awareness. Social engineering is a tactic by which intruders use psychological manipulation [ Read More ]
 
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Who do you trust?

    19 Dec 2014 | 3:38 am
    Normally when we post a video, it's of somebody that you know quite well (Mikko). But today… we'd like to post a video of somebody that you might not know and who speaks highly of us (here in the Labs). The feeling is mutual.Who? Our CEO, Christian Fredrikson.From his first day at F-Secure, he's come across as the kind of guy who would be the last person off the boat (or die trying).Below is a presentation he gave two weeks ago to a group in Helsinki in which he asks: Who do you trust?Trusted cloud services a key for European successFrom our point of view — he's another good…
  • Out-of-Band Flash Player Update for CVE-2014-8439

    19 Dec 2014 | 3:38 am
    Adobe has released an out-of-band update to fix a vulnerability in Flash Player which was reported by F-Secure.We discovered the vulnerability while analyzing a Flash exploit from an exploit kit called Angler. We received the sample from Kafeine, a renowned exploit kit researcher. He asked us to identify the vulnerability which was successfully exploited with Flash Player 15.0.0.152 but not with 15.0.0.189. That would imply the vulnerability was something patched in APSB14-22. However, based on the information that we had received via Microsoft Active Protections Program the exploit didn't…
  • OphionLocker: Joining in the Ransomware Race

    19 Dec 2014 | 3:38 am
    Last August, we wrote about a series of ransomware that included SynoLocker and CryptoWall. In our Cryptowall post, we briefly mentioned the more advanced family of ransomware, CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.Upon infection, this malware uses a Tor2web URL for giving…
  • The United Kingdom's ISC on Privacy

    19 Dec 2014 | 3:38 am
    From the Intelligence and Security Committee of Parliament's Report on the intelligence relating to the murder of Fusilier Lee Rigby:"We further note that several of the [US Communications Service Provider] companies attributed the lack of monitoring to the need to protect their users' privacy. However, where there is a possibility that a terrorist atrocity is being planned, that argument should not be allowed to prevail."So… the possibility of terrorist communications negates the importance of privacy??I'll have to disagree.From MI5's threat overview on terrorism:"Terrorist groups…
  • Archie and Astrum: New Players in the Exploit Kit Market

    19 Dec 2014 | 3:38 am
    Exploit kits continue to be a critical tool for the propagation of crimeware. New exploit kits have appeared this year, and this post will discuss two of them — Archie and Astrum.Archie EK was first described in August as a basic exploit kit, as it uses exploit modules copied from the Metasploit Framework.We detect the exploits used by Archie EK, and so upon review of our telemetry, we can see the kit made its first appearance during the first week of July. It has remained active since then.From July, we've seen hits of CVE-2014-0515 (Flash) exploit with Archie EK traffic, and then in…
  • add this feed to my.Alltop

    Pcthreat.com

  • ViperOut

    21 Dec 2014 | 1:47 am
    Adware programs like ViperOut are usually a software package that renders commercial advertisements in order to generate profit for its creators. The point with adware apps is that they are seldom genuinely...
  • PC Optimizer Pro

    21 Dec 2014 | 1:47 am
    Despite the best efforts of the online security industry to secure the exact opposite, many of its consumers continue to fall into the trap set by malicious rogue security tools like PC Optimizer Pro. This...
  • Qone8.com

    21 Dec 2014 | 1:47 am
    Qone8.com is a search engine which returns search results from Google Search. The search engine is owned by Taiwan Shui Mu Chih Ching Technology Limited, and it very similar to such browser hijackers as...
  • Framed Display

    21 Dec 2014 | 1:47 am
    Framed Display is another addition to the family of the advertisement-supported software created by the infamous SuperWeb LLC. The advertisement-supported program is no longer supported via the official...
  • V9 Redirect Virus

    21 Dec 2014 | 1:47 am
    V9 Redirect Virus is a malicious browser hijacker which infects the system while you are browsing insecure websites or when you download spam email attachments. Once the infection gets in the system, the...
  • add this feed to my.Alltop

    Threatpost | The first stop for security news

  • FBI Officially Blames North Korea in Sony Hacks

    Brian Donohue
    19 Dec 2014 | 10:44 am
    The FBI has officially stated that North Korea is in fact responsible for the recent cyberattack targeting Sony Pictures Entertainment.
  • Exploits Circulating for Remote Code Execution Flaws in NTP Protocol

    Dennis Fisher
    19 Dec 2014 | 10:33 am
    Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]
  • GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately

    Brian Donohue
    19 Dec 2014 | 9:37 am
    GitHub is encouraging Mac and Windows users to immediately install an update that resolves a serious arbitrary code execution vulnerability.
  • Dave Aitel on the Sony Hack

    Dennis Fisher
    19 Dec 2014 | 8:58 am
    Dennis Fisher and security expert Dave Aitel discuss the Sony hack and why it makes sense for North Korea to be responsible for it.
  • Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

    Dennis Fisher
    19 Dec 2014 | 7:10 am
    Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an […]
 
  • add this feed to my.Alltop

    Private WiFi

  • Don’t Give Your Data Away: Blur Your Passwords, Payments, and Privacy

    Olivia Campbell
    25 Nov 2014 | 1:00 am
    Now is the time to make your online activity a blur. Why? Well here are some startling reasons: In the last 18 month, over 157 million US credit card holders have been notified of a breach. Furthermore, the typical web surfer is tracked by 11 companies at each site they visit - resulting in over 2,500 unique tracking and data collection attempts weekly. This is the new reality of the Internet in 2014 – and as 2015 approaches, the treat level will only increase. This trend, coupled with the shift to more consumers using online and mobile shopping during the upcoming holiday shopping season…
  • Holiday Shopping Goes Mobile: Be Cyber Secure [INFOGRAPHIC]

    Jillian Ryan
    20 Nov 2014 | 7:32 am
    As the holiday shopping bustle approaches, don't just think about buying the perfect gift and getting a great deal. For a happy and healthy season, remember that being cyber secure when you make your holiday purchases online is just as important! This year PRIVATE WiFi has teamed up with the National Cyber Security Alliance to help consumers be safe online when using their mobile devices as they shop. Check out our infographic below to learn more about the threats of holiday shopping and why the proliferation of mobile shopping is good for online commerce but potentially risky for consumers…
  • CNN Meets With PRIVATE WiFi to Understand Public WiFi Exploits, Privacy Dangers

    Elaine Rigoli
    31 Oct 2014 | 1:35 pm
    CNN aired its "Walk in the Park" segment on "The Business View with Nina Dos Santos" to showcase various hacking scenarios and the vulnerabilities of public WiFi – whether in a public park setting, hotel, airport, or similar location offering “free” WiFi. Calling WiFi hacking “extremely easy and readily available” – like a walk in the park – the CNN report shares some eye-opening realities about Internet safety and privacy. Ever hop onto “Central Park WiFi” (or a similar network in your city)? In this segment that hotspot has been set up by Huff to demonstrate how easy it is…
  • ITRC Victim Impact Survey Findings LIVE Event

    Cristy Koebler
    23 Oct 2014 | 2:00 am
    The emotional impact of identity theft is far-reaching and extends well beyond the initial discovery and subsequent process of clearing the theft. The Identity Theft Resource Center routinely conducts focused surveys on identity theft, asking victims who have reached out for support from the organization to participate in the voluntary research to help the industry better understand the root causes, illicit methods, and recovery experience from this type of crime. The survey results are then compiled into a report that the ITRC shares with a wide variety of industry stakeholders to help…
  • Q&A: Founder of ‘Savvy Cyber Kids’ on Cybersecurity Best Practices

    Elaine Rigoli
    21 Oct 2014 | 1:55 am
    Technology is a part of our lives but it should not take over our lives – or ever compromise our children’s online safety. Because October is National Cyber Security Awareness Month (NCSAM), and in part to raise public awareness of the dangers of identity theft, we recently chatted with author and technology guru Ben Halpert. Although his day job is in the security and privacy fields, several years ago he launched Savvy Cyber Kids, a nonprofit to help keep children safer online. Last year Savvy Cyber Kids joined the U.S. Department of Homeland Security’s STOP.THINK.CONNECT.. campaign's…
  • add this feed to my.Alltop

    Pivot Point Security

  • Google + Dropbox = Simply Secure (We Hope)

    David Newman
    18 Dec 2014 | 4:00 am
    Google and Dropbox, with help from the Open Technology Fund, just announced the creation of Simply Secure, an organization/project focused on making everyday security technology easier to use. According to Simply Secure’s website: “We’re here to help craft usably secure technologies, and make them available to everyone.” The press release accompanying the announcement points out that the biggest problem with today’s security tools is not that they’re ineffective, but that adoption rates are low because the tools are inconvenient and/or confusing. “Security’s got to be easy and…
  • Critical Microsoft Vulnerability in Schannel Impacts Point of Sale Systems

    Chris Berberich
    16 Dec 2014 | 4:00 am
    On November 11, 2014 Microsoft released a critical security update (MS14-066) to patch a “privately reported” vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. This vulnerability has a significant potential impact on Point of Sale (POS) devices, clients and servers. Any company using a vulnerable POS device, client or server is in danger of falling victim to this exploit. Any system or device that uses Transport Layer Security (TLS) could be compromised. Schannel provides an authentication service that helps enable secure communications between client…
  • Now That We Are ISO 27001 Certified, Can We Still Move To The Cloud?

    John
    11 Dec 2014 | 4:00 am
    As the number of Pivot Point Security clients achieving certifications grows, the conversations I have regarding maintaining certifications is also growing. Many of these questions relate to either or both of two key issues: Is this piece of software/hardware allowed now that we are ISO 27001 certified? Can we move X business system (email, document management, etc.) to the cloud without losing our ISO 27001 certificate? I recently wrote the following email to a newly certified client addressing both questions. Robert, The good news is that ISO 27001 is not prescriptive—so the idea that a…
  • New POODLE Vulnerability Means SSL 3.0 Really Bites

    Bob
    9 Dec 2014 | 4:00 am
    As long as Pivot Point Security has done web application penetration assessments, we’ve cited support for the Secure Sockets Layer (SSL) 3.0 cryptography protocol as a vulnerability. We’re hoping that our clients who haven’t yet taken action to mitigate this risk will do so now, thanks to the recent disclosure of another major bug in SSL 3.0—the so-called POODLE vulnerability. Discovered by Google researchers, the POODLE (short for Padding Oracle On Downgraded Legacy Encryption) bug exploits a flaw in how most web browsers handle encryption. A hacker could force the browser to use SSL…
  • Background Checks: Recommended But Not Required

    Robert Oliver
    4 Dec 2014 | 3:30 am
    A client recently asked me about the need to perform background checks on employees as part of their ISO 27001 compliance efforts. Being a smaller company, they had never performed formal background checks on their current employees. They felt that doing so now would be both costly and injurious to their company culture. My response was that background checks are not absolutely required for ISO 27001 compliance. This advice might seem surprising given that many sources attribute more data theft and security incidents to “insiders” than to outside agents. For example, Carnegie-Mellon…
 
  • add this feed to my.Alltop

    HOTforSecurity

  • Misfortune Cookie Threatens 15 Million SOHO Routers

    Alexandra Gheorghe
    19 Dec 2014 | 5:55 am
    A critical vulnerability is exposing over 15 million home routers to man-in-middle attacks, according to researchers from Check Point. The flaw, identified as CVE-2014-9222, allows an attacker to remotely take over the device with administrative privileges and intercept all communication going through it. “Any device connected to it – including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network – may have increased risk of compromise,” researchers said. “An attacker exploiting the Misfortune…
  • Sweden Hacked by Anonymous. Revenge for Pirate Bay?

    Alexandra Gheorghe
    18 Dec 2014 | 8:00 am
    The email accounts of Swedish government members have been compromised by hacking group Anonymous, allegedly to avenge the recent Pirate Bay take down by Swedish officials, according to The Hacker News. Anonymous confirmed the hack on its official Twitter account. The tweet, linking to a Pastebin dump containing the leaked data, reads: “BREAKING: Emails from Swedish government were hacked in retaliation for the seizure of servers of The Pirate Bay http://pastebin.com/cxmiUSJD. “ The hackers haven’t forgotten to add a cheerful holiday wish: “Warning: Merry Christmas & a…
  • Bitdefender’s Pick. Father of Linux Turns 45 This Month

    Bitdefender
    18 Dec 2014 | 2:00 am
    What is Bitdefender’s Pick? The enlightened minds of mathematicians, cryptographers, engineers, physicists, inventors and others have shaped the computer and the Internet into what we know today. Some of them also caught a glimpse of the future and envisioned the technology we are using now or are about to see. Keeping an eye on the visionaries helps us prepare for the future.  Open source enthusiasts this month celebrate Linus Torvalds, a Finnish-American software engineer who is credited as the main force behind the development of the most popular kernel for operating systems in the…
  • Google Will Mark HTTP Sites As Unsafe Starting in 2015

    Alexandra Gheorghe
    17 Dec 2014 | 8:21 am
    Google plans to mark all HTTP pages “insecure” to warn users about data security and privacy issues, according to Chromium.org. As part of the open-source Chromium Projects, the initiative will affect Chrome starting in January. It’s meant to encourage all website owners to switch to HTTPS by default. “We all need data communication on the web to be secure (private, authenticated, untampered),” Google’s team said. “When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.” The Google team…
  • Delta Airlines security flaw allows access to strangers’ boarding passes

    Graham Cluley
    17 Dec 2014 | 7:12 am
    You would like to think that airlines are taking security seriously. After all, every time you try to board a plane you’re asked to take off your belt and shoes, prove that your laptops boot up, discard any liquids that weren’t bought in Duty Free, and dispose of your toenail clippers. Which makes it all the more ironic that it appears some airlines make it so darn easy to grab a complete strangers’ electronic boarding pass. Dani Grant, the founder of Hackers of NY and an intern at Buzzfeed (which can’t have hurt at all in getting the story the attention it deserved)…
  • add this feed to my.Alltop

    Data In Motion

  • 3 Ways to Crank More Value Out of Existing IT Infrastructure

    Tom Scearce
    9 Dec 2014 | 9:16 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this From an IT manager’s perspective, there’s only one thing better than investments in valuable new infrastructure: getting more value from the IT assets you already have. Unfortunately, finding ways to harness that value isn’t always obvious. If you’re like most organizations we work with, you’re probably not sure how much of your utilized server capacity consists of files nobody needs or uses. What’s more, you may not be aware of how available server space can be utilized to increase security and…
  • Micro Focus International Completes Merger with the Attachmate Group

    Bret Fitzgerald
    20 Nov 2014 | 12:15 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this NEWBURY, UK – 20 November, 2014 – Micro Focus International (LON: MCRO) today announced the completion of its merger with the Attachmate Group under the terms of the definitive agreement disclosed on 15 September, 2014. Micro Focus International is a global leader in infrastructure software that understands the technology needs and challenges of the world’s most demanding businesses. The enlarged company has significantly increased scale, with combined revenues of $1.4B, more than 4,500 employees,…
  • Avoid These Unexpected Compliance Challenges

    Tom Scearce
    23 Sep 2014 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this  For a variety of industries, data security must meet rigorous compliance standards. Regulations vary, but one truism among all regulated industries is that confidential business data should reside on secure servers that unauthorized parties can’t touch. But even organizations striving to stay compliant are tempted by file sharing applications hosted in the public cloud. With low costs and intuitive interfaces, these applications make a great first impression on users. However, using these applications…
  • The Attachmate Group announces intention to merge with Micro Focus

    Bret Fitzgerald
    14 Sep 2014 | 11:34 pm
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this The Attachmate Group a privately-held software holding company owned by an investment group led by Francisco Partners, Golden Gate Capital, Elliott Management and Thoma Bravo, today announced that it has entered into a definitive agreement to merge with Micro Focus. The transaction is expected to close on November 3, 2014. It is subject to customary closing conditions, including Micro Focus shareholder approvals and regulatory approvals under the Hart-Scott-Rodino Act. The Attachmate Group and Micro Focus…
  • Give Users the Productivity Tools They Want and Secure Your Data Too

    Tom Scearce
    9 Sep 2014 | 7:00 am
    Share and Enjoy Share on Facebook Retweet this Submit this to Stumble this Reddit this  Applications like Google Drive, Box, and Dropbox combine an intuitive look and feel with convenient, cross-platform compatibility. Users can access files from any device, 24/7, which makes the apps great for small business and personal use. But for large organizations with a need for top-notch data security, the same applications present a dilemma. With growing frequency, employees are using them to share files with or without company authorization. At the same time, the platforms don’t offer sufficient…
  • add this feed to my.Alltop

    Video Surveillance

  • Video Surveillance for Unique Projects

    17 Dec 2014 | 1:33 pm
    Did you know there are a variety of ways to take advantage of video surveillance cameras? We have an extensive background providing high-quality security camera systems for unique or specialty applications. Examples of these applications include wildlife monitoring, weather tracking, tourism, time-lapse videos, and more. At VideoSurveillance.com, our project consultants have helped install HD camera systems in all corners of the world, including Beijing, China where they are currently being used to monitor the breeding patterns of Giant Pandas. We're proud to have worked with projects of all…
  • What are Camera Form Factors?

    9 Dec 2014 | 10:54 am
    It may sound complicated, but a camera's form factor just describes the camera's body type. These can range from dome cameras to PTZ and bullet, and knowing the different types will help you select the best camera for your surveillance needs. Cameras can generally fall into several categories, so you can narrow down your search. Do you want an indoor or outdoor camera? Does it need to be vandal proof? How about covert? Or do you need to monitor a large space, and want a PTZ camera? Asking these questions as you shop will help you focus on a camera specially designed for your video needs and…
  • Importance of Employee Safety

    5 Dec 2014 | 9:00 am
    Every employer must obey laws enforced by the Occupational Safety and Hazard Association (OSHA). An HD video surveillance system is recommended as an effective solution to mitigate hazardous conditions and safety risks in the workplace. Managers or company owners can monitor their workplace with ease by tapping into their camera system from a laptop or mobile device whenever they want, wherever they want. This incredibly convenient feature of IP video surveillance is a must-have for today's busy entrepreneurs who are often not onsite to ensure the safety and protection of employees. Our…
  • How the Camera Lens Impacts Surveillance Video

    3 Dec 2014 | 10:08 am
    Surveillance cameras use different camera lenses to record different styles of video, the same way you would use different lenses on a camera while taking photos to achieve different effects. The location of your surveillance camera, and the scene it's monitoring, will help you determine which lens type is best. A fixed lens does not move, so you cannot change the field of view or focal length. This type of lens will record normal video, similar to what a human eye would see. A varifocal lens is adjustable, allowing you to adapt the camera to its location for the best video quality. A zoom…
  • Rely on Us for Securing Your Next Event

    1 Dec 2014 | 3:53 pm
    There's so much to learn about surveillance technology, isn't there? Learn the basics by browsing our comprehensive selection of informational resources available throughout our website, including Solutions by Industry and Solutions by Application. This week's featured Solutions by Application page is on event video surveillance and how investing in leading-edge HD security cameras can help control hundreds to thousands of fans and spectators at shows. Crowd control is serious security risk that shouldn't be taken lightly; one misunderstanding or argument between two people in a large crowd…
 
  • add this feed to my.Alltop

    Seculert Blog on Breach Detection

  • Data Breach at Retail Giants, Malware Communicated with Same C&Cs

    Liora R. Herman
    17 Dec 2014 | 1:40 am
    Sources close to the data breach investigations at retailers Staples and Michaels have told Brian Krebs that the malware used in each respective attack was found to be communicating with some of the same command and control (C&C) networks. The data breach at Michaels and its affiliate Aaron Brothers involved two separate 0-day exploit attacks […] The post Data Breach at Retail Giants, Malware Communicated with Same C&Cs appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cybersecurity Attack: Critical Infrastructure Facilities Vulnerable

    Liora R. Herman
    16 Dec 2014 | 3:38 am
    While cybersecurity breaches in the retail sector have been dominating headlines for the lasts several months, SANS Institute director Michael Assante is warning that the most vulnerable networks in the US are not those connected to point-of-sale (PoS) terminals — but rather, those connected to the country’s critical infrastructure. In a recent article published by […] The post Cybersecurity Attack: Critical Infrastructure Facilities Vulnerable appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Malware Attack at US Health Organization Went Undetected for 2 Years

    Liora R. Herman
    10 Dec 2014 | 8:25 am
    As reported by SCMagazine, North Carolina-based Central Dermatology Center promises to offer “a caring, warm environment.” Unfortunately, that’s pretty much what bad actors enjoyed, as they carried out an undetected malware attack on the organization’s much too caring, warm network environment for roughly two years. The malware attack came to light via a bulletin posted […] The post Malware Attack at US Health Organization Went Undetected for 2 Years appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Class Action Lawsuit Launched After Malware Attack

    Liora R. Herman
    9 Dec 2014 | 4:27 am
    Studies on the costs of a malware attack involve analyzing and adding up expenses related to investigation, remediation, forensics, public relations, and business losses. And while these costs are rising – a new study from The Ponemon Institute says malware attacks are 23% more costly this year compared to last year – they might get dramatically […] The post Class Action Lawsuit Launched After Malware Attack appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • Cyber Security Breaches: Companies Not Being Forthcoming

    Liora R. Herman
    3 Dec 2014 | 4:21 am
    In 1965, consumer advocate Ralph Nader published “Unsafe at any Speed”, which accused car makers of opting to save instead of spend money on potentially life-saving safety features, such as seat belts. Well, fast forward (no pun intended) to 2014, and Ed Mierzwinski, the consumer program director at U.S. Public Interest Research Group — which […] The post Cyber Security Breaches: Companies Not Being Forthcoming appeared first on Seculert Blog on Breach Detection. [[Read more...]]
  • add this feed to my.Alltop

    Managed File Transfer and Network Solutions

  • How To Automatically Decrypt PGP-Encrypted Files Upon Upload

    John Carl Villanueva
    19 Dec 2014 | 1:59 am
    Overview Whenever PGP files uploaded to your server happen to contain data needed for business processes, you might want to have those files decrypted automatically. That way, they can then be forwarded to the applications waiting to process them. JSCAPE MFT Server has an easy way of doing that and it's what we're going to show you today.
  • How To Delete A File On Your Server After It’s Downloaded

    John Carl Villanueva
    17 Dec 2014 | 10:44 pm
    Overview Sometimes, for security reasons or simply just to save disk space, we want certain files to be automatically deleted from the server as soon as its intended recipient has already downloaded it. Today, you'll learn how to do that on JSCAPE MFT Server.
  • How To Set Up An SFTP Reverse Proxy

    John Carl Villanueva
    15 Dec 2014 | 10:15 pm
    Overview An SFTP reverse proxy adds another layer of security to SFTP services. In addition to SFTP's ability to encrypt data in transit and provide 2-factor authentication, an SFTP reverse proxy brings in several other security-related benefits such as hiding user credentials and the identities of your internal servers. An SFTP reverse proxy can be easy to set up and this post will show you how.
  • Business Benefits Of An SFTP Server

    John Carl Villanueva
    10 Dec 2014 | 9:20 pm
    Overview In today's data-driven world, the accuracy, integrity, speed, confidentiality, and availability of data matters a lot to businesses. That's why it's imperative for file transfer systems to be capable of meeting the highest standards in regards to those aforementioned qualities. In this post, we examine the typical SFTP server and point out what kind of benefits you'll get from it as a method for delivering business critical data.
  • Setting SFTP Algorithms On Your SFTP Server

    John Carl Villanueva
    9 Dec 2014 | 11:07 pm
    Overview In this post, we'll talk about the algorithms included in a typical SFTP server and explain their basic functions. We'll cover algorithms for key exchanges, ciphers, MACs, and compressions. After that, we'll dive into the JSCAPE MFT Server Manager Web GUI and show you where you can configure those SFTP algorithms there. Having a basic understanding of these algorithms and knowing where to configure them will enable you to strengthen your SFTP server's security or troubleshoot certain client connection issues.
  • add this feed to my.Alltop

    Radware Blog

  • Transformation of the Data Center & Building the Private Cloud, Part 2

    Jim Frey
    16 Dec 2014 | 7:30 am
    Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger. In Part 1 of this blog, we looked at the growing adoption of cloud and Software-Defined Datacenter (SDDC), but also the fact that network virtualization choices are many and varied, creating some uncertainty regarding how to proceed.  In part 2, we will look at network virtualization options and how to align for best success. Unchaining the Boat Anchor:  Network Virtualization Existing methods of network provisioning are too often manual and/or disconnected…
  • New Research on Cyber-Attack Trends: Radware 2014-2015 Global Application & Network Security Report

    Carl Herberger
    9 Dec 2014 | 2:40 am
    The frenetic pace of network security threats leads businesses of all size, and managers at all levels, struggling to understand risk. Why are cyber-attacks occurring and can they be prevented? What strategies are effective in preventing or mitigating an attack?  Which are ineffective? Who is targeted most often? Where are the new trends forming?  Designed to benefit the entire security community, this year’s 2014-2015 Global and Network Security Report by the Radware Emergency Response Team (ERT), provides a comprehensive and objective review of 2014 cyber-attacks from both a…
  • Every Day Is Cyber Monday. Is Your Site Delivering the Best Possible User Experience?

    Tammy Everts
    2 Dec 2014 | 12:55 pm
    With the allure of Black Friday weekend fading, online retailers are discovering that every day is Cyber Monday. Online shoppers expect deep discounts, free shipping, and a top-drawer user experience every day of the holiday shopping season. In this post, we’ll look at four strategies site owners are implementing to give shoppers a richer online experience, and the performance pitfalls (and solutions!) for each strategy. First, here’s a quick roundup of stats around this past four-day shopping weekend: Black Friday weekend sales slid by 11%. According to the National Retail…
  • Transformation of the Data Center & Building the Private Cloud (Part 1)

    Jim Frey
    1 Dec 2014 | 12:22 pm
    Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger. In order to remain engaged and relevant in the long run, a growing percentage of enterprise IT organizations are seriously considering transforming themselves into internal private cloud service providers. The requisite enabling technology is virtualization across all three primary technology domains – compute, storage, and network – combined with a healthy dose of automation and orchestration. Server virtualization is the most mature, and has taught us…
  • Read this List and Check it Twice — How to Protect Your Retail Business From Cyber-Attacks This Shopping Season

    Shira Sagiv
    25 Nov 2014 | 8:18 am
    As consumers are getting their shopping lists ready for the biggest shopping days of the year, businesses should get ready as well.  Cyber-attacks, and most notably DDoS attacks, are more likely to occur on high traffic days – in fact, according to a 2013 eCommerce Cyber Crime Report conducted by the Ponemon Institute, 64% of respondents say "their organizations have seen an increase in Internet fraud and/or website attacks on high traffic days such as Cyber Monday."  With financial stakes high during the holiday season, online retailers need to make sure they are prepared and…
 
  • add this feed to my.Alltop

    pfSense Setup HQ

  • Nagios Installation and Configuration: Part Two

    maximumdx
    9 Dec 2014 | 2:00 pm
    In the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins. Nagios Configuration Now that Nagios has been installed, it’s time to configure it. Sample configuration files have been installed in the /usr/local/nagios/etc directory. For the most part, the settings in the sample files should work fine for getting started with Nagios. You should, however change the e-mail address associated with the nagiosadmin contact definition to the address you’d like to use…
  • Nagios Installation and Configuration: Part One

    maximumdx
    26 Nov 2014 | 2:00 pm
    Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, and offers monitoring and alerting services. It alerts the users when things go wrong, and alerts them a second time when the problem has been resolved. Nagios was originally designed to run under Linux, but it also runs well on other Unix variants. It is licensed under the terms of the GNU GPL version 2. It was originally created under the name…
  • netio: A Network Benchmark Tool

    maximumdx
    17 Nov 2014 | 2:00 pm
    netio in action under pfSense 2.1.5. netio is a network benchmark utility for OS/2 2.x, Windows, Linux and Unix. It measures the net throughput of a network via TCP and UDP protocols using various different packet sizes. For netio to run a benchmark, one instance has to be run on one computer as a server process, while another instance is used on another computer to perform the benchmark. Starting with version 1.20, multi-threading support is required. While this does not affect anyone using the program under Linux or BSD, it did mean that DOS was no longer supported. netio: Installation and…
  • HAProxy Load Balancing: Part Three

    maximumdx
    11 Nov 2014 | 3:00 am
    Editing the HAProxy pool under pfSense 2.1.5. In the previous two articles in this series, we introduced HAProxy and began looking at configuration of HAProxy under pfSense. In this article, we conclude our look at HAProxy configuration. In the HAProxy Listener configuration tab, we had gotten as far as “Balance“. The next setting is “Stats Enabled“, which simply enables the saving of HAProxy statistics. If this check box is checked, 4 additional settings will appear: “Stats Realm“, “Stats Uri“, “Stats Username“, and “Stats…
  • Amazon Affiliate Purchases: October 2014

    admin
    8 Nov 2014 | 9:35 am
    Here are some of the items readers bought through my Amazon affiliate links: Coolerguys Programmable Thermal Fan Controller with LED Display EnGenius Technologies Dual Band 2.4/5 GHz Wireless AC1200 Router with Gigabit and USB (ESR1200) Fan Controller FC5V2 Black, Version 2, Changeable Display Colors, 30W per Channel, Controls up to 4 fans, RPM and TempretureDisplay Samsung Electronics 840 EVO-Series 1TB 2.5-Inch SATA III Single Unit Version Internal Solid State Drive MZ-7TE1T0BW The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall A special thanks to everyone who used my affiliate…
  • add this feed to my.Alltop

    Tips4Tech Blog

  • A Cheat Sheet to Translate InfoSecurity for Key Business Units

    Allan Pratt
    9 Dec 2014 | 7:39 pm
    As a result of working with many different business units over the last decade, I’ve developed my ability to help companies by bridging the business and technology gap – and align technology strategies with business objectives. Toward that end, I have devised scenarios detailed below that translate infosecurity concepts into languages that team members can understand based on their specialty areas. My goal is to initiate a dialogue between business unit managers so that we may work as a team to mitigate internal and external threats. The truth is, without awareness, buy-in, and…
  • Cloud vs. Mobile: Can They Co-Exist?

    Allan Pratt
    1 Dec 2014 | 7:35 pm
    IBM recently published an Infographic featuring the following statistics: “68% of top CISOs and security leaders see security in the cloud and data privacy as a critical business concern yet 76% are worried about the theft of mobile devices and the loss of sensitive corporate data.” These stats would indicate that cloud and mobile devices/mobile data cannot co-exist. Yet, for the small and medium business (SMB) market, cloud computing and mobile device management (MDM) have become synonymous with doing business. Many businesses that comprise the SMB market have adopted, integrated, and…
  • Is Privacy More Important to the Media, Businesses or Consumers?

    Allan Pratt
    17 Nov 2014 | 9:19 pm
    There is no denying that businesses need to be more diligent in protecting their customers’ data, but with all the data breaches publicized in the mainstream media, who cares more about privacy? What do you think: businesses or consumers? Despite the many data breaches, consumers continue to provide their Personally Identifiable Information (PII) to medium size businesses. At the top of the list, this confidential information may include full name (first and last), home address, phone numbers, and email address. Depending on the business, requested information may also include social…
  • What Can Your Business Learn about #Privacy from the UK Direct Marketing Association?

    Allan Pratt
    1 Nov 2014 | 4:03 pm
    It seems as if a day doesn’t go by without notification by the media of a major data breach. If you’re a member of the C-Suite of a midsize business, you probably spend a good deal of time thinking about how to protect your data as well as your business reputation. I recently read some surprising news from a British marketing group (1) and offer it as a lesson for all businesses – no matter where your corporate headquarters may be located and how many offices you may have. In August 2014, the UK Direct Marketing Association released a new privacy code of practice to address customer…
  • Top 10 Tips to Share with Employees During Cyber Security Awareness Month (#NCSAM)

    Allan Pratt
    9 Oct 2014 | 7:28 pm
    There is no dispute that data breaches are becoming more common, and as a result, online safety and the protection of personally identifiable information (PII) are hot topics in the mainstream media. Therefore, the month of October presents an excellent opportunity for all businesses, especially midsize businesses, to remind employees about their responsibilities when it comes to protecting corporate data. Here are my top ten tips to share with employees during Cyber Security Awareness Month: [1] Complex Passwords All passwords should be at least 10 characters and include lower and upper case…
  • add this feed to my.Alltop

    blackstratus.com

  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • Traditional and Software-Defined Networking

    Rich Murphy
    5 Aug 2014 | 3:00 am
    Software-defined networking (SDN) has emerged as a buzzword in recent years, though many outside of the IT sector seem uncertain about what the term actually means — especially in relation to cloud computing. What Is Software-Defined Networking? Software-defined networking was pioneered between 2008 and 2011 by work done at Stanford University and the Nicira Company (now part of VMware). The basic premise behind SDN is that by separating control of network functions from hardware devices, administrators acquire more power to route and direct traffic in response to changing requirements. As…
  • Understanding Cloud Security Models

    Don Carfagno
    22 Jul 2014 | 2:00 am
    When speaking about security and cloud computing, it’s important to distinguish among three separate models for service delivery: public, private and hybrid. Each model represents a different approach to software-as-a-service and can have different security implications. The public cloud — Public cloud service is delivered over the Internet, typically on a pay-per-use model, meaning a business is charged only for the storage it needs. Public cloud models are ideal for small- or medium-sized organizations that prioritize collaboration. Because public cloud service providers rely on…
  • How to Implement Server Virtualization in Your Business

    Rich Murphy
    1 Jul 2014 | 3:00 am
    In a business environment where IT managers are constantly being asked to do more with less, server virtualization represents an easy way to maximize your existing resources. Although server virtualization has gained popularity in recent years, there’s still some confusion about how it works, what the benefits are and how to get started. Let’s take a look at some of the best ways to implement server virtualization in a small or medium sized business environment. What Is Server Virtualization? Server virtualization is a process when a physical server is segmented into a number of…
 
  • add this feed to my.Alltop

    Milton Security

  • UC Berkeley Servers Hacked

    Milton Security Group
    16 Dec 2014 | 3:58 pm
    UC Berkeley has gone public about a data breach that was discovered back in September.  They’ve begun notifying the approximately 1,600 people who may have had their personal data compromised when an attacker gained access to their Real Estate Division’s servers and databases. 1,300 Social Security numbers and around 300 credit card numbers were being held in the affected databases.  They mostly belong to current and former employees of UC Berkeley.  However, some belong to people who worked for companies who did business with the Real Estate Division.  The information…
  • Smartwatches are Proven Extremely Vulnerable

    Milton Security Group
    11 Dec 2014 | 11:19 am
    Do you own a smartwatch yet? How about some sort of device that connects via bluetooth to your Android smartphone? Well, we’ve got some bad news. Researchers from Bitdefender, a security firm based in Romania, recently posted a demonstration on how open and easily stolen data transferring from your Android smartphone to your smart device truly is. This includes text messages, Google Hangouts, Facebook messages etc. The Bluetooth connection between the devices relies on a six-digit PIN code that supposedly secures the information being passed between them. However, six digits isn’t exactly…
  • Bebe Confirms They’ve Been Hit by Breach

    Milton Security Group
    5 Dec 2014 | 1:35 pm
    It was reported yesterday that Bebe, a popular women’s fashion store, may have been hacked. Today, Bebe has confirmed that it was in fact the victim of a data breach. Between November 8th and November 26th, a peak shopping season, hackers attacked Bebe’s Point of sale systems, obtaining customer names, credit/debit account numbers, expiration dates, and verification codes. There is no evidence that bebe.com or any international stores have been affected, but that still leaves the 174 U.S retail stores and 35 outlet stores. The breach was initially discovered when banks started noticing…
  • Microsoft Advanced Notification For Patch Tuesday

    Milton Security Group
    4 Dec 2014 | 2:58 pm
    Microsoft has released their monthly “heads up” about what we can expect for December 9th’s Patch Tuesday. This will be the last Patch Tuesday of 2014, and while not as large in quantity as November (7 vs 16), there are still quite a few Critical updates that must be done as soon as possible. There are three Critical and two Important Remote Code Execution updates,  along with one Important Elevation of Privilege, and one Important Information Disclosure.  This also includes the missing Exchange patch that we expected to see  in November.  The IE patches affect all versions of…
  • Sony Pictures Entertainment Taken Down By Hackers

    Milton Security Group
    24 Nov 2014 | 3:10 pm
    Sony Pictures Entertainment’s corporate network was breached and taken offline today by attackers. Employees attempting to use the network discovered an image that claimed that they’d been hack by #GOP. The image also claimed that the attackers had acquired all internal data and would release it publicly if their requests were not met. The requests were not listed in the image. The message from “#GOP” warned that the allegedly stolen data would be released November 24th at 11 p.m. GMT, which is 3 p.m. PST/6 p.m. EST today. It was also reported that a large number of Sony Twitter…
  • add this feed to my.Alltop

    Cyberoam : Securing You

  • More Than 100,000 WordPress Websites Affected By SoakSoak Malware

    Cyberoam Threat Research Labs
    18 Dec 2014 | 2:16 am
    A Russian Malware attack starting this Sunday has possibly infected over 100,000 WordPress websites. To prevent the spread Google has already blacklisted 11,000 websites using the WordPress blogging platform. It has come to light that the malware exploits a vulnerability in an outdated slideshow plug-in called Slider Revolution. Slider Revolution came to know about this vulnerability earlier this year and had fixed it with release of updates. Though the direct buyers of the plugin can get new updates automatically, it is possible that a lot of websites are unknowingly using the vulnerable…
  • POODLE strikes back!

    Cyberoam Threat Research Labs
    9 Dec 2014 | 5:12 am
    POODLE is again in the news; it has been found that some TLS implementations are now also vulnerable. As TLS implementations fully specify the contents of the padding bytes, they can stop the POODLE attack. Although, this narrows down the possibility of attacks, it has now been found that even TLS implementations do not check the padding structure after decryption. TLS’s padding is a subset of SSL v3.0′s padding; hence, it is possible to use a SSL v3.0 decoding function with TLS. Thus, the implementations using SSL v3.0 decoding function with TLS are still vulnerable. This poses a…
  • Microsoft Internet Explorer Display CSS Style Use After Free Condition

    Cyberoam Threat Research Labs
    5 Dec 2014 | 4:49 am
    A memory corruption vulnerability has been reported in Microsoft Internet Explorer, using which an unauthenticated remote attacker could execute arbitrary code on a targeted system. The vulnerability is due to an error while handling certain HTML object references in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page with a CSS style display:run-in. Successful exploitation of this vulnerability could lead to arbitrary code execution in the security context of the target user. Microsoft is yet to release…
  • Apple Users Becoming #1 Target

    Cyberoam
    23 Nov 2014 | 11:07 pm
    The Cyberoam co-branded CYREN Internet Threats Trend report for Q3 is out! Download your copy right away! The report highlights an unusual rise in attacks on Apple platforms, along with CYREN analytics that indicate a considerable increase in Apple Users being targeted. In early September of the world learned of celebrity photos being leaked on the Internet. Celebrities have been often known for their preferences with Apple products over others and the news took no time to spread that cybercriminals gained access to the photos by hacking into the Apple’s iCloud service. Investigators…
  • Kerberos Vulnerability affecting Windows Servers

    Cyberoam Threat Research Labs
    19 Nov 2014 | 3:39 am
    A privilege escalation vulnerability has been found in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows, which supplies session tickets and temporary session keys to users and computers in an Active Directory domain. It has been found that Microsoft Kerberos KDC implementations fail to properly validate signatures, which can allow for certain aspects of a Kerberos service ticket to be forged. Exploiting the vulnerability, an attacker with valid domain credentials can gain domain administrator privileges, which can be used to further compromise any computer in the…
  • add this feed to my.Alltop

    blackstratus.com

  • ISO 27001 for Law Firms

    Rich Murphy
    9 Dec 2014 | 5:48 am
    Law firms are increasingly becoming the target of cyber attacks, a fact that is partially due to the vulnerable working habits of many lawyers. It’s also due to the lack of strong regulation within the industry. Unlike financial and healthcare organizations, there are no federal regulations governing how data is stored and protected in law firms. And when you consider that many lawyers need to access information on the go, from a variety of devices, it’s clear why firms of all sizes have become a prime target for hackers. One of best ways to keep your firm’s data safe is by adopting ISO…
  • How Safe Is Cloud Security?

    Rich Murphy
    18 Nov 2014 | 9:49 am
    Over the past year, the initial wave of enthusiasm for all things cloud-based has generally subsided, with a growing tide of skepticism emerging about the limits of its usefulness as a platform. Inspired by a number of high-profile security breaches, there is also skepticism about its security. While part of this is the inevitable backlash that occurs whenever something becomes trendy in tech, the security issue in particular is one that merits further investigation. While it’s reasonable to question whether or not your important data is safe in the cloud, it’s equally important to not…
  • Traditional and Software-Defined Networking

    Rich Murphy
    5 Aug 2014 | 3:00 am
    Software-defined networking (SDN) has emerged as a buzzword in recent years, though many outside of the IT sector seem uncertain about what the term actually means — especially in relation to cloud computing. What Is Software-Defined Networking? Software-defined networking was pioneered between 2008 and 2011 by work done at Stanford University and the Nicira Company (now part of VMware). The basic premise behind SDN is that by separating control of network functions from hardware devices, administrators acquire more power to route and direct traffic in response to changing requirements. As…
  • Understanding Cloud Security Models

    Don Carfagno
    22 Jul 2014 | 2:00 am
    When speaking about security and cloud computing, it’s important to distinguish among three separate models for service delivery: public, private and hybrid. Each model represents a different approach to software-as-a-service and can have different security implications. The public cloud — Public cloud service is delivered over the Internet, typically on a pay-per-use model, meaning a business is charged only for the storage it needs. Public cloud models are ideal for small- or medium-sized organizations that prioritize collaboration. Because public cloud service providers rely on…
  • How to Implement Server Virtualization in Your Business

    Rich Murphy
    1 Jul 2014 | 3:00 am
    In a business environment where IT managers are constantly being asked to do more with less, server virtualization represents an easy way to maximize your existing resources. Although server virtualization has gained popularity in recent years, there’s still some confusion about how it works, what the benefits are and how to get started. Let’s take a look at some of the best ways to implement server virtualization in a small or medium sized business environment. What Is Server Virtualization? Server virtualization is a process when a physical server is segmented into a number of…
 
  • add this feed to my.Alltop

    Cognoscape, LLC

  • How Our Technology Roadmap Leads You to Business Success

    multipage
    18 Dec 2014 | 1:00 am
    How do you get to your destination without a roadmap to guide you? When you travel alone, you can run into unexpected roadblocks and turbulence, but an effective roadmap is like a sophisticated GPS that leads you down the right path so you can feel safe, secure and supported as you navigate through the business world. You envision the success, and we will guide you toward it with our trusty technology roadmap. Discover how the Cognoscape technology roadmap leads you to business success.   No more downtime and roadblocks When companies switch to new programs, face an IT crisis, or…
  • Don’t get caught by this holiday email scam!

    David Keller
    4 Dec 2014 | 11:03 am
    The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources. The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers,…
  • 5 Ways to Stay Fit When You Sit All Day

    multipage
    4 Dec 2014 | 1:00 am
    The American Medical Association reminds people that sitting is bad for a person’s personal health and some scholars refer to the epidemic as “sitting disease.” The longer you sit, the more likely you are to suffer negative health consequences. On average, some people sit anywhere from 7.7 to 15 hours a day. We are sitting the same amount of time, if not more than, the time we spend sleeping. Good news: some studies suggest that an hour of physical activity a day can make up for an entire day of sitting. Get up and get moving, and the following ways will help you stay fit when all you…
  • How Cloud Backup Can Keep Your Business Data Secure

    multipage
    20 Nov 2014 | 1:00 am
    Data backup used to be a lot more difficult than it is now. Remember the days of floppy disks? Fortunately, the system eventually made its way to CDs and then external hard drives, but it is even easier than that. Did you ever wonder what would happen in the disks got into the wrong hands or they burned up in a fire? You do not have to worry about any of that with a cloud backup; it is safe, secure, and not as risk for catching on fire. Discover the many ways a cloud backup can keep your business data secure. Remember, to benefit from data archiving, you have to actually back up the files.
  • Six Awesome Benefits of the iPhone 6

    multipage
    6 Nov 2014 | 2:00 am
    Image: Hadrian / Shutterstock.com   So, do you have an iPhone 6 yet? If not, what are you waiting for? Apple has again successfully launched a sophisticated piece of engineering greatness and functional technology. If you have not yet purchased your iPhone 6, you are still getting used to its plethora of features, or you need a little more convincing, you may discover the answers to all of your iPhone 6 questions by the end of this post. In Dave Pogue’s review on Yahoo!, he called the latest version a “thin, sexy phone with a killer camera.” Explore with us the six awesome…
  • add this feed to my.Alltop

    TutorialsLodge

  • Exploiting Netbios

    N3
    18 Dec 2014 | 11:21 pm
    When you work with Microsoft windows XP products, one protocol you must always deal with from a security perspective is NETBIOS. NETBIOS still exist even on Windows Server 2003, WindowsRead More → The post Exploiting Netbios appeared first on TutorialsLodge.
  • Scanning For Open Ports

    N3
    18 Dec 2014 | 3:23 am
    Whenever you connect your computer to the internet, it is always important to know what port your are sharing on your interface. All too often, you have ports open suchRead More → The post Scanning For Open Ports appeared first on TutorialsLodge.
  • MySQL Indexes

    Chimezie Michael
    17 Dec 2014 | 12:20 am
    For sometime now we have been looking at MySQL database. Today we will continue to dig deep in MySQL database, but we will be discussing MySQL Indexes. Indexes allows aRead More → The post MySQL Indexes appeared first on TutorialsLodge.
  • Encrypting Files and Folders

    N3
    16 Dec 2014 | 2:48 am
    Many times you work on a network, you are going to have files and folders that you want to make sure nobody else on the network will be able toRead More → The post Encrypting Files and Folders appeared first on TutorialsLodge.
  • MySQL Data Types

    Chimezie Michael
    15 Dec 2014 | 12:21 am
    We will be looking at some MySQL data types. The VARCHAR Data Type Varchar stands for VARi-able length CHARacter string and the command takes a numeric value that tells MySQLRead More → The post MySQL Data Types appeared first on TutorialsLodge.
  • add this feed to my.Alltop

    Guardian Network Solutions

  • 5 Simple Ways To Protect A Business WiFi Network

    Cody Blake
    15 Dec 2014 | 10:00 pm
    Data transmitted through the air is not necessarily safe. Radio transmissions have always showed us the risks. But today we are not talking about radio waves but focusing on Internet connectivity without the use of wires. Yes, you guessed it … Continue reading >>> The post 5 Simple Ways To Protect A Business WiFi Network appeared first on Guardian Network Solutions.
  • 7 Tips For Implementing Server Virtualization in A Small Business

    Cody Blake
    10 Dec 2014 | 12:56 pm
    Modern servers are much like human brains. We can hardly use them to their full capacity. It is mainly because conventional servers are built to match just one operating system and they are paired one-to-one with business-critical software applications. This … Continue reading >>> The post 7 Tips For Implementing Server Virtualization in A Small Business appeared first on Guardian Network Solutions.
  • 4 Network Security Consequences for Using Facebook at Work

    Cody Blake
    3 Dec 2014 | 1:10 pm
    Habitual use of Facebook has compelled many employers to sit up and consider the consequences for using Facebook at work. Many employers block access to social media such as Facebook and Twitter to make employees focus on their task. Studies … Continue reading >>> The post 4 Network Security Consequences for Using Facebook at Work appeared first on Guardian Network Solutions.
  • Top Internet Scams and Bugs to Watch For in November 2014

    Cody Blake
    24 Nov 2014 | 10:20 pm
    The overwhelming popularity of the Internet has also made it an attractive territory for fraudsters and bugs. Fraudsters have robbed hundreds of thousands of people in the last few years and bugs can easily fetch all your personal information without … Continue reading >>> The post Top Internet Scams and Bugs to Watch For in November 2014 appeared first on Guardian Network Solutions.
 
Log in