Password-Stealing Malware Spikes
McAfee's recent report on malware has staggering numbers that are simply hard to believe, yet because I've been battling daily the very bots, Trojans, and scareware they researchers are talking about, I can't help but agree.
Cyber-Crime No Longer Smash and Grab
Typically, banking customers discovered they'd been victimized by cyber-crime when they discovered their bank accounts emptied. No more. According to this report, online thieves are getting craftier at covering their tracks to go undetected for longer stretches of time.
Stupid IRS Spam
I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Making Server Virtualization Storage More Scalable
Storage scalability in a virtualized environment is quickly becoming a concern for some data centers. Unlike the very predictable single server world which had a single application, single NIC card and single host bus adapter, the virtualized host can have dozens of virtual machines and multiple network interface cards. This leads to a very unpredictable and random workload that can push storage controllers to their limits.
Microsoft Bing Ads Warn About Scams
As part of its ongoing security push, Microsoft is teaming up with the government and Western Union to run search ads to educate users about potential online fraud.
Security By Geography: Stop A Country With A Click
I'm hoping that it's more than a mere reinforcement of America's most unfortunate xenophobic tendencies, but TechGuard Security's new PoliWall ESE security appliances take a geographic approach to SMB security by filtering IP according to their country of origin.
Dutch ISPs Sign Anti-Botnet Treaty
Netherlands ISPs last month launched a joint effort to fight malware-infected computers and botnets -- fondly described by locals as a "treaty."
Metasploit Adds Exploit For Unpatched Windows SMBv2 Bug
The upcoming stable release of Metasploit Framework version 3.3 is brimming with awesome new features that will make a lot of penetration testers happy. New features include the ability to take screenshots of exploited systems, while others add raw power, like being able to exploit the unpatched SMBv2 vulnerability in Windows Vista and Server 2008.
Reducing The Storage Costs In Server Virtualization
One of the most expensive components of a server virtualization project is the storage which it is attached to. This is one of the reasons that VMworld seems more like a storage event than a server virtualization event. One of the key themes from vendors at this years event was reducing the storage costs in server virtualization projects.
Hacking Gets Physical
The guilty plea entered into federal court last week, by a contract IT worker, for disrupting a computer system used to monitor off-shore oil platforms shows that illegal hacking is likely to increasingly danger the physical world.
BeEF: XSS Vuln To Hack In Less Than 20 Characters
As I'm finishing another successful Web application penetration test, I'm kicking myself for not noticing a new release of one of my all-time favorite Web hacking tools, the Browser Exploitation Framework (BeEF). BeEFis a fantastic tool for getting across to developers and Web admins the seriousness of vulnerabilities like cross-site scripting (XSS).
Debit Or Credit? Neither
I stopped using my debit card altogether a couple of years ago out of an intense fear that I would never recoup the losses if my card were skimmed in the grocery-store line or compromised at TJ Maxx. Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off of their shopping time because I didn't use plastic.
Survey Says: PCI DSS Compliance Not Strategic
That's right. A survey conducted by the Ponemon Institute, and backed by security firm Imperva, says that the vast majority of firms don't view the Payment Card Industry Data Security Standard (PCI DSS) as a strategic initiative.
Spammers To Idaho: You're The Tops!
Spam targeting is one of those categories you don't want to be Number One in, but somebody has to be. According to a new report from MessageLabs, the top spam targets in the U.S. live in Idaho. But the rest of the states aren't that much better off.
Implementing Power Efficient Drives
Most green storage methods really allow you to store more data in the same physical space, for the same amount of power consumption. To get serious about power efficiency you have to be able to turn things off. The ideal way to do this is have the drives either spin down or turn them off, but there is limited information about implementing power efficient drives.
Scareware And Bots Require Layered Defenses
Defense in depth is not a new idea in security, but the importance of taking a layered approach is more important than ever. The current rise in infections by bots and scareware, along with recent reports on anti-malware endpoint protection, demonstrate how we need to be doing more at every layer.
Credit Card Compliance Still Poorly Practiced
A new survey from Imperva and the Ponemon Institute finds that despite the rising number of data breaches, many companies still do not fully adhere to compliance standards. And many of those that are protecting credit card information are neglecting security when it comes to other, equally sensitive data. Smaller businesses may be having the most trouble with the standards.
Security Software Market Remains Strong
While the growth of the security software market took a hit this year, along with most every other market segment, it's still pegged to grow 8 percent, year over year, according to a market research firm. There's also stronger growth ahead.
|