Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
In Software We (Can't) Trust
I can't think of more than a few attacks in the past decade that involved stolen certificates as part of the malware or exploit code. However, recent attacks, and new research highlights the increasing danger of trusting signed digital certificates.
Trust No One, Monitor Everyone?
'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say
More Than 80 Arrested In Alleged Zeus Banking Scam
Eastern European cybercriminals teamed with foreign students who opened accounts in the U.S., authorities say
IE, Windows XP Users Vulnerable To DLL Hijacking
Clicking a link to a remote shared folder on a web page will open this share in Windows Explorer without a warning for 67% of all Internet Explorer users on Windows XP, according to Acros Security.
Federal Government Imposes New IPv6 Deadlines
'Native' IPv6 by FY 2012 for public-facing servers and services
Spam Campaign Targeting LinkedIn Users Called 'Largest Ever'
Fake social networking message leads users to Zeus infection
User Authentication In E-Commerce
When we designed SSL to enable e-commerce on the Web, we had to solve two issues. One was the Web's openness -- the fact that anybody can read anything -- and the other was how parties might authenticate with one another.
Army Awards $1.2 Billion NSA Data Center Contract
The facility to be built in Utah will support the agency's Comprehensive National Security Initiative, aimed at bolstering cybersecurity across federal agencies.
U.S. Public, Private Cyber Defenses Being Tested In Simulated Attacks
Cyber Storm III under way; biennial cybersecurity exercise aims to test preparedness
VoIP Abuse Project Blacklists Attackers
Fraudsters target, hack VoIP servers mainly as a vehicle for stealing financial data
Ready For Primary Cloud Storage?
Cloud storage has moved out of the experimental mode and into some form of production for many organizations. To date most of the use cases are either to backup data to the cloud or to archive data to the cloud. Now though the move is on to provide leverage the cloud for primary data storage. If successful it could change the way many businesses buy storage.
Google To Warn Admins Of Malware Infestations
It's been made very clear that one of the greatest threats to Web safety is reputable Web sites getting nailed with malware - and their web masters don't even know it. That malware then infects users - who also go unaware that they've been pwned. This week, Google is taking steps to try to turn that tide.
LinkedIn Attack Spreads Zeus Financial Malware
Infection related emails accounted for almost 25% of the world's spam at its peak Monday.
Microsoft Beefs Up Hotmail Security
Raft of new features aimed at blocking email hijackers and helping users reclaim compromised accounts.
Security Researcher Wins Prestigious MacArthur "Genius" Grant
Dawn Song, head of the Berkeley lab that developed BitBlaze, will get $500,000 for more research
In Wake Of Attacks, Enterprises Look To Plug Browser Security Hole
Even a fully patched browser can expose enterprises to threats, experts say
Why The Insider Threat Is Ignored
The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.
Amazon Launches Kindle For The Web
The browser-based app makes it possible for people to read the first chapter of an e-book on Amazon without having to install special software.
Social Networks For Patients Stir Privacy, Security Worries
Facebook-like profiles and posts by patients put medical information at risk of theft, abuse
Americans Oppose Mandatory FM Radios In Cell Phones
A Consumer Electronics Association survey also found that 75% of U.S. adults believe manufacturers, not government agencies, should design consumer electronics products.
VoIP Hacker Sentenced To 10 Years
The scheme involved defrauding Internet phone service providers to the tune of $1.4 million.
Government Puts The Hurt On The Internet
There are a lot of problems that face the Internet and technology today, from major security flaws to increasing infrastructure demands, you name it. But by far the biggest threats are the regular attempts by government and special interests to control the Internet and technology, attempts which would usually end up causing severe damage.
Web 2.0 Expo: Katie Couric Blends Old And New Media
Network news veteran says traditional media can still thrive in the age of blogs and Facebook, as long as it's willing to adapt.
Chinese iPhone 4 Forces Censored Maps
Apple's Maps application on the Chinese iPhone 4 will only show government-approved maps, unlike previous models.
NSA Official Says Cybersecurity Starts At The Top
Information management, not hygiene and patching, is the most important piece of cybersecurity according to NSA's vulnerability analysis chief.
Google Embraces OAuth Authentication For Apps
Adoption parallels security moves at other sites, including Twitter, Salesforce.com, and Microsoft Azure.
You're Always Just Two Clicks Away From Malware
New study shows correlation between top 1,000 visited websites and proximity to malware
Malware Targeting Top News Sites, Message Boards
By poisoning popular sites with malicious content, attackers ensure that web surfers are never more than two clicks away from a threat, says Websense report.
Top Excuses For Foregoing Security Monitoring, Logging
Monitoring for security incidents can be tough. It's tougher when you don't know what to look for. Now imagine trying to investigate an incident when you don't have any logs to analyze.
Q1 Labs Releases SIEM For Social Media
QRadar 7.0 uses deep packet inspection technology for real-time monitoring of web-based malware and extends Security Information and Event Management to social media usage.
Five Reasons SIEM Deployments Fail
Security information and event management deployments are often plagued by ease-of-use, scalability, and even organizational problems
Stuxnet Attack Exposes Inherent Problems In Power Grid Security
Worm sheds light on ongoing targeted attacks against critical infrastructure, and Iranian news reports infections among nuclear power plant's employee machines
Network Monitoring Can Provide Key Clues To Security Problems, Study Says
Done properly, traffic analysis and log review can help administrators identify threats they might not recognize otherwise
Brazilian Army Joins Forces With Panda Security To Combat Cyber-Warfare
Panda to train Army’s operational agents in the fight against cyber terrorism, digital crime and strategic preparation for cyber-warfare
Integrating The SSD Appliance
The SSD Appliance or Memory Array applies to storage systems that are designed from the ground up to only be used with solid state storage. They are often focused on storage I/O performance and solid state integrity more so than providing storage services like snapshots or replication. In this entry we will look at when does it make sense to use these products instead of adding SSD to an existing storage system or going all out and buying a new solid state storage system.
Security Is Chief Inhibitor To Web 2.0 Implementation, Study Finds
Malware, viruses are key reasons why companies don't use Web 2.0 apps more widely, researchers say
Iran Denies Stuxnet Worm Hurt Nuclear Plant
The malware appears to have been designed to target a specific facility or control process.
DHS Launches Cyber Attack Exercise
Cyber Storm III, the largest simulated cyber attack to date, aims to test a new national cyber response plan and stretch the limits of collaborative cybersecurity.
USB Drive Plugs Into Military Missions
The fast-booting BlackJack device aims to securely and quickly extract data without leaving a footprint behind.
Stuxnet Pwned Iran. Are We Next?
For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.
Cybersecurity Chief Touts Private Sector Collaborations
Public-private partnerships are crucial to tackling Internet security challenges, says federal cybersecurity coordinator Howard Schmidt.
Five Main Causes Of SMB Security Incidents
Like you, I have read many articles covering small business security, the authors of which have made up various lists of "top X threats" or "this year's biggest vulnerabilities," etc. So I thought it would be interesting to dig into a sampling of the data breach reports and collect some real data on causes of breaches and other security incidents in SMBs.
Zeus Targeting Mobile Phone Authentication
A new variant of the Zeus botnet aims to circumvent an increasingly popular mode of two-factor authentication among financial institutions and other enterprises.
EnterpriseDB Adds Integrated Replication, Hot Standby
Postgres Plus gains features from updated open source database PostgreSQL 9.0.
Lock-Picking Popularity Grows
As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.
Alleged Phishers Who Targeted eBay Employees Arrested
Romanian authorities apprehend men suspected of using stolen credentials to access eBay client database
Malfunction Delays Space Station Astronauts' Return to Earth
A malfunction with the Soyuz TMA-18's docking mechanism has been repaired and undocking of the spacecraft rescheduled for Friday night.
Top Five Reasons Database Security Fails In The Enterprise
Independent Oracle Users Group survey reveals common database security missteps made by enterprises
Google Chrome Web Store Prepares To Open
Developers can now open Google Checkout merchant accounts in preparation for the debut of the Chrome Web Store.
Spectrum Bridge Trials Show Promise Of 'White Spaces'
Four deployments, in Calif., N.C., Ohio, and Va., point to the versatility and power of the broadband technology approved by the FCC Thursday.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
