Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
FBI Busts $100 Million 'Scareware' Gang
The three men who were indicted are alleged to have been part of an illegal scheme that spanned 60 countries and sold victims $100 million worth of bogus software that purported to fix system problems that apparently didn't exist.
Facebook Privacy Protection: Symantec's Six Steps
Symantec has offered six steps to protecting your privacy on Facebook -- and the fact that the tips are so obvious, basic and self-evident doesn't make them any less worthwhile. In fact, their obviousness may make them among the most valuable tips to offer employees doing anything on the Internet.
Adobe Contemplates Monthly Patch Cycle
While Apple has turned up the heat on Adobe by refusing the Flash platform on the iPhone and iPad platform - Adobe's customers have been coming under increasing fire from attackers for using its Flash and Adobe Reader applications. Now the company is considering taking a move from Microsoft's playbook and switching to a monthly patch cycle.
Botnet Black Market Means Malice For Rent
For less than seventy bucks you can hire a botnet for a day, and for under ten you can grab one for an hour. Welcome to the world of commodity cybercrime.
The Roll Down Hill Effect Of Primary Storage Deduplication
The adoption rate of deduplication in primary storage has been relatively low so far in primary storage. There are concerns on user's minds about performance impact, data integrity and how much capacity savings they will see. Clearly each of these concerns need to be addressed. When it comes to capacity savings though, there is a key component of capacity savings that might get overlooked, the roll down hill effect of proper primary storage deduplication.
Security's Top 4 Social Engineers Of All Time
My team here at Secure Network was recently discussing who we considered the best social engineers of all time. My colleagues and I each made a list and defended our candidates based on the creativity, innovation, and the public impact they had made. Here are our final top four social engineers from number four to number one, and why we chose them.
Not Too Late To Learn From Defcon CTF Qualifiers
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.
Tape and Disk Better Together
I have seen a few surveys recently that tape penetration in data centers remains very high, less than 15% of data centers have become tapeless, of course that means that 85% of environments still have tape. In my conversations with IT managers most are planning to keep it. Most see the role of disk in the backup process to augment or at best compliment tape. What's needed then is a way to make tape and disk better together.
Researchers: UK's Chip and PIN Payment System Flawed
Researchers published a paper detailing an attack of intermediate difficulty that they say makes it possible for criminals to use any "Chip and PIN" smart card that they take into their possession.
Symantec Broadens SMB Protection Services
Symantec's expansion of its SMB security and protection services in the latest edition of its Protection Suite, aims to offer a single-vendor solution for small and midsized business security, protection, endpoint, messaging, mobile, backup and recovery.
Patient Data Dump Nets Urgent Care Center $50,000 Fine
Here's another egregious example of a health care provider being nothing less than reckless with patient data.
Defense-In-Depth Via Cloud Security Services
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.
Selecting A Cloud Storage Provider
In my last entry I discussed some of the circumstances that might lead a business to decide to use one cloud storage application over another. The other end of that equation is the actual provider. All cloud storage providers are not created equal and some research should be done before selecting the vendor that could potentially be storing your organization's digital assets for years to come.
What Oracle Gets In The Secerno Buy
One key takeaway from Oracle's acquisition of Secerno is that the database giant now has a database activity monitoring (DAM) solution, closing a big gap in its current security capabilities.
Other Facebook Privacy Problems You May Not Know About
While people are busy discussing Facebook's privacy policies about user data, it's the less-direct privacy issues that constantly nag at me. I haven't seen these discussed before, although I'm sure I'm not the only one to notice them.
IBM USB Security Conference Gift Gives Malware Too
A USB drive given out by IBM at an Australian computer conference included some well known malware. And it was a security conference. Ooooooops!
Symantec Snags VeriSign for $1.28 Billion
Symantec yesterday announced that it has signed an agreement to buy VeriSign's identity, authentication, and SSL certificate businesses. That essentially gets VeriSign out of the security business, but what does Symantec really get out of the deal?
Twitter iPhone App Worm TargetsiTweeters
Success breeds contempt -- or at least con attempts, as a new worm aimed at stealing financial info from iPhone Twitter app users shows.
When To Use Cloud Storage?
When storage managers start to sift through the hype surrounding cloud storage and try to decide if and where cloud storage would make sense in their environment, they are often left dazed and confused. There are so many companies trying to jump on the cloud storage bandwagon that almost any new feature makes them "the" cloud storage provider. The goal of this entry is provide some ideas on when should a business use cloud storage.
Big New Features In New Metasploit Framework
The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.
When Social Engineering Tests Fail
Our company, Secure Network, has performed numerous security assessments and penetration tests, many of which involved social engineering. That's when we test our clients' employees to see if they adhere to security policies. Even with all of the planning that goes on beforehand, these engagements sometimes can go wrong.
AutRun Worms Top McAfee Malware Threat List
AutRun worms introduced into networks via removable devices topped McAfee's Q1 threat report, with a USB worm at the head of the malware class.
Goldman Sachs Lawsuit Shows Need For DAM
When Goldman Sachs was hit with a lawsuit by Ipreo Networks, I got a call from Dark Reading contributor Ericka Chickowski to talk about the alleged misuse of the "BigDough" database. Specific details on this case remain scarce, but threats to Customer Relationship Management (CRM) systems and SaaS based data services are well known.
Lessons From The Volcano
I had a chance to fly rather close to Iceland's Eyjafjallajokull volcano last week. On a flight back from Frankfurt, the pilot somehow got permission to divert from the scheduled flight path as we crossed Iceland to give us a closer look of the volcano.
Build-A-Botnet Kits Let Anyone Steal Data
At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, "You don't need to be tech savvy" to steal data. It's a sad but true reality that isn't much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware. We've seen the results of easy-to-use exploit toolkits.
Knowing Your Recovery Will Work, Understanding Images
In my last entry the idea of image based backup was introduced as a way to improve recovery confidence. If you take the advice of the first entry in this series and focus on service level agreements (SLA) instead of backups you can narrow down the truly critical machines that you know must be recovered. With im
Automobiles Growing Vulnerable To Hacks
Carmakers are rolling automobiles off the assembly line with plenty of fancy new high-tech features. Unfortunately, security is -- once again -- treated as an afterthought.
Microsoft Security In 140 Characters Or Less
When Microsoft's JG Chirapurath said he would stick to Twitter's maximum capacity of 140 characters for his responses in our twitterview last week, he wasn't kidding.
If You Kill Your Company's Facebook Page, Make Sure You Kill It Dead
Whether or not the "Kill My Facebook" movement achieves critical mass, there are a few things you need to know before eliminating your company's Facebook presence. Most of all, how to make sure that "not only is it merely dead, it's really most sincerely dead."
IT Departments Losing Ground On Cloud Computing
While most IT departments and organizations know that current cloud computing environments are not suitable for all types of company data, end users are moving forward with cloud services anyway - a new survey has found.
Knowing That Your Recovery Will Work, Verification
In our last entry we talked about the importance of creating and managing to service level agreements (SLA) to set recovery expectations correctly and to give some sense of clarity and priority to the backup jobs that you manage. The second step is to be able to verify that those critical jobs will actually work when you need them to.
Suricata Pushing Intrusion Detection Evolution
Advances in intrusion detection systems (IDS) and intrusion prevention systems (IPS) have stayed fairly stagnant, with the exception of the signatures that must change daily to meet current threats. The Suricata project from the Open Information Security Foundation (OISF) looks to change that and bring forth the evolution of the IDS.
A New Way To Choose Database Encryption
I can't count how many times I've been in a meeting when someone tosses out the phrase, "Oh, we'll just encrypt the database."
Yeah. Right. Good luck with that.
Symantec Tackles SMB Endpoint Security From The Cloud
Call it one shop stopping: a new SaaS security service from Symantec offers cloud-based protection for all of an SMB's Windows-based endpoints, desktop, laptop or server.
Secure360: Why Are We Losing The Struggle To Secure IT Systems?
Today, at the Secure360 Conference in St. Paul, MN Alan Paller, director of research at the SANS Institute explained what may be the nation's missing ingredient when it comes to keeping both government and private sector run IT systems secure.
Verizon Enters Cloud Security Market
Small and medium businesses have been moving their IT infrastructure into the cloud, but one challenge has been determining how to secure such applications. To address such concerns, Verizon Business has developed a new suite of cloud-based security services.
The Myth Of Cyberattack Deterrence
Deterrence online is one of the biggest idiocies of the past couple of years. There are some interesting research possibilities in the subject matter, but not as it is portrayed today -- a cure-all strategy.
Knowing That Your Data Recovery Will Work
Probably no single process has had more software, hardware and infrastructure thrown at it then the backup process. Despite this continual investment many of the IT managers that I speak with express doubt in their ability to recover the right data in the right amount of time. What do you do to know that your data recovery will work when you need it to?
Microsoft To Patch Critical Vulnerabilities
This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.
Multifunction Print Devices Under Fire
There's nothing like a news story on a major television network (or talk radio) to get your boss asking you odd questions. Ever had that happen? The recent CBS story on digital photocopiers sure generated a buzz and some extra work for IT professionals across all industries.
Dark Reading Celebrates Its Fourth Anniversary
Four years ago this week, we flipped the switch on a new website -- Dark Reading -- that was designed to meet a simple goal: to tell you everything you need to know about IT security, right up-to-the-minute that it happens.
OK, I said the goal was simple, not easy to achieve.
The Idiot Threat
It's been interesting to see how the failed bombing in New York's Times Square has been sifted for "lessons."
Cloud's Role In Backup, Part III
In this final entry on cloud based backup we will examine how enterprise backup systems can leverage the cloud. This involves the developer of the backup application to add cloud support directly to their application and providing an option to replicate or move backup jobs to an internet based storage repository. Essentially cloud storage becomes another target option to the application, similar to the
VaporStream Takes E-mail "Off The Record"
Not every e-mail needs to be part of the permanent record -- which is the point VaporStream is making with 256-bit encrypted "vanishing" e-mail service. Could be just what the doctor ordered for dealing with e-mail overload -- although more than a few divorce lawyers and tabloid headline writers might disagree.
Alert: Disposable Facebook Apps Installing Adware
Just like throwaway domains on the wider Internet, it seems like criminals now use throwaway applications on Facebook. They bring one app online to lure users and potentially infect them, and by the time one is taken down by Facebook, they create yet another.
'Twitterview' With Microsoft
I sometimes get a little long-winded when I pose a question to a source during an interview. But I undoubtedly will be pithy tomorrow when I conduct Dark Reading's first-ever "twitterview," or interview via Twitter, where I'll be strictly limited to 140 characters or less for a question.
DLP Gets An Open-Source Boost
Data loss, or leakage, prevention (a.k.a. DLP) is a product class that includes data discovery, classification, and monitoring to prevent your sensitive data from falling into the wrong hands. Some implementations are configured to alert instead of block, but the basics are the same. You have sensitive data, you don't always know where it is, so you use DLP tools to find it and keep it safe.
Cloud's Role In Backup, Part II
In our last entry we discussed how the backup process is a natural fit for the use of cloud storage and how the first model of cloud backup is being used. In this entry we will discuss the second of the other two cloud backup implementation methods, hybrid cloud storage and then tomorrow we will cover cloud enabled enterprise backup.
A Decade Ago, ILoveYou Worm Changed Security
It's been a decade to the week since the infamous "Love Bug "or ILoveYou virus hammered in-boxes around the world. While mass-mailer viruses of this type don't make headlines anymore, the ILoveYou virus forever changed the face of IT security.
75% Of SMBs Never Store Data Offsite: KineticD
The migration of storage to the cloud may be the first time many small and midsized business have adequately backed up data offsite, according to a new survey from cloud storage company KineticD.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
