Archive: 2014

Can we still trust email?

You'd better be extra vigilant as you read through your business emails these days. Cyber attackers are growing more tenacious in their use of corporate email systems to plant malware on networks. Here are a couple of proof points. Symantec recently posted an article on its Security Response blog about attackers behind malicious spam...

Read more

'Twas the Night Before Payday

Enjoy a little bit of Holiday Fun!  Watch the Video   'Twas the night before payday, when all through the net Most attackers were stirring, increasing the threat. Tomorrow’s targets were chosen, sighted in their crosshairs, In hopes the victims, soon would be theirs.   Evading the law, and even the...

Read more

The DDoS myth about the firewall and the IPS

It is about time we put an end to the myths that often come up when choosing a network security solution to protect against distributed denial of service (DDoS) attacks.  We'll take a look at a couple of common myths, namely: Myth #1: An IPS can protect against Distributed Denial of Service (DDoS) attacks Myth #2: A...

Read more

DDoS Attack left “Sweden not Working”

The recent DDoS attacks impacting Swedish cable, Internet and mobile service provider, TeliaSonera is another grim reminder of the impact a DDoS attack can have not only on the business itself, but the 5 million subscribers that were left without service, and left "Sweden not working", as TeliaSonera’s CEO Johan Dennelind has...

Read more

The Netherlands' Trusted Networks Initiative is an alternative means to stop DDoS attacks

While visiting the Hague Security Delta in The Netherlands last week, I learned about an interesting initiative that's being tested to provide trusted computing among select organizations. Known as the Trusted Networks Initiative, it is being touted as an alternative "last resort" means to fend off DDoS attacks. The idea is to close...

Read more

“It’s not you, it’s the Internet” – Time to break up with DDoS

Lizard Squad said it best in the recent Sony PlayStation DDoS attacks, rocking the online gaming industry, and leaving players denied from logging into the gaming community. Fact: DDoS attack tools are easy to come by, and cheap to execute, and the motivations for targeting victims are endless. Myth: “I’m not susceptible to...

Read more

What Does a DDoS Attack Really Cost? It Depends...

In a recently released report companies estimated the average cost of a successful DDoS attack – one that actually disrupts a target's business – is $40,000 per hour. $40,000 per hour. It's a nice composite number that is easy to present to management when you need to justify a budget for preparing for the potential of a...

Read more

Change is inevitable – Time to re-write the playbook

Hopefully most of you in the industry have noticed that the approach to DDoS protection has changed dramatically over the last few years. What was once considered a good defensive posture is now proving to be sub-par protection against today’s sophisticated and adaptive DDoS attacks.  The days of firewalls, IPS’s and other...

Read more

Why Vendor Risk Management is Critical to Your Business

You've heard the trite expression "A chain is only as strong as its weakest link." Well, it's true, and when it comes to enterprise security, the weakest link might be outside your own organization. Every since it came to light that the Target data breach originated through compromised credentials belonging to a third party...

Read more

Insights from the FBI on Fighting Cyber Crime

If your company experienced an IT security breach, would you contact law enforcement? According to an unofficial poll by the FBI and Trend Micro, about 60% of people said yes. I'd venture to guess that a portion of that 60% would only report the incident because some law or industry regulation requires them to do so. The FBI Cyber Division...

Read more

Why would anyone launch a DDoS attack against us?

During my travels across the globe I meet lots of people, and it always amazes me when individuals continue to believe that they are not susceptible to a DDoS attack. I frequently hear, “Why would anyone attack us, why should we plan for an impending DDoS attack?”  Believe it or not statistics show that over 40% of online...

Read more

Increased use of Intelligent, Adaptive DDoS Attack Techniques

Many equate DDoS with only one type of attack vector – volumetric. It is not surprising, as these high bandwidth consuming attacks seem to frequent the headlines most often. Volumetric DDoS attacks are easier to identify, and defend against with on-premises or cloud anti-DDoS solutions, or a combination of both. Recently, Corero Network...

Read more

One More Type of Cyber Attack to Worry About: Redialing for Dollars—Your Dollars

Attention company cyber sleuths: here's one more type of cyber attack that criminals are using to steal billions of dollars a year, mostly from small businesses. Keep your eyes open for this one and read the phone bill closely.   An article in The New York Times details how hackers are using phone networks to direct businesses'...

Read more

SSDP Amplified Attacks, a Sitting Duck against Sophisticated DDoS Analytics

The craftiness of cyber attackers never ceases to amaze me and now a new kid on the block has emerged – the SSDP Reflective/Amplified DDoS attack.   Many people may wonder what SSDP is.  SSDP otherwise known as the Simple Service Discovery Protocol is a network based protocol used for the advertisement and discovery of network...

Read more

Looking for a job? Cyber Aces is hosting another National Cybersecurity Career Fair in November

Last spring I wrote about Cyber Aces hosting its first National Cybersecurity Career Fair (NCCF).  Cyber Aces is a non-profit organization dedicated to identifying and encouraging individuals with an aptitude for information security to refine their skills and talent. One of the organization's missions is to grow the cybersecurity...

Read more

Using sFlow for Security Analytics

sFlow (sampled flow) is a scalable protocol for statistical monitoring of a network.  When used for security monitoring, it can provide valuable insight for establishing baseline behavior and identifying deviations from the baseline.  Security administrators can be alerted when an anomaly is detected and investigate whether new security...

Read more

Software developers get SWAMP'ed, and that's good for software security assurance

October is National Cyber Security Awareness Month. The theme of this week's awareness messaging is how to build secure software products, and we've got a great tip on how you can do that. If you look at the evolution of software, it has changed quite a bit over the last 20 to 25 years. Software is more complex than ever, and the size...

Read more

Shellshock – Picking up the Pieces

4.1 million. That’s the number of news items, blogs, webpages, reports, and opinion articles related to the recently discovered ‘Shellshock’ (Bash) vulnerability that were matched via a quick Google search for ‘Shellshock bash bug’ this morning. There’s no denying that this vulnerability is one of the...

Read more

49½ pounds of DDoS attack visibility

Why is visibility important? The answer is an easy one to deliver. When you’re under a DDoS attack or when one of your customers comes under attack, “end-point pipe” visibility is the key to quick mitigation. You cannot proactively defend a network if you cannot detect, analyze and respond to the attack and this level of visibility is critical to proper DDoS protection.

Read more

SANS Institute's Webcast on Shellshock is Worth Watching

On September 25, Alan Paller, the Director of Research for the SANS Institute, sent out a FLASH report about the vulnerabilities involving Bash. This report has some very good information for security practitioners that is worth repeating here. The vulnerability, dubbed Shellshock, affects the Bash command processor which is used in most Linux...

Read more

D'oh! Get Your Hammer and Your Payment Card Hacked at "the Homer Depot"

By now the news of the massive payment card data breach at the Home Depot is well known. The company has acknowledged the theft of an estimated 56 million debit and credit card numbers, making it the largest retail breach on record. In a September 18 press release confirming the breach, the merchant says malware discovered on its systems...

Read more

Corero is growing - do you have the skills to be a part of the team?

Conversations recently overhead in the busy hallways of the Cambridge Innovation Center (CIC) include the number of in-flight projects being pursued by a single entrepreneur(60+!), a business plan for a(nother) new startup mining Facebook images, and the next international gig to be social media-enabled by another busy team.  And starting...

Read more

Here's a Good Resource for Learning About Encryption Schemes Before You Put Data in the Cloud

If your organization is planning to have data and applications in the cloud, then you are probably planning to use encryption to secure the data. Encryption is a technology that transforms your data into an alternate format that only authorized parties with a decryption key can read. Like most technologies, encryption can be implemented in...

Read more

NATO Nations work to level the playing field in response to cyber attacks

It has been interesting to see news recently of a NATO agreement that indicated that member states would now come to each other’s aid in the event of digital attacks as well as in the case of military attacks.  This newly signed deal reaffirms that cyber defense is now, more than ever critical component to a Nation’s comprehensive...

Read more

Promoting Voyeurism in the Name of Marketing and Advertising

About the same time the story about the celebrity photo hacking incident broke, I read another disturbing article that does not bode well for personal privacy. San Francisco tech blogger Wendy Lee wrote about advertisers trolling through personal photos that people are posting to social media sites to learn more about their customers. How creepy...

Read more

Victim Company Refuses to Pay DDoS Extortion Fee and Is Permanently Forced Out of Business

If your company relies on your website to conduct any amount of business, it's time to take notice of what has been happening lately with regards to DDoS attacks. In the past few weeks, numerous companies have experienced DDoS attacks in which there is a demand for money in order to stop the attacks. In plain words, extortion. According to...

Read more

When Trends Collide: Data Collectors Are Gathering Information from Smartphones Used for BYOD

I had an interesting conversation the other day with Rob Shavell, the co-founder and CEO of the online privacy company Abine. We talked about two big trends in mobile computing and what happens as a consequence of their intersection. This collision of trends could have big implications for companies that permit employees to use their...

Read more

Passwords Are Like Underwear—They Aren't Meant to Be Shared

In the world of IT security, perhaps nothing is so maligned as the humble computer password. End users hate jumping through hoops to create and remember complex passwords that contain letters, numbers and special characters. IT security professionals complain that end users ignore corporate policy and create obvious passwords like, well,...

Read more

First Line of Defense Against DDoS Attacks in a Hosting Environment

Hosting Providers and Datacenters must overcome the challenges associated with a wide range of hosting requirements; maintaining highly available applications, mission critical systems and maximum levels of reliability. Unfortunately, DDoS attacks threaten their ability to do so. This is problematic as a Web hosting, co-location and datacenter...

Read more

Boost Your Security Posture through Membership in an Industry Information Sharing and Analysis Center (ISAC)

It's a huge responsibility to try to ensure cyber security for an organization, regardless of its size. Few companies would say they have the full complement of resources they would like to have in order to properly protect themselves from cyber threats. On the belief that there is strength in numbers, many organizations are joining an...

Read more

Six Common Sense Steps from the FFIEC to Address DDoS Attacks

Who can forget the series of distributed denial of service (DDoS) attacks on American banks back in 2012 and 2013? Some of the attacks were highly effective in knocking online banking services offline for days at a time. Over time, financial institutions (FIs) learned to bolster their defenses until the attacks grew less and less effective at...

Read more

Why Prompt Breach Notification Is Important

In a blog post last April, I wrote about a merchant that waited up to a year to notify customers that their payment card information may have been compromised in a breach. There were extenuating circumstances; the federal authorities investigating the breach asked the merchant to stay silent about the incident during the lengthy investigation. The...

Read more

Specially Crafted Packet DoS Attacks, Here We Go Again

One of the unique types of Denial of Service (DoS) attacks involves the usage of specially-crafted packets.  Most cybersecurity professionals are already familiar with volumetric and amplified DDoS attacks, but more recent attention has been surrounding fragmented and application-layer DDoS attacks. However, few understand what a...

Read more

A Real Story About Successful DDoS Mitigation

If you’re a cybersecurity professional, you may be all too familiar with the risks associated with DDoS attacks. Over the years, the threat landscape has had detrimental effects on organizations. Including, system downtime, brand damage, loss of customer confidence, and ultimately negatively impacting your bottom line. These implications can...

Read more

Considering Standards Security

The Internet Engineering Task Force (IETF) Request for Comments (RFCs) are required by RFC 2223, Instructions to RFC Authors, to have a section titled “Security Considerations” that is supposed to call out any special security implications relating to the protocol itself or to the networking infrastructure around it. Unfortunately, the...

Read more

Why Do We Call It Cyber Crime If We Don't Treat It Like a Crime?

My subdivision outside of Houston, Texas has a monthly newsletter, and one of the features is the neighborhood police patrol report. It's mostly stuff like items being taken from unlocked cars or suspicious people or vehicles in the neighborhood. Every now and then someone reports identity theft or fraudulent charges on their credit card. I...

Read more

Why Would a Cute Little Slow Loris Take Down a Web Server?

You've heard of the "infinite monkey theorem," which states that if you put a hundred monkeys in a room with a bunch of keyboards they will eventually type the works of Shakespeare. Is it possible that another little primate, the incredibly cute slow loris, is capable of taking down web servers with a clever type of denial of service...

Read more

DDoS Attacks Hit the World Cup. The Current Score: Anonymous 1, FIFA 0

The world’s most watched sporting event, the World Cup, is now underway in Brazil. Despite an expected audience of billions over the next few weeks, not everyone is a fan. Protesters of every ilk are using the prominence of this event to make a point. That includes hacktivists from Anonymous and other cyber groups looking for...

Read more

Securing the Data Center and Generating Revenue - #Winning

Corero CTO, Dave Larson, spoke recently to an audience of Hosting Providers during a (Web Hosting Industry Review) WHIR hosted webinar event.   Dave addressed the audience alongside WHIR editor, Nicole Henderson, and explained how hosting providers have a new opportunity to increase their revenue and customer base.  After an...

Read more

For Sale: Practically All the Details of Your Personal Life

When documents released by Edward Snowden showed that the National Security Agency (NSA) is collecting various types of data on ordinary American citizens, a lot of people were quick to voice their opinion that this is just wrong. Many Americans don’t believe our federal government should be able to snoop on us to learn who we choose to call...

Read more

Attack of the Month Video Blog Series: Blended DDoS Attacks

It’s no surprise that today's hackers are getting increasingly smarter. Unfortunately, traditional defenses aren't enough to fight against the different types of DDoS attacks, which are more sophisticated and common place. Hackers are now carrying out a combination of DDoS attacks, known as Blended DDoS attacks, to maximize...

Read more

Cash is King!

As early as 2005, government and other Internet security experts were openly discussing the concept of ‘Maybe the Cloud Can Help Secure the Internet’.  Should the ISPs, Hosting Providers, Colocation and other bandwidth providers get involved in helping to secure the Internet? According to an article still floating around the...

Read more

The 2014 Verizon Data Breach Investigations Report Includes Recommendations to Control or Prevent DoS Attacks

Have you read the 2014 Verizon Data Breach Investigations Report (DBIR) yet—all 60 pages of it? Actually, if you’re pressed for time, you don’t need to read the whole report cover to cover. This year, Verizon made it easy on security practitioners by segmenting the report into 9 major incident patterns. So, you don’t...

Read more

Finding Needles in the Haystack of Security Events

I hate to throw a cliché at you, but when it comes to security event and log management, a picture (or a handful of pictures) is certainly worth a thousand words.  Security devices generate volumes of raw data, usually in a proprietary manner.  Parsing such unstructured data and making sense out of it is a tedious, if not an...

Read more

Here’s Why Even Official Public App Stores Can’t Be Trusted

One of the first rules of protecting end user devices has always been “Install anti-virus software and keep it up to date.” Even as people have shifted from laptops and desktops to more mobile devices like smart phones and tablets, security experts advise installing AV software from a trusted app store such as the Apple App Store,...

Read more

How to Get More Value from Your Vulnerability Assessments and Penetration Testing

A lot of companies do vulnerability assessments and penetration testing of their own systems to try to head off cyber attacks. Some companies are compelled to do annual pen testing because of regulations that govern their business. Regardless of the reasons for doing the testing, companies are spending good money on the process and should look for...

Read more

Best Common Practice - 38, Perhaps Wise Beyond Its Years

Perhaps a little known fact in the inner workings of what we know as the World Wide Web, is that ability to spoof Service Provider source IP addresses and send traffic into the Internet using a fake or pseudo IP address is quite a common practice. Most often used for malicious purposes and cyber security experts would agree that Source IP spoofing...

Read more

2014 – The rise and fall of the NTP Reflection Attack

I think the industry should set a goal to eliminate the NTP reflection attack before the end of 2014.   I’m talking about total eradication, and I’ll tell you why I think it is possible.  Although the ICS Cert was published in February of this year, the big news about NTP attacks started at the end of 2013, so...

Read more

The Oxymoronic Notion of “Online Privacy”: When Information is Too Private for a Search Engine to Display

There was a ruling by the Court of Justice of the European Union this week, and it’s causing quite a bit of controversy on the U.S. side of the pond. The ruling has to do with online privacy and the obligation of Internet search engine operators to respect individuals’ privacy by not displaying specific search results if requested to...

Read more

Life in the Fast Lane

Many of us buy premium gas at gas stations, premium seats on airlines, premium upgrades at hotels and premium groceries at boutique retailers.  If individuals or their respective businesses are willing to pay for a premium service, why would anyone oppose it?  I ask this question as we await a ruling from the FCC as it relates...

Read more

Big Things from Small Data

Big data is big, and security vendors across the globe participate in the phenomenon by collecting, slicing, and dicing representative traffic (good and otherwise) on customer networks to better identify, predict, and mitigate attacks on the front lines. Still, for all the data used daily to baseline, extrapolate, and diagnose, it is sometimes...

Read more

The State of PCI Compliance in 2014: Getting Better but Still Insufficient

2014 marks the 10-year anniversary of the Payment Card Industry Data Security Standards (PCI DSS). It is also the year that version 3.0 of the set of security standards was released. All merchants who accept credit and debit cards as a form of payment should now be upgrading their systems to meet the new higher standards of PCI DSS 3.0. There...

Read more

ISACA Launches Cybersecurity Nexus, a Comprehensive Program for Information Security Professionals

A few weeks ago I wrote about an opportunity for entry-level information security (infosec) professionals to get some training and “skill up” for their careers. Now there is a new option for people coming into the infosec profession. Today ISACA is launching a comprehensive new program called Cybersecurity Nexus (CSX). You may be...

Read more

What’s Hiding Behind that DDoS Attack?

Multi-vector patterns of DDoS attacks are becoming more commonplace in the world of cyber warfare. From the volumetric attacks aimed to fill your pipe and squeeze your Internet bandwidth down to nothing, to the low and slow application layer attacks that sneak right through traditional defenses – combination attacks are becoming the norm....

Read more

Communications Teams Get a Failing Grade Over Heartbleed

First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again. That...

Read more

What’s Needed Now: Supply Chain Integrity Testing

Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply chain integrity testing. In the wake of all the digital spying revelations...

Read more

Attack of the Month Video Blog Series: Network Layer Attacks In ICS

In the world of Industrial Control Systems (ICS) system outage or infiltration can result in system downtime, loss of productivity and loss of revenue, as well as loss of confidentiality, integrity and availability. Additionally, system outage or infiltration could possibly result in loss of life often due to the critical nature of these devices....

Read more

Who Are Breach Disclosure Laws Meant to Protect? One Merchant Held up Notifications for More Than a Year at the Request of Federal Authorities

I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you...

Read more

New DDoS Warning Issued - Banking Industry Beware

The Federal Financial Institutions Examination Council (FFIEC), today released advisory statements warning Financial Institutions of risks associated with cyber-attacks on ATM's, credit card authorization systems and the continued DDoS attacks against public-facing websites. It is encouraging to see continued awareness and general guidance...

Read more

Who Is Reading Your Email, and for What Purpose?

Thanks to the NSA, so much attention has been on the fact that the federal government is collecting metadata about our phone calls that we have taken our eyes off what’s happening on the email front. There have been a few stark reminders in the news recently that email isn’t private and we shouldn’t use it to transmit sensitive...

Read more

Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels

In a previous blog post I talked about the upcoming National Cybersecurity Career Fair (NCCF) this June 18 and 19, 2014. NCCF is an innovative virtual meeting place for the top cybersecurity employers and entry to mid level cybersecurity jobseekers in the United States. It turns out that this job fair is desperately needed by employers in...

Read more

DDoS Attacks - A Mainstream Occurrence and Disruption to Your Business

Corero recently partnered with John Pescatore, Director of Emerging Security Trends with the SANS Institute in developing a survey program designed to shed more light on organizations’ experiences with DDoS attacks. What we uncovered does not come as a surprise to those well entrenched in the DDoS defense space. The results continue...

Read more

National Cybersecurity Career Fair in June Will Connect Employers to Entry Level Cybersecurity Workers

Do you know anyone who is an aspiring cyber security professional? Here is some important information to pass along to help them get their career started. This is also big news if your organization is looking to recruit entry-level people for IT security positions. Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National...

Read more

NTP Amplification DDoS Attacks Are Skyrocketing. Do You Have Your Defense System in Place?

In his recent “Attack of the Month Video Blog Series,” Stephen Gates talks about NTP reflective traffic as the latest technique being used to launch DDoS attacks against hapless victims. This is certainly something to pay attention to. Since the beginning of 2014, the number of attacks using this method has skyrocketed, largely because...

Read more

Vulnerable WordPress Servers, A Real Cause for Concern

Attacks against, and attacks used to manipulate WordPress servers have been seeing more of their fair share of publicity over the last several months.  As we dig a little deeper into the two attack scenarios, a few key points come to light. In the spring of 2013 many WordPress servers located in both Hosting Centers and DMZs throughout the...

Read more

Attack of the Month Video Blog Series: NTP Reflective Attacks

NTP or Network Time Protocol attacks have been taking center stage as of late. What’s interesting here is that the move to exploit UDP based protocol suggests that we (the good guys) are raising the security bar and thus making it more difficult to successfully exploit DNS amplification attacks. NTP is another critical Internet service...

Read more

Business Lessons from the DDoS Attacks on Social Networking Site Meetup

In early March, the social networking site Meetup was hit by a series of DDoS attacks. The attacks did some damage, not the least of which was knocking the site offline for hours at a time over a period of several days. However, I have to say that it appears that the Meetup management and technical team did a few things right to get through this...

Read more

Internet Hosting Providers that Fail to Prepare for DDoS Attacks are Derelict in Their Duties to Care for Their Clients

On February 18, 2014, the online gaming website Wurm was the victim of a DDoS attack. The company posted the following note on its website at the time of its attack: "Shortly after today's update we were the target of a DDoS attack and our hosting provider had to pull us off the grid for now. We will be back as soon as possible but...

Read more

Cybersecurity in the U.S. Healthcare System is in Critical Condition and Needs Intensive Care

Last fall my husband was visiting a relative in the hospital when he noticed an Ethernet port on the side of the bed. He asked the nurse what the hospital uses the port for. She explained that they occasionally connect patient-monitoring devices to the port on the bed to facilitate transmission of alerts to the nurses’ station. For example,...

Read more

Watch for DDoS Attacks as a Diversionary Tactic for Other Types of Cyber Crime

Have you heard of a smash-and-grab robbery? In the physical world, it usually refers to a group of thugs who storm a retail store – often a jewelry store or a pawn shop – and smash the display cases with sledge hammers. They grab all the expensive merchandise they can get and run out of the store before shocked store clerks have much...

Read more

Attack of the Month Video Blog Series: Application Layer DDoS Attacks

Happy Valentine's Day everyone. For the LOVE of DDoS defense, I'm pleased to share with you another video blog, this time focused on Application Layer attacks. Today's 5 minute session I will cover Application Layer attacks in more detail: What are these attacks? Why are they an emerging threat, or continue to be a...

Read more

Hacking Attacks are Practically Guaranteed at the Sochi Olympics

The winter Olympics get underway in Sochi, Russia this week, and most of the attention about security has been focused on physical security and the potential for acts of terrorism. Russian President Putin has promised a “ring of steel” around the Olympic venues to provide a high level of physical safety for the athletes and tens of...

Read more

The Role of Service Providers in Strengthening the Nation’s Cybersecurity

In November 2013, the President’s Council of Advisors on Science and Technology (PCAST) submitted a public report to U.S. President Barack Obama. The report, Immediate Opportunities for Strengthening the Nation’s Cybersecurity, provides key insights from a more comprehensive but classified assessment of the Nation’s cybersecurity...

Read more

What’s in that Refrigerator—Fish or Phish?

Well, here’s a switch. Usually televisions are bringing crap into our households. Now experts have learned that some smart TVs have been sending crap (in the form of spam) out of their owners’ houses. A recent press release from Proofpoint, Inc. details how the security service provider uncovered an Internet of Things (IoT) based...

Read more

Federal Investigators Warn Retailers: If You Have a POS System in Operation, You May be at Risk

Hang on to your credit cards and start checking your free credit reports:  The latest news about retail breaches is not good. Numerous sources are now reporting that the recent Target and Neiman Marcus data breaches may be the tip of the cyber heist iceberg, and there are likely more related breaches that have not yet been...

Read more

Survey Shows that Small Merchants Exhibit Lax Security Practices and Put Consumers’ Financial Data at Risk

Ever since news of the Target breach broke a few weeks ago, everyone from security experts to concerned consumers have been hyper-sensitive to what’s happening in retail security. If it’s true that 110 million consumers had their financial account data compromised in that one breach alone, it’s no wonder many of us are fearful...

Read more

LinkedIn Admits Being Inundated with Fake Accounts – Could that Portend a Wave of Social Engineering Attacks?

I’ve never been a fan of social media. There’s something very unnerving to me about putting personal or private information about yourself online for anyone to see. Don’t try to tell me that you can adjust who sees your content with security settings; I don’t believe for a minute that privacy settings actually keep your...

Read more

Six Ways that Most Companies Shortchange Their Enterprise Security

I recently had a conversation with Michael Sutton, vice president of security research for Zscaler and head of Zscaler ThreatLabZ. We talked about where many organizations are falling short today in defending against current threats and especially the more dangerous advanced persistent threats. I’ve singled out six common shortcomings that...

Read more

Attack of the Month Video Blog Series: Reflective (Amplified) DDoS Attacks

Happy New Year everyone! I'm pleased to kick off 2014 with another dynamic video blog post. Today's video discusses the real threat of Reflective, or as some call them, Amplified DDoS Attacks.  As you may recall from our initial v-blog post the goal for these 5 minute sessions is to dissect and analyze a specific attack type each...

Read more