AnthonyFreed

About Anthony Freed

Anthony M. Freed is an information security journalist and editor who has authored numerous feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets, including The New York Times, Reuters, The Register, Financial Times of London, MSNBC, Fox News, PC/IT/Computer/Tech World, eWeek, SC Magazine, CSO Magazine, Federal News Radio, The Herald-Tribune, Naked Security, and many more. Anthony was the Managing Editor of Infosec Island, an online community designed for IT and network professionals who manage security, risk and compliance issues.

Posts by Anthony Freed

Kaspersky and Hypponen on the Evolution of Hacking and Cyberwar

Kaspersky Lab's fonder and CEO Eugene Kaspersky and Mikko Hypponen, Chief Research Officer at F-Secure, recently examined how hacking has evolved from mere script kiddies meddling for kicks or to build street cred with their peers into an environment where cyber criminals, hacktivists and even governments are engaged in serious offensive...

Read more

Ponemon Study Provides Insight on Financial Sector DDoS Attacks

Distributed Denial of Service (DDoS) attacks against the financial sector continue to dominate headlines weekly, as hacktivists and criminal syndicates repeatedly target the websites of major organizations. A new study sponsored by Corero and conducted by the Ponemon Institute provides insight into how prepared financial institutions are for the...

Read more

Two-Thirds of Banks Hit by DDoS Attacks in Past Twelve Months

By now most everyone is aware of the Distributed Denial of Service (DDoS) attack campaign targeting nearly a dozen major U.S. banking websites since last fall, but many will be surprised to learn how big a problem DDoS attacks really are for the financial sector. A new study conducted by the Ponemon Institute on behalf of network security provider...

Read more

Small Businesses and the Changing Threat Landscape

There has been a great deal of discussion regarding how enterprise security will be impacted by increasingly popular mobility solutions, Bring Your Own Device (BYOD) options, and migrating business processes to the cloud. While large corporations typically have the resources available to address the increased risks, most small to medium sized...

Read more

DoD Proposes Cyber Targeted-Attack Analyzer (CAT) Program

The Pentagon has announced the initiation of a program to develop an integrated threat analysis system that will significantly improve the Defense Department's ability to identify network security vulnerabilities by leveraging the power of Big Data analytics. The Defense Advanced Research Projects Agency (DARPA) Information Innovation Office...

Read more

Big Data will Fuel Shift to Intelligence-Driven Security Models

Big Data, Big Data, Big Data... So what's the Big Deal? Well, according to a Security Brief issued by RSA, Big Data will be the driving force behind major changes across nearly every discipline in the security industry as intelligence-driven security models begin to dominate all major categories of vendor solution offerings. The brief asserts...

Read more

Attackers Sharpen Their Spear for Phishing Operations

Typically, cyber criminals engaged in phishing operations have cast wide nets designed to ensnare as many victims as possible, then proceeded to sort out the high value targets from the rest. But these sorts of large-scale attempts leave the attackers more prone to discovery, and thus their operations may in turn be less successful. The longer...

Read more

Do Mobile Devices Really Increase Productivity?

While there is little doubt that mobility options provide a great deal of flexibility when it comes to where and when work related tasks can be accomplished, and provide for more efficient means of employee collaboration and access, does it really have an impact on productivity? According to a newly published study, federal government employees...

Read more

DDoS Attacks on Banks Could Continue in Perpetuity

Another week, and yet another proclamation from the extremist group Izz ad-Din al-Qassam Cyber Fighters, who vow to continue their Distributed Denial of Service (DDoS) attacks on the websites of several financial organizations in protest of a controversial film. "We have repeatedly stated that removal of the offensive video, INNOCENCE OF...

Read more

Spam Levels are Down, But Targeted Attacks via Email are Up

Less spam in your inbox: Good news. More spam geared towards targeted attacks: Not so good... In the wake of multiple large-scale botnet take-downs in 2011 and 2012, the over all volume of general spam traffic decreased significantly (53%), but targeted attacks via email are on the uptick according to researchers from German e-mail security...

Read more

Red October: Advanced Cyber Espionage Campaign

Cyber espionage is alive and well, as illustrated by the discovery of a long-term campaign dubbed "Red October" that is suspected to have been targeting mostly embassies, but has also been found to have infiltrated systems belonging to other government agencies, military, energy and research organizations in nearly 70 nations across...

Read more

Business Leaders Seek More Intelligent, More Effective Cybersecurity Protection

With the specter of both over-reaching cybersecurity legislation and a Presidential executive order that would expand the authority of federal agencies looming, business leaders have proposed a strategy that would vastly increase the level of threat information sharing between the public and private sectors with the hope that the conciliatory...

Read more

Web Application Vulnerability Statistics Report Released

The exploitation of web application vulnerabilities continues to be one of the leading causes of enterprise data loss, and even in the wake of numerous high profile and well publicized breaches, many organizations have failed to address the most common application flaws, leaving them prime candidates for the next data loss event. iViZ Security, a...

Read more

Why all the Hassle? Two Simple Steps to Secure Your Wi-Fi Network

Setting up a new wireless router, or seeking to better secure your existing Wi-Fi? Perusing the Internet will provide you with all sorts of information on the "necessary" steps required for protecting wireless networks, but some of the advice you will find may result in a complications and instill a false sense of security, according to...

Read more

Botnet-for-Hire Likely Used in DDoS Attacks Against U.S. Banks

Authorities may be one step closer to uncovering the mechanisms behind the spate of Distributed Denial of Service (DDoS) attacks plaguing the websites of major U.S. financial institutions which began in mid-September of last year. Researchers from Incapsula, a cloud-based website enhancement service, discovered that a recently contracted...

Read more

ENISA Deems Drive-By Exploits as Biggest Emerging Threat in 2012

So what's on your security radar as we move into the New Year? The European Network and Information Security Agency (ENISA) has taken data from more than 100 different security reports produced in 2011 and 2012 to produce a Threat Landscape report that attempts to identify the top ten information security demons. The report sourced analysis...

Read more

Hacktivists Estimate DDoS Attacks on Banks to Last Another Year

Have we decided what 2013 will be the year of yet? According to a new threat issued by the extremist group Izz ad-Din al-Qassam Cyber Fighters, the group claiming responsibility for the continued campaign against U.S. financial institutions, it may well be remembered as being the year of the Distributed Denial of Service (DDoS) attack. According...

Read more

Weaponizing Mobile Devices for Use in DDoS Attacks

The lack of adequate security on the majority of mobile devices makes them prime targets for malware that can turn smartphones and tablets into platforms for launching distributed denial of service (DDoS) attacks targeting corporate websites, similar to those that have recently plagued a number of large U.S. banks, according to analysts from a...

Read more

Cloud Computing Tops Most Disruptive Technologies List

So what will be keeping your organization's CISO from getting a good night's sleep in 2013? While the answer to that question might vary from business to business, the unifying factors underlying the cause for your enterprise security chief's insomnia will most likely be tied to the rapid adoption of new technologies that are outpacing...

Read more

Anatomy of the Council on Foreign Relations Watering Hole Attack

Microsoft was quick to respond to reports of a zero-day vulnerability in Internet Explorer which was actively being exploited in a watering hole attack targeting users of a website belonging to the Council on Foreign Relations (CFR), a U.S. based think-tank. Microsoft has issued temporary workarounds for the vulnerability, and is expected to...

Read more

Is Your Antivirus Software Really Worth the Investment?

Is your organization's sizable investment in deploying and upgrading network antivirus solutions really worth the cost? According to a study released in December, commercial antivirus products may not be any more effective at defending against malware than many of the freeware solutions available today, and in some cases were actually...

Read more

Number of Banks Targeted by DDoS Attacks May Increase

The holidays have passed and it's time to balance the ol' checkbook. But wait... Having trouble accessing your bank's customer portal yet again? It may be a circumstance that we all need to become accustomed to as the extremist group Izz ad-Din al-Qassam Cyber Fighters are threatening to expand the number of financial institutions...

Read more

Trending Threats Shape Cybersecurity Landscape for 2013

Predictions, predictions, predictions. Where they worth their weight, we would all have been consumed in the aftermath of the "Mayan apocalypse." So much for predictions... but what about trend analysis? That's a subject worthy of consideration for cybersecurity professionals and the organizations they seek to protect as we move into...

Read more

Trojan.Stabuniq Targeting U.S. Financial Institutions

Malware operations come and go, and typically attackers are playing a numbers game by pursuing techniques for system infections on a large scale through spam campaigns and drive-by attacks via malicious websites. More insidious still are those that employ smaller scale, more targeted attacks. That seems to be the case with the Trojan.Stabuniq,...

Read more

A Look Inside the Business of Organized Cybercrime

Ever consider adding "malware developer" or "botnet master" to your curriculum vitae? With the increasingly sophisticated nature of Crime-as-a-Service (CaaS), there just might be a recruiter out there looking to help you land a new job and put those nefarious skills to use. A new report which delves into the makeup of organized...

Read more

DDoS Attack Against Banks to Continue into the New Year

Banking customers can expect that the latest wave of Distributed Denial of Service (DDoS) attacks against select institutions will continue into the new year, according to an announcement by the extremist group Izz ad-Din al-Qassam Cyber Fighters, who renewed operations against the financial sector two weeks ago after having ceased the attacks for...

Read more

ISACA's Top Three Security Challenges for 2013 are Refreshingly Realistic

The end of the year always brings a slew of dire predictions and FUD-ridden warnings of the impending menaces IT professionals will likely be faced with over the course of the next calendar cycle. By contrast, ISACA, the not-for-profit global association of IT professionals, has managed to identify three less than dramatic areas of concern for the...

Read more

Defense Report Reveals Spike in State Sponsored Cyber Espionage

It's no secret that foreign countries seek to take developmental shortcuts by stealing technologies that would otherwise take decades to develop, a circumstance which significantly undermines the nation's security posture and overall economic stability. But how prevalent is the problem? According to a new report published by the Defense...

Read more

White House Issues National Information Sharing Strategy

As cybersecurity legislation continues to languish in Congress, the White House is pushing the issue forward with the release of the National Strategy for Information Sharing and Safeguarding strategy this week. The plan seeks to achieve a balance between the need for better processes for the sharing of critical security-related intelligence...

Read more

FCC Unveils Smartphone Security Checker Resource

With more than 120 million Americans using smartphones for everything from online banking to accessing corporate networks in the course of their daily jobs, mobile security has quickly become one of the key elements in protecting against a host of digital threats and the risk presented by the loss or theft of a device. The Federal...

Read more

NIST Issues Guidelines for Cryptographic Key Generation

Cryptographic algorithms are crucial for protecting sensitive data from exposure whether at rest or in transit, and the heart of any good encryption mechanism resides in the generation of keys that provide the confidentiality and integrity for data protection. To that end, the National Institute of Standards and Technology (NIST) has...

Read more

DoE Incident Response Challenges Hold Lessons for the Enterprise

The U.S. Department of Energy's (DoE) Office of the Inspector General issued a report last week detailing the continued shortcomings present in the agency’s cybersecurity incident management capabilities. The report reveals that while some progress has been made since the first such audit was conducted in 2008, the department still has a...

Read more

Banks Bracing for Another Round of DDoS Attacks

Major U.S. banks are in for another round of Distributed Denial of Service (DDoS) attacks at the hands of Muslim extremist group Izz ad-Din al-Qassam Cyber Fighters, who vowed last week to renew their operations against the financial sector after having ceased attacks for nearly a month. "The past week’s attacks, showed our ability...

Read more

Sandbox Evading Malware Just a Mouse Click Away

With millions of new pieces of potentially malicious code to be examined every day, it is impossible for malware researchers to manually analyze every sample that comes their way. Thus, it is necessary to employ automated threat analysis systems to allow more suspicious code to be examined and aid in determining which samples merit inclusion in...

Read more

Governance, Risk, and Compliance in an Age of Uncertainty

Having complete visibility, transparency, and control over the entire IT landscape is next to impossible these days, and CISOs everywhere are finding themselves increasingly under pressure to operate effectively in this age of uncertainty. We are doing business in a complex world where big data, hyper-connectivity, and mobility reign supreme....

Read more

Specially Crafted Email Exposes Apple Users to Attack Upon Opening

Most everyone is aware that one should be wary of the potential for a security breach by way of malicious links or malware-tainted documents sent by an attacker via email. Typically, you open the email, realize it is suspect, and proceed to delete it without falling for the ploy. But what about an email that can expose you to a hack by simply...

Read more

Healthcare Information Security is in Critical Condition

While it's no surprise that the healthcare industry experiences breaches of sensitive information like any other sector, the revelation that on average more than one in ten have experienced serious data loss events recently may come as a shock. A new study found that 94% of the 80 health care organizations surveyed indicated they experienced...

Read more

Butterfly Botnet Crime Ring Members Busted for $850 Million Heist

One botnet down, hundreds or more to go... An international coalition of law enforcement agencies under the direction of the Federal Bureau of Investigation have announced the arrest of 10 members of an international criminal ring that operated the Butterfly Botnet, which was designed to harvest personally identifiable information with total...

Read more

Hacktivists Announce New Wave of DDoS Attacks on Banks

Ugh, they're back... After more than a month long reprieve, Izz ad-Din al-Qassam Cyber Fighters - the Islamic extremist group who had claimed responsibility for the series of Distributed Denial of Service (DDoS) attacks this fall that resulted in intermittent website downtime for ten of the biggest financial institutions - has announced they...

Read more

RED DART Initiative Teaches Industry to Protect Trade Secrets

Cybercriminals are making the shift from focusing on the stealing of personal information to the targeting of corporate intellectual property, recognizing that there is tremendous value in the sale of proprietary information and trade secrets. While some high-profile cases where cyber espionage leads to the compromise of classified materials make...

Read more

Advanced Evasion Techniques and Other Dangerous Malware Trends

Like any other business, the continued success of malware depends on innovation in the development of malicious code that can stay one step ahead of detection efforts, and 2013 is sure to see some advances on the part of criminal coders. Analysis by researchers at security provider Trusteer indicates we can expect to see an increase in the...

Read more

AT&T Seeks Industry Cooperation to Combat Dramatic Increase in DDoS Attacks

Distributed Denial of Service (DDoS) attacks, such as those that plagued major American financial organizations in recent months, are growing at an alarming rate - so much so that AT&T's chief security officer has called on it's competitors and the government to better coordinate efforts to combat the dramatic increase before the...

Read more

Enterprise Accounting Systems Vulnerable to Hacker Mayhem

Hackers have long targeted systems that hold sensitive and proprietary enterprise data with the intent to make a buck on the black market, but a new exploit proof-of-concept unveiled at the Black Hat security conference in Abu Dhabi on December 6 reveals how hackers may be able to penetrate the heart and soul of an enterprise by manipulating...

Read more

Programmer Sentenced for Stealing Source Code from Federal Reserve

Insider threats are a uniquely troublesome security challenge for organizations, as the the perpetrators often have been granted access to the most sensitive of information, and breach detection usually only occurs long after the damage is already done. This week, Chinese national Bo Zhang was convicted of stealing proprietary software code from...

Read more

SMS Spoofing Attack Leaves Twitter Users Vulnerable

We've all seen them. The unsolicited Tweet, direct message, or Facebook posting from a reputable colleague or personal contact that is undoubtedly the result of a compromised account, sometimes utilized for by cybercriminals for general spamming purposes and other times part of an insidious attack employing a malicious link designed to infect...

Read more

Malware Infections Dominated by Data Stealing Trojans

Malware developers are in the business of making money from their illicit creations, and the targeting of the confidential and proprietary information that is the core asset of the enterprise continues to be their prime target, analysis of infection agents for the third quarter of 2012 reveals. According to a new report from Panda Security's...

Read more

BYOD, APTs and Applications Top Endpoint Security Concerns

As the information technology landscape changes with the advent of new products and services being adopted by organizations, so do the threat vectors that demand the most attention. According to a new study commissioned by Lumension and conducted by the the Poneman Institute, the mass deployment of mobility solutions for employees along with the...

Read more

December Anointed as Critical Infrastructure Protection and Resilience Month

In an increasingly digital world, information systems pervade nearly every aspect of our daily lives, controlling the function of everything from transportation and communications to the power grid and the financial industry. An event that inhibits the proper function of these networks has the potential to have a devastating impact on the...

Read more

US-CERT Warns Sumsung Printers are Vulnerable to Remote Attacks

Yet another printer vulnerability alert has been issued - but at least this time attackers can't set your office on fire with it. US-CERT issued an advisory that Samsung printers distributed prior to October 31, 2012, including some Dell-branded printers which were manufactured by Samsung, have a vulnerability that could allow attackers to...

Read more

A Comparative Analysis of Browser Security via Phishing Protections

Browsers are no longer just a user's window to the Web, they are quickly becoming a surfer's first line of defense against an array of maladies, most specifically malicious phishing expeditions employing tainted URLs. A new study released by information security research and advisory company NSS Labs examines the four leading browsers -...

Read more

Hacker Highschool Revamps Lesson One on Being a Hacker

Hey kids, wanna get your hack on? The developers of Hacker Highschool, a free cybersecurity awareness and education project, have just issued a newly revamped version of the organization's first lesson plan titled Being a Hacker, and will soon be reissuing updated curricula for all 23 of the course's tutorials. The Hacker Highschool...

Read more

Google Webmaster Bug Provides Lessons for Identity Management in the Cloud

The Internet is ablaze with reports of a major security lapse in the access controls for Google Webmaster Tools. According to multiple reports, users who had previously had access to accounts and websites but subsequently had that access revoked found themselves again able to access tools like Google Analytics for websites they were no longer...

Read more

DDoS Attacks are Increasing While the Majority of Americans are Still in the Dark

Distributed Denial of Service (DDoS) attacks, such as those that have had the financial sector on high alert since September, make the headlines on an almost daily basis. With some of the biggest organizations in the world falling prey to the tactic, one might think that many - if not most of the general public - has at some point been...

Read more

Cyber Monday Spurs Online Cybercrime Smackdown

Whoever coined the phrase "crime doesn't pay" obviously had not foreseen the advent of the Internet, as the sale of counterfeit merchandise online has evolved into a very lucrative venture for cybercriminals. In the third year of a concerted effort to crack down on the illicit sales, a coalition of law enforcement agencies from the...

Read more

SANS Unveils the NetWars CyberCity for Cyberwar Training

Itching to get your cyberwar on, but you just need a targeted city and the associated systems to defend? You're in luck. The SANS Institute today announced the launch of the NetWars CyberCity which will be used to instruct cyber warriors in the techniques required to defend critical networks against Internet-based attacks and secure a...

Read more

Post-Incident Review is Weakest Link in Risk Management

As organizations seek to analyze the return on security investments in an effort to maximize impact in the face of limited budgets, many may be spending valuable resources to address symptoms while altogether missing the opportunity to mitigate the root problems that put systems and sensitive data at risk, according to a recently released report...

Read more

Hacker Convicted for 2010 Breach of AT&T iPad 3G Customer Data

While it can take a hacker mere hours to breach networks and make off with a bounty of sensitive data, the slow-turning wheels of the legal system typically take years to bring the offender to justice. Such is the case of Andrew Auernheimer, the infamous AT&T hacker sentenced last week for his 2010 exploit that exposed the personal information...

Read more

Cybersecurity at DoE Facilities Weak but Improving

With all the hoopla and rhetoric being tossed about regarding the potential for a devastating attack against systems governing critical infrastructure that could result in a "cybergeddon," news that the Department of Energy (DoE) and the National Nuclear Security Administration have successfully addressed more than half of the network...

Read more

Operation High Roller Adaptation Targeting German Banks

Operation High Roller, which was was first detailed by researchers in mid-2012, was assumed to be waning, but new reports indicate that cyber criminals are once again using automated client and server-side attacks to conduct fund transfers to mule accounts, and in at least one instance attempted a fraudulent transaction for a whopping...

Read more

PCI Risk Assessment Guidelines are No Silver Bullet

Need a leg up on establishing a good risk assessment methodology to comply with the PCI DSS section 12.1.2 regulations? You're in luck, sort of. The Payment Card Industry Security Standards Council's (PCI SSC) has released guidelines for all organizations that store, process, or transmit cardholder data to help in the design and...

Read more

DDoS Attacks are Increasing in Frequency and Severity - Study

What’s this? Another bout of website downtime? It could be just a glitch, a hardware component failure, or a pesky case of file corruption, but more than ever it is likely to be the result of a Distributed Denial of Service (DDoS) attack like those that have had the financial sector on high alert since September. A newly released study...

Read more

Network Complexity Creates Additional Risks to Security

Managing elaborate enterprise network deployments is difficult enough, and then ensuring those systems are properly configured and secure against a myriad of threats makes the task that much more arduous. The problem for many organizations is that the growing complexity of integrating multiple vendor products and an array of policies is creating...

Read more

Leading Antivirus Products Vulnerable to Remote Exploits

While the deployment of antivirus software on systems is of course intended to add a protective layer for systems, sometimes there are bugs present that themselves present a vulnerability that can be exploited by attackers. Such is the case for several of Symantec's products which have been discovered to be improperly handling CAB files, which...

Read more

Researchers Examine Widespread ICS Vulnerabilities and Mitigation Strategies

Vulnerabilities related to Industrial Controls Systems (ICS), which include supervisory control and data acquisition (SCADA) networks that administer operations for critical infrastructure and production, are a very hot topic in security. Joel Langill (SCADAhacker.com) and Eric Byres (Byres Security) have teamed up again to take a look at the...

Read more

SEC Encryption Fail: Simple is So Hard

Even in the face of a never ending barrage of headlines about security lapses, it seems that some people must feel they are somehow immune to the threat of data loss and fail to follow basic security best practices. Reuters is reporting that staff members from the Securities and Exchange Commission's Trading and Markets Division brought...

Read more

Black Hat Wannabes Get Training on Underground Hacker Forums

Interested in advanced training opportunities so you can stop just wanting to be a Black Hat and finally turn your skills into a full-time criminal operation? Underground forums are providing education on how to become a better, and more malicious, attacker. Researchers combed one of the largest known hacker forums plus a few smaller ones and...

Read more

Adobe Reader Vulnerable to New Zero-day PDF Exploit

Once again, hackers are proving that the best we can expect to do is stay just one step behind them as they continue to capitalize on previously undisclosed vulnerabilities. The latest is a PDF-based zero-day exploit that defeats the sandbox security features available in Adobe Reader. The exploit is already known to be present in a modified...

Read more

Ransomware is Becoming a Million Dollar Business Venture

Would you be fooled by a popup on your computer that demands immediate payment to restore your device to normal working order? Like most scams, it's all in the numbers - hit enough potential victims and over time realize a profit. That's the name of the game when it comes to the dramatic increase in ransomware, which is estimated to be...

Read more

Lawsuit Alleges Backdoor Present in Ohio Voting Machine Software

The elections may be over, but the politics of security in the process will persist unabated. The latest volley in the controversy over the potential for fraud by way of insecure electronic voting machines comes in the form of a lawsuit filed in Ohio by Green Party candidate Bob Fitrakis which alleges that the software provided by contractor...

Read more

If You Can't Rock the Vote, Just Hack It...

Any information security professional will tell you, there is no way to guarantee absolute security in any system if an attacker is determined enough to breach it. So why would anyone think voting machines would be any different? Researchers at Argonne National Laboratory have shown that not only are the electronic voting machines that will be...

Read more

Study Finds Small Businesses Increasingly Prone to Threats from Malware

Think your company is just too small to be the target of criminal hackers? It's time to change your mindset. According to a recently released study, small to medium-sized businesses (SMBs) are more prone to breaches resulting from viruses, worms, spyware and other forms of malware. Researchers found that a staggering 63% of small businesses...

Read more

NIST Seeks Feedback on Draft Guidelines for Securing Mobile Devices

Sure, you love your razor-thin mobile phone with the extended battery life, but the sacrifice made for size and convenience is the hardware-based security features that we are accustomed to in other devices like desktops and laptops. In order to accelerate the implementation of new technologies for better security in mobile devices, the National...

Read more

How the Presidential Election will Impact Cybersecurity

Cybersecurity is a relatively young discipline, yet it has quickly emerged as one of single most important issues of the day, as information systems touch nearly every aspect of our daily lives in a digital society. Threats to the nation's critical infrastructure, corporate intellectual property, and the identities of the average citizen have...

Read more

Citibank's 'Gone in Sixty Seconds' Heist Should Serve as a Wake Up Call

The Federal Bureau of Investigation announced that fourteen suspects have been charged with stealing more than one million dollars in funds by exploiting a flaw in Citibank's transaction security protocols which allowed for large, simultaneous withdrawals on the same accounts from multiple locations. The heist should serve as a wake up call to...

Read more

Analyzing Network Traffic to Detect Advanced Persistent Threats

One of the most basic tenets in infosec is the fact that there is no such thing as absolute security, and the nature of Advanced Persistent Threats (APT) and their successful application by attackers is a constant reminder. While the rate of network penetration from true APTs is nearly 100% and many infiltrations are not discovered for months or...

Read more

Over Two Million Home Networks Infected with ZeroAccess Botnet

If ghosts and goblins running amok for the Halloween season aren't enough to scare you, how about the continued propagation of malware? Some 13% of home networks in North America are thought to be infected with malicious agents. Of those contaminated systems, half (6.5%) are infected with high-level threats including botnets, rootkits, and a...

Read more

U.S. Army Working to Integrate Cyber Operations Capabilities

The U.S. Army is seeking to transform itself in order to strategically address new challenges presented by the addition of cyberspace as a field of operations, making the shift to a joint-information environment with a focus on both defensive and offensive cyber capabilities, according to Lt. Gen. Rhett A. Hernandez, commanding general for the...

Read more

Presidential Debate Moderators Drop the Ball on Cybersecurity

If you give any credence to the headline-making comments being served up by some of our nation's top security officials, like Secretary of Defense Leon Panetta and the NSA's General Keith Alexander, then the country is faced with an imminent threat from a cyber-borne catastrophe of epic proportions, and businesses are losing billions of...

Read more

Is the Internet Broken Today? Major Outages Spur Chatter

Widespread packet loss and downtime for some big players has been the cause of quite a bit of chatter today regarding the possible causes for the widespread disruptions on the Internet. Google App, Tumblr, and Dropbox have all been the subject of reported service interruptions. So far, no one seems to know the cause or if the events are...

Read more

State CISOs Battle Resource Constraints in Face of Escalating Threats

As the budget belts get tightened, CISOs across the country who are charged with protecting vital state-operated networks are expressing a lack of confidence regarding their ability to safeguard data repositories in the face of ever more sophisticated external threats, a new study reveals. According to the 2012 Deloitte-National Association of...

Read more

Researchers Find More Widespread SSL Vulnerabilities

What is a critical security feature in an application worth if it doesn't provide any security? Not much, according to researchers who uncovered widespread and very exploitable vulnerabilities in Secure Sockets Layer (SSL) implementations during their examination of a selection of non-browser software offerings available in the...

Read more

Misinformation on Weak Passwords, Poor Authentication Measures and Data Breaches

There is typically a lot of confusion on security issues in the way they are relayed to the general public, especially when the PR folks get involved in trying to take news of major breach events and spin them in an effort to push a vendor's product. Sometimes the level of misinformation just makes you scratch your head and wonder what people...

Read more

FTC Guidelines Take Aim at the Widespread Use of Facial Recognition Technology

Imagine a world where your every move can be tracked via closed circuit video systems, or through seemingly innocuous photos of the crowd at an event you attend that are posted by someone else on social media outlets. Even more disturbing, envision a world where hidden cameras are strategically placed to capture your facial expressions in order to...

Read more

Understanding the Anatomy of Data Breaches Industry-by-Industry

Every industry vertical is faced with the prospect that sensitive data can and will be stolen, and each sector faces unique challenges when it come to protecting information critical to their long term viability, according to a series of newly released reports that examine the anatomy of data breaches on a granular basis for several major industry...

Read more

Financial Services Thinktank Offers Strategies to Combat Cyber Attacks

It appears that the barbarians are at the proverbial gates, and the financial sector is scrambling to shore up their network defenses in an effort to combat the specter of website downtime caused by hacktivists engaged in a spate of attacks targeting American banks. In response to the attacks, BITS - the technology policy division of The...

Read more

Banks May Get Reprieve from Denial of Service Attacks This Week

Even hacktivists need to take a holiday it seems, so American banks may get a much appreciated break this week from the recent onslaught of Distributed Denial of Service (DDoS) attacks that have had the financial sector on high alert since last month. Izz ad-Din al-Qassam Cyber Fighters, the Islamic extremist group who have claimed...

Read more

VA Computers Still Unencrypted More than Half a Decade After Breach

While lawmakers entertain notions of broadening government powers regarding private sector security through an expansion of regulatory mandates, some government agencies continue to demonstrate that they can't even effectively administer their own cybersecurity prescriptions. A report released by the U.S. Department of Veterans Affairs (VA)...

Read more

Fear, Uncertainty, and Doubt Won't Protect Us from the Real Security Threats

Dire warnings of an imminent and catastrophic attack that could take down the power grid or cause domestic water supplies to be interrupted may serve to alarm policy makers and the public, but it does little in the end to draw attention to the real security issues the nation is facing, according to the Internet Security Alliance's Larry...

Read more

Widespread SSL Vulnerabilities Identified in Android Applications

That application you just downloaded uses an encrypted connection, so your sensitive data is protected, right? Not necessarily, according to researchers from two German universities who discovered that thousands of applications are leaving users at risk. The problem resides is in how the application developers improperly implement the Secure...

Read more

On the Prospect of a U.S. - China Cyber Detente

The United States and the People's Republic of China have been engaged in a mini cold war of sorts for decades, quibbling over issues of military expansion, fair trade policies, and the future of the independent state of Taiwan. In recent years, nowhere has the contention between the two powers been greater than where cybersecurity is...

Read more

Bank DDoS Attacks: Is it the Russian Mob, Iran, or a False Flag?

Open speculation on the source of a series of Distributed Denial of Service (DDoS) attacks targeting U.S. financial institutions continues to make the rounds on the web, with fingers pointing at the Iranian government, Russian crime syndicates, and rumors that the operation may be a false flag event to garner support for another American military...

Read more

IT Supply Chain Integrity to Emerge as Top Security Concern

Sure, vital components that constitute the infrastructure of networks will be exposed to an untold number of threats after deployment - that's the nature of the beast. But how do we defend against threats that are built into those components before they ever reach our doorstep? That's an issue organizations will be increasingly faced with...

Read more

Researcher Demonstrates Lethal Medical Device Exploit

Noted security researcher Barnaby Jack has dealt another blow to medical device insecurity with an exploit that shows how attackers could hack communications terminals for pacemakers and implanted cardioverter-defibrillators (ICDs) to administer potentially lethal jolts. In a shocking presentation at the BreakPoint Security Conference in...

Read more

Senator Warns that Cybersecurity Threats are "Anything But Hype"

As Congress ponders the prospect of taking up cybersecurity legislation again during the post-election lame duck session, Senator Joseph Lieberman has unleashed some trenchant rhetoric in a New York Times Op/Ed piece which chides his colleagues for legislative inaction on what he considers to be a national security priority. Lieberman, who...

Read more

US-CERT Issues Updated Advisory on Destructive Shamoon Malware

What could be worse than than a pesky malware infection on your organization's networks? How about malware that can annihilate systems and the precious data that resides on them. That's the case with the uber-destructive strain of malicious code dubbed Shamoon. The Department of Homeland Security's United States Computer Emergency...

Read more

DHS Engages Private Industry to Secure Critical Infrastructure

In the wake of a series of troublesome Distributed Denial of Service (DDoS) attacks targeting U.S. financial institutions, the Department of Homeland Security is seeking to improve the coordination of cybersecurity efforts with private industry to protect the nation's critical infrastructure, including vital networks in the financial...

Read more

Insider Threats Trump Hackers in Enterprise Data Loss Events

As organizations continue to invest heavily in perimeter security solutions in an effort to protect sensitive data from external compromise, an insidious threat lurks from deep within the confines of the enterprise: Threats from the malicious insider. While the general rate of fraud is down slightly from last year's levels according to a...

Read more

Extremist Group Vows to Continue DDoS Attacks Targeting Banks

After a week of silence, the Islamic extremist group Izz ad-Din al-Qassam Cyber Fighters has vowed to continue a series of Distributed Denial of Service (DDoS) attacks targeting U.S. financial institutions, which are being conducted in protest of a widely denounced YouTube video which scorns the prophet Mohammed. In a new posting on...

Read more

Organizations Moving Email to the Cloud Despite Security Concerns

The rapid pace of migration to managed services by organizations continues to gain momentum despite well-founded concerns over data security and complicated legal issues related to maintaining regulatory compliance. Leading the trend is the adoption of cloud-based communications with a staggering 83% of respondents indicating they intend to...

Read more

Court Rules Email Accounts are Fair Game for Hackers

Did you think your private correspondence stored by email providers like Google and Yahoo is safe from unauthorized access? Think again... In a devastating blow to privacy and the sanctity of proprietary data, the South Carolina Supreme Court has ruled that such data in not protected by the Stored Communications Act (SCA). In a landmark...

Read more

Government Provides $9 Million in Grants for Trusted Identities in Cyberspace

Internet-based transactions such as online banking and retail sales account for an increasing percentage of business activities considered vital to the health of the national economy, yet many consumers indicate they are still reluctant to engage in these activities due to concerns over security. In response to those concerns, the U.S....

Read more

FBI and IC3 Warn of FinFisher and Loozfon Malware Targeting Android Devices

Android's open architecture has made the operating system an increasingly attractive target for malware designers seeking to exploit mobile devices and pilfer sensitive information. Accordingly, the Federal Bureau of Investigation and the Internet Crime Complaint Center (IC3) issued new warnings for Android users regarding the recent uptick in...

Read more

Majority of SMBs Have No Security Policies or Contingency Plans

Small businesses (SMBs) are increasingly becoming the target of cyber criminal operations, as most do not have the resources or expertise at their disposal to protect proprietary information and client data, yet the majority of small businesses in the U.S. are under the assumption they are protected from cybersecurity threats, according to new...

Read more

Panetta Warns Attacks on Critical Infrastructure "Could Paralyze the Nation"

Secretary of Defense Leon Panetta reiterated his concerns over vulnerabilities in systems governing the nation's critical infrastructure that could result in catastrophic events should those networks be targeted my malicious actors. “A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the...

Read more

Suntrust and Regions Latest Victims in Denial of Service Attacks

Suntrust Bank and Regions Bank are the latest targets in a series of Distributed Denial of Service (DDoS) attacks being claimed by an Islamic extremist group called Izz ad-Din al-Qassam Cyber Fighters, which made good on their October 8th threat to assail the institutions. Earlier this week Capital One had confirmed the bank's website...

Read more

Get a Handle on Implementing Critical Cloud Security Controls with New Guidelines

Cloud computing offers companies the opportunity to cut costs by reducing outlays in hardware and by reducing the number of support staff required for maintenance of in-house data centers. But the move to the Cloud can be daunting for many organizations, who in study after study cite security concerns as the primary obstacle to migrating to...

Read more

Florida College Breach Exposes Education Sector Security Perils

In a recently discovered network intrusion that may have lasted for several months, the personal information of several thousand Florida college employees, and potentially hundreds of thousands of students, are thought to have been exposed in what officials described as "a professional, coordinated attack by one or more...

Read more

Mozilla Warns of Security Vulnerability - Pulls Firefox 16 from Market

Just one day after Mozilla debuted the latest version of the Firefox browser, complete with a nifty new developer's toolbar feature, the release has been pulled due to concerns over a vulnerability that could jeopardize user privacy. "Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16)....

Read more

Capital One Latest Target in Rash of DDoS Attacks

Capital One has confirmed they are the latest victim in a series of Distributed Denial of Service (DDoS) attacks which have been plaguing the financial sector for several weeks, all of which are being claimed by an Islamic extremist group called Izz ad-Din al-Qassam Cyber Fighters . The attacks have caused varying periods of disruption...

Read more

Microsoft Patches Critical Word Vulnerability for Windows and More

Microsoft issued patches Tuesday to mitigate twenty vulnerabilities in a variety of their software products, including a critical patch to remedy a bug in the popular Word application that could be exploited by attackers remotely in targeted attacks. The Word vulnerability is present in all versions of the software for Windows systems (2003,...

Read more

NIST Patch Management Guidelines Overhauled to Reflect Automation Trend

Effective software patch management has long been the bane of security managers, network engineers, and system administrators. The process is often costly, requires significant resources, and can potentially result in unforeseen disruptions to network functionality by interfering with other applications or by causing a system reboot during the...

Read more

FTC Takes Action to Quell Tech Support Scam Epidemic

Consumers are being inundated with bogus warnings that their systems are infected with spyware and viruses by "scareware" scammers intent on fraudulently collecting fees and seeking to gain remote access to victim's computers. At the behest of the Federal Trade Commission, a U.S. District Court Judge has issued orders to halt the...

Read more

Risk of Data Loss Tops Mobile Threats for Enterprises

Mobility of the enterprise workforce has quickly become a key element to competing in an increasingly fast paced marketplace, but the advantages are tempered by a new set of risks. The threat of a catastrophic data loss event from mismanagement of mobile devices tops the list of concerns revealed in a new study by the Cloud Security Alliance...

Read more

Cyber Attacks and Their Financial Costs Hitting Companies Harder

Cyber attacks are on the rise, more than doubling over the last three years while the associated costs to affected organizations has risen a whopping 44 percent during the same period, according to a new study conducted by the Ponemon Institute. The report reveals that while the pace of attacks is steadily increasing, with an average of 102...

Read more

House Intelligence Committee Warns of National Security Threat from Chinese Telecom Giants

A Congressional panel has concluded that Chinese telecom firms Huawei Technologies Ltd. and ZTE Corp. pose a significant risk to U.S. national security, and recommend that American companies avoid any and all business relations with the technology giants. House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger...

Read more

Google FUD or State-Sponsored Attack Threat?

Select users of Google’s services are once again receiving warnings regarding the possibility that they may be at risk of falling victim to state-sponsored attacks. Is this just more fear, uncertainty and doubt, or is there a legitimate threat backing up the move by the search engine giant? The cautionary message, which states...

Read more

Adobe's Digital Certificate Hack Highlights Trend

That software you are downloading has a valid digital certificate so it can be trusted to be legitimate, right? Not necessarily. Compromised digital certificates have been key to the successful dissemination of some of the most dangerous malware strains discovered to date, including Stuxnet, Flame, Zeus, Mediyes, and the Lethic botnet. Now...

Read more

Stolen Data Black Market Trade Soaring

Nearly twenty-million "pieces of personal data" changed hands worldwide in the first six months of this year, more than was traded in all of 2011 according to a new study released by the credit monitoring company Experian. The trend will result in a nearly four-hundred percent increase in stolen data sales over the last two year...

Read more

White House Confirms Spear Phishing Attack

White House officials have confirmed reports that U.S. government systems were targeted last month in a spear phishing attack allegedly originating from servers located in China. While details of the attack have not been released, it appears that unclassified systems operated by the White House Military Office were exposed by way of a spoofed...

Read more

Cyber Attacks Targeting Financial Institutions Continue to Escalate

The number of financial institutions whose websites are being targeted by cyber attacks continues to grow in the weeks following a security advisory issued by the Financial Services - Information Sharing and Analysis Center (FS-ISAC) which warned of increased threats. Institutions which experienced significant website downtime in recent...

Read more

Government Issues Recommendations to Improve Implanted Medical Device Security

The Government Accountability Office (GAO) recently issued a report for Congress with a series of recommendations for improving the monitoring of security protocols for implanted medical devices which may be vulnerable to interference that could adversely affect their performance. Specifically, the GAO report suggests that the Department of...

Read more