About Neil Roiter

Posts by Neil Roiter

If you are an enterprise, you must perform malware analysis

Malware analysis is essential for contemporary crime ware analysis in the enterprise. There are too many variants, using too many tricks to obfuscate their real intent out there. There were eight million new variants in the first quarter alone, according to McAfee. Antimalware and IPS can do just so much. It’s up to the organizations to do...

Read more

Getting incident response right: Part 2

Now that we know what to do in advance, what happens when the balloon goes up and the response is not theoretical but right now. The difference between a well thought out, comprehensive plan and a plan that leaves the participants fluttering around for hours trying to assemble the troops can mean the difference of perhaps millions of...

Read more

Getting incident response right: Part 1

Often misunderstood, incident response can be the difference between an uncoordinated reaction to trouble, perhaps misinterpretation, perhaps even hours of misdirection or paralysis, on the one hand, and the prompt, effective and timely action. In other words, the difference in some cases between catastrophe and containment. The most important...

Read more

The online underground in China: Part 2

Last time we looked at how members of the Chinese online underground manipulate and steal real assets and virtual assets, the virtual cash and gear that sell for real dollars on the open market. Today we’ll take a look at the abuse of Internet resources and services, and the Blackhat services, the engine that in effect makes it go, with the...

Read more

The online underground in China: Part 1

China is a source of advance persistent threats, a source of espionage and intrigue. Cloak and dagger stuff. But it is also where there is a burgeoning online underground, which is hard to quantify, harder to control and enjoys a great deal of freedom despite efforts to crack down on it. For the first time, a report analyzes this underground, find...

Read more

If you can’t you afford to do training right, don’t do it

So the debate goes on, should we train our staff not to do stupid things with email, Facebook and Twitter? Should we spend hours teaching and reinforcing the evils of the web? Should we bother training everyone or train just those with access to sensitive information or vital systems. Or is it all a gigantic waste of time, because the bad guys...

Read more

Small-medium business: You're basically on your own

Online banking continues to rise steadily in popularity, but small and medium businesses aren’t learning the lessons. The good news is that fully a quarter of the banks are reimbursing the full amount of the fraud, according to a joint poll taken by the Ponemon Institute at the behest of anti-fraud vendor Guardian Analytics. So the scale is...

Read more

APT stalks the top firms, but most are in denial

The reality of advance persistent threats (APTs) is a menace to more firms than are aware of it. Chances are good your firm may be a victim and not even know it; maybe for a long time. The fact that most companies surveyed by ResearchNow on behalf of CounterTack only admit to a “slight” vulnerability is a sure sign that many companies...

Read more

Silon reborn: Tilon is tougher, harder to detect banking Trojan

Trusteer has discovered a new malware that is targeting banks. It bears some resemblance to the Silon, a piece of malware that defrauded customers protected by two-factor authentication. It underwent two revisions and continued to do well into last year, then went into decline. Dubbed Tilon, it is a classic Man in the Browser (MitB) software,...

Read more

Microsoft, Adobe to issue critical updates

Microsoft will issue 14 updates on Tuesday, including four in Internet Explorer. That’s the third month in a row Microsoft has patched holes in the browser.  Of the nine updates, five are labeled critical, the highest Microsoft rating, and four will be labeled important. In addition to the update for Explorer, two of the remote code...

Read more

Banking “spyware” opens questions about who is spying on who

The discovery of a variant of from the same family that brought us Flame (and Stuxnet and Duqu), this one focused on Lebanese banks is the latest in a still developing series of disclosures. The revelation of the first-ever banking Trojan of this high-powered pedigree may just be the tip of the iceberg. Here’s what we know and what we...

Read more

Electronic law for the 21st century

Updating the electronic law for the 21st century is long overdue. Two Democratic Congressmen have submitted the Electronic Communications and Privacy Act Modernization Act of 2012 to try to rectify the issue. (I don’t quite understand the need for the word “act” twice when one would do nicely. Perhaps it’s because...

Read more

Bring it on: Companies push sensitive data to the cloud despite doubts

Companies are moving relentlessly towards moving sensitive data to the cloud, although many are skeptical about the cloud providers ability to protect and many do not even know what the providers are doing. Yet the beat goes on to more and more migration to the cloud. About half of the 4,140 companies queried by the Ponemon Institute in a...

Read more

New tool measures your preparation for a DDoS attack: Are You ready?

How does one begin to assess the company’s readiness for distributed denial-of-service attacks> Will it be a bolt from the blue or a well understood attack. Is the company primed and ready for any eventuality that might hit it, or run yelling that the sky is falling? A new tool assesses how well prepared you are for attack – or...

Read more

Security awareness: To train or not to train, that is the question

There’s a spirited debate going on about the value of training employees for security awareness. It started in May 2012 with Joe Ferrara’s article for CSO magazine, Ten commandments for effective security training.  Ferrara is president and CEO of Wombat Security Technologies, a vendor of security training materials....

Read more

Phone fraud picks up dramatically in first half of 2012

Phone fraud is on the rise, but the numbers while significant in a raw sort of way are still very small. While phone fraud increased a whopping 29% in the first six months of 2012, compared to the last six months of 2011, the numbers were relatively small, around 1,300,000 compared with about a million. However, the number bears watching over the...

Read more

Cyber Security Act of 2012: Sound and Fury?

So, at the same time Congress grinds its way to a Cyber Security Act that was designed to please everyone and satisfies no one, no one is quite satisfied and the amendments are flying thick and fast. As one witnesses the flurry of last-minute amendments, one has to wonder why all the fuss? The Cyber Security Act of 2012 is still undergoing a...

Read more

Advanced persistent threats are nothing if not, well, persistent

Advance persistent threats (APT) is a different kind of animal. It just doesn’t let go, even after you kick it off,  and eradicate it from your networks. You’ve got something it wants, and it just keeps going after it. As  SANS APT instructor Rob Lee put it in a recent posting: “We tell this to executives: Once you are...

Read more

Phishing industry is alive and well, APWG reports

The phishing industry keeps reeling them in, according to the Anti-Phishing Working Group's (APWG) first quarter report.  More brands, 392, were subverted in Q1 2012 than ever before, eclipsing the previous mark of 362 just last December. That’s an 8% increase in both February and March. The numbers of unique URL phishing sites also...

Read more

Cyber security bill reintroduced: Much ado about nothing?

The latest iteration of a federal cyber security bill removes just about every objection anyone could raise, and puts almost no requirements on the private sector to strengthen security. The bill is designed to win Republican support, but at a price that removes federal control over security in the private sector. The bill is easy to support,...

Read more

Oh, Canada! USB drives with information on 2 million voters are missing

The news is out, nearly three months after the fact, that two unencrypted USB drives containing personal information on some two million voters in Ontario  ̶  the largest data breach in Ontario history  ̶  is missing. Disappeared. Gone. These kinds of cases keep popping up, seemingly without relent. Someone hasn’t...

Read more

Corero adds reputation-based detection to fight the awful numbers on the Interent

The numbers on the Internet are awful: There are so many hijacked zombie computers, so many malicious and compromised websites serving malware and so many malware variations. Security companies have had to go beyond their existing models of detecting attacks and leverage their global intelligence about what sources are currently serving up...

Read more

Court: Banks have some fraud liability — but security is still the SMB's responsibility

A federal appeals court ruling in favor of a small business whose bank failed to stop a series of transfers detected by its anti-fraud service opens the door a crack on just how badly a financial institution’s security program can perform before they have to at least share culpability. The First Court of Appeals in Boston overturned a...

Read more

Microsoft to issue nine security bulletins, three critical

Microsoft will issue nine security bulletins, including three critical updates and six characterized as important on Tuesday. Vulnerabilities in two of the critical bulletins could be exploited to allow an attacker to take control of a system running most Windows operating system without user interaction, and thus are the most urgent priority for...

Read more

First-ever smart phone botnet indicates mobile crimeware is coming of age

The discovery of an apparent botnet comprising Android devices opens up yet another chapter in the developing march of mayhem in the smart phone world. More and more, we are seeing cyber criminals taking advantage of profit opportunities on mobile devices. The first-ever mobile device botnet, reported more or less simultaneously by...

Read more

Zemra botnet used for DDoS version of the protection racket

If you are looking for a bot capable of launching a distributed-denial-of-service (DDoS) attack to shake down a website owner who would rather pay ransom than lose hours of lucrative business, Zemra crime ware can be had for €100 ($126.20 on last check of the exchange rate), according to Symantec. Zemra, like most crime ware, hijacks a...

Read more

Is it time for treaties governing the use of cyber weapons?

In a New York Times op-ed piece, Misha Glenny raises some interesting arguments about the lack of any international treaties controlling the use of cyber weapons, particularly over their use in peacetime. “It is one thing to write viruses and lock them away safely for future use should circumstances dictate it,” Glenny writes....

Read more

Once more into the breach: Another federal data breach notification bill

The news that Congress has teed up national data breach notification legislation yet again hardly gets the blood stirring. Yet another attempt to replace the mishmash of 40-plus state breach notification laws is, as always, a good idea, but we have been down this route several times over the last decade. The newest version, introduced by...

Read more

European Parliament committee rejection may spell the end for ACTA

The controversial Anti-Counterfeiting Trade Agreement (ACTA) may be DOA when the full European Parliament votes on it on July 3, after the Parliament’s International trade committee, INTA, rejected the agreement 19-12 Thursday. ACTA is designed to combat international trade in pirated intellectual property, but much like the currently...

Read more

Understanding and defeating APT, Part 2: Fighting the 'forever war' against implacable foes

The SANS Institute has introduced a course to train security personnel to detect and remediate Advance Persistent Threats (APT), sophisticated and surreptitious attacks, generally to conduct industrial/commercial/government espionage. Security Bistro spoke with security, incident response and forensics expert, Rob Lee, instructor for the course,...

Read more

Understanding and defeating APT, Part 1: Waking up to the who and why behind APT

The SANS Institute is introducing a course to train security personnel to detect and remediate Advance Persistent Threats (APT), sophisticated and surreptitious attacks, generally to conduct industrial/commercial/government espionage. Security Bistro spoke with security, incident response and forensics expert, Rob Lee, instructor for the course,...

Read more

Should patient consent be considered in sharing health info across national network?

The steady migration to electronic health records, mandated by the HITECH Act, may lead to inevitable trade-offs between privacy and security on the one hand, and more efficient and, ultimately, perhaps, better health care on the other. At the heart of the matter are the Regional Health Information Organizations (RHIOs) that are critical to...

Read more

Indian DDoS attacks come against backdrop of serious Internet freedom issues

The wave of DDoS attacks hitting various Indian government websites, as well as those of ISPs, the country’s Supreme Court and a couple of political parties hasn’t gotten all that much play outside that nation, but the themes strike some familiar chords, with Anonymous claiming credit for the attacks in response to court-ordered...

Read more

Microsoft to issue seven security updates, three critical

Microsoft will release seven security updates on Tuesday, June 12, three of them rated critical. The normal monthly “Patch Tuesday” Microsoft Security Bulletin follow the emergency update of a fix to close a vulnerability that the Flame espionage malware toolkit uses to leverage unauthorized digital certificates from a Microsoft...

Read more

Are there cyber warfare rules of engagement? New techniques, but the old rules may still apply

My former colleague Bill Brenner stirred up some interesting reaction to his recent posting about engaging in cyber warfare,  “Iran deserves the malware, but expect a backlash.” It's the right time for this discussion. Folks in the security industry — and I include myself — tend to get so immersed in the what and...

Read more

Massachusetts hospital data breach settlement shows health care providers are not immune to consequences

Somewhat lost in the conflagration over Flame and other sexy security news this week, South Shore Hospital agreed to a $750,000 settlement with Massachusetts Attorney General’s office over the loss of 473 unencrypted backup tapes containing the names, social security numbers, financial account numbers and medical diagnoses of 800,000...

Read more

As RIM loses money and market share, we lose ground in the effort to secure mobile devices

Kaspersky Lab’s Ryan Naraine had the most eloquent commentary on the news that Research in Motion (RIM) was posting first quarter losses (RIM stock was down more than 7% in trading by late afternoon Wednesday and has been down about 80% in the last 12 months). He simply Tweeted “Damn” with a link to a news article. I think that...

Read more

Flame is the Mother of All Spyware, but while it may raise the stakes, it doesn't change the game

Flame brings us spyware that is truly worthy of the name.  You don’t hear the word “spyware” used much these days, but according to Kaspersky Lab's initial analyses, we’ve never seen malware so adept and stealthy at watching, capturing and stealing in so many ways. Kaspersky’s Alexander Gostev says it...

Read more

App security is the ultimate uphill battle, but CERT's SCALe secure development initiative is a promising weapon

Cyber criminals live off vulnerable software. That’s not exactly a revelation, but we need to bear in mind that if there were no software vulnerabilities, criminals earning a good living off the internet might have to find work elsewhere. Securing software is somewhat like Sisyphus, the Greek king punished by the gods by being compelled to...

Read more

Utah governor's knee-jerk response to health records data breach: 'Off with his head!' And now what?

I’ve been critical of the poor security that allowed the breach of Utah public health records of 780,000 people in Utah in April, so I feel compelled to comment on the firing of the director of technology services. Now that someone has been fired, of course, everything will be OK. Not. I’m not defending Stephen Fletcher, either for...

Read more

Mobile malware spikes in Q1, signed malware climbs, McAfee reports

Mobile malware continues to increase, focused heavily on adware and sending premium-rate SMS services, according to McAfee’s first  quarter Threats Report. In addition to simple SMS malware, McAfee reports increasingly sophisticated backdoor Trojans on Android, which uses a root exploit to take control of the phone and receive commands,...

Read more

Access governance: Identity management gets down to business; NetIQ integrates former Novell IDM tools

From the nuts and bolts IT perspective, identity management has been heavily focused on getting the job of assigning privileges, authentication and access controls efficiently, and simplifying user access across multiple and disparate systems and applications. In large organizations, managing provisioning and de-provisioning, single sign-on, etc....

Read more

Remember Anonymous' call to speak with our feet against CISPA? How's that working out for ya?

I haven’t really had a chance to check in on Anonymous’ planned physical protests against the Cyber Intelligence Sharing and Protection Act (CISPA) announced in a five-minute plus video (but feeling as interminable M. Night Shyamalan film) shortly after the U.S. House of Representatives passed it late last month. The cyber crusaders...

Read more

Energy sector threats keep us up at night; McAfee/Intel unveils multilayer protection plan

Potential threats to the nation’s energy supply, generation and distribution systems attract intense scrutiny not so much because of what has happened but because of what we believe could happen. The specter of an attack that could severely impair, for example, the distribution of electricity in much the same way Stuxnet damaged the Iranian...

Read more

Most states aren't well prepared for cyber attacks: Don't be surprised, don't be alarmed, but be concerned

Cyber security is not a top priority for state governments, and they are not well prepared to deal with cyber threats. In fact, cyber security ranks at the bottom of 31 critical areas in terms of readiness, according to a report issued by the Federal Emergency Management Agency (FEMA). Though we tend (I tend) to see the world in terms of...

Read more

You want some good numbers? Check out the InformationWeek security survey

I've grown to anticipate the annual InformationWeek Strategic Security Survey with some enthusiasm. It's one of the better conceived surveys around, covers a wide range of sectors and organization sizes, and is sufficiently large sample (946 IT and security professionals) to be statistically significant. and it's chock full of...

Read more

BeyondTrust expands security coverage with eEye Digital acquisition

BeyondTrust continues to expand its security portfolio, announcing acquisition of risk management vendor eEye Digital Security, whose menu of enterprise and cloud products have been built out starting with its venerable Retina network vulnerability scanning tool.BeyondTrust's primary play has been privileged identity management, centered...

Read more

Panel: Survey suggests healthcare may be talking the talk, but breaches show it isn't walking the walk

Healthcare is data security's poor relation. Despite some evidence of positive effort,data breaches are on the rise, and most healthcare organizations just don't quite get the importance of security, focusing too much on the form of regulatory compliance and too little on substance, according to a panel discussing the recently released...

Read more

The numbers are still awful: Symantec issues annual Internet Security Threat Report

The Symantec Internet Security Report on 2011 Trends is one of those good news/bad news sort of things. Spam was way down. Far fewer vulnerabilities discovered. There were far fewer bot zombies around to spew spam, launch automated attacks against targets of opportunity or overwhelm targets with DDoS attacks.But as my Dad told me, "Work...

Read more

BYOD trend changes face of network access control;Enterasys introduces Mobile IAM, professional services

Mobile security is a hot topic, but although the buzz is about more and increasingly sophisticated mobile malware and malicious applications, the overriding challenge for enterprises today is about management and access control. With all the personally owned smart phones and tablets coming onto the corporate network, how do I manage them and...

Read more

Latest wave of healthcare data breaches symptomatic of sloppy security practices

The rash of recent data breach disclosures in the healthcare industry lays bare some very poor security programs and lax behavior. Whether sensitive data lost through carelessness or weak controls that made it almost impossible for hackers  not to steal it, the impression is that the healthcare industry is still in the Stone Age (say around...

Read more

Spirent acquisition of Mu Dynamics marries heavyweight load-bearing, barrage-level security testing

With its acquisition of Mu Dynamics, Spirent combines industrial-strength load-testing and security torture-testing tools. The complementary combination gives customers one-stop shopping for heavy duty testing of network and security appliances, applications and network infrastructure. The two are among a few high-end testing tool vendors, that...

Read more

Busting someone out of prison? Forget about the hacksaws. Hack the SCADA system

Rocky: “Pass the word, we’re busting out at 2 a.m. Everyone.” Snake: “Everyone? How we gonna’ open all the cells. How about the gates? Hah? Rocky: “We have a brain who is gonna get into the SCADA system and exploit its vulnerabilities Snake: Oh. We all know about the concern about the vulnerability...

Read more

PCI DSS audits can be a nightmare or an opportunity

Move past the debate over whether PCI DSS compliance really makes an organization more secure and focus on how put it to work for you. It comes down to this: If you are a CISO, how can you turn the QSA audit experience to your advantage, rather than a waste of money (six or seven figures if you are a Level One organization). The formula is largely...

Read more

Haste makes waste; out-of-process firewall changes cause system outages, AlgoSec survey reports

Enterprises have change management processes for a reason. When you “just get it done” without appropriate approvals, notification and testing, bad things tend to happen. Firewall configuration and/or rule changes that don’t follow procedure are liable to open up security holes and/or inadvertently shut off access to critical...

Read more

What's wrong with XP? Nothing, but plan to migrate soon or leave your PCs open to attack

The news that Windows XP is on a two-year end of life countdown is worrisome. Microsoft will cease support for the world’s leading OS in two years (April 2014). From a security perspective, that means that organizations and consumers will have to upgrade to Windows 7, or perhaps Windows 8, or live without security updates for newly...

Read more

Utah's "multilayer" security around health records would be a bad joke, if there weren't 800,000 victims

More on the big Utah health records breach: "Medical data on the state's computers aren't encrypted, noting federal rules don't require it," the Salt Lake City Tribune reports, citing technology services director Stephen Fletcher. And the server was breached because a technician used a weak password. Take a couple of moments...

Read more

Flashback Trojan is a wake-up call for Mac Nation: You are now fertile territory for cyber criminals

A few days ago, a friend was hunched over his four-year-old Mac laptop, peering intently with furrowed brow. “Problem?” I asked. “Wondering if I should worry about this Flashback Trojan that’s in the news,” he replied. “I didn’t think Macs got viruses.” Of course, Macs can and do get malware...

Read more

Bad news from Utah: Health records breach is much, much larger than initial reports

A serious breach of health records in Utah — the largest health information breach since breach notification become required under HIPAA in 2009 —  may have slipped under your radar amid the news of Anonymous’ latest DDoS attacks, the Flashback Trojan infected 600,000 Macs and the Global Payments breach involving as many as...

Read more

Going somewhere? Please confirm your online check-in. Oops. Not so fast. New U.S. Air scam has hit your Inbox

I was bombarded with a series of sneaky phishing messages appearing to come from U.S. Airways over the last few days. What made these messages all the more dangerous was I was actually traveling on the days the messages referenced. Fortunately, I wasn’t traveling on U.S. Air, so I wasn’t overly tempted to bite on any nasty links. If I...

Read more

McAfee introduces agentless virtualization AV management through VMware vShield Endpoint integration

Virtualization brings significant practical advantages to the enterprise, particularly in terms of hardware, network infrastructure and energy savings. It makes data center consolidation feasible, from a business perspective almost mandatory. Virtual desktop interface (VDI) is seeing increasing adoption, as it simplifies management, enables...

Read more

When it comes to data breaches, the words 'payment processor' set off an extra-special alarm

The Global Payments credit card breach is high profile not so much for how many card numbers were stolen — a mere 1.5 million at most according to GPN  — but because the company is a payment processor, sitting in the middle of the transaction chain and on top of millions of records. Three years after the gigantic (130 million...

Read more

Online shopping is top DDoS attack target, application-layer techniques dominate, Kaspersky reports

Online shopping sites are the leading target of distributed denial of service (DDoS) attacks, according to Kaspersky Labs. An analysis posted on Securelist reports that a quarter of the attacks detected in the second half of 2011 were aimed at online shops, auctions, etc., followed by online trading (20%), online gaming (15%) and banks...

Read more

European Cybercrime Centre holds promise of coordinated effort in a war we are losing

Perhaps the best news to come out of the EU this week was not the proposed legislation to define cyber crime and set minimum sentences across the members national boundaries, but the European Commission announcement establishing a European Cybercrime Centre. Let’s face it, the problem really isn’t defining cyber crime. The proposed...

Read more

Adobe issues two critical Flash Player updates

There's an update two more critical security vulnerabilities for the ubiquitous, popular and so very vulnerable Adobe Flash Player. While Adobe security updates lack the predictability of Microsoft's Patch Tuesday, they crop up with disturbing frequency. Windows user have the option of using the new background updater to automatically...

Read more

It makes sense: U.S. continues to be leading host for malware and phishing, Websense reports

The U.S. continues to lead the world in malware connections and malware hosting — a smart tactical approach for cyber criminals, according to the 2012 Websense Threat Report. The rationale, the web security company explains, is that no one is likely to block a U.S. domain because of the impact on Internet users. And it’s something of a...

Read more

Consolidated view of risk, consolidating and mining data challenge compliance programs, survey finds

Most enterprises feel they are doing a good job keeping up with new regulatory compliance requirements, but they in fact admit they face difficult challenges managing compliance, according to a survey conducted by GRC firm Lockpath. More than three-quarters of the companies said they had taken on new regulatory obligations in the past year and...

Read more

Facebook cautions employers not to ask for passwords; Better idea? Don't give them anything worth reading

Facebook is cautioning employers not to ask job applicants and even current employees  for their passwords to their pages. The ubiquitous social media company raises some good points, but I’d turn it around: Don’t put anything on you Facebook page you wouldn’t want a prospective employer to see. Ever. Demand online privacy,...

Read more

Ponemon, Verizon data breach cost, investigations reports show the way to actionable security intelligence

The Verizon Data Breach Investigations Report and Ponemon Institute Cost of Data Breach survey, which I wrote about this week, are rich with guidance and actionable information for enterprises. Let’s be clear: the value of both these annual reports is not as statistically valid samplings from which we can extrapolate broad, general...

Read more

Hacktivists have become big-time data thieves, widely use DDoS diversionary tactics, Verizon breach report shows

The sudden emergence of hacktivists as data thieves on a massive scale, revealed in this year’s Verizon Data Breach Investigations Report, is game-changing news. In 2011, hacktivists were responsible for 100 million of the 174 million records stolen in cases investigated by Verizon and participating international law enforcement agencies. By...

Read more

AlienVault bids for SIEM, MSSP U.S. market share with open source-based multi-tool platform

AlienVault is trying to make a dent in the U.S. security information and event market, leveraging the popular OSSIM open-source SIEM, upon which the company’s founders built the Unified Security Management Platform, SIEM plus several other security capabilities.

Read more

Average data breach costs declines sharply,as customers remain loyal, 2012 Ponemon study shows

The annual Ponemon Institute Cost of Data Breach Study shows a drop in the average cost — direct and indirect — of a breach for the first time in the seven-year history of the study. The likely explanation? More customers are sticking by victim companies. My first instinct is not to draw any sweeping conclusions from the findings,...

Read more

A year after SecureWorks acquisition, SonicWall deal strengthens Dell position as security provider

Dell appears to be doing a nice job playing catch-up in the security market with the acquisition of firewall/UTM vendor SonicWall, following its purchase of SecureWorks, a leading MSSP, just over a year ago.

Read more

Cyber crime, drug trafficking: Analogies to be drawn and lessons learned

Over more than a decade covering the information security beat, I’m repeatedly struck by the parallels between international cyber crime and the international drug trade. You can stretch the analogy thin by carrying it too far, but there are common conclusions to be drawn and lessons to be learned. Both are often cast in terms of law...

Read more

Wither Anonymous after the latest arrests?

It’s impossible to predict where loosely organized, pseudo-movement hacktivism goes from here, following the arrests of five people associated with LulzSec and Anonymous and a sixth person charged in the hack of intelligence services company Stratfor. These actions follow the arrests of 25 people associated with Anonymous in an Interpol...

Read more

Is security growing up? Business intelligence is a key; Sensage extends connectors to BI tools

Enterprises “get” the value of information. They understand that they receive, generate and store staggering volumes of data, which has the potential to be leveraged as actionable intelligence. The company that does the best job of correlating and analyzing their data and putting it to work has a leg up over the competition. It can be...

Read more

More than half of U.S. DDoS victims blame unscrupulous competitors, Corero survey reveals

Anonymous is not the biggest threat to launch a distributed denial-of-service (DDoS ) attack against your organization. Ideologically and politically inspired (aka hacktivist) DDoS attacks have gained wide notoriety, with some justification. The victim sites are highly prominent, very public companies, government agencies and industry groups...

Read more

Embracing (or being bear-hugged by) BYOD? Learn from those who are making it work

Mobile device security sessions are drawing crowds at the RSA Conference. Unlike THE hot topic in some other years (remember when everyone was so keen on NAC?), the explosive increase in the use of smart phones and tablets, and the move to cloud services are changing the way companies do business, changing the role of IT to more of a service...

Read more

Symantec unveils first stage of cloud security initiative, broad VMware integration

The fundamental requirements of information security may not change dramatically as organizations migrate to cloud-based services, but implementing the policies and controls governing security are another matter. Symantec has unveiled the first of a three-stage cloud security initiative, the 03 Information Protection gateway, which it...

Read more

Mobile security market reflects growing urgency; McAfee release blacklists apps, segregates email accounts

Although it can be argued there’s still some FUD (fear, uncertainty and doubt) around the rise of mobile device malware, there is no doubt as McAfee releases its latest mobile device management and security software that several factors are responsible for the perceived risk around mobile devices: They have become powerful computing...

Read more

Mobile device adoption is highest-risk computing initiative;Symantec upgrades mobile security on heels of survey

Mobile device security is hot. In Symantec’s new survey of 6725 organization in 43 countries identified it as the top computing initiative risk (41%) — a greater area of concern than public cloud computing (35%). Symantec has followed up the survey with announcement of several enhancements to its mobile device management and security...

Read more

Mobile Device Security Expert Q&A Part II: Start treating phones as computers

This is the second of a two-part Q&A on mobile device security with Kevin Johnson, a security consultant and founder of Secure Ideas. The first part dealt with mobile device security policy. As a SANS instructor, he teaches courses in Mobile Device Security, as well as penetration testing. Kevin is on the Advisory Council of the first...

Read more

Mobile Device Security Expert Q&A Part I: Where BYOD (bring your own device) policy goes wrong

This is the first of a two-part Q&A on mobile device security with Kevin Johnson, a security consultant and founder of Secure Ideas. As a SANS instructor, he teaches courses in Mobile Device Security, as well as penetration testing. Kevin is on the Advisory Council of the first Mobile Device Security Summit, to be held March 12-13 in...

Read more

Up against the wall? Automated firewall change management work flow introduced by Tufin

Firewall audit tools are maturing in their ability to meet the requirements of large, complex, enterprise environments. Tufin Technologies’ latest release of its Tufin Security Suite (TSS) addresses automation to scale and streamline the firewall provisioning process and network visualization and risk assessment to get a handle on both local...

Read more

Exploiting the exploitable: New software vulnerabilities down, but risk remains high, Secunia reports

“If the Rebels have obtained a complete technical reading of this station, it is possible, however unlikely, they might find a weakness and exploit it.” The geek in me couldn’t resist the Star Wars quote to kick off a post on software vulnerabilities and exploits. If the Empire had designed the Death Star the way most software...

Read more

Firewall audit tools automate the impossible; AlgoSec adds next generation firewall support

The growing firewall audit market is rapidly adjusting to the phenomena of  next generation firewalls (NGFW), which introduce the context of highly granular application and user ID controls and additional complexity to an already complex and difficult network firewall environment. AlgoSec, one of a handful of firewall audit vendors, has added...

Read more

Translating IT risk to business risk: Symantec adds Risk Manager to IT GRC suite

IT governance, risk and compliance (GRC) is a challenge to every large organization struggling with the complexity of IT policies and controls and communicating IT risk to management in terms of actual risk to the business. The IT GRC market has appeared and grown in recent years as enterprises try to manage this almost unmanageable task across...

Read more

DDoS in defense of (insert cause) is still criminal

Are hacktivists protesters or criminals? The question is not a matter of semantics; it has real bearing on how we respond, not as members of the security community, who are responsible for protecting IT information and services against attack, but as a society, particularly in the realm of criminal prosecution. My take is that...

Read more

Second half of 2011 reflects shifting trends in cyber crime business, M86 reports

The percentage of email messages containing malicious links or attachments is high, even as the volume of spam has dropped sharply in the last year, according to a report by web security company M86. The report provides some good insight into the techniques and, if you will, the shifting business trends in the cyber criminal community. Those...

Read more

Implement user security awareness training — or don't

“Users. Can’t live with them, can’t live without them.” I heard that line more than once in my stint as the non-IT guy in the IT department at a newspaper company (I liked to think of myself as the poet laureate of the IT department). None of us, neither hardcore techniks nor geekish dilettante, were thinking much about...

Read more

Does polymorphic Android malware signal escalating mobile security war?

We don’t want to overplay the rise of mobile device malware — Security Bistro bloggers have been posting on mobile security issues quite a bit. That being said, new Symantec research that reveals the use of server-side polymorphism in malicious Android applications is yet another indication cyber criminals are getting more serious...

Read more

The hacktivist threat: Brazilian bank sites continue to fall victim to DDoS attacks

Distributed denial-of-service (DDoS) attacks against Brazilian financial institutions continued today, as the HSBC Brazil was knocked offline, the latest victim of the hacktivist group Anonoymous OpWeeksPayment# campaign, demonstrating again the serious concern posed by the hacktivist factor. The group took credit for taking down the Banco do...

Read more

Banking fraud malware trick helps criminals evade detection

Perpetrators of online banking fraud are using new techniques to misdirect bank verification and make discovery of fraudulent activity more difficult. Criminals are attempting to divert calls from banks to attacker numbers, using stolen information, to allow them to cover and possibly even continue to pillage accounts. The techniques have been...

Read more

McAfee Mobile Security vets users' Droid applications

A lot of the buzz about mobile security whirls around the wild and wooly Android application market. Android smart phone app development, unlike Apple and Microsoft,  is wide open. Google had to pull score of malicious applications last year. McAfee has taken a first swipe at protecting mobile users from dangerous applications with Mobile...

Read more

Drive-by email malware alert: Plain text is just plain common sense

Just when I thought I was too smart to be fooled by malicious email, a report from German researchers made me start thinking about it again. The researchers, from the email security firm eleven, have identified drive-by download spam, which means that your computer will be infected if you simply open the message. No link or attachment to be wary...

Read more

Better secure your code: Web application attacks are on the rise

Web attacks are on the rise, up 30% in six months, according to security vendor Imperva. The second edition of Imperva's Web Application Attack Report (the first report was issued in July) identifies cross-site scripting (XSS) as the attack vector of choice (29% of the attacks reported), followed by directory traversal (DT), accounting for...

Read more

Twitter acquisition of web security firm Dasient protects its growing ad business

Twitter’s acquisition of Web security company Dasient is good news for the social network giant and its millions of users, though, on the down side, it takes the security vendor off the general market. The acquisition is apparently focused on protecting Twitter’s growing advertising business, leveraging Dasient’s...

Read more

DDoS attacks bring down Polish government websites over support for international anti-piracy agreement

There was a new wave of distributed denial-of-service attacks in protest of anti-piracy activity over the weekend, this time targeting Polish government websites. The attacks came in advance of the Polish government’s expected signing of ACTA (Anti-Counterfeiting Trade Agreement) on Thursday. The loosely knit hacktivist group Anonymous,...

Read more

From SOPA to Megaupload (What a week!): Let the legal system decide

The Megaupload takedown and arrests and subsequent wave of retaliatory Distributed Denial of Service (DDoS) attacks that have followed raises a some interesting points in the wake of the apparently temporary shelving of the copyright infringement piracy legislation SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act) earlier in the week....

Read more

Money for nothin': Play dumb, join the online fraud network

I've been offered extra work  ̶  as a money mule. A chance to get the household budget in line and our retirement plans back on track after paying the balance on our new roof. Maybe the difference between my daughter going to her first college choice and a state school. There it was, sitting in my Inbox, an opportunity...

Read more

Compromise next for SOPA? Why not just let it just die?

The Obama Administration’s statement opposing SOPA (Stop Online Piracy Act) is a little like Denver Bronco exec John Elway’s pronouncement that Tim Tebow would be the team’s starting quarterback going into training camp. In other words, “We’ll put this thing aside until we can do better.” Well, no. I...

Read more

Tomcat DoS vulnerability addressed

Bugtraq has released information about a vulnerability in Apache Tomcat (CVE-2012-0022 Apache Tomcat Denial of Service) that could enable an attacker to launch a denial-of-service attack by using specially crafted requests exhaust CPU capacity. This type of attack involves a specially crafted packet or packets, possibly sent from a single attacker...

Read more

Zappos shows that big breaches are still part of the cyber crime outlook

We tend first to get blown away by data breach numbers: RECORDS OF 24 MILLION ZAPPOS.COM CUSTOMERS BREACHED. Then we sort of glaze over and shrug: <Just another big data breach.> Let’s face it, the “big” makes news, but the “big” isn’t what it’s all about. The last Verizon Data Breach...

Read more

Mideast cyber spat ups the hacktivist ante

We have to assume that the kinds of cyber attacks taking place in the Mideast, most recently attacks against Tel Aviv Stock Exchange, Israeli national airline El Al, and several Israeli bank website, augur more and more ideological cyber warfare. I don’t believe that this means we’ll see a wave of government-on-government attacks...

Read more

What should we draw from AV detection rate test findings?

Testing desktop antivirus products has always been tricky, attempting to simulate the real-world possibilities of all the type of malware and all the interesting and exciting ways it can be introduced onto a client system in a test lab. Today, I think, even well-crafted tests can at best offer some basic guidance for enterprises, rather than clear...

Read more

Slow app layer DoS attacks can bring your servers down quickly

To paraphrase Alice (with apologies to Lewis Carroll and all my high school and college English teachers), denial-of-service attacks are getting “insidiouser and insidiouser.” The latest proof-of-concept “slow” application layer DoS attack is yet another demonstration that attackers don’t need huge botnet armies...

Read more

RIM's 'long, slow death spiral' is bad news for security

It’s ironic that Research in Motion (RIM), makers of the BlackBerry smartphone and its impressive supporting enterprise architecture, is apparently circling the drain at a time that mobile phone security is moving to the forefront. Until really quite recently, even in IT years (which are like dog years) “Blackberry” and...

Read more

Microsoft patches tame the SSL Beast

Microsoft's January security updates, released today (Patch Tuesday) are mainly a collection of fixes designed to stop the "SSL Beast" attack, which could exploit a weakness in the web encryption protocol to launch man-in-the-middle attacks to decrypt authentication tokens. The attack was demonstrated by two researchers in...

Read more

Is 2012 finally THE YEAR of mobile security threats?

I’m conditioned to ignore the torrent of annual New Year’s information security predictions, most of which are blatantly self-serving vendor pitches (an encryption vendor predicting a rise in big data breaches, an AV company wringing hands over the explosive growth and increased sophistication of malware, yadda, yadda). Year-of themes...

Read more