Hiding Under the Covers
May 15th, 2013
“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth. Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power [...]
Eliminating Java Will Not Solve Your Problem
March 6th, 2013
While many are jumping on the ‘Death to Java’ bandwagon and ranting about turning off Java to eliminate risk, it is important to put the issue in the proper context: the reality of the matter is a Java vulnerability is not the end game for a cyber criminal; it is merely a delivery mechanism in [...]
Why the Bit9 Hack is Not a Failure of Application Control, Whitelisting
February 19th, 2013
There’s never a dull day in the security industry. Anymore, we rarely have to look beyond the proverbial front page for news on the latest hack. Cyber attacks are increasing in volume and sophistication and no one is immune. Two weeks ago, my preferred grocery store here in Phoenix announced they had been breached. And [...]
Ransomware is Back with a Vengeance and Targeting Business
December 27th, 2012
Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries. The severity of ransom-ware’s [...]
APTs and Acquisition
November 6th, 2012
You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with [...]
Growing Threat From Vendors’ Friendly Fire
October 15th, 2012
After we learned that Flame exploited Microsoft’s Auto Update infrastructure, I pointed out that if attackers were able to compromise Microsoft, a leader in patch management, it couldn’t be long before bad guys exploited the update infrastructures of other vendors who are far behind Microsoft – like Adobe… And that’s exactly what happened a couple [...]
Going on the Offensive—Standing up against Cyber-Attacks
July 28th, 2011
After the explosive March hack that infiltrated over 24,000 key files, Pentagon officials are ready to change their strategies regarding U.S. cyber security. While the incursion was one of the worst single incidents the U.S. Department of Defense has ever seen and may impact the design of the U.S. weapons system, it’s just one in [...]
Is the PlayStation® Network Meltdown a Security "Black Swan"?
May 3rd, 2011
The intensive and comprehensive nature of Sony’s PlayStation® Network (PSN) meltdown has made a strong impression on me. Loss of massive amounts of sensitive customer data, long-term network unavailability, probable class-action law suits, and an unprecedented avalanche of bad PR – this is not your normal “our network got hacked” situation. It made me wonder, [...]
Playing the Security Game? Think Before Simply Clicking ‘Renew’
April 26th, 2011
If your organization is anything like the companies we’ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension. Significantly, [...]
2011 Has Potential to be a Really Bad Year
April 20th, 2011
If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to [...]
FREE Scanner
Free eBook
Over 80% of IT Directors say that mobile devices represent the greatest network security threat.
