May 6th, 2013
We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp [...]
The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside
February 1st, 2013
In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective, especially [...]
December 5th, 2012
Welcome to the November edition of the state of cyber security awards. We’ve got a few well-done’s to hand out as well as a lesson learned. As is always the case here, cyber security is an on-the-job learning process for most. Download the podcast. Government Action Impacting Our Industry News reports indicate President Obama is [...]
June 27th, 2012
Thanks to my colleagues, Paul Henry and Paul Zimski for a great discussion on weaponized malware yesterday. While the threats that dominate our headlines … Stuxnet (2009), DuQu (2010) and Flame (2011) seem like story lines that spy movies are made of, they are in fact something enterprise should be concerned about. The weaponization of [...]
June 21st, 2012
Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history [...]
August 1st, 2011
The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion. The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security, [...]
U.S. Cybersecurity Proposal – A Plan about Plans: We Need More Action and Talent If We’re Serious about Securing Our Nation’s Data
May 18th, 2011
My mother use to always say, actions speak louder than words and in reading the recent cybersecurity proposed plan, I can’t help but think of that age-old phrase. To date, there has been very little meaning behind our nation’s efforts to secure the American people, industry and critical infrastructure from cyber criminals. In fact, according [...]
April 27th, 2011
The original attack against Sony was a massive Distributed Denial of Service Attack that quickly changed vectors and became a penetration of their environment.
May 3rd, 2010
Steve Antone, Vice President of Federal Solutions Group provides insights into the Federal Cyber Security Outlook for 2010 survey.
April 6th, 2010
In this video interview, Matt Mosher, SVP of the Americas, Lumension, takes an in-depth look at how organizations can make compliance a continuous process by correlating compliance with security posture.