Author: Chris Cronin, ISO 27001 Auditor Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being […]
Why read another article on the Shellshock bug when there have been a number of well-written articles and blog posts on it? Because almost all of the articles and blogs are talking about the bug itself, how it can be exploited, and how much of the Internet is open to it. However, what you should […]
The IT world is preparing for one of its highest profile deaths on April 8th, 2014. Microsoft will be discontinuing security updates and technical support for Windows XP and its variants. Microsoft will not mourn, as their call to action is to migrate off of one of its most popular consumer operating systems in history.
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, […]
Author: Todd Becker, PCI QSA, ISO 27001 Auditor Phishing is by no means a new topic in today’s news. But the increasing complexity and targeted nature of attacks have evolved to a level of sophistication that is even phooling knowledgeable members of the IT community. The end result could just be embarrassing, but it could also […]
‘Malware’ has come a long way. From merely annoyance applications coded by bored engineering students for notoriety all the way to professionally developed stealth applications for financial gains and stealing state secrets. According to Verizon’s 2012 Data Breach Investigations Report, 69% of the breaches were attributed to malware infections. The business impact of such Advanced Malware […]
I thought this was an interesting article out of Dark Reading lately – “AutoCAD Worm Targets Design Documents in Possible Espionage Campaign”.
Can’t state it often enough. Security awareness training is more important than ever. Many of the incidents we respond to are caused by malware being downloaded by users. Once it’s in your network, it’s only going to propagate. It’s like a bad roach infestation.
Again, from a Dark Reading article, Microsoft Studies 10 Years of Malware and Threats. Microsoft, in celebration of the 10-year anniversary of the launch of its Trustworthy Computing Initiative, published a special edition of its Security Intelligence Report. They looked at the past 10 years and how the threat landscape has evolved.