Tag Archives: malware

VULNERABILITY N+1

VULNERABILITY N+1. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the […]

RANSOMWARE IS THE NEW MULTI-LEVEL MARKETING BUSINESS

By Erik Leach 2016 has proven to be a banner year for Ransomware.  The year kicked off with a series of ransomware attacks on a trio of hospitals including the well-publicized incident at Hollywood Presbyterian Medical Center which forced its IT staff to shut down the network while coerced administration officials agreed to pay a […]

WHAT KIND OF SECURITY ASSESSMENT DO I NEED?

What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose […]

RANSOMWARE: CURRENT STRAINS, ATTACK VECTORS AND PROTECTION

By Steve Lawn, Senior Consultant Staying ahead of security threats is no easy task. One threat that should definitely be on your radar is ransomware. From hospital heists to attacks on schools and other businesses, ransomware is costly and is projected to be one of the biggest threats in 2016. According to CNN, the FBI […]

ENDPOINT DETECTION AND RESPONSE: FIRE FOR EFFECT

The modern digital landscape is a battleground rife with adversaries ready and willing to go to great lengths to steal your data. Clever independent attackers and state-sponsored actors alike are deploying increasingly effective versions of cyber attacks intended to intrude, infect, steal, evade, disrupt and destroy everything they touch. To defend themselves, many businesses are […]

PREPARING FOR YOUR DATA BREACH

PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 Auditor Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. […]

In the Wake of Backdoor.Regin: Accounting for the State Sponsored Threat

Recently the Symantec Corporation uncovered a highly sophisticated, modular piece of malware that has been infecting computers in a variety of countries as far back as 2008 – Backdoor.regin has characteristics beyond those of modern malware and is already generally accepted as a product of nation-state cyber espionage. The implant likely took considerable resources and […]

All Done with Shellshock? Get Ready for the Next One.

Why read another article on the Shellshock bug when there have been a number of well-written articles and blog posts on it? Because almost all of the articles and blogs are talking about the bug itself, how it can be exploited, and how much of the Internet is open to it. However, what you should […]

How to Secure Your Assets from Cyber Sewage

There I was, ankle deep in raw sewage, incredulous that for the second time this summer, my basement was filling up with foul smelling murky waste. As I looked hopelessly at my wife while the water level continued to rise, I angrily thought to myself, “What else can I do?” Didn’t I shell out some […]

Cyber-Espionage: Every Business is a Target

For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber attacks on American industrial and military targets to steal prized military secrets […]