Tales From the Crypto: Case of the Malicious IT Contractor
An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity. The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Data Broker Giants Hacked by ID Theft Service
Explore the latest techniques for securing information and its systems, from policies and procedures to technologies and audit. Learn from leading experts who share proven practices in areas such as mobile workforce safety, security metrics, electronic evidence oversight and coping with e-crime and e-discovery. Study the protection of Cloud computing information. Discover how to foster the development of future information security leaders. Information Security and Risk Management in Context
There are many types of managed service provider who deliver a variety of managed offerings to their customers. However, one of the more popular managed offerings in the last several years has been backup and storage solutions. Yet, with all the popularity surrounding backup and storage offerings, it has become increasingly difficult for MSPs to differentiate their backup services to customers. This webcast will feature real life perspectives from MSPs and other managed services professionals who will attempt to offer practical and beneficial techniques for you to improve the marketing, messaging surrounding your managed backup offerings, including closing more deals! 2 Minutes on BrightTALK: How to Futureproof Your IT Career | BrightTALK
Security Slice: To Encrypt or Not to Encrypt? Home « News « Security Slice « Security Slice: To Encrypt or Not to Encrypt? The state of California recently released its first annual data breach report and the results were striking. According to Attorney General Kamala D. Harris, 1.4 million citizens would have been protected from breaches if businesses had encrypted their data. Is encryption the key to data breach protection? Why don’t more organizations utilize it?
Have you ever wished for some supernatural powers to secure your organization? Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? Meet John Powers… Sure, he is good at his job – some might say he is a little “too good.” In episode 1, John was dealing with some out of this world perceptions from his colleague Clint who has a very active imagination. John Powers Episode 3: The Spy Who Logged Me
John Powers Episode 3: The Spy Who Logged Me
My CISO is an Alien: Meet John Powers Have you ever wished for some supernatural powers to secure your organization? Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? I’m a strong believer that our industry could benefit from two things: (1) More information sharing and (2) More humor.
Home « News « IT Security and Data Protection « PRISM and the Myth of Absolute Security Edward Snowden, an ex-CIA employee and a current employee of defense contractor Booz Allen Hamilton, is all over the news this week. He’s also the source of the NSA leak that outlined PRISM, a broad-based U.S. Internet intelligence-gathering program. Last month we learned that QinetiQ, a major DoD government contractor, had been repeatedly breached by Chinese hackers. Together, these events have a lot of people talking about the safety and security of U.S. government contractors. PRISM and the Myth of Absolute Security
Over-Sharing Riskier than Government Snooping There has been an uproar over disclosures regarding the rather ambitious program known as PRISM and the harvesting of metadata from mobile phone calls, both programs administered by the NSA which are designed to gain access to what we would like to think is private information. While the widespread rage over the government engaging in the systematic collection and analysis of data about law abiding citizens is more than understandable, the fact is that people in this age of the Internet freely share huge amounts of personal information on a daily basis, and doing so puts them at risk. We freely share details of our lives, our travels, information about our children, our extended family, about our business, our employers, our Web browsing and shopping habits, our medical condition – all data that falls under the definition of Personally Identifiable Information (PII).
My CISO is an Alien: Meet John Powers
Knowing, Doing, and Denial in Information Security A few years back, I knew a guy who had a mole on his forehead, which started to grow and change shape. As a survivor of melanoma, I know this is not a good thing. Some friends and I urged him to go to the doctor to have it looked at, but he refused. ”I don’t want to go to the doctor – it might be cancer.” Sounds ridiculous, doesn’t it? But that argument is similar to what I hear from information security professionals all the time. They don’t want to confirm the issues they already know they have (through vulnerability scans, pen tests, security assessments, configuration audits, etc.) because they know it will likely turn up a list of things they don’t want to deal with.
My CISO is an Alien: Meet John Powers
The Web’s dark markets are not enough for some it appears, as a botnet marketer has started selling services on Facebook. A Facebook page was discovered pushing a demo of a control panel for a Zeus botnet, which harvests financial data to let criminals access bank accounts. The demo appears to be fairly basic, but users can contact the seller to get the full package. “For the developer it seems to be a hobby/project of sorts (very common to guys that work on malware). But there is a second guy moving this, he runs the FB page itself and seems to be selling stolen financial data derived from Trojan logs,” Limor Kessem, team leader at RSA’s Anti-Fraud Command Centre (AFCC). Malware Pusher Cocky Enough To Sell Wares On Facebook
Home network routers may contain vulnerabilities | Experts Exchange Tech News Blog Home network routers may contain vulnerabilities and some can even invite intruders into your home. Some home network router vendors are slow to respond, or they do not respond at all to researchers that report router vulnerabilities. It is the vendors that are slow to respond or fail to respond that tend to annoy me. Excuse me! If I am going to buy networking equipment – I believe that I have the right to know if a hybrid router (modem/router combined) or individual router has any potential security flaws.
Automatically secure your site with keys and salts! | VaultPress Blog WordPress has a lot of excellent security features. One of these features is the ability to specify randomized keys and salts to help keep cookies and form nonces secure. Sadly, there are a lot of WordPress users who miss out on this extra security because they haven’t configured it for their site.
The Cocoon Blog / New Blog: Five Tips For Safer Online Banking - During the spring of 2013 (and it is right around the cyber corner), "Darkhat" VorVzakone plans to target the customers of 30 U.S. banks.
That Really Cool App You Put on Your Smart Phone is Probably Collecting All Sorts of Information – and You Don’t Even Know It A few weeks ago I warned that mobile applications may not behave the way that users expect them to. (See “App Happy Downloaders May Get More Than They Expect.”) As a follow-up to that post, I talked more in-depth with Domingo Guerra, president and co-founder of Appthority. Guerra’s company has analyzed hundreds of thousands of mobile apps to discover what they do, not just on the surface but under the hood as well.
Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed. Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it. The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. – NYT Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life. Ransomware, a growing threat in the U.S.…
Umbrella by OpenDNS
YouTube Welcome to YouTube! The location filter shows you popular videos from the selected country or region on lists like Most Viewed and in search results.To change your location filter, please use the links in the footer at the bottom of the page. Click "OK" to accept this setting, or click "Cancel" to set your location filter to "Worldwide".
Do you allow RDP connections? Cybercrime service sells hacked Fortune 500 access
Cocoon privacy plug-in for Chrome watches your back as you browse
Give Sophos credit for its loud glitch warning
Better WP Security - Bit51.com
Implicit Learning Passwords Are Like Riding a Bike
Windows worm slips into iOS App Store, climbs into hipsters' pockets
Details | StaySafeOnline.org
GetCocoon - Google+ - Have you ever wondered what botnet activity really looks…
The Vulnerabilities Market and the Future of Security
LinkedIn Apparently Hacked: Try to Care Long Enough to Change Your Password
Researchers spot fake mobile antivirus scanners on Google Play
Will your Internet go down on July 9th? | indyscomputergeek.com
Cocoon and Cocoon+ Now Approved as a Download on Mozilla's Firefox
Compromised WordPress sites serving client-side exploits and malware
RDP Honeypot on Amazon EC2 Virtual Server
Cocoon now sheathes you in IE, too | The Download Blog
Tor Vulnerable to Remote arbitrary code Execution
You Can One-Up The Bad Guys With Unmask Parasites
Ten things you didn't know about Sourcefire
Get Cocoon: To all our wonderful follo
Mikko Hypponen: I can confirm that Mediafi
Mikko Hypponen: Someone posted the social
568 reasons First State Super's security breach should worry you - security breach, security, Patrick Webster, information security, First State Super (FSS)
Get Cocoon: Coming soon - Cocoon for i
Super-Charge Your Online Privacy Now – Exciting Breakthrough! | Independent Living News
Secunia PSI: The Best Software Update Tool You've Never Heard Of > Installing and Using Secunia PSI
StopBadware releases best practices for reporting
releases best practices for reporting
Harvard University website hacked by Syria protesters ~ THN : The Hacker News
Cocoon on Security
Nearly 300,000 Iranian IP addresses likely compromised
Using Netsh for Easier Network Setup in a Malware Lab
New Free Tools Simplify Analysis Of Android Malware
Fight the Good Fight: StopBadware.org
Krebs’s 3 Basic Rules for Online Safety
Wrongly accused of porn after wifi hacked
Wrap Firefox in a Cocoon of privacy | The Download Blog
Cocoon promises a safe, spam-free, private way to browse the web
Security Researcher, CyberCrime Foe Goes Missing | Threat Level
Cocoon Is an All-In-One Privacy Extension for Firefox (And We've Got Beta Invites)
DNS Malware Detection Pivotal for Organizations - Cybersecurity Report
More info on .MOV malware
Millions of Android users hit by malicious data theft app