background preloader


Facebook Twitter

Tales From the Crypto: Case of the Malicious IT Contractor. Data Broker Giants Hacked by ID Theft Service. An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

Data Broker Giants Hacked by ID Theft Service

Information Security and Risk Management in Context. 2 Minutes on BrightTALK: How to Futureproof Your IT Career. Trend Micro sponsored an extensive security survey of businesses in North America and Europe.

2 Minutes on BrightTALK: How to Futureproof Your IT Career

Conducted by Cyber-Edge Group, LLC, a premier research and marketing firm, the survey examines the current and planned deployment countermeasures for establishing effective cyber defenses. This webinar will reveal the significant findings from the survey and accompanying report and is intended to provide IT security decision makers with a better understanding of how their perceptions, concerns, priorities – and most importantly – current defensive postures stack up against those of other IT security professionals and organizations. Join Mark Bouchard, Vice President with Cyber-Edge Group and Jon Clay, Director of Global Threat Research with Trend Micro, for this webinar to learn more about the state of cyber threat defenses among today’s businesses and gain a better understanding of what you can do to improve your defenses going forward.

Security Slice: To Encrypt or Not to Encrypt? Home « News « Security Slice « Security Slice: To Encrypt or Not to Encrypt?

Security Slice: To Encrypt or Not to Encrypt?

The state of California recently released its first annual data breach report and the results were striking. According to Attorney General Kamala D. John Powers Episode 3: The Spy Who Logged Me. Have you ever wished for some supernatural powers to secure your organization?

John Powers Episode 3: The Spy Who Logged Me

Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? John Powers Episode 3: The Spy Who Logged Me. My CISO is an Alien: Meet John Powers. PRISM and the Myth of Absolute Security. Edward Snowden, an ex-CIA employee and a current employee of defense contractor Booz Allen Hamilton, is all over the news this week.

PRISM and the Myth of Absolute Security

He’s also the source of the NSA leak that outlined PRISM, a broad-based U.S. Internet intelligence-gathering program. Last month we learned that QinetiQ, a major DoD government contractor, had been repeatedly breached by Chinese hackers. Together, these events have a lot of people talking about the safety and security of U.S. government contractors. The Defense Security Service (DSS) administers the defense portion of the National Industrial Security Program (NISPOM), a rigorous program outlining the requirements for government contractors that need a U.S. government security clearance to access national security information. Over-Sharing Riskier than Government Snooping.

There has been an uproar over disclosures regarding the rather ambitious program known as PRISM and the harvesting of metadata from mobile phone calls, both programs administered by the NSA which are designed to gain access to what we would like to think is private information.

Over-Sharing Riskier than Government Snooping

While the widespread rage over the government engaging in the systematic collection and analysis of data about law abiding citizens is more than understandable, the fact is that people in this age of the Internet freely share huge amounts of personal information on a daily basis, and doing so puts them at risk. We freely share details of our lives, our travels, information about our children, our extended family, about our business, our employers, our Web browsing and shopping habits, our medical condition – all data that falls under the definition of Personally Identifiable Information (PII). My CISO is an Alien: Meet John Powers. Knowing, Doing, and Denial in Information Security. A few years back, I knew a guy who had a mole on his forehead, which started to grow and change shape.

Knowing, Doing, and Denial in Information Security

As a survivor of melanoma, I know this is not a good thing. Some friends and I urged him to go to the doctor to have it looked at, but he refused. “I don’t want to go to the doctor – it might be cancer.” Sounds ridiculous, doesn’t it? But that argument is similar to what I hear from information security professionals all the time. They don’t want to confirm the issues they already know they have (through vulnerability scans, pen tests, security assessments, configuration audits, etc.) because they know it will likely turn up a list of things they don’t want to deal with.

One of the big inhibitors is resource limitations – time, money, people, tools. By integrating elements of risk ranking, business-oriented value mapping, and objective prioritization you can stack rank the problems you’d like to solve and apply your resources against the biggest or most impactful items first. My CISO is an Alien: Meet John Powers. Malware Pusher Cocky Enough To Sell Wares On Facebook. The Web’s dark markets are not enough for some it appears, as a botnet marketer has started selling services on Facebook.

Malware Pusher Cocky Enough To Sell Wares On Facebook

A Facebook page was discovered pushing a demo of a control panel for a Zeus botnet, which harvests financial data to let criminals access bank accounts. Home network routers may contain vulnerabilities. Home network routers may contain vulnerabilities and some can even invite intruders into your home.

Home network routers may contain vulnerabilities

Some home network router vendors are slow to respond, or they do not respond at all to researchers that report router vulnerabilities. It is the vendors that are slow to respond or fail to respond that tend to annoy me. Excuse me! If I am going to buy networking equipment – I believe that I have the right to know if a hybrid router (modem/router combined) or individual router has any potential security flaws. Automatically secure your site with keys and salts! WordPress has a lot of excellent security features.

Automatically secure your site with keys and salts!

The Cocoon Blog / New Blog: Five Tips For Safer Online Banking - During the spring of 2013 (and it is right around the cyber corner), "Darkhat" VorVzakone plans to target the customers of 30 U.S. banks. That Really Cool App You Put on Your Smart Phone is Probably Collecting All Sorts of Information – and You Don’t Even Know It. A few weeks ago I warned that mobile applications may not behave the way that users expect them to. (See “App Happy Downloaders May Get More Than They Expect.”) As a follow-up to that post, I talked more in-depth with Domingo Guerra, president and co-founder of Appthority. Guerra’s company has analyzed hundreds of thousands of mobile apps to discover what they do, not just on the surface but under the hood as well. Ransomware, a growing threat in the U.S.… Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed.

Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it. The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. – NYT Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life.

Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. Umbrella by OpenDNS. YouTube. Do you allow RDP connections? Cybercrime service sells hacked Fortune 500 access. Do you have a Windows computer currently in use or an old box that accepts Remote Desktop Protocol (RDP)? Most enterprises do allow RDP, so the client box can connect to a remote host computer. In fact, not only do Fortune 500 companies use RDP, but Brian Krebs recently reported on a cybercrime service that sells that RDP access for few dollars. This investigative Krebs on Security report looked into, which advertises access to hacked RDP servers on cybercrime forums as "The whole world in one service.

" It takes instant messaging to contact the service owner and $20 via the virtual currency WebMonkey to register. Krebs said that nearly 300,000 compromised systems have been pimped through dedicatexpress since it began in 2010, with 17,000 RDP computers available for rent right now. Cocoon privacy plug-in for Chrome watches your back as you browse. Cocoon, a browser plug-in designed to protect your privacy and security online, is now available for Google's Chrome browser, according to its maker Virtual World Computing. The software is offered as a free plug-in with advertising, as well as in a paid premium version with added features, and works by placing Cocoon's servers between a consumer and the Internet.

That hides the consumer's identity from anyone trying to track a web user's activity on the Web. A beta version of the software was released Monday. A version for the general public is expected to be available Nov. 12. With the free version of Cocoon, you get anonymous browsing, privacy on shared computers, secure Wi-Fi connections, and freedom from Facebook tracking. Facebook tracking was also the target of a browser plug-in introduced in September by Give Sophos credit for its loud glitch warning. Better WP Security - Menu. Version 3.4.2. Implicit Learning Passwords Are Like Riding a Bike. Windows worm slips into iOS App Store, climbs into hipsters' pockets. High performance access to file storage An item of Windows malware has managed to make its way onto Apple's iOS App Store. Details. GetCocoon - Google+ - Have you ever wondered what botnet activity really looks… The Vulnerabilities Market and the Future of Security.

Recently, there have been several articles about the new market in zero-day exploits: new and unpatched computer vulnerabilities. It's not just software companies, who sometimes pay bounties to researchers who alert them of security vulnerabilities so they can fix them. LinkedIn Apparently Hacked: Try to Care Long Enough to Change Your Password. Researchers spot fake mobile antivirus scanners on Google Play. Will your Internet go down on July 9th? Posted on 17:52, April 23rd, 2012 by headgeek. Cocoon and Cocoon+ Now Approved as a Download on Mozilla's Firefox. Compromised WordPress sites serving client-side exploits and malware. Security researchers from TrendMicro are reporting on mass compromise of WordPress sites, currently serving client-side exploits and malware to users who click on malicious links in the spamvertised emails connected with the campaign.

RDP Honeypot on Amazon EC2 Virtual Server. Warning. Cocoon now sheathes you in IE, too. Tor Vulnerable to Remote arbitrary code Execution. You Can One-Up The Bad Guys With Unmask Parasites. Ten things you didn't know about Sourcefire. Get Cocoon: To all our wonderful follo... Mikko Hypponen: I can confirm that Mediafi... Mikko Hypponen: Someone posted the social... 568 reasons First State Super's security breach should worry you - security breach, security, Patrick Webster, information security, First State Super (FSS) Get Cocoon: Coming soon - Cocoon for i... Super-Charge Your Online Privacy Now – Exciting Breakthrough! Secunia PSI: The Best Software Update Tool You've Never Heard Of > Installing and Using Secunia PSI.

StopBadware releases best practices for reporting. Releases best practices for reporting. Harvard University website hacked by Syria protesters ~ THN : The Hacker News. Cocoon on Security. Nearly 300,000 Iranian IP addresses likely compromised. Using Netsh for Easier Network Setup in a Malware Lab. New Free Tools Simplify Analysis Of Android Malware.

Fight the Good Fight: Krebs’s 3 Basic Rules for Online Safety. Wrongly accused of porn after wifi hacked. Wrap Firefox in a Cocoon of privacy. Cocoon promises a safe, spam-free, private way to browse the web. Security Researcher, CyberCrime Foe Goes Missing. Cocoon Is an All-In-One Privacy Extension for Firefox (And We've Got Beta Invites) DNS Malware Detection Pivotal for Organizations - Cybersecurity Report. The Web's Largest Community Tracking Online Fraud & Abuse.

More info on .MOV malware. Millions of Android users hit by malicious data theft app. Get Cocoon Internet Services:

Infosec Security