background preloader


Facebook Twitter

Tales From the Crypto: Case of the Malicious IT Contractor. Data Broker Giants Hacked by ID Theft Service. An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

Data Broker Giants Hacked by ID Theft Service

Information Security and Risk Management in Context. 2 Minutes on BrightTALK: How to Futureproof Your IT Career. Trend Micro sponsored an extensive security survey of businesses in North America and Europe.

2 Minutes on BrightTALK: How to Futureproof Your IT Career

Conducted by Cyber-Edge Group, LLC, a premier research and marketing firm, the survey examines the current and planned deployment countermeasures for establishing effective cyber defenses. This webinar will reveal the significant findings from the survey and accompanying report and is intended to provide IT security decision makers with a better understanding of how their perceptions, concerns, priorities – and most importantly – current defensive postures stack up against those of other IT security professionals and organizations. Security Slice: To Encrypt or Not to Encrypt? Home « News « Security Slice « Security Slice: To Encrypt or Not to Encrypt?

Security Slice: To Encrypt or Not to Encrypt?

The state of California recently released its first annual data breach report and the results were striking. According to Attorney General Kamala D. Harris, 1.4 million citizens would have been protected from breaches if businesses had encrypted their data. Is encryption the key to data breach protection? Why don’t more organizations utilize it? Listen to Episode 90 of our Security Slice podcast and hear Dwayne Melançon, Lamar Bailey and Tim Erlin discuss data protection and accessibility, the two major drawbacks to encryption, and why HIPAA compliance highlights the difficulties between security and portability. Listen to the podcast now More Podcasts: P.S.

Title image courtesy of ShutterStock Categories: Security Slice Tags: Data Breaches, Data Loss Prevention, encryption, HIPAA, Network Security, Podcast, portability, Regulatory Compliance, Report. John Powers Episode 3: The Spy Who Logged Me. Have you ever wished for some supernatural powers to secure your organization?

John Powers Episode 3: The Spy Who Logged Me

Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? Meet John Powers… Sure, he is good at his job – some might say he is a little “too good.” John Powers Episode 3: The Spy Who Logged Me. My CISO is an Alien: Meet John Powers. PRISM and the Myth of Absolute Security. Edward Snowden, an ex-CIA employee and a current employee of defense contractor Booz Allen Hamilton, is all over the news this week.

PRISM and the Myth of Absolute Security

He’s also the source of the NSA leak that outlined PRISM, a broad-based U.S. Internet intelligence-gathering program. Last month we learned that QinetiQ, a major DoD government contractor, had been repeatedly breached by Chinese hackers. Together, these events have a lot of people talking about the safety and security of U.S. government contractors. The Defense Security Service (DSS) administers the defense portion of the National Industrial Security Program (NISPOM), a rigorous program outlining the requirements for government contractors that need a U.S. government security clearance to access national security information.

Over-Sharing Riskier than Government Snooping. There has been an uproar over disclosures regarding the rather ambitious program known as PRISM and the harvesting of metadata from mobile phone calls, both programs administered by the NSA which are designed to gain access to what we would like to think is private information.

Over-Sharing Riskier than Government Snooping

While the widespread rage over the government engaging in the systematic collection and analysis of data about law abiding citizens is more than understandable, the fact is that people in this age of the Internet freely share huge amounts of personal information on a daily basis, and doing so puts them at risk. We freely share details of our lives, our travels, information about our children, our extended family, about our business, our employers, our Web browsing and shopping habits, our medical condition – all data that falls under the definition of Personally Identifiable Information (PII). My CISO is an Alien: Meet John Powers. Knowing, Doing, and Denial in Information Security. A few years back, I knew a guy who had a mole on his forehead, which started to grow and change shape.

Knowing, Doing, and Denial in Information Security

As a survivor of melanoma, I know this is not a good thing. Some friends and I urged him to go to the doctor to have it looked at, but he refused. “I don’t want to go to the doctor – it might be cancer.” Sounds ridiculous, doesn’t it? But that argument is similar to what I hear from information security professionals all the time. My CISO is an Alien: Meet John Powers.

Malware Pusher Cocky Enough To Sell Wares On Facebook. The Web’s dark markets are not enough for some it appears, as a botnet marketer has started selling services on Facebook.

Malware Pusher Cocky Enough To Sell Wares On Facebook

A Facebook page was discovered pushing a demo of a control panel for a Zeus botnet, which harvests financial data to let criminals access bank accounts. The demo appears to be fairly basic, but users can contact the seller to get the full package. Home network routers may contain vulnerabilities. Home network routers may contain vulnerabilities and some can even invite intruders into your home.

Home network routers may contain vulnerabilities

Some home network router vendors are slow to respond, or they do not respond at all to researchers that report router vulnerabilities. It is the vendors that are slow to respond or fail to respond that tend to annoy me. Excuse me! If I am going to buy networking equipment – I believe that I have the right to know if a hybrid router (modem/router combined) or individual router has any potential security flaws. Home Network Routers Users who do not take basic router security seriously, can also impact home network router security. Automatically secure your site with keys and salts! WordPress has a lot of excellent security features.

Automatically secure your site with keys and salts!

One of these features is the ability to specify randomized keys and salts to help keep cookies and form nonces secure. The Cocoon Blog / New Blog: Five Tips For Safer Online Banking - During the spring of 2013 (and it is right around the cyber corner), "Darkhat" VorVzakone plans to target the customers of 30 U.S. banks. That Really Cool App You Put on Your Smart Phone is Probably Collecting All Sorts of Information – and You Don’t Even Know It. A few weeks ago I warned that mobile applications may not behave the way that users expect them to. (See “App Happy Downloaders May Get More Than They Expect.”)

As a follow-up to that post, I talked more in-depth with Domingo Guerra, president and co-founder of Appthority. Guerra’s company has analyzed hundreds of thousands of mobile apps to discover what they do, not just on the surface but under the hood as well. It turns out that most mobile apps are pretty busy collecting as much information as possible about the device owner and off the device itself. For example, an app may harvest all the information from a person’s contact list on his smart phone. Ransomware, a growing threat in the U.S.… Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed. Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it.

The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. – NYT Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life. Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. Umbrella by OpenDNS. YouTube. Do you allow RDP connections? Cybercrime service sells hacked Fortune 500 access.

Do you have a Windows computer currently in use or an old box that accepts Remote Desktop Protocol (RDP)? Most enterprises do allow RDP, so the client box can connect to a remote host computer. In fact, not only do Fortune 500 companies use RDP, but Brian Krebs recently reported on a cybercrime service that sells that RDP access for few dollars. This investigative Krebs on Security report looked into, which advertises access to hacked RDP servers on cybercrime forums as "The whole world in one service. " It takes instant messaging to contact the service owner and $20 via the virtual currency WebMonkey to register.

Krebs said that nearly 300,000 compromised systems have been pimped through dedicatexpress since it began in 2010, with 17,000 RDP computers available for rent right now. Cocoon privacy plug-in for Chrome watches your back as you browse. Cocoon, a browser plug-in designed to protect your privacy and security online, is now available for Google's Chrome browser, according to its maker Virtual World Computing. The software is offered as a free plug-in with advertising, as well as in a paid premium version with added features, and works by placing Cocoon's servers between a consumer and the Internet. That hides the consumer's identity from anyone trying to track a web user's activity on the Web. A beta version of the software was released Monday. A version for the general public is expected to be available Nov. 12. With the free version of Cocoon, you get anonymous browsing, privacy on shared computers, secure Wi-Fi connections, and freedom from Facebook tracking.

Facebook tracking was also the target of a browser plug-in introduced in September by Give Sophos credit for its loud glitch warning. Show me any piece of security technology on this planet and tell me it's bullet-proof and I'll call you a liar. No matter how good the product, glitches happen. Better WP Security - Menu. Version 3.4.2. Implicit Learning Passwords Are Like Riding a Bike. Windows worm slips into iOS App Store, climbs into hipsters' pockets. High performance access to file storage An item of Windows malware has managed to make its way onto Apple's iOS App Store. Details. A typical child in the 21st century is practically raised on technology. Tablets, smartphones and multiple computers in most American homes virtually ensure a technologically groomed child. GetCocoon - Google+ - Have you ever wondered what botnet activity really looks… The Vulnerabilities Market and the Future of Security. LinkedIn Apparently Hacked: Try to Care Long Enough to Change Your Password.

Researchers spot fake mobile antivirus scanners on Google Play. Think that just because you're downloading an application from an official application store, you're safe from malicious software? Will your Internet go down on July 9th? Posted on 17:52, April 23rd, 2012 by headgeek. Cocoon and Cocoon+ Now Approved as a Download on Mozilla's Firefox. Compromised WordPress sites serving client-side exploits and malware. Security researchers from TrendMicro are reporting on mass compromise of WordPress sites, currently serving client-side exploits and malware to users who click on malicious links in the spamvertised emails connected with the campaign.

RDP Honeypot on Amazon EC2 Virtual Server. Warning. Cocoon now sheathes you in IE, too. Tor Vulnerable to Remote arbitrary code Execution. You Can One-Up The Bad Guys With Unmask Parasites. Ten things you didn't know about Sourcefire. Get Cocoon: To all our wonderful follo... Mikko Hypponen: I can confirm that Mediafi... Mikko Hypponen: Someone posted the social...

568 reasons First State Super's security breach should worry you - security breach, security, Patrick Webster, information security, First State Super (FSS) Get Cocoon: Coming soon - Cocoon for i... Super-Charge Your Online Privacy Now – Exciting Breakthrough! Secunia PSI: The Best Software Update Tool You've Never Heard Of > Installing and Using Secunia PSI. StopBadware releases best practices for reporting. Releases best practices for reporting. Harvard University website hacked by Syria protesters ~ THN : The Hacker News. Cocoon on Security. Nearly 300,000 Iranian IP addresses likely compromised. Using Netsh for Easier Network Setup in a Malware Lab. New Free Tools Simplify Analysis Of Android Malware. Fight the Good Fight: Krebs’s 3 Basic Rules for Online Safety. Wrongly accused of porn after wifi hacked. Wrap Firefox in a Cocoon of privacy.

Cocoon promises a safe, spam-free, private way to browse the web. Security Researcher, CyberCrime Foe Goes Missing. Cocoon Is an All-In-One Privacy Extension for Firefox (And We've Got Beta Invites) DNS Malware Detection Pivotal for Organizations - Cybersecurity Report. More info on .MOV malware. Millions of Android users hit by malicious data theft app. Get Cocoon Internet Services:

Infosec Security