Facebook Twitter

Tales From the Crypto: Case of the Malicious IT Contractor. Data Broker Giants Hacked by ID Theft Service. An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

Data Broker Giants Hacked by ID Theft Service

The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Information Security and Risk Management in Context. 2 Minutes on BrightTALK: How to Futureproof Your IT Career. Trend Micro sponsored an extensive security survey of businesses in North America and Europe.

2 Minutes on BrightTALK: How to Futureproof Your IT Career

Conducted by Cyber-Edge Group, LLC, a premier research and marketing firm, the survey examines the current and planned deployment countermeasures for establishing effective cyber defenses. This webinar will reveal the significant findings from the survey and accompanying report and is intended to provide IT security decision makers with a better understanding of how their perceptions, concerns, priorities – and most importantly – current defensive postures stack up against those of other IT security professionals and organizations.

Security Slice: To Encrypt or Not to Encrypt? Home « News « Security Slice « Security Slice: To Encrypt or Not to Encrypt?

Security Slice: To Encrypt or Not to Encrypt?

The state of California recently released its first annual data breach report and the results were striking. According to Attorney General Kamala D. Harris, 1.4 million citizens would have been protected from breaches if businesses had encrypted their data. Is encryption the key to data breach protection? Why don’t more organizations utilize it? John Powers Episode 3: The Spy Who Logged Me. Have you ever wished for some supernatural powers to secure your organization?

John Powers Episode 3: The Spy Who Logged Me

Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? Meet John Powers… Sure, he is good at his job – some might say he is a little “too good.” In episode 1, John was dealing with some out of this world perceptions from his colleague Clint who has a very active imagination. John Powers Episode 3: The Spy Who Logged Me. My CISO is an Alien: Meet John Powers. Have you ever wished for some supernatural powers to secure your organization?

My CISO is an Alien: Meet John Powers

Perhaps longing for some extraterrestrial abilities to defend your sensitive data, or hoped to get help from outer space to get you through that compliance project? I’m a strong believer that our industry could benefit from two things: (1) More information sharing and (2) More humor. PRISM and the Myth of Absolute Security. Edward Snowden, an ex-CIA employee and a current employee of defense contractor Booz Allen Hamilton, is all over the news this week.

PRISM and the Myth of Absolute Security

He’s also the source of the NSA leak that outlined PRISM, a broad-based U.S. Internet intelligence-gathering program. Last month we learned that QinetiQ, a major DoD government contractor, had been repeatedly breached by Chinese hackers. Together, these events have a lot of people talking about the safety and security of U.S. government contractors. The Defense Security Service (DSS) administers the defense portion of the National Industrial Security Program (NISPOM), a rigorous program outlining the requirements for government contractors that need a U.S. government security clearance to access national security information.

Over-Sharing Riskier than Government Snooping. There has been an uproar over disclosures regarding the rather ambitious program known as PRISM and the harvesting of metadata from mobile phone calls, both programs administered by the NSA which are designed to gain access to what we would like to think is private information.

Over-Sharing Riskier than Government Snooping

While the widespread rage over the government engaging in the systematic collection and analysis of data about law abiding citizens is more than understandable, the fact is that people in this age of the Internet freely share huge amounts of personal information on a daily basis, and doing so puts them at risk. We freely share details of our lives, our travels, information about our children, our extended family, about our business, our employers, our Web browsing and shopping habits, our medical condition – all data that falls under the definition of Personally Identifiable Information (PII). My CISO is an Alien: Meet John Powers. Knowing, Doing, and Denial in Information Security.

A few years back, I knew a guy who had a mole on his forehead, which started to grow and change shape.

Knowing, Doing, and Denial in Information Security

As a survivor of melanoma, I know this is not a good thing. Some friends and I urged him to go to the doctor to have it looked at, but he refused. ”I don’t want to go to the doctor – it might be cancer.” Sounds ridiculous, doesn’t it? But that argument is similar to what I hear from information security professionals all the time.

They don’t want to confirm the issues they already know they have (through vulnerability scans, pen tests, security assessments, configuration audits, etc.) because they know it will likely turn up a list of things they don’t want to deal with. My CISO is an Alien: Meet John Powers. Malware Pusher Cocky Enough To Sell Wares On Facebook. The Web’s dark markets are not enough for some it appears, as a botnet marketer has started selling services on Facebook.

Malware Pusher Cocky Enough To Sell Wares On Facebook

A Facebook page was discovered pushing a demo of a control panel for a Zeus botnet, which harvests financial data to let criminals access bank accounts. The demo appears to be fairly basic, but users can contact the seller to get the full package. “For the developer it seems to be a hobby/project of sorts (very common to guys that work on malware). But there is a second guy moving this, he runs the FB page itself and seems to be selling stolen financial data derived from Trojan logs,” Limor Kessem, team leader at RSA’s Anti-Fraud Command Centre (AFCC). Home network routers may contain vulnerabilities. Home network routers may contain vulnerabilities and some can even invite intruders into your home.

Home network routers may contain vulnerabilities

Some home network router vendors are slow to respond, or they do not respond at all to researchers that report router vulnerabilities. It is the vendors that are slow to respond or fail to respond that tend to annoy me. Excuse me! If I am going to buy networking equipment – I believe that I have the right to know if a hybrid router (modem/router combined) or individual router has any potential security flaws.

Automatically secure your site with keys and salts! WordPress has a lot of excellent security features. One of these features is the ability to specify randomized keys and salts to help keep cookies and form nonces secure. Sadly, there are a lot of WordPress users who miss out on this extra security because they haven’t configured it for their site. The Cocoon Blog / New Blog: Five Tips For Safer Online Banking - During the spring of 2013 (and it is right around the cyber corner), "Darkhat" VorVzakone plans to target the customers of 30 U.S. banks.

That Really Cool App You Put on Your Smart Phone is Probably Collecting All Sorts of Information – and You Don’t Even Know It. A few weeks ago I warned that mobile applications may not behave the way that users expect them to. (See “App Happy Downloaders May Get More Than They Expect.”) As a follow-up to that post, I talked more in-depth with Domingo Guerra, president and co-founder of Appthority.

Guerra’s company has analyzed hundreds of thousands of mobile apps to discover what they do, not just on the surface but under the hood as well. Ransomware, a growing threat in the U.S.… Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed. Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it.

The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. – NYT Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam. While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life. Umbrella by OpenDNS. YouTube. Do you allow RDP connections? Cybercrime service sells hacked Fortune 500 access. Do you have a Windows computer currently in use or an old box that accepts Remote Desktop Protocol (RDP)?

Most enterprises do allow RDP, so the client box can connect to a remote host computer. In fact, not only do Fortune 500 companies use RDP, but Brian Krebs recently reported on a cybercrime service that sells that RDP access for few dollars. This investigative Krebs on Security report looked into, which advertises access to hacked RDP servers on cybercrime forums as "The whole world in one service. " It takes instant messaging to contact the service owner and $20 via the virtual currency WebMonkey to register. Krebs said that nearly 300,000 compromised systems have been pimped through dedicatexpress since it began in 2010, with 17,000 RDP computers available for rent right now. Cocoon privacy plug-in for Chrome watches your back as you browse. Cocoon, a browser plug-in designed to protect your privacy and security online, is now available for Google's Chrome browser, according to its maker Virtual World Computing. The software is offered as a free plug-in with advertising, as well as in a paid premium version with added features, and works by placing Cocoon's servers between a consumer and the Internet.

That hides the consumer's identity from anyone trying to track a web user's activity on the Web. A beta version of the software was released Monday. A version for the general public is expected to be available Nov. 12. With the free version of Cocoon, you get anonymous browsing, privacy on shared computers, secure Wi-Fi connections, and freedom from Facebook tracking. Give Sophos credit for its loud glitch warning. Better WP Security - Version 3.4.2. Implicit Learning Passwords Are Like Riding a Bike. Windows worm slips into iOS App Store, climbs into hipsters' pockets. Details. GetCocoon - Google+ - Have you ever wondered what botnet activity really looks…

The Vulnerabilities Market and the Future of Security. LinkedIn Apparently Hacked: Try to Care Long Enough to Change Your Password. Researchers spot fake mobile antivirus scanners on Google Play. Will your Internet go down on July 9th? Cocoon and Cocoon+ Now Approved as a Download on Mozilla's Firefox. Compromised WordPress sites serving client-side exploits and malware. RDP Honeypot on Amazon EC2 Virtual Server. Warning. Cocoon now sheathes you in IE, too. Tor Vulnerable to Remote arbitrary code Execution. You Can One-Up The Bad Guys With Unmask Parasites. Ten things you didn't know about Sourcefire.

Get Cocoon: To all our wonderful follo... Mikko Hypponen: I can confirm that Mediafi... Mikko Hypponen: Someone posted the social... 568 reasons First State Super's security breach should worry you - security breach, security, Patrick Webster, information security, First State Super (FSS) Get Cocoon: Coming soon - Cocoon for i... Super-Charge Your Online Privacy Now – Exciting Breakthrough! Secunia PSI: The Best Software Update Tool You've Never Heard Of > Installing and Using Secunia PSI. StopBadware releases best practices for reporting. Releases best practices for reporting. Harvard University website hacked by Syria protesters ~ THN : The Hacker News. Cocoon on Security. Nearly 300,000 Iranian IP addresses likely compromised.

Using Netsh for Easier Network Setup in a Malware Lab. New Free Tools Simplify Analysis Of Android Malware. Fight the Good Fight: Krebs’s 3 Basic Rules for Online Safety. Wrongly accused of porn after wifi hacked. Wrap Firefox in a Cocoon of privacy. Cocoon promises a safe, spam-free, private way to browse the web. Security Researcher, CyberCrime Foe Goes Missing.

Cocoon Is an All-In-One Privacy Extension for Firefox (And We've Got Beta Invites) DNS Malware Detection Pivotal for Organizations - Cybersecurity Report. The Web's Largest Community Tracking Online Fraud & Abuse. More info on .MOV malware. Millions of Android users hit by malicious data theft app. Get Cocoon Internet Services:

Infosec Security