Credit Card Encryption | PCI Compliance | StrongAuth U.S. infrastructure vulnerable to attack If it is left to the politicians, the door to the nation's utilities might be left open. Almost telling terrorists, like in those motel commercials, "We'll leave the light on for you." The ironic part is that a terrorist attack on the nation's infrastructure would mean those lights would go out, along with other catastrophic possibilities. A recent survey showed that security experts have little faith that government regulation will be the answer. To continue reading, register here to become an Insider It's FREE to join Network World - If it is left to the politicians, the door to the nation's utilities might be left open. Operators of America’s vital power, water and manufacturing facilities use industrial control systems (ICS) to manage them, and the security of these systems, increasingly linked with Microsoft Windows and the Internet, is now under intense scrutiny because of growing awareness that they could be attacked and cause massive disruptions.
Identity Theft Taken to the Next Level « Barnard Vogler & Co. Identity Theft Taken to the Next Level. 16/08/12 5:13 pm | Comments (0) | Posted By: David Schaper. I recently came across an article on yahoo news, which left me flabbergasted. It explained that one home in Florida was the recipient of more … See on bvcocpas.com Crisis malware infects VMware virtual machines, researchers say The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec. Crisis is a computer Trojan program that targets Mac OS and Windows users. The malware was discovered by antivirus vendor Intego on July 24 and can record Skype conversations, capture traffic from instant messaging programs like Adium and Microsoft Messenger for Mac and track websites visited in Firefox or Safari. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. "The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool," said Symantec researcher Takashi Katsuki in a blog post on Monday. Morcut doesn't do this, Golovanov said.
Gather Intelligence On Web Bots To Aid Defense Commentary One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014.By Nick Selby CEO, StreetCred Software, Inc, 4/8/2014 2 comments | Read | Post a Comment Quick Hits According to the Websense 2014 Threat Report, most malicious exploits now are advanced and targeted.By Tim Wilson Editor in Chief, Dark Reading, 4/4/2014 4 comments | Read | Post a Comment The tool helps the social network gather, store, analyze, and react to the latest threats against it.By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/26/2014 4 comments | Read | Post a Comment New company Confer takes on endpoint security problem with sensors that feed into threat intelligence networkBy Tim Wilson Editor in Chief, Dark Reading, 1/30/2014 0 comments | Read | Post a Comment 1 Comment | Read | Post a Comment News 0 comments | Read | Post a Comment 0 comments | Read | Post a Comment 0 comments | Read | Post a Comment
Are You A Level 2 Merchant? « PCI Guru It is that time of the year again. I have had calls from a number of Level 2 merchants in a panic about the upcoming MasterCard deadline. I also have a number of perspective clients that are saying, “Deadline? What deadline?” To refresh everyone’s memory, three and a half years ago, MasterCard issued a directive that by June 30, 2010, all Level 2 merchants needed to either: (1) have a PCI SSC certified Internal Security Assessor (ISA) prepare their Self-Assessment Questionnaire (SAQ) or, (2) have a PCI SSC certified Qualified Security Assessor (QSA) conduct a PCI assessment and issue a Report On Compliance (ROC). Because of the uproar this directive caused with their Level 2 merchants, MasterCard backed off on the 2010 date but set forth a new date of June 30, 2012. I have sent a message to MasterCard to confirm that the June 30, 2012 date is still valid. UPDATE: MasterCard did confirm that the June 30, 2012 date was accurate. Like this: Like Loading...
Cybercriminals eye gold with Olympic Games scams The public's appetite for scandal around the world is practically insatiable. Not surprisingly, cybercriminals try to take advantage of it, especially during an event like the 2012 Olympic Games. But the good news, say experts, is that the bulk of the scams are unsophisticated, looking to take advantage of so-called "low-hanging fruit." One of the more recent, discovered by security vendor Sophos, is a malware campaign that tries to snare victims with a fake scandal at the Olympics. A post by Graham Cluley on Sophos' Naked Security blog said a spam email comes with a subject line saying: "Huge scandal with the USA Women's Gymnastics Team on the 2012 London Olympics." The body of the email then promises salacious details about USA women's gymnastics gold-medal winner Gabrielle Douglas facing a lifetime ban after reportedly testing positive to banned diuretic furosemide. [See also: Phishing - The Basics] This is not the only scam seeking to use the Olympics as leverage.
Another Social Engineering Attack – Mark Collier’s VoIP/UC Security Blog It must be in the water. Here is a link to another social engineering attack. In this case, attackers gathered some basic personal information and used to get to access to Apple icloud/iTunes accounts. See on voipsecurityblog.typepad.com