tagged w/ Social Engineering
-
We talk about criminal hackers, scammers and bold face conmen like they are mysterious creatures from the twilight zone. While they are certainly interesting and mythical creatures, fundamentally they are people.We talk about criminal hackers, scammers and bold face conmen like they are mysterious... more
-
-
RSA and IDG released two new research studies that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA and IDG released two new research studies that examine the far-reaching security... more
-
-
From The Internet Security Alliance: Virtual-machine exploit lets attackers take over host; T-Mobile confirms stolen data is genuine; Webhost hack wipes out data for 100,000 sites; Texas DPS trying to catch up after virus, new design.From The Internet Security Alliance: Virtual-machine exploit lets attackers take over... more
-
-
Trade secrets and confidential information truly are the crown jewels of many businesses. This is the information that allows businesses to compete effectively, and that provides a competitive edge. Despite the critical nature of this information, my experience is that many business people do not understand what they should be doing to protect the crown jewels. I repeatedly see posts on LinkedIn and elsewhere asking for a “form” or a link to a “free site” to get an NDA. Given the potential value of the information, this cavalier approach is surprising.Trade secrets and confidential information truly are the crown jewels of many... more
-
-
From The Internet Security Alliance: The ISAlliance is leading a project to develop an industry led, cost effective SCAP solution for VoIP and Unified Communications with the goal of providing a secure playing field for corporations as they deploy VoIP and related technologies.From The Internet Security Alliance: The ISAlliance is leading a project to develop an... more
-
-
T-mobile customers are awakening this morning to reports that hacker/extortionists have victimized the cellular carrier through a massive network breach resulting in the theft of untold amounts of corporate and customer data, which they’re threatening to sell to the highest bidder.T-Mobile says it is investigating.T-mobile customers are awakening this morning to reports that hacker/extortionists... more
-
-
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.A large internet service provider said data for as many as 100,000 websites was... more
-
-
There is something wrong here and PCI DSS is exposing it, not causing it. “When people say PCI is too hard, many really mean to say compliance is not cheap. The business risks and ultimate costs of non-compliance, however, can vastly exceed implementing PCI DSS – such as fines, legal fees, decreases in stock equity, and especially lost business. Implementing PCI DSS should be part of a sound, basic enterprise security strategy, which requires making this activity part of your ongoing business plan and budget.”There is something wrong here and PCI DSS is exposing it, not causing it. “When... more
-
-
It’s no surprise that since the true realization of the money crash last September, sources of funding have dramatically tightened up. Most of us understand that desperate times require desperate measures, but be careful – if you’re seeking funding or working with someone who is; there be dragons out there… I’ve managed investor related due diligence issues over the years primarily by bringing transparency to decision makers before any deal is made – unfortunately, some call too late and we have to roll in to “how to fix it” mode.It’s no surprise that since the true realization of the money crash last September,... more
-
-
By Steven Fox, Founder of SecureLexicon: A cross-industry survey of 150 IT managers and technical staff showed that 20% of that population either admitted to cheating on an IT audit or knew someone that did. Ruvi Kitov, CEO of Tufin Technologies, noted that the rate of auditor deception is likely higher than the survey suggests. Andy Bokor, COO of Trustwave, added that some IT professional respond to compliance pressures by describing their environments in a positive, yet false light.By Steven Fox, Founder of SecureLexicon: A cross-industry survey of 150 IT managers... more
-
-
By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that there has been a major spike in fraudulent pharmacy sites just this past week. Much like the fake SpySweeper site these pharma-fraud sites present a convincing storefront that appears to sell Viagra and Cialis. They have a sophisticated shopping cart system and take your money but do not bother with actually fulfilling orders. eSoft provided me with data on seven different templates they have discovered. The quantity is amazing.By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that... more
-
-
By Kevin M. Nixon, Information-Security-Resources.com Security Editor
I served on the Executive Board of Directors for the Internet Security Alliance (2001 - 2004) and supported the creation of the Department of Homeland Security. I continue to make the rounds on Capitol Hill meeting with US Senators and Representatives and their Congressional Staffs as a subject matter expert on all types of IT Security, Data Privacy, Cybersecurity and GRC issues to provide our elected officials with a real worldview into the impact their legislative actions can have, both positive and negative.By Kevin M. Nixon, Information-Security-Resources.com Security Editor
I served on... more
-
-
Google identifies the ten domains responsible for compromising the most number of sites on the internet. In response to a recent surge in websites being infected with malware, Google has revealed the top ten most popular malware sites in the last couple of months.Google identifies the ten domains responsible for compromising the most number of... more
-
-
The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM’s receipt printer, according to analysts from Spider Labs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.The malware logs the magnetic-stripe data and personal identification number of cards... more
-
-
“Protecting our nation’s computing systems that control critical cyberinfrastructure is crucial,” Fred Chang, lead investigator and director of the CIAS, said in a statement.“Protecting our nation’s computing systems that control critical... more
-
-
There are many efforts to create meaningful security metrics, which is a worthy goal. After benchmarking over 1000 IT operations and security organizations in the past four years, I’ve formed some very strong conclusions and opinions, some of which goes against security common wisdom.There are many efforts to create meaningful security metrics, which is a worthy goal.... more
-
-
“Centralizing our cybersecurity efforts under Phil’s leadership will help create a unified DHS as we continue to adapt to an ever-changing array of threats. Together, Phil, Bruce and Greg will guide the Department’s efforts to prevent cyber attacks and protect the nation’s critical information systems and networks.”“Centralizing our cybersecurity efforts under Phil’s leadership will help create a... more
-
-
We can share many horror stories ranging from competitors attempting to steal a client’s customer data, to outright corporate espionage to gain information on new product debuts and stealing technology and other proprietary information that may still be under development.We can share many horror stories ranging from competitors attempting to steal a... more
-
-
Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White House Blog, at the moment that the President was speaking, I also noticed something very interesting: “Why would Raytheon remove Rear Admiral Williamson’s distinguished service Bio from the corporate website?”Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White... more
-
-
Information Security Resources staff had received an advance copy of the official White House Press Release (05/29/2009) and was all ears today during President Obama’s East Room remarks on the highly anticipated and long awaited release of the “Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure”.Information Security Resources staff had received an advance copy of the official... more
-
