tagged w/ zero day attack
-
Given the number of devices currently connected to the internet, factoring in new devices that are being added daily, subtracting devices being removed, factoring in energy reserves and the possibility of a giant tsunami wiping out humanity, I have approximately 134.2 years to go...
https://www.infosecisland.com/blogview/15873-The-Life-of-a-Zero-Day-Worm.htmlGiven the number of devices currently connected to the internet, factoring in new... more
-
-
-
Here is a scam that is particularly difficult threat to spot. Note the use of a Hallmark email address, Hallmark Logo and the template that was probably lifted from an authentic e-card. What’s the dead give-away that this is scam? Note the fact that the link has an “.exe” which is an “execute” command that will probably run some kind of nasty malware.Here is a scam that is particularly difficult threat to spot. Note the use of a... more
-
-
One of the penalties of having a well published email address is that I receive dozens of phishing emails, scam letters, and other nefarious material en masse daily. Most of these are the typical inheritance, lottery, and sweepstakes scams - but then there are the ones that at first glance may seem legitimate. Take for instance the following email I received over the holiday weekend...One of the penalties of having a well published email address is that I receive dozens... more
-
-
It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.It is possible that, if such policies exist and were created specifically for HIPAA... more
-
-
ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at Heartland” by Bob Carr, CEO of Heartland Payment Systems; Carnegie Mellon University Software Engineering Institute Insider Threat Workshop; U.S. Department of Homeland Security Critical Infrastructure and Key Resources; ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project; IT Sector Coordinating Council Protective Programs and Research and Development (PPRD)…ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at... more
-
-
QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their mindset when auditing virtualized card processing infrastructure…QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need... more
-
-
Any organization should have a simple and brief procedure to treat information carriers for systems that are to be discarded. All that hardware contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered. Here is a brief summary of the crucial information disposal procedure elements.Any organization should have a simple and brief procedure to treat information... more
-
-
With the perspective of six years of data breaches, the rise of cyber crime, phishing, identity theft, and information warfare - it seems laughable that the big issue of employees bringing malware infested laptops into the office spawned so many companies.With the perspective of six years of data breaches, the rise of cyber crime, phishing,... more
-
-
Safety online is a controversial issue, one that is debated to death with little results that the average person can use without an advanced IT qualification. Here are my four simple rules for improving internet safety:Safety online is a controversial issue, one that is debated to death with little... more
-
-
Currently, people rely on obscurity to keep their data safe. But with progressively more intelligent search engines available that can churn through vast amounts of data and make sense of it – even your email – security is something that needs to be addressed.Currently, people rely on obscurity to keep their data safe. But with progressively... more
-
-
In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.In recent years, the number of reported data breaches at healthcare organizations has... more
-
-
Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.Radisson Hotels & Resorts has posted an open letter to its guests, informing them... more
-
-
Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII.Any business, of any size, in any industry, in any location, is a possible target for... more
-
-
Spoiler alert: There isn’t an effective identity theft protection product. Typically, a company claiming to be an identity theft protection company will provide one or all of these services; access to credit reports, credit monitoring, and database monitoring. Unfortunately, these services cause security problems themselves.Spoiler alert: There isn’t an effective identity theft protection product.... more
-
-
Identity theft is “America’s fastest growing problem” according to a statement made by the Federal Bureau of Investigation. The Federal Trade Commission (FTC) estimates 10 million Americans are affected each year. Knowing how to protect yourself is vitally important to avoid becoming a victim. The following are arenas where thieves prey:Identity theft is “America’s fastest growing problem” according to a... more
-
-
Twitter used to manage botnet; Nasty malware attack targets web developers; Obama site only offers malware; Exploding iPhone/iPods; Old-school virus threatens Delphi files; Attacks may come from inside computers; Study warns of cyberwarfare during military conflicts; Russian hackers stole US IDs for Georgian attacks…Twitter used to manage botnet; Nasty malware attack targets web developers; Obama site... more
-
-
Cyber Security Awareness Month is a waste of time, energy, and tax payer money. All of which could be spent on improving security within the Federal government. They are the ones who are getting infected by malware spread by USB devices, or having their email read or their fighter jet designs stolen. They are the ones that cannot articulate a cyber defense strategy well enough to entice someone to take on the top job…Cyber Security Awareness Month is a waste of time, energy, and tax payer money. All of... more
-
-
We’ve just published the latest guide in our ‘Securing Social Media’ series. We advise companies to block the use of P2P on the corporate network where not related to business use, and implement security guidelines to limit future risk.We’ve just published the latest guide in our ‘Securing Social Media’... more
-
-
Your email is as firmly established as an identity as a credit report- it contains details of your finances, address history, and birthday just as a credit report would. Your address book may reveal your mother’s maiden name, and a compromise of the account could easily reveal your tax information or social security number. A compromise of this account could be devastating.Your email is as firmly established as an identity as a credit report- it contains... more
-
