-
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
A new report details how 25,000 servers were compromised. The attacks would have failed if more than single-factor login (username/password) had been required.
-
SMB penny stretching 101: Making the most of your security budget
SMBs can learn how to deal with limited IT security budgets and scarce resources by prioritizing security controls and needs.
-
Droidpak: A sneak attack on Android devices via PC malware
New Android banking malware leverages vulnerable PCs to install itself on Android mobile devices. Learn how to foil this latest exploit.
-
Internet of Things botnet may include TVs and a fridge
Security firm Proofpoint believes they've detected a spam-sending botnet that includes internet-connected televisions and a refrigerator.
-
![]()
Fake security messages more believable than real warnings research shows
Cambridge University researchers reveal why people believe malicious, fake security messages and ignore real warnings.
-
![]()
Target data breach exposes serious threat of POS malware and botnets
In the wake of Target's massive data breach, Michael Kassner explores the rise of POS malware and botnets.
-
![]()
Technology can't stop phishing perhaps common sense can
Despite the warning, phishing attacks are still the favored attack vector of bad guys. It's time to forget technology and rely on good old common sense.
-
![]()
Neverquest banking malware more dangerous than Zeus trojan
New Neverquest malware steals bank account logins and lets attackers access accounts through victims' computers.
-
![]()
Target data breach: What you should tell non-IT folks right now
Help your friends, family, and coworkers understand the Target security breach, protect their accounts, and stay calm.
-
![]()
Android flashlight app tracks users via GPS, FTC says hold on
Buried deep in the Brightest Flashlight Free app's EULA is language that let's the maker collect and resell user location data. An FTC complaint leads to better user notification and deletion of all e...
-
![]()
AutoCAD malware: Rare but malignant
There's no better way for thieves to steal design secrets than straight from the engineers and designers who create them. CAD software programs are ripe for exploit.
-
![]()
Continuous security monitoring: Wave of the future
The new wave of continuous security monitoring solutions bring together views of security-related data that are often in different silos throughout the organization.
-
![]()
Social engineering red flags and tips for training users
Social engineering leads to dangerous security lapses and is notoriously difficult to prevent. Make sure your organization's users can spot the most obvious red flags.
-
![]()
Encryption for the paranoid: Verifying TrueCrypt source code and binaries
TrueCrypt is open source and verifiable, but until someone actually does the verification, recent events have taught us to be skeptical.
-
![]()
Five takeaways from the NSA and Internet surveillance disclosures
The ripples from Edward Snowden's whistleblowing on NSA surveillance tactics continue to be felt. What are the biggest takeaways for those in the technology field?
-
CNN Top 10 e-mail leading users to malware
Attention news junkies: The Belgian MX virus and spam blog is reporting that today's CNN Top 10 e-mail links are sending unwitting users to sites hosting malware.
-
When it comes to security, what does it mean to be good enough?
What are the security implications of "good enough?" Does it reflect a cynical belief that just the impression of good security is sufficient, or does it refer to the realistic balance that must be st...
-
Four reasons to validate your backup processes
When is the last time you asked WHY you perform backups? Those tapes sitting in off-site storage might just cause you and the other members of IS -- as well as Legal and Internal Audit -- more pain th...
-
Perfect vs. Good Enough
When considering security in your organization, how do you reconcile the competition between the desire for perfection and the need for "good enough?"
-
Identity thefts continue as employees and employers play blame game
Finger-pointing is a time-wasting blame game, usually accomplishing very little. It has similarities to Nero's fiddling while Rome burned. Focusing on the problem, however, adds real value.
-
Defcon brings together security pros and hackers
Check out what's going on at the 16th annual Defcon security conference in Las Vegas. It brings together mainstream security professionals and underground hackers for a unique perspective on security.
-
Keyczar: another open source security tool from Google
Google has done it again: just over a month since the open source release of RatProxy comes a cryptographic toolkit called Keyczar.
-
Security news roundup: States urged to do more to tackle cybercrime
This week's security events includes a Defcon talk by MIT students stopped by a court order, a critical vulnerability in the Joomla CMS, Microsoft's bumper Patch Tuesday in the month of August, and st...
-
![]()
The anatomy of a phishing operation
There are far better things than being phished, like writing about how not to get phished. Michael P. Kassner reviews a research paper that provides amazing insight into a successful phishing operatio...
-
How to successfully implement the principle of least privilege
Least privilege is a core security principle, but it's one that often meets with resistance by users. Here are tips for how to implement it and get the point across to others.
-
![]()
DARPA's Plan X and the future of the U.S. cyber defense infrastructure
Plan X sounds like a summer sci-fi movie, but it's actually one of DARPA's latest projects, aimed at improving the nation's defense of critical infrastructure targets.
-
![]()
How to respond to a malware incident
When malware is suspected don't jump the gun on diagnosis and countermeasures. Follow these best practice guidelines to ensure an appropriate and measured response.
-
Virtualizing apps could be the bridge over the BYOD security gap
Allowing BYOD has unfavorable implications for both the company and employees. Michael P. Kassner explores what businesses are doing to mitigate the risk.
-
![]()
Fake security messages more believable than real warnings research shows
Cambridge University researchers reveal why people believe malicious, fake security messages and ignore real warnings.
-
Managing risk with After Action Reviews
Responding to security incidents, whether they are malicious or accidental, requires a final step that many organizations neglect. An After Action Plan (AAR) helps to reduce the probability of a recur...