As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy. The enterprise data is worth more than gold, so it is unsurprising that the...

UPDATED 01/07/2016 to include RSA Conference USA. (Please see below.) In Part II of our 2015 Infosec Wishlist series , a number of security experts expressed their desire for the security community to renew its focus on collaboration, communication and unity in the New Year. To accomplish this goal, folks in information security will need to internalize this message and inject it into their...

Researchers have confirmed that a variant of the BlackEnergy malware was behind a power outage that occurred around Christmas Eve last year. Reuters reports that the Western Ukrainian power company Prykarpattyaoblenergo reported on outage on December 23rd that affected an area including the regional capital Ivano-Frankivsk . A subsequent investigation revealed that a variant of the BlackEnergy...

Back in July, I brushed on the topic of using a Raspberry Pi as a cheap and effective way to secure Internet of Things (IoT) and Industrial Control Systems (ICS) networks where traditional protection mechanisms are not feasible. I took those concepts and spoke to them at the IoT Village at DefCon 23 in a level of detail that explained how to actually deploy one of these Sweet Security devices. I...

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it? If you answered 'yes' to all of the above, you're half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project: 1. Be sure the solution solves your problems. Create use cases (and actually test...

Last week, we reported on a post office email scam that was recently observed to be t argeting PostNord customers with Cryptolocker2 ransomware. Our story noted that customers commonly fall for this type of scam because, by nature, they tend to trust institutions with which they are familiar. As a result, users were more than willing to click on a URL to arrange a pick-up time for an undelivered...

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020. But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem...

The author of the Radamant ransomware kit has insulted the researcher responsible for creating a decryption tool in some of the malware's new embedded strings. Shortly before Christmas Eve, Fabian Wosar of EmsiSoft published the decrypting tool on his company's website after discovering a weakness in Radamant's encryption algorithm, reports Softpedia . After identifying their infected files by...

2015 was an eventful year for cyber security. Major vulnerabilities, including Superfish , " No iOS Zone " and CVE-2015-2502 made waves in the infosec community, as did a variety of criminal collectives – including Lizard Squad , Phantom Squad and DD4BC – that use distributed denial-of-service (DDoS) attack campaigns to get what they want. Let's also not forget the substantial data breaches that...

Security researchers recently uncovered a new type of malware—known as ProxyBack—designed to turn the infected systems of unsuspecting victims into Internet proxies. According to researchers at security firm Palo Alto Networks, the family of malware contains more than 20 versions, and may have been used to infect systems as far back as March 2014. Researchers observed the primary distribution of...

Adobe has released an out-of-band security update that fixes 19 'critical' vulnerabilities found in Flash Player. On Monday, the United States Computer Emergency Readiness Team (US-CERT) issued an alert advising users and administrators alike to refer to Adobe Security Bulletin APSB16-01 . In that bulletin, Adobe provides some context on the reasoning behind its emergency fixes: "Adobe has...

Organizations have a deep interest in detecting and preventing threats within their environments. From firewalls to file integrity monitors , there are many opportunities to catch and stop attackers in their tracks. A basic workflow for IT security revolves around prevention, detection and remediation. As a researcher in Tripwire’s Security and Compliance Solutions team, analysis and research is...

A new system called GOTPass could offer a alternative to multi-factor authentication by replacing passwords with images and patterns. Endgadget reports that the system, which was developed by researchers at the University of Plymouth, requires a two-step one-time setup. First, users are asked to draw a pattern on a 4x4 grid, a method of authentication which mimics Android's screen unlock procedure...

For years, computer criminals have been targeting unsuspecting web users with post office email scams. This particular method of attack consists of a fake email in which a recognizable postal service notifies the recipient that it has failed to deliver a package to their address. The email subsequently asks that the recipient pick up the package themselves and provides a link by which they can...

In the Internet of Things (IoT) era that we have entered, it is becoming apparent to me that nothing follows a linear progression anymore. The abstract models created by start ups , which can and often do disrupt the industry, promote new ways of engaging in business that are not common sense. To illustrate this, I’ve made a list of examples that have turned industries on their head and that don’t...

Hyatt Hotels has launched an investigation after discovering malicious activity on its payment processing systems. Stephanie Sheppard, a spokeswoman for Hyatt, announced the investigation in an email to Hyatt guests on Wednesday: "Hyatt Hotels Corporation (NYSE: H) today announced that it recently identified malware on computers that operate the payment processing systems for Hyatt-managed...

Almost every week, we hear about a new data breach in the news that reports about a major company losing millions of usernames, passwords, credit card numbers, banking transactions after falling victims to a cyber attack. As per a recent report released by Imperva on Web Application attacks, SQL Injection (SQLi) saw the biggest rise compared to last year with a typical application suffering three...

A hacker has been charged with unlawfully accessing a number of celebrities' email accounts and stealing copyrighted information from both TV and film companies. On Tuesday, federal prosecutors in the Southern District of New York charged ( PDF ) Alonzo Knowles, 23, of the Bahamas, with copyright infringement and identity theft for a scheme that allegedly involved 130 celebrities. "This case has...

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective . In part 2, I offer advice that considers the implementation and ongoing operations management. Let’s look at operational considerations that also have an impact on the agent...

In the spring of 2014, the Federal Bureau of Investigations sent out a private notice to healthcare providers warning them that as a result of lax security controls in their field, the healthcare industry as a whole was more prone to "cyber intrusions" than the financial and retail sectors. Unfortunately, this threat has not changed in the past year. Taking into account the intrinsic value of...