-
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection, authors Niels Provos and Thorsten Holz get inside the botnet and reveal some interesting conclusions. Book Chapter
-
Malware: The ever-evolving threat
The first tip in our series, "How to assess and mitigate information security threats, excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Re... Book Chapter
-
Information Security Decisions Session Downloads
Session Downloads from Information Security Decisions 2006 Conference. Session Downloads
-
Proven Tactics to Repel Emerging Threats
Today's targeted attacks rob organizations of their most valuable resources. These sessions identify ways to protect your business by detailing how to combat evolving cyberattacks, protect against insider threats, safeguard databases and applications... Session Downloads
-
Identity and Access Management Security School final quick quiz
SearchSecurity Retention
-
Steal this Computer Book 4.0: Prevent Google hacking
Learn how to prevent Google hacking in this excerpt from Chapter 8: Stalking the Computer of "Steal this Computer Book 4.0," by Wallace Wang. Book Chapter
-
Answers: Don't get blindsided by blind SQL injection attacks
SearchSecurity Retention
-
Author delves into novel attack methodologies
Review of Silence on the Wire, a book about security attack methodologies such as passive fingerprinting. Books
- See More: Essential Knowledge on Emerging Information Security Threats
-
Symantec source code theft: Threat is low to current products, vendor says
The leak affected Symantec’s endpoint protection and corporate antivirus software. Symantec recommends customers ensure their products are up to date. News | 06 Jan 2012
-
Tilded platform responsible for Stuxnet, Duqu evasiveness
Researchers at Kaspersky Lab tie the Stuxnet worm and its sister Duqu Trojan to the Tilded platform, which helped the malware evade detection by traditional security software. News | 04 Jan 2012
-
Confusion over APT attacks leads to misguided security effort
Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT). News | 15 Nov 2011
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News | 15 Nov 2011
-
Study: Signature-based antivirus can't stop polymorphic malware, unknown malcode
Palo Alto Networks' data indicates polymorphic malware remains a favorite tool for attackers trying to avoid detection by signature-based antivirus software. News | 08 Nov 2011
-
Report: ‘R&D is under attack’ from China, Russia
Let's use: Foreign nations and other actors are using cyberespionage to take sensitive technology and trade data, a tacit acknowledgment that Chinese cyberespionage represents a serious problem for U.S. companies. News | 03 Nov 2011
-
New Duqu malware shares Stuxnet Trojan code similarities
Symantec researchers said an early analysis of Duqu has found that it could be a precursor to a future Stuxnet-like attack. News | 18 Oct 2011
-
NIST guidelines seek to minimize risk of BIOS attacks
Amid emerging attack methods and the rollout of a new generation of BIOS, NIST offers guidelines to help enterprises reduce the risk of BIOS attacks. News | 21 Sep 2011
-
Chromebook security in question due to flawed Google Chrome extensions
Cross-site scripting flaws enable security researchers to bypass Chromebook security and silently steal sensitive data by hijacking browser sessions. News | 03 Aug 2011
-
McAfee’s Operation Shady RAT exposes national cybersecurity lapses
McAfee says Operation Shady RAT, a research effort involving 72 compromised organizations, exposes key national cybersecurity lapses. News | 03 Aug 2011
- See More: News on Emerging Information Security Threats
-
Mac enterprise security: Going beyond Mac malware scans
More attackers see an opportunity in Mac enterprise environments. Mike Cobb explains how to ensure a Mac enterprise security plan goes beyond Mac malware scans. Tip
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
-
Malware on a Mac: How to implement a Mac antimalware program
Learn how to create a Mac security program at your enterprise, before the amount of Apple platform malware reaches critical mass. Tip
-
Proactive security measures: How to prevent malware attacks
Security teams don't always need to be on the reactive. Learn how to implement proactive security strategies that prevent malware infections. Tip
-
How to collect Windows Event logs to detect a targeted attack
Targeted attacks are growing, and eventually your enterprise will be a target. Expert Richard Bejtlich covers how to collect Windows Event logs to detect an intrusion. Tip
-
How to detect content-type attacks in information security
Malicious attackers have increasingly turned to exploiting vulnerabilities in client-side software. Learn how to detect and prevent these types of attacks in your environment. Tip
-
Botnet removal: Detect botnet infection and prevent re-infiltration
Though botnet mitigation tactics continue to mature, so do the botnets themselves. In this tip, expert Nick Lewis gives best practices for detecting and removing cutting edge botnets. Tip
-
How to build a toolset to avoid Web 2.0 security issues
An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monitor the Web for sensitive data that may have leaked. Tip
-
Mobile banking risks and mitigation measures
Mobile banking is taking off, but can financial firms keep up with the risks? Learn about steps Wells Fargo and Bank of America are taking to ensure mobile banking security. Tip
-
Email, website and IP spoofing: How to prevent a spoofing attack
Find out how to prevent spoofing attacks, including IP spoofing, email and website spoofing. Tip
- See More: Tips on Emerging Information Security Threats
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them. Answer
-
Curb the spam virus threat via information security awareness training
Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help. Answer
-
Does Morto worm prove inherent flaws in Windows RDP security?
The recent Morto worm had unusual success spreading via Windows Remote Desktop Protocol. Does that mean RDP is security too weak? Nick Lewis explains. Answer
-
Zeus Trojan analysis: How to decode the Zeus config.bin file
Learn how to analyze the Zeus config.bin file in order to identify targeted URLs and infected computers on your network. Answer
-
SSL alternatives? Crafting Web-security programs for emerging threats
Expert Nick Lewis reacts to breaches at SSL certificate issuers and tackles whether enterprises should turn to SSL alternatives. Answer
-
Zero-day attack protection for Microsoft Graphics Rendering Engine
How vulnerable is the Windows Graphics Rendering Engine, and how should companies address recent zero-day attacks? Learn more in this expert response. Answer
-
MHTML security for Internet Explorer: Worth disabling MHTML IE?
Threats expert Nick Lewis discusses a recent vulnerability in MHTML security, and whether disabling the MHTML IE function is the best defense tactic. Answer
-
Can rootkit detection mechanisms stop the Blue Pill?
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your operating system? Ed Skoudis explains in this expert Q&A. Ask the Expert
-
Smishing: How to protect enterprises from SMS fraud
Learn more about protecting enterprises from smishing, or SMS fraud, in this expert response from Nick Lewis. Ask the Expert
-
Computer hijacking: Protecting against the Microsoft DLL download flaw
If exploited, the Microsoft DLL load-hijacking flaw could allow attackers to execute arbitrary code on machines. In this expert response, Nick Lewis explains how to protect against this vulnerability. Ask the Expert
- See More: Expert Advice on Emerging Information Security Threats
-
Duqu (W32.Duqu)
Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects. Definition
-
voluntary botnet
A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack. Definition
-
malvertisement (malicious advertisement or malvertising)
A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
-
TDL-4 (TDSS or Alureon)
TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet. The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon. Definition
-
advanced persistent threat (APT)
An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Word
-
cybercrime
Cybercrime is a term for any illegal activity that uses a computer as its primary means of commission. Word
-
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate. Word
-
advanced evasion technique (AET)
An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won't be recognized by an intrusion detection system Word
-
cyberwarfare
Cyberwarfare is Internet-based conflict involving politically motivated attacks on information and information systems. Cyberwarfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified ... Word
-
Same Origin Policy (SOP)
The Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information. Word
- See More: Definitions on Emerging Information Security Threats
-
NSA’s Sager on cyberwarfare, likelihood of ‘digital Pearl Harbor’
The NSA’s Tony Sager discusses the likelihood of ‘digital Pearl Harbor’ and how to prepare for cyberattacks by cost-effectively disrupting attackers. Video
-
NSA’s Sager on trends of 2011 security breaches, advanced persistent threat hype
The NSA’s Tony Sager discusses macro trends of 2011 security breaches, why advanced persistent threat hype isn’t justified, and infosec lessons learned from his wife and kids. Video
-
Black Hat 2011: Attack vectors, vulnerabilities and malware analysis
Rodrigo Branco talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals work. Video
-
Marcus Ranum on cyberwar, critical infrastructure protection
Network security expert Marcus Ranum explains why he believes cyberwarfare is only a tool for powerful nation states and discusses how Stuxnet supports his premise. Video
-
Narcissistic vulnerability pimp: Baker on researchers and bug bounties
In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps. Video
-
Jim Lewis on SCADA security threats, Stuxnet analysis
Jim Lewis, Director and Senior Fellow at the Center for Strategic and International Studies, gives his analysis of the Stuxnet worm, and what he believes are the greatest threats to SCADA systems. Video
-
Information security podcasts
Download these weekly information security podcasts covering the top news and issues enterprise infosec pros care about to your PC or favorite mp3 player. Podcasts
-
Microsoft's Scott Charney on fighting botnets, rogue antimalware
In the final segment of SearchSecurity.com's exclusive RSA Conference 2011 video interview with Scott Charney, Microsoft's Corporate VP of Trustworthy Computing, he discusses a variety of concerns on the enterprise threat landscape. Video
-
Expert Bruce Schneier's Stuxnet malware analysis
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group discusses Stuxnet malware analysis. Video
-
Bruce Schneier on cyberweapons and cyberespionage
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group discusses offensive cyberweapons and cyberespionage. Video
- See More: Multimedia on Emerging Information Security Threats
-
Mac enterprise security: Going beyond Mac malware scans
More attackers see an opportunity in Mac enterprise environments. Mike Cobb explains how to ensure a Mac enterprise security plan goes beyond Mac malware scans. Tip
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
-
Symantec source code theft: Threat is low to current products, vendor says
The leak affected Symantec’s endpoint protection and corporate antivirus software. Symantec recommends customers ensure their products are up to date. News
-
Tilded platform responsible for Stuxnet, Duqu evasiveness
Researchers at Kaspersky Lab tie the Stuxnet worm and its sister Duqu Trojan to the Tilded platform, which helped the malware evade detection by traditional security software. News
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them. Answer
-
Curb the spam virus threat via information security awareness training
Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help. Answer
-
Does Morto worm prove inherent flaws in Windows RDP security?
The recent Morto worm had unusual success spreading via Windows Remote Desktop Protocol. Does that mean RDP is security too weak? Nick Lewis explains. Answer
-
Confusion over APT attacks leads to misguided security effort
Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT). News
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News
-
Duqu (W32.Duqu)
Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects. Definition
- See More: All on Emerging Information Security Threats
About Emerging Information Security Threats
Hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as rootkits and self-morphing Trojans to gain control of PCs. Read through our news, tips and advice to get the latest knowledge you need to defeat evolving hacker techniques.