Security Management Strategies for the CIO- Malware, Viruses, Trojans and Spyware
- Smartphone and PDA Viruses and Threats
- Emerging Information Security Threats
- Information Security Incident Response
- Hacker Tools and Techniques: Underground Sites and Hacking Groups
- Denial of Service (DoS) Attack Prevention
- Security Awareness Training and Internal Threats
- Application Attacks -Information Security Threats
- Web Server Threats and Countermeasures
- Identity Theft and Data Security Breaches
- Enterprise Vulnerability Management
- Email and Messaging Threats
- Web Application and Web 2.0 Threats
Email Alerts
-
Zeus Trojan (Zbot)
Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. A Trojan Horse is programming that appears to be legitimate but actually hides an attack.Definition
-
memory-scraping malware
Memory-scraping malware is a type of malware that helps hackers to find personal data. It examines memory to search for sensitive data that is not available through other processes.Definition
-
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report.News | Wed Apr 25 13:22:54 EDT 2012
-
How to protect a website from malware redirects
Malware redirects are a serious hazard in the jungle of infiltration exploits; Nick Lewis explains how they can be avoided.Answer
-
Whether to change default RDP port as a virus protection best practice
Using nonstandard ports for the RDP protocol blocks the Morto worm. But is changing port numbers a virus prevention best practice?Answer
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.News | Thu Mar 01 07:54:09 EST 2012
-
FireEye adds File Malware Protection System to existing platform
Security vendor FireEye announced File MPS, a new addition to their existing malware protection platform, at the RSA Conference 2012.News | Wed Feb 29 10:26:08 EST 2012
-
PDF download: Information Security magazine February 2012
Read about new antimalware strategies and readers' 2012 priorities in this issue of Information Security magazine.Magazine
-
Submit your questions about infosec threats
Nick Lewis is standing by to give you free, unbiased advice on information security threats.Answer
-
botnet (zombie army)
A zombie army (also known as a botnet) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward spam or viruses to other computers on the Internet... (Continued)Definition
- VIEW MORE ON : Malware, Viruses, Trojans and Spyware
-
differential power analysis (DPA)
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
-
New malware threats require new antimalware protection strategy
Attackers are targeting new vectors such as smartphones, social media and cloud services. Enterprises need to up their game.Magazine
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer
-
Personal online banking at work: Avoiding online banking security issues
Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
-
Mobility trend takes off in the enterprise but leaves out security
Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.Magazine
-
IT consumerization drives new security thinking
The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.Magazine
-
SRA launches One Vault Messenger for BlackBerry device encryption
SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.Article | Wed Feb 16 00:00:00 EST 2011
-
Mobile device security needs new approach, experts say
Companies lack the tools to control the onslaught of mobile devices in the enterprise.Feature
-
Cisco says attackers will take aim at Apple, Android mobile devices
The popularity of Apple and Google Android mobile devices could put them at risk of falling in the crosshairs of cybercriminals.Article | Thu Jan 20 00:00:00 EST 2011
-
differential power analysis (DPA)2
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
- VIEW MORE ON : Smartphone and PDA Viruses and Threats
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security?Answer
-
Hardening the network against targeted APT attacks
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks.Tip
-
Does accelerometer research portend keyboard-vibration attacks?
Expert Nick Lewis examines smartphone accelerometer research that may lead to keyboard-vibration attacks via a smartphone on a nearby computer.Answer
-
How to prevent a WPS flaw from damaging enterprise wireless security
The recent WPS flaw isn't just a consumer issue. Nick Lewis explains the effect on enterprise wireless security and how to avoid security issues.Tip
-
How to set up your own secure enterprise Android app store
Reduce the risk posed by smartphones and mobile applications by setting up a corporate app store for users that helps ensure Android application security.Tip
-
AMI networks: PKI security considerations
PKI components in smart grid and AMI infrastructure introduce new hazards.Magazine
-
Verizon sheds some light on cloud breaches
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.News | Wed Mar 28 00:00:00 EDT 2012
-
Facebook attacks illustrate need for education
Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.News | Tue Mar 27 00:00:00 EDT 2012
-
2012 Verizon DBIR: Hacktivists make impact on data breach statistics
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.News | Thu Mar 22 08:59:50 EDT 2012
-
Verizon 2012 DBIR recommends log analysis and password management
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.News | Thu Mar 22 06:32:15 EDT 2012
- VIEW MORE ON : Emerging Information Security Threats
-
Some CISOs consider ripping out or augmenting outdated SIEM systems
Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.News | Mon Apr 02 13:16:20 EDT 2012
-
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack
A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
-
Confusion over APT attacks leads to misguided security effort
Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).News | Tue Nov 15 11:35:49 EST 2011
-
Getting started with a DNSSEC implementation
The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.Answer
-
differential power analysis (DPA)
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
-
DoS attack responses demand better business continuity plans
Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers.Tip
-
Probing Anonymous hacktivists a serious challenge for researchers
Security researchers try to get a better understanding of their adversary, but probing Anonymous is proving to be a difficult challenge.News | Wed Apr 18 10:23:49 EDT 2012
-
Screencast: How to use GHDB to identify security holes, Googledorks
In this screencast, Mike McLaughlin uses the Google Hacking Database (GHDB) to identify Googledorks and other security vulnerabilities.Video
-
Professional developers behind Duqu Trojan
The Duqu Trojan’s communications module was written in a custom version of C—indicating a sophisticated professional development team at work.News | Mon Mar 19 00:00:00 EDT 2012
-
Ira Winker: Does recent hacktivism news justify enterprise hacktivism defense?
Information security expert Ira Winkler discusses hacktivism news, in the wake of Anonymous and LulzSec, and justifies why enterprise hacktivism defense isn't needed.Video
-
Do we need zero-day research?
Vulnerability research is at a crossroads as bug hunters in pursuit of zero-day vulnerabilities and exploits feel pressure from the security community.News | Mon Mar 12 00:00:00 EDT 2012
-
Feds announce Anonymous, LulzSec arrests
Alleged Anonymous, LulzSec hackers charged in connection with attacks on Sony, PBS, HBGary and others.News | Tue Mar 06 19:14:58 EST 2012
-
Hacking back puts security on the offensive
Two penetration testers at RSA Conference 2012 explain how enterprises can hack back against attackers and stay within legal and ethical boundaries.News | Thu Mar 01 17:43:48 EST 2012
-
HP TippingPoint revamps Pwn2Own hacking contest, removes mobile hacks
Popular Pwn2Own hacking contest at the CanSecWest conference will be fairer to contestants and winners with larger cash prizes, says TippingPoint.News | Mon Jan 23 15:08:43 EST 2012
- VIEW MORE ON : Hacker Tools and Techniques: Underground Sites and Hacking Groups
-
Avoiding cloud bandwidth costs resulting from a cloud DDoS attack
A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.News | Wed Aug 31 10:04:16 EDT 2011
-
voluntary botnet
A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Definition
-
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
-
Curb the spam virus threat via information security awareness training
Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.Answer
-
Personal online banking at work: Avoiding online banking security issues
Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
-
Security School: Watching the watchers
In our latest lesson, Andreas M. Antonopoulos explores how to monitor the activities of trusted insiders with policy, processes and technology.Tutorial
-
metamorphic malware
Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration. Definition
-
Gartner’s Neil MacDonald on RSA, APT and the social engineering threat
In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.Video
-
Gartner’s Neil MacDonald on RSA, APT and the social engineering threat
In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.News | Fri Jun 24 00:00:00 EDT 2011
-
Gaining awareness to prevent social engineering techniques, attacks
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.Magazine
-
rootkit
A rootkit is a collection of tools (programs) that enables administrator-level access to a computer or computer network... (Continued)Definition
-
U.S. critical infrastructure security: Highlighting critcal infrastructure threats
Despite heightened post-9/11 security awareness, the U.S. is exposed to numerous critical infrastructure threats.Misc
-
Antivirus software comparison, 2004: Not all AV products are equal
Your desktop AV may be leaving you wide open to attack.News | Tue Jun 01 00:00:00 EDT 2004
-
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | Wed Dec 21 12:02:32 EST 2011
-
XSS cheat sheet: How to prevent XSS attacks and detect exploits
Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
-
blue pill rootkit
The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.Definition
-
Scott Charney: Microsoft security policy and collective defense
In this video, Microsoft's VP for Trustworthy Computing, Scott Charney, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.Video
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
-
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
-
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | Wed Dec 21 12:02:32 EST 2011
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
-
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
-
Proxy server security: Defending against DoS and other attacks
In this expert response, find out how to boost proxy server security in the enterprise.Ask the Expert
-
Global Payments breach exposes PCI shortcomings
Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.News | Tue Apr 03 00:00:00 EDT 2012
-
Ponemon Cost of Data Breach Report finds expenses declining for first time
The seventh annual Ponemon Cost of Data Breach Report analyzed 49 U.S. companies and found organizations with CISOs and a formal incident response plan helped cut costs.News | Tue Mar 20 11:38:33 EDT 2012
-
Feds announce Anonymous, LulzSec arrests
Alleged Anonymous, LulzSec hackers charged in connection with attacks on Sony, PBS, HBGary and others.News | Tue Mar 06 19:14:58 EST 2012
-
The RSA breach: One year later
The attack on RSA shook the security industry to its core: A look at the breach’s far reaching impact.Magazine
-
Symantec breach highlights remote management holes
Poorly configured remote administration tools are a common attack vector, security experts say.Magazine
-
New Epsilon CISO to expand security team, assess security practices
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.News | Wed Jan 25 09:57:08 EST 2012
-
Care2 resets millions of account credentials following security breach
Care2, a social network that promotes a variety of causes, announced a data security breach Dec. 28 in which hackers targeted account credentials on the company servers.News | Thu Jan 05 10:16:46 EST 2012
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer
-
Year’s top 5 security podcasts highlight security breaches of 2011
Among the experts are Verizon’s Wade Baker on data breaches, Microsoft’s David Ladd on software security and Catalin Cosoi of BitDefender on targeted attack prevention.News | Fri Dec 30 14:39:45 EST 2011
-
Cybersecurity threats target lack of SMB security
Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.Magazine
- VIEW MORE ON : Identity Theft and Data Security Breaches
-
differential power analysis (DPA)
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
-
Webcast: DNS security best practices; securing DNS infrastructure
Char Sample details three key methods for securing DNS, including how to monitor an enterprise’s DNS infrastructure traffic.Video
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
File integrity monitoring software benefits for the enterprise
In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises.Video
-
Personal online banking at work: Avoiding online banking security issues
Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer
-
Striving for better information security intelligence
Security teams strive to gain visibility from a deluge of security information and put that data to work.Magazine
-
differential power analysis (DPA)2
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition
-
advanced persistent threat (APT)
An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.Definition
-
Which tools will help in validating form input in a website?
Find out how to validate form input in a website.Ask the Expert
-
Antivirus software comparison, 2004: Not all AV products are equal
Your desktop AV may be leaving you wide open to attack.News | Tue Jun 01 00:00:00 EDT 2004
-
domain rotation
Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.Definition
-
Tackling SSL vulnerabilities for secure online transactions
A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Magazine
-
The threat landscape and Web 2.0 technologies
The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Magazine
-
malvertisement (malicious advertisement or malvertising)
A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
-
XSS cheat sheet: How to prevent XSS attacks and detect exploits
Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial
-
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition
-
Which tools will help in validating form input in a website?
Find out how to validate form input in a website.Ask the Expert