Information Security Threats

Choosing among antimalware products: Final considerations

Mike Rothman discusses important last-minute considerations when choosing among antimalware products from finalist antimalware vendors.Tip

Technical considerations for selecting the best antimalware technology

Mike Rothman discusses the evolution of malware and how today's antimalware products should handle detection and remediation.Tip

Antimalware software introduction: Business benefits and drawbacks

Mike Rothman discusses how antimalware software has evolved to develop various business and technology issues, but also still holds many benefits.Tip

The Red October malware campaign uncovered: What enterprises can learn

Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.Tip

Apple security update: Is it ready for the enterprise?

It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.Feature

Utilize the Blacksheep technique for rootkit detection, cleanup

Is the Blacksheep technique a legitimate enterprise option for rootkit detection and cleanup? Expert Nick Lewis discusses.Answer

Apple security update: Is it ready for the enterprise?

The Narilam malware: How to protect SQL databases, corporate records

Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation.Answer

The updated Makadocs malware: How to protect users locally

Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users.AtE

Verizon DBIR 2013: Damage caused by simple attacks, slow detection

Verizon's 2013 breach report shows most breaches are caused by a select few attack types, and the majority of breaches aren't detected for months.News | 22 Apr 2013

Enterprise mobile device defense fundamentals

This Security School lesson will examine the realities of the security threat posed by mobile devices such as smartphones and tablets, the methods savvy attackers are using today to take advantage of vulnerable mobile devices, and the technology and policy decisions you need to consider around personal devices and corporate data stored and accessed by consumer devices.partOfGuideSeries

differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition

New malware threats require new antimalware protection strategy

Attackers are targeting new vectors such as smartphones, social media and cloud services. Enterprises need to up their game.Magazine

QR codes security: Do malicious QR codes pose a risk?

Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Mobility trend takes off in the enterprise but leaves out security

Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.Magazine

IT consumerization drives new security thinking

The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.Magazine

SRA launches One Vault Messenger for BlackBerry device encryption

SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.Article | 16 Feb 2011

Mobile device security needs new approach, experts say

Companies lack the tools to control the onslaught of mobile devices in the enterprise.Feature

Cisco says attackers will take aim at Apple, Android mobile devices

The popularity of Apple and Google Android mobile devices could put them at risk of falling in the crosshairs of cybercriminals.Article | 20 Jan 2011

The Red October malware campaign uncovered: What enterprises can learn

Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.Tip

Over 100k serial devices online and unsecured, says HD Moore

Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable.News | 25 Apr 2013

The updated Makadocs malware: How to protect users locally

Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users.AtE

MiniFlame malware: Assessing the threat to enterprises

Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned.Answer

Malware hits businesses 20 to 60 times an hour, say researchers

Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEyeNews | 04 Apr 2013

Gauging UPnP security risks: Is UPnP secure enough for enterprise use?

Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat.Tip

Protect intellectual property with data breach prep, cost analysis

Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.'Tip

Research highlights speed, frequency of ICS security attacks

A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches.News | 20 Mar 2013

Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip

MySQL security analysis: Mitigating MySQL zero-day flaws

In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed?Tip

Opinion: Yemeni CERT could turn the tide for Millennials

Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.Opinion

ISM February 2004 Ranum

Opinion: LinkedIn hacking incident betrays users’ trust

Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.News | 14 Jun 2012

Some CISOs consider ripping out or augmenting outdated SIEM systems

Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.News | 02 Apr 2012

Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer

Confusion over APT attacks leads to misguided security effort

Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).News | 15 Nov 2011

Getting started with a DNSSEC implementation

The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.Answer

React in seconds with a network incident response plan

A network incident response plan enables the split-second reactions necessary to survive next-generation attacks.Column

Lessons of cyberwar: A chance to boost information security budgets

In the wake of an incident, CISOs should make the most of the opportunity to increase information security budgets.Column

After lull, PLA 'Comment Crew' hasn't changed cyber-espionage tactics

The Chinese government's alleged cyber-espionage arm remains active after a quiet period, using the same tactics revealed in Mandiant's APT1 report.News | 06 May 2013

The Red October malware campaign uncovered: What enterprises can learn

Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.Tip

Symantec 2013 Threat Report highlights rise in SMB attacks

Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.News | 18 Apr 2013

Bruce Schneier: China cyberwar rhetoric risks dangerous implications

Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom.Video

Cyberwar calls for software and system investment, not hacking back

'Internet underground' fight demands better cybersecurity intelligence

Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground."News | 22 Mar 2013

Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip

RSA 2013 crowd awed by live 'sinkholing' in P2P botnet takeover

Tillmann Werner of CrowdStrike wowed onlookers with a live 'sinkholing' demonstration, taking down the Kelihos P2P botnet.News | 04 Mar 2013

RSA 2013: China not the only cyber espionage country, says Mandiant

China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant.News | 28 Feb 2013

Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013

Chinese cyberattacks rely on spear phishing and overwhelming numbers, not sophisticated attack methods, says a researcher at RSA Conference 2013.News | 27 Feb 2013

Cyberbunker’s Sven Kamphuis denies unleashing DDoS attacks on Spamhaus

The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date claims he is the victim of an establishment conspiracy.cyber security | 02 Apr 2013

UGNazi hacker group claims responsibility for Twitter outage

Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.News | 21 Jun 2012

Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer

Apache DDoS vulnerability requires immediate update to avoid threat

Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.News | 31 Aug 2011

voluntary botnet

A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

Antivirus software comparison, 2004: Not all AV products are equal

U.S. critical infrastructure security: Highlighting critcal infrastructure threats

Gaining awareness to prevent social engineering techniques, attacks

Curb the spam virus threat via information security awareness training

Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.Answer

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Security School: Watching the watchers

In our latest lesson, Andreas M. Antonopoulos explores how to monitor the activities of trusted insiders with policy, processes and technology.Tutorial

metamorphic malware

Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration.  Definition

RSA SecurID attack, social engineering threat analysis from Gartner's Neil MacDonald

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.Video

Gartner’s Neil MacDonald on RSA, APT and the social engineering threat

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.News | 24 Jun 2011

Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011

XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial

blue pill rootkit

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.Definition

Scott Charney: Microsoft security policy and collective defense

In this video, Microsoft's VP for Trustworthy Computing, Scott Charney, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.Video

privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011

privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Proxy server security: Defending against DoS and other attacks

In this expert response, find out how to boost proxy server security in the enterprise.Ask the Expert

Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

Lack of SMB security opens door to online criminals

Data breaches show enterprise need for better data security management

Breaches prompt call for certificate authority architecture alternatives

The RSA breach: One year later

Symantec breach highlights remote management holes

piggybacking

Piggybacking, in a wireless communications context, is the unauthorized use of a wireless LAN. The purpose is network access, rather than any malicious intent, but it can slow down data transfer for the legitimate network users.Definition

Global Payments breach exposes PCI shortcomings

Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.News | 03 Apr 2012

Ponemon Cost of Data Breach Report finds expenses declining for first time

The seventh annual Ponemon Cost of Data Breach Report analyzed 49 U.S. companies and found organizations with CISOs and a formal incident response plan helped cut costs.News | 20 Mar 2012

Feds announce Anonymous, LulzSec arrests

Alleged Anonymous, LulzSec hackers charged in connection with attacks on Sony, PBS, HBGary and others.News | 06 Mar 2012

Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip

Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip

Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video

Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video

Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video

differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition

Webcast: DNS security best practices; securing DNS infrastructure

Char Sample details three key methods for securing DNS, including how to monitor an enterprise’s DNS infrastructure traffic.Video

Adopt Zero Trust to help secure the extended enterprise

Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip

File integrity monitoring software benefits for the enterprise

In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises.Video

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Improving enterprise email security: Systems and tips

Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Tip

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

domain rotation

Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.Definition

TLS security: Background on the 'Lucky Thirteen' attack

Professor Kenneth Paterson and graduate student Nadhem AlFardan have discovered a TLS attack that tracks the timing of error messages to reveal plaintext.News | 08 Feb 2013

The threat landscape and Web 2.0 technologies

Tackling SSL vulnerabilities for secure online transactions

Tackling SSL vulnerabilities for secure online transactions

A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Magazine

The threat landscape and Web 2.0 technologies

The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Magazine

malvertisement (malicious advertisement or malvertising)

A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition

XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Which tools will help in validating form input in a website?

Find out how to validate form input in a website.Ask the Expert

Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries