Rethinking Information Security

Donovan Farrow

January 29, 2015 - Posted by Donovan Farrow to Security Insight

information security

Each day we go to our favorite Internet feed to read about the latest cyberattacks. A majority of these reports tell the story of a “scary attacker” that broke into a corporation, damaging all aspects of the company’s digital information and reputation. The stories go further into detail about how the attacks are brand new and one of the most “sophisticated” that the experts had ever seen.

This information leads me to share a conversation I had with a vice president of a (multi-billion dollar) company. This opportunity allowed me to present to an entire executive committee of the company and speak on the topic of information security. I gave the usual breakdown; expressing the importance of security layering, hardware and software recommendations and information security techniques. After about an hour of me yammering, it was time for... read more >

I Ain't Afraid of No Linux Ghost

Chad Kahl

January 28, 2015 - Posted by Chad Kahl to Threat Intelligence

ghost

Yes, I ain't afraid of the Linux Ghost, but if Gozer the Destructor comes through a vortex I might run away!

Many outlets are putting a focus on CVE-2015-0235, dubbed “Ghost”, due to the function being exploited. This doesn’t mean that it is as scary as some would make it out to be, and definitely not on the level of Heartbleed or Shellshock.

The Problem

Researchers at Qualys discovered a buffer overflow vulnerability in the GNU C Library (glibc). Glibc is the standard C programming language library and a... read more >

Android Malware

Protecting Corporate Assets from BYOD Security Risks

Michael Born

January 27, 2015 - Posted by Michael Born to Security Insight

mobile malware

I was reading a blog post about how cybercriminals are increasingly using HTML5 to sneak malware into application code, and it got me thinking.

Protecting application code from theft and reuse is becoming extremely important in mobile application security, along with guarding against the type of apps corporate end users are permitted to download and install.

As the number of mobile applications using HTML5 increase due to HTML5 cross-platform compatibility, or its platform independent nature, I envision more app developers incorporating it into their mobile app development as a time and cost saving measure. The unfortunate downside of doing so, however, is Android's lack of great binary protection mechanism.

In my previous Android blog, I explained how easy it... read more >

The Uncanny Exploit Kit Cycle

7 Stages of Advanced Malware Threats

Robert Clauff

January 22, 2015 - Posted by Robert Clauff to Security Insight

malware

Unless you have been living under a rock the last few years, I am sure you are aware of the rise of security breaches and the compromise of Fortune 500 companies.

This has a lot to do with the increasingly complex and advanced malware that is introduced into the wild, as well as those targeted towards specific companies and environments.

The days of simple viruses and malware are a thing of the past, similar to the days of $2.99 comic books. In case you were not aware, I am kind of a comic book nerd, but not just that, I am really passionate about good storytelling. While analyzing some advanced malware activity, I noticed a large similarity between the malware and the stories of which I am a fan. They both are very detailed and have complex patterns and paths.

Newly advanced malware... read more >

Planning for DDoS Attack Mitigation

Hacktivism Makes Preplanning Critical

Sherry Cummins

January 20, 2015 - Posted by Sherry Cummins to Security Insight

DDoS

Over the past few months, the frequency of stories in the news regarding Distributed Denial of Service (DDoS) attacks due to hacktivism has grown rapidly.
 
Victims of these attacks range from gamers and game providers such as World of Warcraft, large corporations (Microsoft), media outlets (CNN), city and state websites and entire countries. It seems like anyone with a cause, who wants to get their point across via protest, now uses denial of service against their targets as a standard expression of their discontent.

DDoS is the Molotov cocktail of Internet... read more >

Top 7 Social Media Security Practices

Susan Carter

January 15, 2015 - Posted by Susan Carter to Security Insight

social media security

Recently, the husband of a good friend of mine passed away.

They had very little money to pay for the horribly outrageous funeral cost. The local newspaper was going to charge my friend more than $300 each day to run a limited obituary. Instead, she and her husband’s brother posted the logistical information of the viewing and services on the husband’s Facebook page, as well as their own. The turnout was astounding and beautiful. It appeared that everyone who mattered had been informed and the outpouring of kind words and condolences was touching.

I honestly believe that had my friend just posted a print version in the local paper, only a fraction of the people who really cared would have been notified. This experience got me thinking.

I interact as little as possible with social networking applications, being in the security field and knowing what I know. 

Since my daughter-in-laws post pictures of my grandkids, I have some... read more >

Inviting the Wolf to Your Door

Understanding Threat Intelligence and the Targeted Environment

Cherine Abdalla

January 13, 2015 - Posted by Cherine Abdalla to Security Insight

threat intelligence

Criminals, Crazies, Crusaders and Castaways. These are four general (and clearly unofficial) categories for any threat actor.

“So what?” you say.

Call me "The Oracle," because whatever you’ve got in your arsenal is not going to be enough if you aren’t embracing a multidisciplinary approach to threat intelligence. You – yeah, YOU, my friend, are going to find yourself either behind the curve or the eight ball.

Here’s the thing, folks, and this is the point many in the industry need to wrap their heads around. We rarely stop to consider the posture of the target or client in the physical world which may be attracting certain threat actors.

I’m not talking just about security posture. I’m talking about everything. A client’s... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.
Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

Tags

LATEST TWEETS