Each day we go to our favorite Internet feed to read about the latest cyberattacks. A majority of these reports tell the story of a “scary attacker” that broke into a corporation, damaging all aspects of the company’s digital information and reputation. The stories go further into detail about how the attacks are brand new and one of the most “sophisticated” that the experts had ever seen.
This information leads me to share a conversation I had with a vice president of a (multi-billion dollar) company. This opportunity allowed me to present to an entire executive committee of the company and speak on the topic of information security. I gave the usual breakdown; expressing the importance of security layering, hardware and software recommendations and information security techniques. After about an hour of me yammering, it was time for... read more >
Yes, I ain't afraid of the Linux Ghost, but if Gozer the Destructor comes through a vortex I might run away!
Many outlets are putting a focus on CVE-2015-0235, dubbed “Ghost”, due to the function being exploited. This doesn’t mean that it is as scary as some would make it out to be, and definitely not on the level of Heartbleed or Shellshock.
Protecting Corporate Assets from BYOD Security Risks
I was reading a blog post about how cybercriminals are increasingly using HTML5 to sneak malware into application code, and it got me thinking.
Protecting application code from theft and reuse is becoming extremely important in mobile application security, along with guarding against the type of apps corporate end users are permitted to download and install.
As the number of mobile applications using HTML5 increase due to HTML5 cross-platform compatibility, or its platform independent nature, I envision more app developers incorporating it into their mobile app development as a time and cost saving measure. The unfortunate downside of doing so, however, is Android's lack of great binary protection mechanism.
7 Stages of Advanced Malware Threats
Unless you have been living under a rock the last few years, I am sure you are aware of the rise of security breaches and the compromise of Fortune 500 companies.
This has a lot to do with the increasingly complex and advanced malware that is introduced into the wild, as well as those targeted towards specific companies and environments.
The days of simple viruses and malware are a thing of the past, similar to the days of $2.99 comic books. In case you were not aware, I am kind of a comic book nerd, but not just that, I am really passionate about good storytelling. While analyzing some advanced malware activity, I noticed a large similarity between the malware and the stories of which I am a fan. They both are very detailed and have complex patterns and paths.
Newly advanced malware... read more >
Hacktivism Makes Preplanning Critical
Over the past few months, the frequency of stories in the news regarding Distributed Denial of Service (DDoS) attacks due to hacktivism has grown rapidly.
Victims of these attacks range from gamers and game providers such as World of Warcraft, large corporations (Microsoft), media outlets (CNN), city and state websites and entire countries. It seems like anyone with a cause, who wants to get their point across via protest, now uses denial of service against their targets as a standard expression of their discontent.
Recently, the husband of a good friend of mine passed away.
They had very little money to pay for the horribly outrageous funeral cost. The local newspaper was going to charge my friend more than $300 each day to run a limited obituary. Instead, she and her husband’s brother posted the logistical information of the viewing and services on the husband’s Facebook page, as well as their own. The turnout was astounding and beautiful. It appeared that everyone who mattered had been informed and the outpouring of kind words and condolences was touching.
I honestly believe that had my friend just posted a print version in the local paper, only a fraction of the people who really cared would have been notified. This experience got me thinking.
I interact as little as possible with social networking applications, being in the security field and knowing what I know.
Since my daughter-in-laws post pictures of my grandkids, I have some... read more >
Understanding Threat Intelligence and the Targeted Environment
Criminals, Crazies, Crusaders and Castaways. These are four general (and clearly unofficial) categories for any threat actor.
“So what?” you say.
Call me "The Oracle," because whatever you’ve got in your arsenal is not going to be enough if you aren’t embracing a multidisciplinary approach to threat intelligence. You – yeah, YOU, my friend, are going to find yourself either behind the curve or the eight ball.
Here’s the thing, folks, and this is the point many in the industry need to wrap their heads around. We rarely stop to consider the posture of the target or client in the physical world which may be attracting certain threat actors.