Blog Posts Tagged with "Exfiltration"
A Field Guide to Post-UDID Unique IDs on iOS
May 10, 2012 Added by:Fergal Glynn
Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...
Comments (0)
Nissan Confirms Cyber Attack and Network Breach
April 25, 2012 Added by:Headlines
"We have detected an intrusion into our company's global information systems network... we believe that our systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted..."
Comments (0)
It's Not the Spam Email But What Lies Behind Them
March 16, 2012 Added by:Alan Woodward
The fact that such large proportion of home machines host unknown malware hides a bigger threat. By hijacking so many PCs it is possible to mount a massive probing operation that can seek out high value targets that are susceptible to classic hacking attacks...
Comments (0)
The Jester's QR-Code Pwns Targets with WebKit Exploit
March 09, 2012 Added by:Headlines
The operation was intended to snare unsuspecting targets previously aggregated in a database. Those who scanned the QR-Code were then cross-referenced with known targets, and those targets were subsequently pwned, having their address books, texts and emails exfiltrated...
Comments (0)
Congressional Testimony Reveals Security at NASA Lacking
March 02, 2012 Added by:Headlines
"In its fiscal year 2010 report to Congress on FISMA implementation, the OMB reported a Government-wide encryption rate for these devices of 54 percent. However, as of February 1, 2012, only 1 percent of NASA portable devices/laptops have been encrypted," Martin testified...
Comments (0)
Lessons from the Nortel Networks Breach
February 17, 2012 Added by:Suzanne Widup
Much is being published about how inappropriate the response to the Nortel incident was, but it demonstrates an important point for companies - how do you know when you’ve done enough? How do you tell when an incident is over, and you should go back to business as usual?
Comments (0)
APT: What It Is and What It’s Not
February 10, 2012 Added by:Scot Terban
They can use the most elegant of solutions and nimbly change their tactics, on the fly create/edit code to defeat the defender's tactics, and use the most simplistic of attacks in the effort to gain access KEEP it as long as possible to succeed in their own ends...
Comments (0)
Data Loss Prevention Step 6: Encrypting Data at Rest
February 07, 2012 Added by:Rafal Los
Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...
Comments (2)
MSUpdater Trojan Smuggles Data as Windows Update Traffic
February 01, 2012 Added by:Headlines
"We don't have information about the people behind those attacks, however as all of them are targeting government-related organizations, it is highly reasonable to suspect that the attackers are high profile, maybe even a country..."
Comments (0)
Did Symantec's 2006 Breach Impact These High Risk Customers?
February 01, 2012 Added by:Jeffrey Carr
As the world's largest vendor of security software, the breach puts all of its corporate and government customers at risk, because if Symantec didn't know the extent of its breach back then, how do Symantec's customers know that their current product line is safe to use?
Comments (0)
Cyber Shafarat 2012: Cyber Warfare, OpSec and Intelligence
January 31, 2012 Added by:Jeff Bardin
Cyber criminals, nation-states, hacktivists and other adversaries have different approaches to circumventing cyber defenses. They execute sometimes sophisticated, sometimes simple-minded attacks designed to use and exploit threat vectors as required to accomplish the task...
Comments (0)
It's Time to Evolve How We Protect Our Data
January 25, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
Comments (0)
Data Loss Prevention Step 4: Prevent Network Cross-Connect
January 12, 2012 Added by:Rafal Los
Preventing network cross-connect used to be simple as making sure your VPN client wasn't able to perform split-tunneling so malware couldn't bounce to your corporate office. If your corporate office is virtual all that stopped mattering...
Comments (0)
Chinese Hack of U.S. Chamber Undetected for Six Months
December 22, 2011 Added by:Headlines
"What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," said the Chamber's COO David Chavern...
Comments (0)
How Not to Recruit Spies Online and Off
December 21, 2011 Added by:Scot Terban
One must look at the range and breadth of companies and entities being broken in to by the likes of China to see that no one is exempt. Know the ins and outs of the technology as well as the spook landscape, especially if you work in infosec today, lest you become the next target...
Comments (2)
Data Loss Prevention - Step 3: Engage Physical Security
December 20, 2011 Added by:Rafal Los
While often missed, this component of security is one of the most critical when it comes to understanding, and fighting the loss of data in your organization in a very real, tangible way. There are three types of threats you want to be aware of from the physical perspective...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?