Latest Posts

E313765e3bec84b2852c1c758f7244b6

McAfee: 65 Million Malware Samples - That’s Just the Tip

August 30, 2011 Added by:Brent Huston

I was fascinated by this article that came across my newsfeed that said McAfee hit 65 million malware samples in the 2nd quarter of 2011. It seems that the malware cat truly is out of the bag. It also seems like someone forgot to warn the crimeware world about opening Pandora’s box...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Big Discounts on Infosec Training and Certifications

August 30, 2011 Added by:Infosec Island Admin

The ISLAND TRADEWINDS program is designed to offer infosec training and certification opportunities at significantly discounted rates. You can receive discounts of up to $500 or 20% on courses from Global Knowledge, Career Academy, SANS, and the Infosec Institute...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Question: Why Cybercrime?

August 30, 2011 Added by:Craig S Wright

Cybercriminals are actually extremely rational. And not necessarily talking of hacktivists and others without a clear profit motive, but those with a drive to make money act extremely rationally. Consequently, there is a solution: Reduce their profit...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Did China Really Expose a Cyber Attack Tool?

August 30, 2011 Added by:Joel Harding

Wow, it’s really cool that we have proof that China not only has the capabilities but has been caught red-handed attacking a website, and the target they’re attacking is located inside the US. I’m sure somebody at the new US Cyber Command jumped up and down and said, “Yes! We have proof..."

Comments  (5)

69dafe8b58066478aea48f3d0f384820

CERT Malaysia Releases DNSwatch Tool

August 30, 2011 Added by:Headlines

"DNSwatch will help you avoid known bad websites or sites that will trick your computer into downloading and installing malicious programs on your computer. Even better, DNSwatch will also prevent you from accessing malicious websites that you may not even know your computer is trying to access..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Advanced Persistent Monkey See Monkey Do

August 29, 2011 Added by:J. Oquendo

Arguments surrounding APT will remain a battle of expert vs. expert - but how about we use some common sense for a moment? If YOU were an attacker, why would you bother attacking from your own fixed location? It would make more sense to attack from another country for deflection purposes...

Comments  (6)

972cda1e62b72640cb7ac702714a115f

Universities Account for a Higher Number of Breaches

August 29, 2011 Added by:Kurt Aubuchon

Hospitals are 48 times more likely to show up as breach victims than would be predicted if breaches were distributed evenly among all US firms. Colleges and universities turn up in breach reports about 357 times more often than if distributed evenly. That is a staggering number....

Comments  (2)

B09c361cbdc6cf629affdc7db30a186d

Security Awareness Education Begins with the Youth

August 29, 2011 Added by:Steven Fox, CISSP, QSA

DefCon Kids follows the trend towards developing cybersecurity skills in youth, so that these young professionals will one day be prepared to tackle the increasingly advanced cyber attacks that constantly threaten today’s enterprises...

Comments  (0)

Bba64a7961617937bd4628e1198bc543

My Bid for the ISC2 Board of Directors Ballot

August 29, 2011 Added by:Wim Remes

I want to work with ISC2 leadership and membership to review the current status of the CISSP certification, how it is perceived by different audiences, and improve the exam process. With over 79,000 certification holders, it could be concluded that the certification is doing well...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Q2 DDoS Attacks: Some Facts and Figures

August 29, 2011 Added by:Headlines

"Cybercriminals... are increasingly using DDoS attacks as a diversionary tactic when launching more sophisticated attacks such as those on online banking systems. Complex attacks of this nature are particularly damaging in that they can cause significant losses for the financial institutions..."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Benefits of Investigating Employee Complaints

August 29, 2011 Added by:Thomas Fox

Encouraging internal reporting helps you detect misconduct in its earlier stages. The sooner you investigate, the sooner you put an end to the misconduct reported. For fraud cases, this is particularly important, as stopping fraud sooner results in less money lost...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Researchers Find LinkedIn Spam Downloads Trojan

August 29, 2011 Added by:Headlines

"These password-stealing Trojans are programmed to insert themselves into the browser stack and can intercept login pages even before they are encrypted by HTTPS... code snippets ask for additional security questions or special passwords, information the password thieves want..."

Comments  (1)

44fa7dab2a22dc03b6a1de4a35b7834a

Federal OMB Directs Agencies to Expand CIO Powers

August 29, 2011 Added by:Bill Gerneglia

This expansion of the role of the CIO at the federal level is seen as essential by outgoing Federal CIO Kundra in order to drive desired cost savings and ROI through specific programs like the data center consolidation program as well as the migration of applications to the cloud...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Google Settles with DOJ for $500 Million Over Drug Ads

August 29, 2011 Added by:Headlines

“This investigation is about the patently unsafe, unlawful, importation of prescription drugs by Canadian on-line pharmacies, with Google’s knowledge and assistance, into the United States, directly to U.S. consumers,” said U.S. Attorney Neronha...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Red Hat 5 STIG: Kernel Modules

August 29, 2011 Added by:Jamie Adams

The new draft STIG requires entries in a configuration file to prevent the kernel from loading modules – even if the modules aren't installed on the system. Nonetheless, I have compiled a list of the required settings which must be set in your modprobe.conf configuration file...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Morto Computer Worm Spreading via RDP

August 29, 2011 Added by:Headlines

"We don't see that many internet worms these days. It's mostly just bots and trojans. But we just found a new internet worm, and it's spreading in the wild... It uses a new spreading vector that we haven't seen before: RDP," said F-Secure...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Mitigating the Apache Range Header DoS Vulnerability

August 28, 2011 Added by:Mark Baldwin

A new Apache DoS vulnerability was reported by security researcher Kingcope on the Seclists.org Full Disclosure mailing list that affects most default installations of Apache 1.3/2.x. Fortunately, there are some configuration settings that can be adjusted to mitigate this vulnerability...

Comments  (1)

7ca9cf570bb97d22b119f3a70d335ede

The Urban Legend of Multipass Hard Disk Overwrite

August 28, 2011 Added by:Brian Smithson

Multipass disk overwrite and the “DoD 5220-22-M standard 3-pass wipe” are, at best, urban legends. At worst, they are a waste of time. A single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable...

Comments  (6)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance - Getting the Formula Right

August 27, 2011 Added by:Rafal Los

Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Social Media During a Crisis

August 26, 2011 Added by:Joel Harding

Without electricity most of us are going to be hosed, we won't have access to social media to communicate with family and friends. We won't be able to check the latest news and information from the government from websites and once everybody has moved to the cell phone networks, they'll crash...

Comments  (1)