Latest Posts

959779642e6e758563e80b5d83150a9f

Threats to Personal Health Information

May 14, 2011 Added by:Danny Lieberman

Humans are naturally curious and always worried when it comes to the health condition of friends and family. HIPAA risk and compliance assessments at hospitals in Israel, the US and Australia consistently show that the number one attack vector on PHI is friends and family, not hackers...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

The Bin Laden Raid and the May 15th Facebook Intifada

May 13, 2011 Added by:Dan Dieterle

Teams from 10 agencies are combining to sift through the sizable stash of data recovered from Osama Bin Laden’s compound, as intelligence experts look to get a handle on the former al-Qaeda leader and learn more about the group’s plans, according to a top Defense Department official...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Testing Your FCPA Compliance Program

May 13, 2011 Added by:Thomas Fox

If there are components which need to be enhanced, you will have the opportunity to do so. If additional or supplemental training is called for; then take the opportunity to provide it. In short, do not be a afraid of the results...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sunspot Financial Malware Targeting Windows Systems

May 13, 2011 Added by:Headlines

"Sunspot was not originally developed as crimeware... We could be witnessing a sea change in malware development where general purpose and little know malware platforms are re-programmed to carry out financial fraud. This will make it even more difficult to defend against..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Back Up Your Backup, Then Back It Up Again

May 13, 2011 Added by:Robert Siciliano

If you aren’t in the habit of backing up your data, you might assume it’s difficult or tedious. But I’ve got news for you, it’s easy-peasy. Backing up is a complete no-brainer. There are many backup options. New PCs often come bundled with backup options included in the “bloat ware"...

Comments  (5)

5e402abc3fedaf8927900f014ccc031f

Loyalty Cards vs. Privacy Concerns

May 13, 2011 Added by:Allan Pratt, MBA

When stores or restaurants offer a loyalty card, in exchange, the customer is asked to provide name, telephone number, email address, snail mail address, and possibly other defining characteristics or shopping preferences. But what happens to my confidential information?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CERT Warns of Iconics SCADA Software Vulnerability

May 13, 2011 Added by:Headlines

GenVersion.dll is a component used by the WebHMI interface. By passing a specially crafted string to the SetActiveXGUID method, it is possible to overflow a static buffer and execute arbitrary code with the privileges of the logged on user. Users could be lured to malicious sites...

Comments  (1)

B451da363bb08b9a81ceadbadb5133ef

ERP Vulnerabilities Differ from Those at the Database Level

May 13, 2011 Added by:Alexander Rothacker

ERP applications are attractive targets because this software is present in all major organizations and across the whole enterprise. The backend database of these systems usually contains customer data and key company secrets, such as the logic for business processes...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Facebook Debuts Two-Factor Login Authentication

May 13, 2011 Added by:Headlines

The new authentication feature allows users the option of requiring that a one-time numeric authentication code be entered in addition to the standard username/password combination if the network detects a login attempt from a device that has not been previously saved by the user...

Comments  (2)

8c4834b99847b9f7c9ee94b45df086f9

SSD’s and the Importance of Encryption

May 12, 2011 Added by:Emmett Jorgensen

With data privacy issues becoming increasingly important, regulations have tightened on information security. Regulators often impose sanctions for data breaches as outlined in state laws. New regulations bring added importance to the need to securely erase data from an SSD...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Application Security Profiling Exercise: Important Considerations

May 12, 2011 Added by:kapil assudani

Determining the security profile of an application is a very involved and complicated process – one needs to understand the business logic of the application, its integration with other applications and the security profile of the context this application interacts with...

Comments  (1)

B857c2d01b284ca0422ae1830275de40

Sony Data Breach – Lessons for the End-Users

May 12, 2011 Added by:Nabeel Shamsi

One level of protection: Use virtual credit cards. Both Citi and Discover offer virtual credit cards, which can only be used at a single merchant. If someone gets your virtual card number, it is of no use to them...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FBI Surveillance: If We Told You, You Might Sue

May 12, 2011 Added by:Headlines

"These businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI. The stigma of working with the FBI would cause customers to cancel the companies' services and file civil actions to prevent further disclosure of subscriber information..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Obama Delivers Cybersecurity Strategy to Congress

May 12, 2011 Added by:Headlines

“We are now in a world in which cyber warfare is very real. It could threaten our grid system. It could threaten our financial system. It could paralyze this country, and I think that's an area we have to pay a lot more attention to..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Just How Overrated is Cyberspace Doomsday?

May 12, 2011 Added by:J. Oquendo

These environments are very complex. There would need to be years of reconnaissance with heavy financial investments to pull off a successful attack. Any attacker would have to cross their fingers and hope that their target did not upgrade, migrate, or change software...

Comments  (5)

3e35900ae6facc6c146a85c435c71d82

Auditing Security, Measuring Risk, and Promoting Compliance

May 11, 2011 Added by:Ben Rothke

In most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network...

Comments  (0)

972cda1e62b72640cb7ac702714a115f

NPV and ROSI Part II: Accounting for Uncertainty in the ARO

May 11, 2011 Added by:Kurt Aubuchon

Running the simulation for multiple ARO (Annualized Rate of Occurrence), you find the ARO at which the model begins to produce a positive ROSI in a majority of the simulations. You can determine how frequently a breach has to happen before a security investment makes sense...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC Privacy Enforcement Update

May 11, 2011 Added by:David Navetta

With the Ceridian and Lookout settlements, the FTC wants to dispel the notion that it is focused solely on large scale, high profile privacy and information security violations affecting consumers. This is another reason to take a hard look at your company's compliance...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Source Code for Zeus Crimeware Toolkit Disclosed

May 11, 2011 Added by:Headlines

"With the source code in the wild it's likely we'll see an increase in attacks since lots of potential criminals might have been lacking both financials and trustworthiness to obtain their own license of this kit. Now being available as source code we'll likely see rebranding and modifications..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Just How Important is Cyberspace Defense?

May 11, 2011 Added by:Robert Siciliano

Critical infrastructures all depend on the electric grid. After a major attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied...

Comments  (0)