Latest Posts


Physician Learns A Hard PHI Lesson

April 20, 2011 Added by:Rebecca Herold

What is important to point out about this case is that the doctor described the patient’s injuries in such a way that an unauthorized third party would be able to identify the person described, even though the doctor did not include any of the 18 specifically-named PHI items...

Comments  (0)


Top Five Mobile Operating System Options

April 20, 2011 Added by:Robert Siciliano

Five major players have floated to the top, dominating a major chunk of the mobile operating systems market. It used to be that people chose their phone only by their carrier and what brands they offered. Today many choose their phone based on the manufacturer and its operating system...

Comments  (0)


Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)


Whistleblower Costs CVS $17.5 Million... OK, Then What?

April 20, 2011 Added by:Katie Weaver-Johnson

The federal government is paying whistleblowers, and now that we also have Wikileaks and other public web sites to report to, organizations need to make sure they have more holistic and comprehensive platforms for employees to report suspicious incidents internally...

Comments  (0)


State Police Search Mobile Phones During Traffic Stops

April 20, 2011 Added by:Headlines

Complete extraction of existing, hidden, and deleted data, including call history, text messages, contacts, images, and allows visualization of existing and deleted locations on Google Earth. Location information from GPS devices and image geotags can be mapped on Google Maps...

Comments  (1)


Fifteen Top Paying IT Certifications

April 19, 2011 Added by:Global Knowledge

When most individuals hear the word "Certification", dollar signs immediately begin dancing in their heads. While some certifications do command a higher salary, this is not true for all. Time to look at some of the more popular certifications - and their associated pay...

Comments  (8)


European Cybercrime 10 Years On - Why It’s Not Working

April 19, 2011 Added by:Jared Carstensen

The recent economic growth in Europe (bank bailouts aside), upgrades to infrastructure, communications, and internet speeds, coupled with the reduced costs of equipment required for cyber criminals to operate, has greatly assisted cyber criminals and cartels in their mission...

Comments  (2)


Data Breach Overload is Killing SSA

April 19, 2011 Added by:Rafal Los

Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...

Comments  (0)


Epsilon Breach Will Impact Consumers for Years

April 19, 2011 Added by:Robert Siciliano

Consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton and others, letting them know that their e-mail addresses have been exposed. This provides a perfect opportunity for cybercriminals who may try to take advantage of the breach...

Comments  (1)


Cyber Attack Hits Oak Ridge National Laboratory

April 19, 2011 Added by:Headlines

"Certainly what we’ve seen is very consistent with the RSA attack. Whoever is doing this attempts to get a foothold in the network system, works patiently and relatively quietly to try to expand that and is looking for specific types of information..."

Comments  (0)


Web Application Security: Minimizing the Risk of Attacks

April 19, 2011 Added by:Sasha Nunke

Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...

Comments  (0)


Rogue Admins Allow Games on Company Servers

April 19, 2011 Added by:Bill Gerneglia

A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp"...

Comments  (1)


The Art of Cyber Warfare: Counterattack Fail

April 18, 2011 Added by:J. Oquendo

The sole purpose of Ensatus is deception and it drives the point of "fail" when it comes to counterattacking. If I were performing a sanctioned penetration test, I would be using decoys. In the event counterattacking were legal, you would be counterattacking an innocent victim...

Comments  (2)


Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)


Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)


Senators Introduce Cyber Security Public Awareness Act

April 18, 2011 Added by:Headlines

“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."

Comments  (0)


The Rise of Smartphones and Related Security Issues

April 18, 2011 Added by:Robert Siciliano

As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. For the younger generation, smartphones are used for a majority of ecommerce transactions...

Comments  (0)


Epsilon: Be Wary of Phishing Attempts

April 18, 2011 Added by:Rod MacPherson

Another scam that they are running is a fake Epsilon breach news update site (copied from the actual press release site) that offers up a downloadable tool that they tell you to run to see if the hackers have your e-mail address. That tool is a Trojan...

Comments  (0)


Defining the Insider Threat

April 17, 2011 Added by:Danny Lieberman

Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...

Comments  (8)


Mobile Devices Continue to Attract Cyber-Scamsters

April 17, 2011 Added by:Rahul Neel Mani

While it’s only beginning to percolate, a trend is clearly emerging— cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices...

Comments  (0)