Patch! Patch! Patch! What Security Pros Know that Your Barber Doesn’t

[Originally published in the Spiceworks IT Community.]

A Google security research paper was recently published on the best safety practices that hundreds of security experts recommend. This paper outlines the results of two surveys — one with 231 security experts, and another with 294 web-users who aren’t security experts — in which both groups were asked what they do to stay safe online.

> Read More

POS System Pwnage

Perhaps there have been bigger breaches, but the Target breach in late-2013 certainly seems to set off a firestorm. There are literally thousands of new online articles and posts everyday covering the event – the who, what, where, when, and especially the how and “what now” aspects of the case – and we’re certainly not done with it.

> Read More

160 New Viruses Captured Every Minute

Periodically, I take a look at what the good folks at have to say about the amount of malware in their “zoo.” What I’ve been seeing over the past couple of quarters is pretty shocking.

2013 in Review
The amount of new malware seen in 2013 jumped to an average of about 6.9M per month – that’s nearly 160 new malware per minute,

> Read More

Defending Against Java

Java offers enterprises the ability to write code once and run it everywhere.  However, this flexibility comes with a high cost: reduced security on endpoints. It has lately gotten so bad that Java has been nicknamed Just Another Vulnerability Announcement. Oracle has been working to produce updates to Java that addresses these vulnerabilities,

> Read More

The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside

In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective,

> Read More

Closing the Antivirus Protection Gap

With 50% of IT endpoint operating costs now attributable to malware, is reliance on antivirus as the keystone endpoint security measure the best approach? Instinct tells us no but to be sure, Lumension recently did a comparative analysis on the effectiveness of standalone AV and O/S resident patching solution versus newer technologies, including application whitelisting,

> Read More

DNSChanger Trojan: Not All Doom and Gloom

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do.

This insidious little Trojan – variously known as TDSS, Alureon,

> Read More

Is Apple Poised To Become The Achilles Heel Of The Enterprise?

The growth in market share for the iMac and MacBook is what first got the attention of hackers; then came the iPhone and shortly after that, the iPad.

Anyone that thinks they have a “security by obscurity” advantage is mistaken. You are no longer safe simply because you use an Apple product.

The recent discovery of a DIY Crimeware tool kit that specifically targets Macs and a new Fake AV called Mac Defender that specifically targets Mac OSX is much more than ‘writing on the wall’ that Apple products have finally gotten the attention of the bad guys – it is a flashing neon sign with a loud clanging bell.

> Read More

Is the PlayStation® Network Meltdown a Security "Black Swan"?

The intensive and comprehensive nature of Sony’s PlayStation® Network (PSN) meltdown has made a strong impression on me. Loss of massive amounts of sensitive customer data, long-term network unavailability, probable class-action law suits, and an unprecedented avalanche of bad PR – this is not your normal “our network got hacked” situation. It made me wonder,

> Read More

Playing the Security Game? Think Before Simply Clicking ‘Renew’

If your organization is anything like the companies we’ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension.

> Read More

2011 Has Potential to be a Really Bad Year

If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to deal with exploits for newly discovered vulnerabilities running at all time highs,

> Read More