Security Tips for Football World Cup Fans

The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country’s football team will make it to the grand final.

But if you’re travelling (whether it be to South America watch the world’s greatest soccer tournament, or a couple of days away on a business trip) what precautions should you take to stay safe online?

> Read More

People Are Your Last Line of Defense

The increasing numbers of attacks profiled in news reports over the last several months demonstrate that we live in an unsecure world.  The Target breach in particular shows how important a complete cyber security program is to an enterprise network environment.  Target’s security systems generated events from the attack, but the events were not followed up on

> Read More

NIST Releases Preliminary Cybersecurity Framework for Critical Infrastructure

In February, President Obama signed an Executive Order that called for increased cyber-threat information sharing between government and private companies who oversee our country’s critical infrastructure. The goal was to break down the barriers that cause privately-managed critical infrastructure companies to work independently of the government groups that could create a repository of intel on trending cyber attacks.

> Read More

Social Media: the Bad Guys’ Perfect Playground

October marks the 10th anniversary of National Cyber Security Awareness Month, a public education campaign spearheaded by our colleagues at the National Cyber Security Alliance. It’s somewhat disheartening to consider the lack of progress made in cyber security over the last 10 years; cyber criminals continue to wreak havoc stealing personal identities, corporate IP, and even national secrets.

> Read More

Advice for the Incoming DHS Secretary

A few weeks after retiring Department of Homeland Security Secretary Janet Napolitano gave a farewell speech, we are still unclear on her replacement unfortuntely. In that departure speech, Napolitano advised her successor “You will need a large bottle of Advil.” Given the DHS Secretary is responsible for dealing with everything from natural disasters to terrorists attacks,

> Read More

Three Lessons Learned From the NSA’s Use of Big Data and Security Analytics

Security analytics is the term being applied to the new methods being developed to counter sophisticated targeted attacks. The idea is simple but implementation requires skill sets that have yet to be acquired by most organizations. Gather as much data as possible, apply filters derived from security intelligence, and identify attacks in progress or already firmly established beachheads made by the adversary.

> Read More

The Danger of Open Access to University IP

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been happening for some time.

> Read More

To Layer or Integrate? That is the Question

Indeed, the debate over whether to mix a myriad of tools and technologies to create a bulletproof shield that hackers can’t invade or to take an integrated approach to in-depth defense to combat persistent threats is ongoing. But more cyber security analysts are speaking out about the benefits of integration.

Also known as layered defense,

> Read More

Procedures and Policies Without Controls Are Meaningless: Lessons for the NSA

Note to security clearance holders: The following post contains no links to secret documents.

As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out the procedures and oversight measures that the NSA must comply with to avoid spying on “United States persons”.

> Read More

Hiding Under the Covers

“All warfare is based on deception” – Sun Tzu, The Art of War

Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous,

> Read More

New School Cyber Crooks Using Old School Malware Tricks

You can teach old crooks new tricks, but many cyber criminals are discovering that the old tricks are working just fine.

Indeed, recent security headlines feature old school malware attacks, like the MiniDuke. And old school botnets with creative new names are bum rushing the Internet. At the same time, reflective memory injection (RMI) attacks,

> Read More