BadUSB Update

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment.

What is BadUSB?

BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to be updated without being vetted.

> Read More

Is It the End of the (USB) World as We Know It?

News this past week about a Proof-of-Concept tool called BadUSB which has the IT security press in a lather. Why?

Well, we all know that USB sticks are used to spread malware. But this POC by SRLabs security researchers Karsten Nohl and Jakob Lell – which will be demonstrated at Black Hat USA 2014 – can turn any USB drive into an automated hacking tool,

> Read More

7 Out of Top 10 Internet of Things Devices Riddled With Vulnerabilities

It has become the trendy thing to connect more and more household and office devices to the internet. It is becoming increasingly common to find yourself typing a WiFI password not just into your smartphone, but also your smoke alarm, your fridge, your printer, your baby monitor and maybe even your car.


> Read More

Past, Present and Future of Endpoint Security

In the throes of holiday shopping season, 110 million Target customers woke to the news that cleverly placed malware had pilfered their credit- and debit card numbers, along with other sensitive data. We aren’t yet certain who was behind the massive attack on Target and, evidently other large retailers, or how the heist was orchestrated.

> Read More

Keeping Pace with Evolving Risk

Today we released the 5th annual State of the Endpoint study, together with our colleagues at independent research firm, the Ponemon Institute. We’ve all known for some time the bad guys keep getting better and IT pros are continually challenged to keep the pace. Reinforcing the idea that it isn’t if an organization will be attacked but when,

> Read More

Employ a Targeted Defense Against Targeted Threats

In my last post, I discussed the reality of APT hitting unsuspecting organizations with a predictable pattern. Study after study indicates people are being hit by malicious hackers and the attack goes on for months before anyone is any the wiser. If they ever know.

Some very large companies, with hundreds of business units and locations,

> Read More

No, Perimeter Protection is Not Dead

Oracle is offering what it calls some “shocking conclusions” about cybersecurity, but will these conclusions cause any shift in emphasis away from the perimeter for the sake of protecting the database?

According to a 110-company Oracle-sponsored survey from IDG Research’s CSO Customer Solutions Group, most IT security resources in today’s enterprise are allocated to protecting network assets,

> Read More

The Danger of Open Access to University IP

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been happening for some time.

> Read More

Nothing Pretty About Fireworks Delivered From Microsoft This Patch Tuesday

IT admins may have taken the Fourth off to enjoy some fireworks, but they’ll be very busy this week patching their systems. It’s not a pretty Patch Tuesday this month with 7 bulletins, 6 of which are critical. That brings our total of critical bulletins for the year to 22, which is fairly high, considering Microsoft released only 34 critical bulletins for the entire calendar year of 2012.

> Read More

Securing the Internet of Things

Gone are the days when the Internet was something accessed only through a PC attached to an Ethernet plug. Access is now available from anywhere and via a multitude of form factors. The Internet has moved beyond the computer and even your smartphone into the most unlikely of things. Your TV, your thermostat,

> Read More

3 Executive Strategies to Prioritize Your IT Risk

Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope these strategies will help companies prioritize their IT risk and think beyond the traditional IT standards.

> Read More

No Luck o’ the Irish for IT this St. Patty’s Day

IT admins can’t seem to catch a break this year. First, the never ending stream of Java issues that has kept folks on their toes since January. Now they’ve got another busy month of patches ahead of them, with 7 total patches from Microsoft, 4 of which are critical. However, once again the issues outside of Microsoft will likely eclipse the Patch Tuesday patches this month.

> Read More