Informationweek Influencer
Threatpost (@threatpost)
- Twitter Bio:
- Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.
- Website:
- http://www.threatpost.com
Threatpost's Selections From the Web
Summary: Antivirus missed well conceived malware such as Stuxnet, Duqu and Flame, but so did business-grade defenses. Simply put, antivirus is being hung out to dry.
Antivirus software has its issues: Signatures need to be updated, new attacks avoid common defenses and it’s consumer grade protection. But it’s far too early to write the antivirus software obituary.
MIT’s Technology Review declared the antivirus era over. In a nutshell, the Flame attack highlighted how antivirus scans aren’t perfect. F-Secure’s
The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company's practice of sniffing users' browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from performing history sniffing and requires the company to destroy all of the data it's collected from consumers up to this point through history sniffing.The consent decree from the FTC is the latest in a series of actions from various agencies regarding the practice of history sniffing and tracking users across the Web. The FTC has been focusing on this practice
Supervisory control and data acquisition (SCADA) networks contain computers and applications that perform key functions in providing essential services and commodities (e.g., electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans.
As such, they are part of the nation’s critical infrastructure and require protection from a variety of threats that exist in cyber space today. By allowing the collection and analysis of data and control of equipment such as pumps and valves from remote locations, SCADA networks provide great efficiency and are widely used.
However, they also present a security
(Reuters) - Frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants, an increasing number of U.S. companies are taking retaliatory action.
Known in the cybersecurity industry as "active defense" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems.
Jeremy Hammond, former LulzSec member and alleged mastermind of the Stratfor hack, pled not guilty on Monday during a brief hearing at the US District Court in Manhattan, the Associated Press reported on Monday.
It was in December of 2011 that AntiSec supporters targeted Stratfor, walking away with 860,160 usernames (email addresses) and passwords, and 60,000 credit card records. Earlier this year, the FBI charged Jeremy Hammond with the Stratfor attack, slapping him with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries
Researchers at Trusteer have discovered a variant of Zeus with a P2P component that is targeting high profile sites such as Facebook, Google, Hotmail, and Yahoo in order to compromise debit and credit card data.
The attacks being carried out by the P2P version of Zeus use a basic form of social engineering. Depending on the service being targeted at the time, users are presented with offers for additional security measures and rebates.
In the case of Facebook, malware injects the necessary code so that an offer of 20% cash back is displayed. All the user has to do is link their Visa or MasterCard
Summary: Defense analyst John Arquilla believes the U.S. should stop prosecuting elite hackers and instead hire them to wage an online war against terrorists as well as other American enemies. He argues if the U.S. played its card rights with hackers, the war on terror would have been long over.
Earlier this year, a Federal Bureau of Investigation (FBI) executive
FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon method of a Collab object, according to the CVE alert.When a user opens the infected PDF, the exploit creates an executable file, which drops a DLL and opens a backdoor connection on TCP port 49163, FireEye said in its analysis. The malware opens connections to IP addresses in Germany and the Bahamas and maintains a detailed log of all network communications.
In 2012 it’s becoming increasingly common for cybercriminals to apply basic quality assurance (QA) tactics to their campaigns. Next to QA, they also emphasize on campaign optimization strategies allowing them to harness the full potential of the malicious campaign.
Recently, I came across to an underground forum advertisement selling access to 117,000 unique U.S visitors — stats gathered over
Posted on 2 July 2012. | Phoenix and Blackhole are the most popular and widely used exploit kits because their creators are always tinkering with them and pushing out update and improved attack capabilities.
Posted on 2 July 2012. | IPv6 features a 128-bit addressing scheme, supports a mind-numbing amount of devices and delivers much needed security and performance improvements.
Posted on 2 July 2012. | ISACA released COBIT 5 for Information Security, which builds on the COBIT 5 framework to provide practical guidance for those interested in security at all levels of an enterprise.
Upcoming Events
Live Events
- I Can See Clearly Now - E2 Conference Boston
- Discover the opportunities and challenges associated with mobile retail - Mobile Commerce World - Mobile Commerce World
- Explore best practices for marketers in the new mobile world - Mobile Commerce World - Mobile Commerce World
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- How to Choose a SaaS Vendor - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Related Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Blade Server Strategies: Optimizing the Data Center
- Transitioning Business Continuity To The Cloud
- Virtualizing Disaster Recovery Using Cloud Computing
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Related Reports
