DDoS Attacks – Calculate the Cost and Probability

Source: https://www.helpnetsecurity.com/2016/04/04/ddos-downtime-calculator/ DDoS mitigation market has seen a growth in revenue. $449.5 million account for earned revenues in 2014 and is estimated to double by 2019. Here’s a useful tool to calculate the downtime of a DDoS attack based on your company size, industry, type of Continue Reading

BitDefender Security Researchers Release Ransomware “Vaccine”

Source: https://www.grahamcluley.com/2016/03/vaccine-future-versions-locky-teslacrypt-ctb-locker-ransomware-released/?utm_source=hs_email&utm_medium=email&utm_content=27949546&_hsenc=p2ANqtz-8eHlKOq06F0rTt_9SXwt8LZHGKnTMO05prLBQjU0su8kmYX0QnnOToyz0aY4xIxMExKKFHRRDgriTF7B7mE5iREi3lOQ&_hsmi=27949546 Posted: March 31, 2016 Security researchers at BitDefender have released an update to their anti-ransomware utility that handled CryptoWall infections. Their anti-ransomware module has been placed in BitDefender 2016. Now the new ransomware utility handles all current and possibly future versions of Locky, TeslaCrypt, Continue Reading

TenCent’s QQ Browser Exposes Millions To Security and Privacy Issues

Source:https://www.helpnetsecurity.com/2016/03/29/security-privacy-issues-qq-browser/ Posted March 29, 2016 Researchers at the Citizen Lab in the University of Toronto’s Munk School of Global Affairs have found several problems related to the use of Chinese Company TenCent’s QQ Mobile Browser. The QQ mobile browser is available on both Android and Continue Reading

Attackers Making Use Of PowerShell and Macros for Malicious Activity

Sources: http://www.securityweek.com/powerware-ransomware-abuses-powershell-office-macros http://www.securityweek.com/powersniff-malware-attacks-abuse-macros-powershell Goes over Sandbox and VM Conciousness: http://www.theregister.co.uk/2016/03/15/attackers_packing_malware_into_powershell/ Malicious MS-Office macros are being used to both compromise machines and deliver ransomware. Powersniff is a file-less malware that runs completely in memory. Powerware is ransomware ran via PowerShell. Powersniff targets victims mostly in the United Continue Reading

New USB malware that steals data – USB Thief

Source: http://www.scmagazine.com/new-usb-based-data-stealing-malware-detected-in-wild/article/485140/ Win32/PSW.Stealer.NAI aka USB Thief is a data stealing type malware that is hard to detect and leaves no trace behind. The malware is used to steal data off networks and uses encryption. This could be a tool intended for targeted use.

The Importance of Information Governance in Information Security

Source: http://www.darkreading.com/operations/why-marrying-infosec-and-info-governance-boosts-security-capabilities/a/d-id/1324572?_mc=RSS_DR_EDT The article begins with the importance of data security. There is too much focus on defending the perimeter and not enough attention on actually protecting sensitive customer and proprietary data. Data Loss Prevention technologies are not enough. U.S. legal penalties and EU privacy Continue Reading

Dell open sources DCEPT honeypot tool

Source: https://www.helpnetsecurity.com/2016/03/08/dell-open-sources-dcept-honeypot-tool-detecting-network-intrusions/ Dell SecureWorks researchers have developed a honeypot tool for Windows system administrators to detect network intrusions and pinpoint the original source. (ex: compromised endpoints). The great thing is that now Dell has made it available to everybody. The tool uses a honey token, or Continue Reading

Should I Hack Them Back? No. No, You Shouldn’t…

Source: https://threatpost.com/gentle-reminder-at-rsa-hacking-back-is-a-bad-idea/116564/ The RSA Conference 2016 just took place last week, but I felt that this was an important topic for all organizations to consider. Regardless if your organization is being hacked, there are various consequences an entity could face if they hack back an intruding Continue Reading

Smart Cars, Hacking, and the Legislation Behind It All

Source: https://threatpost.com/car-industry-three-years-behind-todays-cyber-threats/116524/ US SPY Car Act of 2015: https://www.congress.gov/bill/114th-congress/senate-bill/1806/all-info Veracode recently reported on the need of the automobile industry to secure their smart car systems. 50% of the people they polled (1,072 drivers in the UK and Germany) were very concerned about the security of their smart car Continue Reading

ROI of Infosec: 11 Dos and Don’ts for Management Buy In

Posted February 27, 2016 Source: http://www.darkreading.com/operations/the-roi-of-infosec-11-dos-and-donts-for-management-buy-in/a/d-id/1324451?_mc=RSS_DR_EDT This is a great must read article for IT Managers and Information Security Managers to help communicate with upper management and other departments the importance of implementing a sound security architecture and strategy. Mitigated risks, managed liabilities, and less cost Continue Reading