The Threat Model of 2017
The threat model is one of the most basic tools IT professionals use to analyze security incidents and scenarios. It is the first stop along the security path where potential hazards can be identified and quantified. Threat models involve judgments about which threats are important to a particular situation. An automated tool that simply lists…
Is Your Security Intelligence Solution Stuck in the Past?
A few years back, I invested in a video gaming platform that was a little different. To play it, you had to get off the couch, fling your arms around, jump, balance and more. I continued to buy into new games and gadgets that even allowed me to be a rock star. But then it…
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
The Avalanche botnet – linked to many of the world’s most troublesome ransomware, RATs, and banking Trojans – has been dealt a critical blow in what Europol called today the “largest-ever use of sinkholing to combat botnet infrastructures.” Five individuals were arrested and 800,000 domains seized, sinkholed, or blocked in an international takedown operation that…
IDG Contributor Network: What your CEO needs to know about securing the Internet of Things
The recent Internet of Things-based DDoS attack on Dyn heralded the beginning of a new era for businesses. For better or for worse, industry experts’ warnings about the need to consider all “endpoints” rather than limiting security efforts to workstations and servers were vindicated. The event should be a wake-up call. Already six in 10…
65% of social engineering attacks compromised employee credentials
Social engineering is having a notable impact on organizations across a range of industrial sectors in the US. In fact, 60 percent of surveyed security leaders say their organizations were or may have been victim of at least one targeted social engineering attack in the past year, and 65 percent of those who were attacked…
Who’s responsible for data compliance? 25% of executives don’t know
According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don’t know which compliance standards apply…
Mirai Evolving: New Attack Reveals Use of Port 7547
When the source code for the Mirai botnet was made public in late September, a top concern was that bad actors might modify the code to increase the number of Internet of Things (IoT) devices they can compromise. It seems these fears have been realized. A few weeks ago, Reverse Engineering Blog disclosed a vulnerability…
San Francisco Muni says server data not accessed in ransomware hit
The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker. The statement by the SFMTA follows reports that the alleged attacker has threatened to dump…
McAfee Labs predicts 14 security developments for 2017
Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies 14 threat trends to watch in 2017. “To change the rules of the game between attackers and defenders, we need to neutralize our adversaries’ greatest advantages,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “As a new defensive technique is developed,…
Feds provide legal loophole to hacking IoT devices
It was an especially happy Thanksgiving for security researchers, thanks to what they have called long-overdue exemptions to the Digital Millennium Copyright Act (DMCA). Those exemptions, which took effect Oct. 28, provide a two-year window allowing “good-faith” researchers to break into the software that controls most consumer and commercial Internet of Things (IoT) devices –…