Security Wire Weekly

Top data breaches of 2012

Robert Westervelt — Wed, 26 Dec 2012 15:15:03 +0000

A spate of high profile data breaches throughout 2012 hold important lessons. Lapses in basic security measures and stolen account credentials played a significant role in most of the breaches. The SearchSecurity editorial team discusses what can be done to bolster the security of corporate systems.

Gary McGraw on proactive defense, offensive security

Robert Westervelt — Thu, 08 Nov 2012 16:12:06 +0000

Software security expert Gary McGraw explains that investing in destructive cyberweapons could have dangerous consequences. He is advocating for a proactive defense approach to cybersecurity.

Email attacks still highly successful attack vector

Robert Westervelt — Tue, 25 Sep 2012 20:34:47 +0000

Ali Mesdaq a security researcher at FireEye Inc. explains why malicious file attachments are still a highly successful attack vector for cybercriminals. Automated attack toolkits, spambots and targeted attackers typically use the old standby technique because it works. FireEye has found a spike in malicious email attachments in 2012. Social engineering is at the heart of most attacks.

Flame malware analysis, How to defend against fraudulent certificates

Eric Parizo — Thu, 20 Sep 2012 18:42:04 +0000

Security expert Nick Lewis analyzes Flame malware, plus gives tips for dealing with Flame’s most unique function: its use of fraudulent certificates.

Formulate a more effective information security incident response plan

Eric Parizo — Wed, 19 Sep 2012 12:54:10 +0000

In this Hot Type podcast, author Neal McCarthy offers real-world examples that enterprises can use to form an information security incident response plan.

Legal counsel vital component of incident response

Robert Westervelt — Wed, 12 Sep 2012 16:54:25 +0000

Ellen Giblin an attorney at Ashcroft Law and Gant Redmon, the general counsel for Co3 Systems discuss the litigator’s role in incident response. The legal team should be contacted as soon as a security or privacy incident is detected because it shifts the burden and liability over to the attorney, according to Giblin. Learn where the company’s legal team fits into your incident response plan.

Google Aurora attackers back with zero-day exploits, new targeted attack techniques

Robert Westervelt — Fri, 07 Sep 2012 19:10:35 +0000

The Aurora attackers, which surfaced in 2009 targeting Google and dozens of other firms are improving their techniques and showing impressive skills, according to new research from Symantec. The group is a threat to U.S. defense contractors and their partners, including manufacturers and parts suppliers. Eric Chien, senior technical director for Symantec Security Response explains that the group behind the campaign are using a number of zero-day exploits and a new drive-by attack technique.

The case for using anomaly based monitoring in zero day detection

Eric Parizo — Wed, 05 Sep 2012 19:51:13 +0000

In light of recent failures by the signature-based model, expert Char Sample discusses anomaly-based monitoring technology and the potential it holds for enterprise security.

How diligent user account security thwarts password recovery attacks

Eric Parizo — Thu, 16 Aug 2012 14:59:46 +0000

The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident.

Adam O’Donnell on antimalware evolution at Black Hat 2012

Robert Westervelt — Wed, 08 Aug 2012 14:38:16 +0000

Adam O’Donnell of Sourcefire talks about the future of antimalware. Malware analysis tools are improving, but enterprises need to invest in forensics teams to better understand emerging threats. Antivirus vendors face the daunting challenge of adapting mobile platforms, O’Donnell says. Mobile will draw more cybercrime when attackers find it a worthwhile investment, he said.