Top Story
Why the burden remains on consumers to dodge phishing scams
May 17, 2013 | Comment on this post
SEATTLE – Phishing continues to plague Internet users. Walmart on Thursday issued an alert about an e-mail phishing ruse, recognizable by the misspelling in the from field — “Wallmart,” spelled with with two Ls.
Phishers rely on social engineering to trick Internet users into quickly clicking on a tainted attachment or infected web link.
The …more
3 must-do steps to recover from a phishing scam
May 17, 2013 | 1 Comment
It’s a sinking feeling, when you realized you’ve been had by a phishing scam. In the frenetic digital world we live in, it can happen to anyone.
So you’ve clicked on a link that now seems very suspicious. You’re concerned that the bad guys may be in control of your computing device. Or perhaps you’ve typed some account information into a web form , and you’re having second thoughts about the authenticity of the form.
Recovering will require work. Here are …more
How a best-practices registry could make cloud much safer
May 17, 2013 | Comment on this post
(Editor’s note: Formed in 2008, the Cloud Security Alliance is a not-for-profit coalition of senior executives and cybersecurity experts formed to promote the use of best security practices for cloud computing. CSA members who contributed to this essay include: Dave Cullinane, CISO, eBay; Alan Boehme, Chief of Enterprise Architecture, Coca-Cola; Paul Kurtz, former member of the White House Security Council; Jerry Archer, EVP and CSO for Sallie Mae; Nils Puhlmann, former CSO, Zynga.In this guest essay. CSA executive director, …more
Feds upgrade alert on destructive Shamoon virus
May 16, 2013 | Comment on this post
It’s been 9 months since the milestone Shamoon virus wreaked havoc at Aramco. Shamoon was not designed to steal data. Nor was it just another garden variety denial of service attack, intended to disrupt and embarrass. Shamoon’s express purpose was the crippling the Saudi Arabian national oil and natural gas company. It accomplished its mission, destroying data on some 30,000 desktops and servers at the oil company.
The …more
Pixeljacking is latest way to defraud advertisers
May 15, 2013 | 1 Comment
(Editor’s note: One lucrative cybercrime involves directing a botnet – a network of infected PCs – to click on ads, and thus generate payments from the advertiser to the controller of the botnet. In this guest essay, Gurbaksh Chahal, founder and CEO of RadiumOne, outlines a variation on this caper, known as pixeljacking.)
By Gurbaksh Chahal
The hallowed halls of social media are no longer safe. Not when the operators of botnets like Chameleon are able to systematically steal $6 million …more
Q&A: RedKit, Blackhole exploit kits expand badness
May 15, 2013 | Comment on this post
SEATTLE — AppRiver has uncovered yet more evidence that so-called drive-by downloads — infections lurking on legit websites — have become the pre-dominant way cyber criminals are infecting PCs.
The Gulf Breeze, Fla.-based messaging security firm found “RedKit” to be one of the most prevalent malicious programs circulating on websites in April.
RedKit and a similar tool, the so-called “Blackhole” exploit kit, have emerged as a cybercriminal’s indispensible Swiss Army knife. CyberTruth earlier reported on analysis from firewall vendor, Palo Alto …more
A new guidebook for defending networks
May 15, 2013 | Comment on this post
Responding to targeted cyberattacks, a new guidebook chock full of advice on how to effectively defend corporate networks against cutting-edge threats, was released this morning by consultancy Ernst & Young and ISACA, the global organization if IT professionals.
“This book fills a gap for employees who manage IT security and risk” said Marios Damianides, past international president of ISACA and a partner at Ernst & Young. “There are only a few books that provide a practical roadmap for waging the …more