Microsoft comes to aid of SMBs reliant on Windows XP

May 5th, 2014


By Byron Acohido, Last Watchdog

KINGSTON, Wash. –  Microsoft should be applauded for reversing its policy , and broadly issuing a  security patch for a profound new security hold recently discovered in  Windows XP.  This is a major benefit to thousands of small and medium sized businesses reliant on XP.

SMBs already have their hands full dealing with intensifying attacks and the high likelihood that their networks have been  breached. This SANS Institute survey of 948 IT pros found the majority of respondents operate on the assumption that their respective company’s networks are compromised, or soon will be. The survey was sponsored by Guidance Software.

So when Microsoft came along last April and stopped all support for XP, including issuing security patches, things got dicier. And the discovery of this latest flaw in IE browsers underscored how that move makes XP machines ripe targets. (more…)

 

LastWatchdog moves to ThirdCertainty.com

black-hat2

(Editor’s note: Last Watchdog is on the move. On this site you may continue to access my body of work on security and privacy topics since 2008. I’m not done yet. Going forward, I will continue delivering smart content as Editor-In-Chief for ThirdCertainty, a  new cybersecurity and privacy online publication sponsored by  IDT911. Full disclosure: ThirdCertainty’s parent company, IDT911,  is an identity theft and data loss assistance firm owned …more

Machine learning shows promise for improving cyber defenses

By Byron Acohido

LAS VEGAS — The cyber security sector  generates mountains of data.

Security Information & Event Management, or SIEM, systems, like Splunk, generate logs of all network traffic. Threat data pours in from next generation firewalls, endpoint security systems, intrusion prevention and  detection systems and vulnerability management systems. A growing crop of threat intelligence vendors are coming up with innovations to make better use of this ocean of threat data.

The key to truly leveraging the vast amounts of threat data …more

Ransomware rampage takes aim at business targets

By Byron Acohido

sh_ransomware_7501_250pxConsumers are no longer the prime target of ransomware campaigns. After years of petty thievery on a global scale – locking up the computer screens of millions of consumers with scams to sell bogus $79 antivirus clean-up services  –  they’ve turned their attention to much bigger fish.

The opening quarter of this year saw a 7 percent  rise  in registration of websites set up exclusively to host ransomware campaigns, …more

Why ‘Shadow IT’ must be addressed

120316_DDos screen175pxBy Byron Acohido

By-passing the IT department in to order begin utilizing the hottest new technologies is something tech-savvy employees have been doing since the inception of corporate networks. Most often, these workers aren’t maliciously motivated. They are simply intolerant of plodding decision-making and so take it into their own hands to acquire and begin using nifty new tools  they believe will help them become more productive.

This dynamic — variously referred …more

Why $3.6 million to prevent next Heartbleed isn’t enough

By Byron Acohido, Last Watchdog

A dozen tech behemoths — led by Microsoft, IBM, Google, Intel and Cisco — have stepped forward with cold, hard cash to prevent the next Heartbleed.

Each has pledged $100,000 annually for the next three years to a war chest earmarked to fund improvements of open source technology.

That’s a collective pledge of $3.6 million, through 2016, set aside in something called the Core Infrastructure Initiative, administered by The Linux Foundation. …more

Why certain Heatbleed exposures won’t be so easy for bad guys to exploit

Heartbleed + Android: A Not-So Love Story from Lookout
By Byron Acohido, Last Watchdog

KINGSTON, Wash. – The security headaches raised by the Heartbleed coding flaw keep expanding.

sh_heartbleed_450pxArs Technica reporter Dan Goodin has broken stories about how the Canadian government and Yahoo Mail have been bitten by Heartbleed exploits in the wild. And there are numerous vendors and experts stepping forward with information on how Heartbleed could be exploited in pervasively used technologies. However, despite the high-alarm conveyed in media reporting and by security products marketers, it’s not trivial for individuals or even hacking collectives with ill-intent to capitalize.

Google, for instance,  last week warned that Android smartphones running version 4.1.1 of Google’s mobile operating system are vulnerable to Heartbleed attacks in which a bad guy might access  passwords, personal messages and other private information from the device. Last Watchdog asked Mojave Networks threat engineer Ryan Smith …more