Cyber security has evolved in ways we never could have imagined. We have more specialized and powerful tools and services today than ever before, security budgets are slowly inching upward, and there are even glimmers of support from management. Yet, with the pace of technological change, the growing “professionalization” of cyber crime, and ever…
Read MoreWhen someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom. Just watch one episode of The Big Bang Theory and you’ll recognize the classic nerd character types. Those who behave in that manner tend to get marginalized by executives. We’ve all probably seen…
Read MoreFigure 2: Top domains in a Shodan search for CVE-2014-0160 on January 22, 2017 That’s disconcerting because there is a tendency to “fire and forget” in the public cloud, and concerns over understanding the shared responsibility model of public cloud have been previously voiced. This remains my favorite quote, from AWS head of global…
Read MoreAn important part of an information security professional’s job is communicating risk. Clear, concise communication that leadership can understand and act upon is the heart of a risk management system. The challenge is that many IT risk scenarios appear abstract, vague, or irrelevant to colleagues working outside of InfoSec. Consider a common interaction that might…
Read MoreCISOs have a lot on their plates. In addition to overseeing security operations and projects, they also lead and advise their organizations regarding risk. In short, a CISO must grapple with numerous obligations of varying size and complexity. The obvious obligations, such as compliance with regulations and laws, can take up a significant part of…
Read MoreThe essence of this attack is van Beek’s Microsoft Exchange Autodiscover vulnerability. In a September 2016 interview with The Register, van Beek said, “I recently discovered that most, if not all, Microsoft Exchange clients (eg, Outlook, iPhone mail app, Android mail app, Blackberry Mail App) are more than happy to provide a user’s password in plain…
Read MoreMalware that steals banking credentials is still one of today’s most lucrative cybercrime schemes. It’s not unusual for a banking Trojan to evolve over the years, and Ramnit is a perfect example. It was active for several years until it was disrupted in early 2015 by Europol working with several tech companies. It resurfaced in…
Read MoreThe CISO can use these techniques to adjust the appropriate subsystems to move and maintain interactions to the desired level. Let’s unpack an example of doing this. Here’s a common security problem: applications and data are spread around everywhere—on the local networks, on laptops at home, on personal machines, on mobile devices, and in…
Read MoreIf Shakespeare were alive today (and blogging), he might have written about the latest vulnerability to sweep the Internet by pointing out: Hath not the cloud interfaces, code, logic, data? Accessed with the same protocols, exploited with the same weapons, subject to the same vulnerabilities, mitigated by the same solutions, patched by the same methods…
Read MoreBut that’s not the worst news coming out of this survey. No, not by any stretch of the imagination is that the bad news. Sit down and strap in, because it gets much worse. In spite of pushing vulnerable applications into production (and into the hands of consumers), a staggering 44% admitted they aren’t doing anything to…
Read More