AVAR Hong Kong security conference 2011 – in 30 seconds

Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one

U.S. Government – Security incidents up 650% over 5 years

Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in

2.1 million users’ data breached in Massachusetts

Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data. It seems her office received 1,166 data breach

Google your own health record?

Is that possible? Well, a researcher with Identity Finder, Aaron Titus, believes so, since he says he managed to use internet searches to unearth a trove of unsecured private health records on a website, around 300,000 of them. He notified the company, Southern California Medical-Legal Consultants, which represents doctors and hospitals seeking payment from patients

Parents, Teachers, Schools and Churches Sieged by Zamzuu’s KidZafe Sales Force

This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee

Facebook Facial Recognition – A picture is worth a thousand words

Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in

Got Hacked? You have 48 hours to fess up

Or so the current legislation being proposed in a U.S. House of Representative subcommittee would like it. A hearing scheduled for today at the House Energy and Commerce Committee’s Commerce, Manufacturing, and Trade Subcommittee centered around draft legislation proposed by Rep. Mary Bono Mack (R-Calif.) hoping to accomplish a security baseline companies must adhere to,

Social engineers don’t care about your OS: and nor should you

Security companies in general and, unfortunately, anti-malware companies in particular, are often accused of ‘hyping’ threats because of a perceived self-interest. However, in the main, legitimate vendors and researchers like those at ESET typically try to resist overhyping or playing up threats where possible, in favor of more balanced discussion that can help customers take

Natl Research Council Says: Show Us The MONEY

Surprised to find annual cybercrime damage spread somewhere between 300 million and 54 BILLION? So is the Director of National Intelligence. Today Brian Krebs of the Washington Post and detailed a strong push for mandatory disclosure of cyber intrusion to include account hijacking and online identity theft.

Securing Our eCity Listed as Winner of National Cybersecurity Awareness Challenge

For the Best Local/Community Plan, Securing Our eCity San Diego and MyMainePrivacy were both selected as winners. Both proposals offered innovated strategies for grassroots collaborative approaches with state and local government, public and private sector, and the academic community through their online classroom style trainings. The National Cybersecurity Awareness Challenge, which Secretary Napolitano announced in

Carr’s Four Cyber Trends That Must Be Reversed Now

I’m not always in alignment with Jeffrey Carr’s point of view but in this he is spot on. Succinct and to the point, Jeffrey Carr addresses cybercrime, cyberwarfare rules of engagement and forecasts the United States’ rapid decline: Should these trends continue unabated, we will have no one to blame but ourselves as the economical

Debate Heating Up: Cybersecurity Act of 2010 S. 773

Forbes contributor Richard Stennion doesn’t like the Cybersecurity Act of 2010 very much. We know it around here as S. 773 and have been tracking it for some time. Mr. Stennion and I disagree on some key points. He says that S. 773: “…contains some pretty drastic measures that are going to be very disruptive,

Continued Malware Hijinks with Mass Webserver Compromises

While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:

Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns.

Malware Injection Campaign: A Retaliation?

This week there have been several major malware injection campaigns against WordPress blogs and other php-based content management systems. This malware injection battle began last week with Network Solutions and GoDaddy. Recently researcher Dancho Danchev has found evidence linking two US Treasury sites into the malware injection campaign: What's particularly interesting about this campaign is

Laughs: Redefining “Security Researcher”

Got a kick out of this Verizon Business Risk Intelligence post: “Problem-makers and Solution-makers should no more have the same label as terrorists and engineers. Sure, they both interact with explosives in their daily business but they put their skills to vastly different uses. Is there a reason we must continue to label people by

Geek with an edge: Gordon Snow, Asst. Dir. FBI Cyber Division

it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he

Cybercrime and Cyberwarfare: Warnings Unheeded?

Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when

Cyberwarfare and Music: It’s All Tempo

Old joke: how can you tell a lousy drummer is at your front door? The knocks keep slowing down. Tempo of operations are similar in that if you can keep a fast, sustained rhythm outpacing the adversary, you’ll keep the initiative. If your side knows when the tempo is supposed to speed up or slow

FBI Cyber Division Describes Criminal Specialization

According to FBI Cyber Division Director Chabinsky’s keynote speech last week the supporting elements of a somewhat clannish and tribal entity such as a cybercrime organization are also specialized and diverse in the 21st century:

Is Net Neutrality a legit beef against Senate Bill 773?

After posting the article regarding this new legislature I continued my research into the objections which have been raised by many cyber activists. Some of the concern is about ‘Net Neutrality’ and the potential for abuse of power. Let’s look first at the issue of content-neutral or client-neutral packet routing. Net Neutrality – A Deeper

Follow us

Copyright © 2015 ESET, All Rights Reserved.