Research lab finds a mix of products from different vendors is best for 'defense in depth'
The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro.
Dissent is always more enjoyable than conformity. Not only does it make a better story for a journalist, it occasionally forces people to think.
Mozilla Persona had one of its first conference Australian outings at AusCERT 2013, with software engineer on the project, New Zealand-based Francois Marier's tutorial on the architecture of the identity project.
Many companies find out the hard way that poorly managed distribution of sensitive access credentials is helping advanced persistent threats (APTs) scour networks for privileged-user credentials, Cyber-Ark’s Asia-Pacific vice president Dan Dinnar has warned.
Software vendors’ proactive approach to IPv6 has created a glaring security hole for companies that think they haven’t activated the next-generation Internet addressing protocol yet, Cisco Systems consulting security engineer Stefan Avgoustakis has warned.
Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems.
The latest version of Google's sophisticated anti-spam algorithm, dubbed Penguin 2.0, was announced yesterday in an official blog post from the company's well-known webspam czar, Mike Cutts.
Vendors and delegates were out in force for AusCERT 2013 on the Gold Coast. Here's a roundup of some of the action.
The annual AusCERT gala awards night kicked off with fireworks as the organisation celebrated its 20th birthday. Guests enjoyed entertainment from comedian Adam Spencer while taking the chance to network.
AusCERT 2013: International cyberwar response more complex than geopolitical treaties: NATO CCD COE analyst
They may not be able to call on real-world cooperation and defence agreements to build their cyberspace defences yet, but government security organisations may find value in emulating Estonia’s experience building a voluntary ‘cyber corps’ of security professionals available in times of need, NATO CCD COE (Cyber Defence Centre of Excellence) analyst Anna-Maria Talihärm has advised.
Strong executive desire to use iPhones led the Department of Sustainability, Environment, Water, Population and Communities to start looking for solutions that would separate government from personal information.
Get used to hacktivism, because we're stick with it – but whether it fits the media image of “Anonymous”, or how long Anonymous as it first emerged will continue, is a different question. That's the message from Forbes' Parmy Olsen, author of We Are Anonymous: Inside the Hacker World of Anonymous, LulzSec and the Global Cyber Insurgency, speaking to AusCERT 2013.
Hard-to-find security skills and the rapid pace of malware evolution make a strong relationship with a managed security services (MSS) provider as important as maintaining the internal tools to keep business executives apprised of IT-security risk, Foxtel information security manager Kevin Shaw has advised.
Dr Lizzie Coles-Kemp is a senior lecturer in the Information Security Group, Royal Holloway University of London. She is keenly interested in how social behaviours influence our attitudes to security. For example, in communities where Internet accounts need to be shared between family members, the security professional's assumption that one account and password identifies one person is undermined. CSO spoke to Dr Coles-Kemp about the nexus between social behaviours and information security.
Data is at its most valuable just after it's created, and vulnerability data in particular has a short half-life, says Packetloop's Michael Baker.
Fireworks lit up the sky as the AusCERT organisation kicked off its 20th birthday to coincide with the annual awards night.
Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications.
Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.