Corporate Partners

Top IT Security Bloggers

  • CTO Insights: Defending Your Organization From Insider Attacks

    TrendLabs - Malware Blog
    If you’ve read enough crime novels or seen enough action movies, the plot is all too familiar to you: an insider – acting to correct some slight or insult he or she received years ago – turns against an organization and inflicts significant damage. Sometimes the insider is on the side of the good guys, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCTO Insights: Defending Your Organization From Insider Attacks
  • CTO Insights: Defending Your Organization From Insider Attacks

    Trend Micro - Security Intelligence
    If you’ve read enough crime novels or seen enough action movies, the plot is all too familiar to you: an insider – acting to correct some slight or insult he or she received years ago – turns against an organization and inflicts significant damage. Sometimes the insider is on the side of the good guys, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCTO Insights: Defending Your Organization From Insider Attacks
  • If you're going to run WordPress, please please keep it updated

    Graham Cluley
    Researcher complains that WordPress has been ignoring his vulnerability reports, as details of zero-day comments XSS flaw are made public and then patched.
  • SendGrid email service hacked, customers told to reset passwords and DKIM keys

    Graham Cluley
    SendGrid has today warned that a previously reported hack has turned out to be a much bigger deal than it initially feared.
    Read more in my article on the Optimal Security blog.
  • SendGrid: Employee Account Hacked, Used to Steal Customer Credentials

    Krebs on Security
    Sendgrid, an email service used by tens of thousands of companies -- including Silicon Valley giants as well as Bitcoin exchange Coinbase -- said attackers compromised a Sendgrid employee's account, which was then used to steal the usernames, email addresses and (hashed) passwords of customer and employee accounts. The announcement comes several weeks after Sendgrid sought to assure customers that the breach was limited to a single customer account.
  • Tesla and Elon Musk Twitter accounts and website hijacked, free Teslas offered

    Sophos - Naked Security
    The website and Twitter account for sleek electric automaker Tesla Motors was taken over and defaced on Saturday, as was Tesla CEO Elon Musk’s personal Twitter account.
  • Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak

    TrendLabs - Malware Blog
    Enterprises are currently being targeted by the macro malware BARTALEX in a recent outbreak of thousands of spammed emails. The infection routine for BARTALEX uses a Microsoft Word document and social engineering lure that is widely recognized by enterprises—making infection all too possible. This attack highlights how macro malware in Microsoft Office files is fast becoming […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroEnterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak
  • Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak

    Trend Micro - Security Intelligence
    Enterprises are currently being targeted by the macro malware BARTALEX in a recent outbreak of thousands of spammed emails. The infection routine for BARTALEX uses a Microsoft Word document and social engineering lure that is widely recognized by enterprises—making infection all too possible. This attack highlights how macro malware in Microsoft Office files is fast becoming […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroEnterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak
  • Takeaways from RSA 2015: The stars of the show

    Network World - Networking Nuggets and Security Snippets
    As expected, the 2015 RSA Conference was bigger than ever – more attendees, presentations, exhibitors, etc. Since I live in the cybersecurity space, there were few surprises, but there were a few major highlights to this year's show:
    Visibility. As the old management adage goes, "you can't manage what you can't measure." Cybersecurity professionals are taking this saying to heart with a focus on gaining better visibility of everything on the network at all times. This includes endpoint profiling (ForeScout, Great Bay Software, Promisec, Tanium), endpoint forensics (Carbon Black, Guidance Software, RSA ECAT), and network forensics (Blue Coat/Solera, Click Security, FireEye, WildPackets). In some cases, it's all of the above with tools from IBM, Intel Security, LogRhythm, Splunk, or Symantec. Users are now telling me that they are postponing security technology purchases until they can collect, process, and analyze the right data in real-time in order to accelerate and improve their cybersecurity decisions. In my humble opinion, this is a prudent decision – especially as enterprise organizations increase their use of cloud computing, mobile devices, and IoT.
    Data center security. The data center security buzz really concentrated on cloud/virtual data center security, and this makes sense. Virtual workloads are moving across private and public clouds and this activity is antithetical to traditional network security controls. There is a lot of innovation in this area as well. Cisco is trumpeting the marriage of ACI and network security while VMware NSX gains traction in the market with support from partners like Check Point and Palo Alto Networks. Meanwhile, startups like Illumio and vArmour pitch a software-defined approach for the whole heterogeneous cloud computing enchilada while Tufin had a similar message around network security automation and orchestration. In the meantime, Juniper flexed some hardware muscle by introducing a 2tbps version of its SRX firewall. With all of the software-defined rhetoric, hardware remains important – the winning formula here is bridging the old physical network security with the new virtual security to deliver security efficacy and operational efficiency.
    Two-factor authentication. If the RSA Conference was the Emmy Awards, multi-factor authentication would have been quietly nominated for a best supporting actor award. Why the secondary role? Security veterans remain skeptical after an annual prediction, declaring it "the year of two-factor authentication and PKI." Nevertheless, there is finally a reason to be optimistic. Between the Apple iPhone and FIDO specification, biometrics and two-factor authentication are moving toward commodity status. RSA jumped on this trend with the introduction of its Via identity solutions while a Nok Nok Labs panel (hosted by yours truly) pointed toward a future of identity consumerization. The IT and cybersecurity industries were caught off guard by the tidal wave of mobile device proliferation. These same groups will likely be equally blindsided when new employees want to eschew passwords and use biometrics on their smartphone to log onto corporate applications. 
    Services, services, services. While cybersecurity products (endpoint security, ATP, etc.) grabbed the spotlight at RSA, security services are actually more successful in the market – ESG (and other analysts) believe that organizations are spending $2 on cybersecurity services for every $1 of cybersecurity products they purchase (disclosure: I am an employee at ESG). This trend was evident in many of my RSA meetings. Dell SecureWorks business is growing like a weed. FireEye incident response services have assumed the role of first responder after a breach. HP anchors its cybersecurity business with professional and managed services supplemented with infosec architectures, frameworks, products, and partners. Symantec managed services will act as a foundation for the company as it splits apart. Accuvant is also reaping services benefits along with the traditional big guys like Accenture, E&Y, and PWC. Finally, pure-play managed cybersecurity services vendors like Okta, Ping Identity, Proofpoint and Zscaler probably don't mind playing second-fiddle at RSA since they continue to win in the market. The biggest obstacle to continued cybersecurity services success is the same across all of these players – recruiting, hiring, and training new services employees to keep up with market demand. 
    Diversity. Finally, cybersecurity has finally come out of its geeky shell and attracted an assorted crowd of participants. DHS had its own booth at the show while the State of Maryland crowed about its cybersecurity education and public/private partnership. There was also an area of the show floor dedicated to Israeli cybersecurity innovation, ditto for Germany. 

    Yes, it's nice to see that our little industry has grown up, but let's remember that the RSA Conference popularity is a function of just how dangerous the threat landscape has become. This reality should sober up the industry after its annual RSA party and subsequent hangover.  To read this article in full or to leave a comment, please click here
  • White House hackers read emails from President Obama, Russia blamed

    Sophos - Naked Security
    In addition to acquiring the president's itinerary, hackers also managed to access some of his email correspondence when they penetrated a White House unclassified system in October, according to a news outlet.

Market Place