CSO OnlineAs the family considers what just happened to them, the lessons for the rest of us are just beginning. This is an event that gives us a great opportunity to engage in meaningful corporate discussions. Take time now to consider how this happened and the potential risk for the former employer.
Graham CluleySecurity vulnerability found in luxury lavatory. Bog-standard loos declared safe to sit on.
Sophos - Naked SecurityOne of three men indicted in the US earlier this year in connection with the Gozi banking trojan remains in his native Latvia, after courts twice blocked US requests for extradition.
The Latvian foreign minister has added his weight to the battle to resist the extradition, arguing that the potential 67 year prison sentence cited in the indictment is "disproportionate" to the crime the man is accused of.
Graham CluleyWhy on earth would hackers plant child sexual abuse images on hacked websites?
Perhaps, argues Graham Cluley, it's all about ransomware.
Graham Cluley"Fenton!", "Tiddles!", "Rover!"...
People are literally walking around parks shouting out their banking passwords.
HP Following the Wh1t3 Rabbit - Practical Enterprise SecurityDown the Rabbithole podcast Episode 52 is now available for download! This episode features Dave Marcus from McAfee's Advanced Research and Threat Intelligence group. Dave is a well known speaker and contributor to the industry and has some great insight into malware and the state of enterprise security - maybe some of this conversation will sound familiar to you if you work in Enterprise Information Security. Go check it out, episode 52 is titled: "Advanced Threats, Remedial Defenses, Broken Record" Click the bunny -
Krebs on SecurityA claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity tool powered by Firefox 17.
SourcefireThe third dimension of malware incident response involves analyzing and visualizing the data that has been collected. How has the malware interacted with other files? Has it begun communicating with other systems? Without this level of knowledge, the attacker could leave the original infected...Read the whole entry... »
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.