Corporate Partners

Top IT Security Bloggers

  • Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen

    Graham Cluley
    Waiting four years to tell your customers and the authorities that your company has suffered a security breach isn’t just sloppy, it seems downright irresponsible to me.

    It should have shared the bad news much earlier, and not tried to hide it away four years later on a webpage that few of its customers will ever visit.

    Find out more in my article on the Optimal Security blog.
  • Anticipating Black Hat 2014

    Network World - Networking Nuggets and Security Snippets
    RSA 2014 seems like ancient history, and the 2015 event isn’t until next April.  No worries however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.Now, Black Hat is an interesting blend of constituents consisting of government gum shoes, Sand Hill Rd. Merlot-drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:
    Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations. 
    The anatomy of various security breaches.  Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News.  These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
    Threat intelligence.  All of the leading infosec vendors (i.e. Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat.  Why?  Because not all security and/or threat intelligence is created equally.  Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases.  Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join.  Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation.  All of these things should create an interesting discourse. 
    Big data security analytics.  This is an area I follow closely that is changing on a daily basis.  It’s also an interesting community of vendors.  Some (i.e. 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry.  I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics. 

    Las Vegas is simultaneously one of the most fun and banal places on earth, but next week it will become a hotbed of cybersecurity intrigue, intelligence, and brainpower.  It’s likely to be 115 degrees in the shade, but I can’t wait to get there. To read this article in full or to leave a comment, please click here
  • Danger USB! Could a flash drive’s firmware be hiding undetectable malware?

    Graham Cluley
    It’s as though you have logged into your computer, and allowed a complete stranger to push you out of your chair and start typing commands on your PC.

    Find out more in my article on the Tripwire State of Security blog.
  • Twitter: 46% rise in requests for user information by governments

    Sophos - Naked Security
    In all, there were 2,058 information requests from governments in the first half of 2014, which Twitter says were typically connected with criminal investigations. Those requests covered a total of 3,131 user accounts - 48% more than in the last report.
  • POWELIKS: Malware Hides In Windows Registry

    TrendLabs - Malware Blog
    We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A.  When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroPOWELIKS: Malware Hides In Windows Registry
  • POWELIKS: Malware Hides In Windows Registry

    Trend Micro - Security Intelligence
    We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A.  When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroPOWELIKS: Malware Hides In Windows Registry
  • Tor attack may have unmasked anonymous users

    Sophos - Naked Security
    Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week's Black Hat security conference - a talk that was cancelled when the university's lawyers freaked out - about how easy it is to break Tor anonymity. They're innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack.
  • Phishers' fake gaming app nabs login information

    Symantec Security Response Blogs
    Summary: 


    Phishing site claims to offer unlimited chips for Indian poker app



    Contributor: Virendra Phadtare
    read more
  • The ultimate geek privacy. You must be wearing these glasses, to read *anything* on the screen

    Graham Cluley
    Are you worried about someone looking over your shoulder, reading what is on your screen?

    I may have found you the answer. Watch this video, and tell me it isn't the coolest thing you've seen all day.
  • 7 out of top 10 “Internet of Things” devices riddled with vulnerabilities

    Graham Cluley
    It is becoming increasingly common to find yourself typing a WiFI password not just into your smartphone, but also your smoke alarm, your fridge, your printer, your baby monitor and maybe even your car. However, are the manufacturers of these internet-enabled devices paying proper care and attention to security and privacy?

    Find out more in my article on the Lumension Optimal Security blog.

Market Place