Threat Intelligence |
Sponsored by |
|
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
Akamai releases its Third Quarter, 2016 State of the Internet / Security Report, providing analysis of the current cloud security and threat landscape, including insight into two record setting DDoS attacks caused by the Mirai botnet. more
Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more
Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
In its second quarter 2011 earnings call, Verisign announced that Mark McLaughlin has submitted his resignation to become the CEO of a private company. His last day with the company will be August 25, 2011. Mark concluded his board service at the regularly scheduled board of directors meeting on July 27, 2011 and resigned as president and chief executive officer effective August 1, 2011. Jim Bidzos, Verisign's founder and previous CEO, will become the president and chief executive officer effective August 1, 2011. more
The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
As businesses adjust to the "new normal" in the ongoing COVID-19 pandemic, it is important to quickly take stock of where your organization stands on privacy and security risk. Even in these unusual circumstances, organizations of all sizes and sophistication continue to be expected to act with reasonable care and comply with their public commitments and regulatory obligations. Enterprises may be finding different or better ways to operate, collaborate, and service customers. more
An international group of more than 360 cyber threat intelligence researchers from over 40 countries have joined forces to help the medical sector amid the COVID-19 crisis. more
As far as facebook is concerned, your email is your identification. This is true for other social networks like linkedin, and is slowly catching on to many other Web 2.0 services. It actually makes a lot of sense that your unique identifier (your "ID") would be your email -- it's unique by definition, it's easy to remember and most services need the email information anyway... So if email is destined to become the equivalent of your social security number or identification number (depending on which country you live in) how do we proof check that the email address we typed does not contain any typos? more
Every year those in the security industry are bombarded with various cyber security predictions. There's the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years -- that's allowed of course if the threats still stand. In part one of my predictions I looked at the malware threats, so let's take a look at big data and the cloud for part two. more
Google in partnership with the University of Michigan and the University of Illinois, has published the results of a multi-year study that measured how email security has evolved since 2013. Although Gmail was the foundation of the research, insights from the study are believed to be applicable to email more broadly. more
In my recent CircleID post, DNS, Domain Names, and Certificates: The Missing Links in Most Cybersecurity Risk Postures, I highlighted the importance of applying multiple layers of defense to secure these business-critical assets. Last Friday, Brian Krebs, the world-renowned cybersecurity journalist, reiterated the criticality of domain name security because the domain name "e-hawk.net" was stolen from the rightful owner using social engineering tactics targeting its domain name registrar. more