Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.
Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.
Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.
Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks; Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.
Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.
Happy New Year!
In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post.
First, a bit of news. Unless you’re still recovering from an egg-nog hangover, you’ve probably heard about the Internet Explorer zero day exploit. Note that it doesn’t impact the latest versions of IE, only 6, 7 and 8. Continue reading Defensive Security Podcast Episode 4
Episode 1 – December 7, 2012
It’s late fall, and time for vendors around the world to start guessing at what threats the coming year will bring.
First up, Symantec’s 5 Security Predictions for 2013:
- Cyber conflict becomes the norm
- Ransomware is the new scareware
- Madware adds to the insanity
- Monetization of social networks introduces new dangers
- As users shift to mobile and cloud, so will attackers