On Your DMARC, Get Set, Go! Putting Integrity into Your Email Security Policy, Part 2
In Part 1 of this post about the DMARC (Domain-based Message Authentication, Reporting and Conformance) standards for digital messaging integrity, Alec Peterson of Message Systems and Sam Masiello of Groupon, both representing DMARC.org, gave us great information about the new technical specification designed to reduce the phishing abuse of known and controlled domains. Today we pick up where we left … Read more
Posted in Security Management, Security Threats, Uncategorized
Tagged DMARC, email security, phishing
Leave a comment
On Your DMARC, Get Set, Go! Putting Integrity into Your Email Security Policy, Part 1
What are you doing to make the integrity of your corporate email/messaging an integral part of your information security policy? If you don’t have a definitive answer for this question, then read on. I’ve got some great advice from experts on the topic that you can take action on today to protect your company’s brand. I recently interviewed Alec Peterson, … Read more
Posted in Security Management, Security Threats, Uncategorized
Tagged DMARC, email security, phishing
Leave a comment
What’s Needed to Leave Your Leather Wallet at Home and Pay with Your Mobile Wallet Instead—We’re Almost There
At a recent stop at Starbucks, I pulled out my iPhone and held it up for the counter clerk to scan. With a quick beep, I paid for my frothy cold drink and put my phone back in my purse. A few customers in line behind me were intrigued by this and asked me how I used my phone to … Read more
Not Just for PCs Anymore, Malware is Showing up on Offshore Drilling Rigs
I live in Houston, Texas, the undisputed Energy Capital of the World. Houston has an entire area of town nicknamed the Energy Corridor where numerous oil and gas companies have their headquarters, or at the very least, a major presence. Within those gleaming towers, geologists, chemists, engineers and a host of other highly educated professionals lead the efforts to produce … Read more
Posted in Security Management, Security Threats, Uncategorized
Tagged ICS, SCADA, Utilities
Leave a comment
There’s BadNews, and There’s Really Bad News
By now you’ve probably heard about BadNews, a malware family that is targeting Android phones. In a blog post of April 19, the security firm Lookout reported that it had discovered BadNews in 32 apps across 4 different developer accounts in Google Play. Lookout reported its findings to Google, and the apps (and developers) have subsequently been removed from the … Read more
Posted in Security Threats, Uncategorized
Tagged Android, malicous Android applications, malware, mobile malware
Leave a comment
From US-CERT: Tips To Avoid Becoming A Victim Of Spear Phishing
We’ve often reported that spear phishing is a favorite technique that attackers use to plant malware or otherwise gain unauthorized access to networks. Now the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which is part of the Department of Homeland Security, reports on a spear phishing campaign in which the attackers readily found their intended targets’ contact information on … Read more
Posted in Security Threats, Uncategorized
Tagged Critical Infrastructure, ICS-CERT, phishing, SCADA, Utilities
Leave a comment
FireEye Reports That It Detected 89 Million Malware Events That Slipped Right Past Firewalls, IPSs And Other Layers Of Security
FireEye Inc. has just come out with its Advanced Threat Report for the second half of 2012. The content is based on research and intelligence conducted by the FireEye Malware Intelligence Lab and data collected from several thousand security appliances installed at the company’s customer sites around the world. FireEye threat protection appliances are often an organization’s last line of … Read more
Posted in Security Threats, Uncategorized
Tagged FireEye, malware, malware analysis, report
Leave a comment
How Do You Like This? Facebook Likes Reveal Your Private Traits And Attributes
Like us on Facebook! How many times a day do you hear or see those words? More importantly, how often do you follow the plea and click the Like button for something that interests you? Did you know that each time you Like something, you are giving up just a little bit more of your privacy? In fact, depending on … Read more
New Training From SANS Institute: How To Discover If Malware Is Running In RAM Only On Your Systems
Brian and I recently had an opportunity to talk with Jesse Kornblum, an instructor for the SANS Institute. Jesse has developed and just started teaching an advanced course called Windows Memory Forensics In-depth. This course would be valuable for any IT security professional working in an industry or for an organization that has a constant target on its back. For … Read more
Posted in Network Security, Security Management, Uncategorized
Tagged memory forensics, RAM, SANS Institute
1 Comment
Phishing, SMiShing And Wishing It Would Stop!
Lately it seems like I’ve been getting more than the usual number of emails that give me pause. Could this one be a phish, I wonder? What about that one? Even my husband and fellow blogger Brian showed me a curious email the other day. It certainly looked legitimate, appearing to come from a bank we do business with, but … Read more
Posted in Mobile Security, Security Threats, Uncategorized
Tagged email security, phishing, SMS phishing, spear-phishing
1 Comment
