 |
| Image source: Article |
It’s typical for IT to be heads-down, focused on the many threats coming from many directions.
Does your CU have its head down? Or are you on top of these 5 trends?
Tuesday, January 29, 2013
Five Security Trends for 2013
While one of the biggest challenges remains getting the C-suite interested in security, CISOs are increasingly explaining to the front office the business reasons for security.
From compliance, fines, and data loss, to the irreparable harm that could come to the company’s reputation. But there are other important topics in the field, including these five InfoSec trends for 2013.
It’s typical for IT to be heads-down, focused on the many threats coming from many directions.
Does your CU have its head down? Or are you on top of these 5 trends?
It’s typical for IT to be heads-down, focused on the many threats coming from many directions.
Does your CU have its head down? Or are you on top of these 5 trends?
iPhone and Android in the office yield higher profits, happier employees
A new survey finds that companies embracing consumer tech are more likely to report increased sales.
The survey finds that organizations that have adopted consumer tech were 73 percent more likely to report improved sales and new customer acquisitions than BYOD holdouts.
What's more, companies are enjoying intangible benefits from embracing consumer tech, including happier workers.
Are your CU employees happy?
 |
| Image source: Article |
What's more, companies are enjoying intangible benefits from embracing consumer tech, including happier workers.
Are your CU employees happy?
For Fun: Old people icons that don't make sense anymore
What happens when all the things we based our icons on don't exist anymore? Do they just become, ahem, iconic glyphs whose origins are shrouded in mystery?
For example, the Floppy Disk Icon means "save" for a whole generation of people who have never seen one.
And why are they called Radio Buttons? Because my car radio used to have buttons where only one could be pressed at any time. I miss my 8-track.
What icons don't make sense to you?
 |
| Image source: Article |
And why are they called Radio Buttons? Because my car radio used to have buttons where only one could be pressed at any time. I miss my 8-track.
What icons don't make sense to you?
Monday, January 28, 2013
Gartner: Mobile Applications, BYOD to Affect Sourcing Strategies
The rising impact of consumerization means that user demand will increase for new and updated IT services.
Revised mobile strategies, such as bring your own device (BYOD) and mobile applications availability, will expand IT service sourcing requirements as users demand new services.
Sourcing managers should consider these factors when re-evaluating sourcing options, delivery models and vendors, include strong service integration capabilities for IT organizations adopting public cloud models.
What is your CU's sourcing approach for 2013?
 |
| Image source: Article |
Sourcing managers should consider these factors when re-evaluating sourcing options, delivery models and vendors, include strong service integration capabilities for IT organizations adopting public cloud models.
What is your CU's sourcing approach for 2013?
Friday, January 25, 2013
BYOD is a misnomer, MDM is stop-gap
BYOD is a misnomer, while current MDM solutions are "stop-gap technologies" preceding full understanding of mobile data management.
People want access now to data and applications anywhere on any device.
The fact that it happens to be their device, or a different device, or someone else's device, who owns it and who paid for it is kind of what some people think they want to get hung up on. In reality, the real challenge is delivering data and applications to any device anywhere.
Does your CU handle BYOD workflows securely?
 |
| Image source: Article |
The fact that it happens to be their device, or a different device, or someone else's device, who owns it and who paid for it is kind of what some people think they want to get hung up on. In reality, the real challenge is delivering data and applications to any device anywhere.
Does your CU handle BYOD workflows securely?
Thursday, January 24, 2013
Mastermind Behind Gozi Bank Malware Charged
The mastermind who designed and distributed the Gozi malware — infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims — has been charged in New York along with two co-conspirators, according to documents unsealed Wednesday.
Authorities say the virus infected at least 40,000 computers in the U.S., including more than 160 computers belonging to NASA, and cost victims tens of millions of dollars in losses.
According to court documents, one command-and-control server for the Gozi virus stored more than 3,000 usernames of banking victims. In one case in Feb. 2012, a victim lost more than $200,000 siphoned from his bank account.
What's next? Read the full story to find out.
 |
| Image source: Article |
According to court documents, one command-and-control server for the Gozi virus stored more than 3,000 usernames of banking victims. In one case in Feb. 2012, a victim lost more than $200,000 siphoned from his bank account.
What's next? Read the full story to find out.
Wednesday, January 23, 2013
The cloud will impact the way security is consumed
Increased adoption of cloud-based computing is expected to impact the way security is consumed as well as how key government agencies will prioritize security of public cloud infrastructures, according to Gartner.
The growing importance of public clouds, along with the ever-persistent threat on private and public sectors' infrastructures, is expected to result in the U.S. government declaring them a critical national infrastructure.
Growth rates for cloud-based security services are set to overtake those of traditional on-premises. Is your CU part of this statistic?
 |
| Image source: Article |
Growth rates for cloud-based security services are set to overtake those of traditional on-premises. Is your CU part of this statistic?
Android malware spreads through compromised legitimate Web sites
Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices.
The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known to have been launched by the same party that launched the original campaign.
The first variation of the campaign attempts to trick Russian-speaking users into installing a fake version of Adobe’s Flash Player, followed by a second campaign using a fake Android browser as a social engineering theme, and a third campaign which is attempting to trick mobile users into thinking that it’s a new version of Google Play.
Read more about this attack.
 |
| Image source: Article |
The first variation of the campaign attempts to trick Russian-speaking users into installing a fake version of Adobe’s Flash Player, followed by a second campaign using a fake Android browser as a social engineering theme, and a third campaign which is attempting to trick mobile users into thinking that it’s a new version of Google Play.
Read more about this attack.
Tuesday, January 22, 2013
Good Technology’s 2nd Annual State of BYOD Report
Last year, BYOD was on the rise, this year, it’s in full force. Since the release of Good’s first BYOD report in December 2011, we have seen an substantial increase of companies around the globe are embracing BYOD programs to help reduce costs and bolster employee productivity.
For the 2012 State of BYOD Report, Good Technology surveyed the same set of customers to see how BYOD perceptions and program support practices may have shifted in the last year.
Good’s report specially targets its most organizationally complex, multi-national, and highly-regulated customers in order to better understand how these types of companies were adopting BYOD and to share their best practices.
Where does your CU sit with respect to BYOD?
 |
| Image source: Article |
Good’s report specially targets its most organizationally complex, multi-national, and highly-regulated customers in order to better understand how these types of companies were adopting BYOD and to share their best practices.
Where does your CU sit with respect to BYOD?
Thursday, January 17, 2013
Security vendors failing to tackle mobile malware, say CISOs
Smaller point solutions are dominating the market, as traditional vendors get left behind.
Malware is still the biggest threat to mobile security, but most mobile device management (MDM) strategies tend to focus on securing the physical device in case of loss of theft, rather than protecting from cyber threats.
Although mobile malware still only represents a tiny fraction of the total amount of malware in the world today, it is growing exponentially.
See why MDM alone is not enough.
 |
| Image source: Flickr/greyweed |
Although mobile malware still only represents a tiny fraction of the total amount of malware in the world today, it is growing exponentially.
See why MDM alone is not enough.
Wednesday, January 16, 2013
Security group raises BYOD concerns
The top technologies identified to mitigate risks include encryption, the use of virtual private networks, and remote lock and wipe functionality.
But, who wants to setup an additional VPN for mobile devices?
GOOD technology offers mobile device management and secure application containers without poking holes in the DMZ.
What is your CU's BYOU strategy to mitigate risk?
 |
| Image source: Article |
GOOD technology offers mobile device management and secure application containers without poking holes in the DMZ.
What is your CU's BYOU strategy to mitigate risk?
Tuesday, January 15, 2013
90% of passwords can be cracked in seconds
More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.
The problem, researchers said, is that everything that we thought to be true must be reconsidered given advances in technology.
Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols used to be considered robust.
What is your CU's password policy?
 |
| Image source: Article |
Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols used to be considered robust.
What is your CU's password policy?
Yankee Group on Mobile Enterprise Apps
Yankee Group Principal Analyst Chris Marsh comments: “We have, for a good while now, been pointing toward the upcoming goldrush in enterprise mobile applications as companies realize more and more the need and the opportunity for strategic gain in mobilizing existing and reinventing new processes for a mobile age. As an example our surveys show that over the past year the proportion of companies deploying mobile CRM has doubled.
These application types developed off of the Good Dynamics platform are good exemplars of low-hanging fruit for enterprises but the news here though is less about these specific applications and more about Good marking its move away from a pure-play mobile device management (MDM) vendor.
Has your CU moved beyond pure MDM?
 |
| Image source: Article |
Has your CU moved beyond pure MDM?
Monday, January 14, 2013
There's no magic pill for security
Too often, New Year's resolutions to get into better shape are derailed because of a lack of realistic planning. The same thing happens in the security sphere.
Real security only comes with a lifestyle change, serious commitment and determination. It requires sweat and pain at times. But the results can be worth all that effort.
Be prepared for the hard work of getting into security shape. Just as there are no magic diet pills, true security doesn't come with buying a product, even if it's from a reputable vendor.
Is your CU prepared?
 |
| Image source: Flickr |
Be prepared for the hard work of getting into security shape. Just as there are no magic diet pills, true security doesn't come with buying a product, even if it's from a reputable vendor.
Is your CU prepared?
Friday, January 11, 2013
Banks seek NSA help amid attacks on their computer systems
Major U.S. banks have turned to the National Security Agency for help protecting their computer systems after a barrage of assaults that have disrupted their Web sites.
The attacks on the sites, which started about a year ago but intensified in September, have grown increasingly sophisticated, officials said.
The NSA, the world’s largest electronic spying agency, has been asked to provide technical assistance to help banks further assess their systems and to better understand the attackers’ tactics.
Will your CU need to call in the NSA? Let's hope not.
 |
| Image source: Article |
The NSA, the world’s largest electronic spying agency, has been asked to provide technical assistance to help banks further assess their systems and to better understand the attackers’ tactics.
Will your CU need to call in the NSA? Let's hope not.
Fake LinkedIn notifications lead to phishing and malware
LinkedIn users are once again targeted with a massive and widespread spam campaign that takes the form of a notification about a supposedly received message from a potential new connection.
Unfortunately, the offered links - although legitimate-looking - take users to compromised sites that either ask them to share private and personal data, or serve them with a variety of malware that steals information and hijacks users’ address book to spam their contacts.
These compromised sites are often located on US, UK, Russian or Italian domains.
Read the full article to learn more.
 |
| Image source: Article |
These compromised sites are often located on US, UK, Russian or Italian domains.
Read the full article to learn more.
Tuesday, January 8, 2013
Under the Hood of the Cyber Attack on U.S. Banks
You are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declaring them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part an on-going “Operation Ababil”.
So far the attack caused several major disruptions in online and mobile banking services.
Izz ad-Din al-Qassam assured that the cyber-attacks will continue, saying that "from now on, none of the U.S. banks will be safe from our attacks."
Is your CU prepared? See how the attack works to learn more.
 |
| Image source: Article |
Izz ad-Din al-Qassam assured that the cyber-attacks will continue, saying that "from now on, none of the U.S. banks will be safe from our attacks."
Is your CU prepared? See how the attack works to learn more.
Monday, January 7, 2013
CFR Watering Hole Attack
On December 27, we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content.
It was later confirmed that the CFR website was hosting the malicious content as early as Friday, December 21—right before a major U.S. holiday.
The malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability.
What can your CU do to avoid falling prey to this type of attack? Read the blog to find out.
 |
| Image source: Flickr/Chris Capehart |
The malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability.
What can your CU do to avoid falling prey to this type of attack? Read the blog to find out.
Wednesday, January 2, 2013
Playing chess with APTs
During a briefing from the top security analyst at one of the Washington-area cyber centers, I got the idea that resisting targeted attacks from sophisticated adversaries (so-called advanced persistent threats, or APTs) is a bit like playing chess at the grand master level.
Security efforts disproportionately emphasize endpoint anti-malware. But users, desktops and devices are only the pawns on the board (who, unfortunately often hold the crown jewels – your data).
Sophisticated attackers adeptly perform the necessary intelligence-gathering to find just the right social vulnerabilities for the person of interest and the right technical vulnerabilities for the device. Once exposed, most useful devices are easily compromised by targeted malware exploits riding on the back of spear phishing or similar attacks.
Is your CU using the rook, or castle, to provide a strong defense in your own chess game?
 |
| Image source: Flickr/Frank Black Noir |
Sophisticated attackers adeptly perform the necessary intelligence-gathering to find just the right social vulnerabilities for the person of interest and the right technical vulnerabilities for the device. Once exposed, most useful devices are easily compromised by targeted malware exploits riding on the back of spear phishing or similar attacks.
Is your CU using the rook, or castle, to provide a strong defense in your own chess game?
Subscribe to:
Posts (Atom)
