How Do I Protect My Organisation from Exploit Kits?

Most network architects I’ve worked with seem quite familiar with botnets, but exploit kits (EKs) are somewhat of a mystery. I’ve recently come across a couple of good papers explaining the topic, one from CERT-UK titled ‘Demystifying the exploit kit’, available at the following URL: https://www.cert.gov.uk/resources/best-practices/demystifying-the-exploit-kit/ And ‘Evolution of Exploit Kits’ from Trend Micro: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-exploit-kits.pdf […]

The post How Do I Protect My Organisation from Exploit Kits? appeared first on Packet Pushers.

Book Recommendation: Wasteland Blues

I am a fan of any sort of post-apocalyptic fiction. Movies. Books. Anime. Weird Al songs. You name it. If it posits a future after the world we know is gone, I'll give it a try. Thus it is that I recommend Wasteland Blues to you by Scott Christian Carr and my fellow Packet Pusher Andrew Conry-Murray.

White House hopes for ‘common ground’ in Silicon Valley meeting

The White House hopes a Friday summit between senior government officials and Silicon Valley tech leaders will find common ground on ways to work together to combat extremism and radicalization. Government officials will seek to convince tech executives that they need to heed President Barack Obama's call to action and step up to help the U.S. in its fight against militants. But some tech executives are still wary of assisting the government after former National Security Agency (NSA) contractor Edward Snowden leaked information about U.S. spying back in 2013.To read this article in full or to leave a comment, please click here

White House hopes for ‘common ground’ in Silicon Valley meeting

The White House hopes a Friday summit between senior government officials and Silicon Valley tech leaders will find common ground on ways to work together to combat extremism and radicalization. Government officials will seek to convince tech executives that they need to heed President Barack Obama's call to action and step up to help the U.S. in its fight against militants. But some tech executives are still wary of assisting the government after former National Security Agency (NSA) contractor Edward Snowden leaked information about U.S. spying back in 2013.To read this article in full or to leave a comment, please click here

Cisco disrupts another exploit kit

Cisco has disrupted another exploit kit that was emanating from Russian service providers. The company’s Talos security operation said it blacklisted several Class C subnets from provider Eurobyte that were serving the RIG exploit kit or scored negatively in web reputation. RIG is an exploit kit that delivers malicious payloads to unsuspecting users. It redirects users to a landing page and the delivers the exploit payload – in this case, spambot variants -- via a GET request, according to this Talos blog post.To read this article in full or to leave a comment, please click here

Sample Internet usage policy

This Internet usage policy from a manufacturing company with fewer than 50 employees establishes the company's ownership of data transmitted over its computer systems, establishes the right to monitor, and ofifers examples of activities that violate the policy.You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]). Internet Usage Policy COMPANY may provide you with Internet access to help you do your job. This policy explains our guidelines for using the Internet.To read this article in full or to leave a comment, please click here(Insider Story)

Sample password protection policy

This password policy from a large financial services institution with more than 5,000 employees covers standards for creation of strong passwords, the protection of those passwords, and the frequency of change. You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use). Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]). Overview Passwords are an integral aspect of our computer security program. Passwords are the front line of protection for user accounts. A poorly chosen password may result in the compromise of critical (organization) resources. As such, all (organization) staff and outside contractors and vendors with access to our systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.To read this article in full or to leave a comment, please click here(Insider Story)

Unlike Mozilla, Google anticipated SHA-1 errors caused by HTTPS traffic inspection systems

Earlier this week, Mozilla was forced to backpedal on banning new SHA-1 digital certificates because the move completely cut off some Firefox users from the encrypted Web. It appears that Google saw the problem coming.Instead of banning all digital certificates signed with SHA-1 and issued after Jan. 1, Google plans to only "untrust" those that originate from public certificate authorities.This decision takes into account that some companies might still use self-generated SHA-1 certificates internally on their networks, or that some antivirus programs and security devices will continue to generate such certificates when inspecting HTTPS traffic.To read this article in full or to leave a comment, please click here

Intelligence agency wants computer scientists to develop brain-like computers

If you are a computer scientist and have any thoughts on developing human brain-like functions into a new wave of computers, the researchers at the Intelligence Advanced Research Projects Activity want to hear from you.IARPA, the radical research arm of the of the Office of the Director of National Intelligence this week said it was looking at two groups to help develop this new generation of computers: computer scientists with experience in designing or building computing systems that rely on the same or similar principles as those employed by the brain and neuroscientists who have credible ideas for how neural computing can offer practical benefits for next-generation computers.To read this article in full or to leave a comment, please click here

DDoS attack on BBC may have been biggest in history

Last week's distributed denial of service attack against the BBC website may have been the largest in history.A group calling itself New World Hacking said that the attack reached 602Gbps. If accurate, that would put it at almost twice the size of the previous record of 334Gbps, recorded by Arbor Networks last year."Some of this information still needs to be confirmed," said Paul Nicholson, director of product marketing at A10 Networks, a security vendor that helps protect companies against DDoS attacks."If it's proven, it would be the largest attack on record. But it depends on whether it's actually confirmed, because it's still a relatively recent attack."To read this article in full or to leave a comment, please click here

Privacy, mobile broadband top tech priorities for FTC, FCC

The nation's top technology regulators provided a glimpse of the year to come this week at the Consumer Electronics Show in Las Vegas, offering a warning about privacy and an ambitious projection for a spectrum auction to boost mobile broadband capacity.Tom Wheeler and Edith Ramirez, the respective chairs of the Federal Communications Commission and Federal Trade Commission, sat for an on-stage interview with Gary Shapiro, head of the Consumer Technology Association, which puts on the annual tech gala.Privacy and consumer protection top FTC’s priority list Privacy and consumer-protection considerations remain at the forefront at the FTC, which has been probing the consumer implications of a variety of emerging technologies, including big data and the Internet of things.To read this article in full or to leave a comment, please click here

Court rules Shutterfly may have violated privacy by scanning face photos

A federal judge has has denied a motion to dismiss a civil case against photo-sharing site Shutterfly that claims the company violated users' privacy by collecting and scanning face geometries from uploaded images without consent.The first of its kind ruling could open the door to future class-action lawsuits against Shutterfly and other social networks that use facial recognition technology without an opt-in policy.The civil lawsuit, brought by the law firm Carey Rodriguez Milian Gonya LLP on behalf of Brian Norberg, alleges that Shutterfly violated the Illinois Biometric Privacy Act (BIPA) by collecting and scanning face geometry in photos uploaded on Shutterfly's website without the consent of those featured in the images.To read this article in full or to leave a comment, please click here

NSF puts $30M behind software bug killing, synthetic biology & computational sustainability

The National Science Foundation this week announced it is divvying up $30 million in funding among three multidisciplinary research projects designed to put advanced computing models to work on nixing software bugs, boosting synthetic biology and creating a more sustainable world.Researchers at Princeton University, Boston University and Cornell University will lead the Expeditions in Computing projects, which each get $10 million over 5 years. The NSF's Expeditions program has funded 19 projects to the tune of $190 million to date, with areas of focus ranging from robotics to the mobile Internet.To read this article in full or to leave a comment, please click here

Antivirus software could make your company more vulnerable

Imagine getting a call from your company's IT department telling you your workstation has been compromised and you should stop what you're doing immediately. You're stumped: You went through the company's security training and you're sure you didn't open any suspicious email attachments or click on any bad links; you know that your company has a solid patching policy and the software on your computer is up to date; you're also not the type of employee who visits non-work-related websites while on the job. So, how did this happen? A few days later, an unexpected answer comes down from the security firm that your company hired to investigate the incident: Hackers got in by exploiting a flaw in the corporate antivirus program installed on your computer, the same program that's supposed to protect it from attacks. And all it took was for attackers to send you an email message that you didn't even open.To read this article in full or to leave a comment, please click here

1 3,153 3,154 3,155 3,156 3,157 3,804