Hopefully, this will be the last time I write about Zeus the banking Trojan. However, when the New York State Department of Homeland Security releases a five page cyber information security advisory — its a little hard to ignore it.
It’s a very comprehensive document that provides good guidance, although I was a bit disappointed they didn’t discuss using a non-windows platform and/or running off a live bootable cd or usb.
That being said, ...
Continue Reading →Ever have one of those really intriguing moments … where for the rest of the day your mind keeps circling back and considering the possibilities? I had one yesterday.
A client asked us to help them on a SIEM Proof of Concept leveraging OSSIM (Open Source Security Information Manager). We had tried OSSIM a few years ago with minimal success, but had been intrigued by Alien Vault’s stewardship of the project, so we were excited to participate. We ...
Continue Reading →Sadly the ABA’s warnings regarding small businesses’ use of online banking has not been well heard. Most small businesses have not yet changed their information security practices to protect themselves from banking malware.
King & Little, a NY based marketing firm faces bankruptcy after it was victimized by the Zeus banking trojan. Over a very short period the attacker emptied the bank account of $164,000. Continue Reading →
Lost in the glow of Operation Aurora was the American Bankers Association (ABA) recommendation “that small to midsized businesses only conduct online banking on dedicated work-stations”. On first blush, sounds like sound information security advice; so why is it that I find this so significant?
Because the banking industry finally “gets it”.
When the ABA (dedicated to enhancing the competitiveness of the nation’s banking industry and strengthening America’s economy) suddenly throws a ...
Continue Reading →Last week I bemoaned Axe Shower Gel’s packagingand noted that we were working on some changes to our Penetration Testing service offerings to better meet our client’s assurance objectives.
Over the last 9 years we have found you can generally divide our Penetration Testing clients up into a few broad “stereotypes”, clients who:
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
