Security

This blog is part two of a three-part blog series discussing how organizations can address mobile security concerns through an architectural approach to mobility. In my first post of this three-part series, I discussed how next-gen Wi-Fi models will pave the way for secure mobility and the value o…

A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at…

In October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP…

Are you back from holiday break all refreshed and ready to embrace 2014 with confidence? Many organizations will see new devices on their networks given the recent massive holiday gift giving. In particular, educational organizations will be morst likely to be impacted. It seems there was no new hot…

Update 2014-01-10: This malicious campaign has expanded to include emails that masquerade as bills from NTTCable and from VolksbankU Update 2014-01-21: We’ve updated the chart to include the Vodafon emails and latest URL activity English language has emerged as the language of choice for inter…

When Fox-IT published their report regarding malvertisements coming from Yahoo, they estimated the attack began on December 30, 2013, while also noting that other reports indicated the attack may have begun earlier. Meanwhile, Yahoo intimated a different timeframe for the attack, claiming “Fro…

One of the things I like best about Cisco’s focus on security is the internal SecCon conference we put on each year. It focuses on security threats, defenses, and innovation. Although I participate as a trainer, organizer, and reviewer, my favorite role this year was as an attendee. The confer…

There are many advantages in outsourcing functions to specialist providers that can supply services at lower cost and with more functionality than could be supplied in-house. However, companies should be aware that when buying services, you may also be buying risk. Organisations that have successful…

The website of the OpenSSL project, which provides a widely-used SSL/TLS implementation, was breached on 29th December and defaced (OpenSSL.org announcement). This defacement only affected the website of the project, however. The OpenSSL project has since checked the cryptographic hashes of the Open…