In what sounds like a worst-case scenario, Adobe Corp. admitted on Thursday that a massive breach of its corporate network resulted in the theft of information on close to three million customers and source code for two widely-used products: Adobe Acrobat, Acrobat Publisher, Cold Fusion and “other” as-yet undisclosed products. The news came in a string of announcements late Thursday on Adobe’s corporate blog as well as the news site Krebsonsecurity.com. The revelation came after Brian Krebs, the reporter behind that site, and Alex Holden, the Chief Security Officer of Hold Security, discovered what is described as “a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll.” After being informed of the find, Adobe investigated and acknowledged the theft. In a blog post by Chief […]
Crime
Losing The Future: Schneier On How The Internet Could Kill Democracy
With his deep background in both cryptography and Internet security, Bruce Schneier is of the most thoughtful commentators on all matters cyber. So revered is he, that he even inspired a list of humorous Chuck Norris-style “Bruce Schneier” facts . In recent months, Bruce has been an invaluable sounding board amid the drip-drip-drip of details of ubiquitous government surveillance stemming from Edward Snowden’s leak of classified intelligence on NSA spying and cyber operations. In this video, from a recent speech Bruce did at the TEDxCambridge event up here in the Boston area, he goes a bit deeper: drawing out the current trend lines like hacktivism, Facebook- and Twitter-fueled popular revolutions, civil war and mass surveillance, and trying to discern what the future might look like. /div> Bruce’s theory: although nimble groups of activists, dissidents and hackers have been more adept at using the Internet and innovative technologies and platforms built on […]
Sharing Threat Intelligence To Sort Out Targeted Attacks
Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations. But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate. To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm. Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations […]
Data Breach For Dummies: Simple Hacks, Hackers Are The Norm
In spite of widespread media attention to the problem of “advanced persistent threats” and nation-backed cyber espionage, most cyber attacks that result in the theft of data are opportunistic and rely on unsophisticated or non-technical means, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). Verizon said that its analysis of 47,000 security incidents and 621 confirmed cases of data loss showed that three-quarters were “opportunistic” – not targeted at a specific company or individual – and financially motivated. Around 20 percent of attacks were linked to what Verizon termed “state affiliated actors” conducting cyber espionage. Verizon’s annual Data Breach Investigations Report presents the results of investigations conducted by Verizon’s RISK investigators, the U.S. Department of Homeland Security, US-CERT as well as by law enforcement agencies globally. In its sixth year, it is a highly regarded and oft-cited benchmark of malicious activity and threats to organizations. In a press release […]
Meet The Software That Helped Catch The Boston Bombers
With one suspect in the Boston Marathon bombings dead and another on the run IN CUSTODY! the global, collective effort to identify those responsible for the crime has ended, and focus shifted to apprehending PROSECUTING Dzhokhor A. Tsarnaev, 19. He and his older brother, Tamerlan Tsarnaev, 26, were the subject of a massive manhunt, culminating in a firefight in the suburb of Watertown, Massachusetts, that killed the older Tsarnaev brother and set of a massive, daylong manhunt that shut down the metropolitan Boston area.(*) So how did crowdsourcing fare in the effort to catch the two? You’d have to say: not too well. High-profile collaborative efforts to crowdsource public images of the Boston Marathon bombing site, like those organized by the group 4Chan, assembled intriguing collections of material and clocked impressive pageviews (3.4 million and counting). In the end, those efforts yielded some clues: the type of clothing worn by the suspects, […]
