social engineering

Chief Security Officer: The Toughest Job In IT?

Register now for our CISO Hangout with Jon Trull of Qualys, the former Chief Security Officer for the State of Colorado. Chief Information Security Officers (CISOs) are in the news a lot these days. The breaches at prominent corporations like Target, Home Depot and (this week) JP Morgan have solidified the consensus that the CISO is a necessary complement to the CIO. They’ve also shone a spotlight on what many consider to be the toughest job in corporate America. After all, successful cyber attacks and data breaches are the quickest path to a ruined corporate reputation. And a strong and capable CISO is increasingly seen as the best defense against such an unfortunate occurrence. (Target’s misfortune was the direct result, some argued, on its lack of a CISO.) With all that in the air, the time couldn’t be better to sit down with some of the top CISOs in industry and the public […]

Continue Reading

You’re Invited: A Conversation on Password Security and Targeted Attacks

A note to Security Ledger readers that I’ll be facilitating a really interesting conversation this afternoon on password (in)security and how weak user authentication can undermine even the best laid security plans. The SANS Webinar, Security for the People: End User Authentication Security on the Internet” kicks off at 3:00 PM Eastern today (12:00 PM Pacific). You can register to join us using this link.   My guest is DUO Security researcher Mark Stanislav, a frequent Security Ledger contributor and one of the smartest guys out there when it comes to passwords, authentication and securing the Internet of Things. There’s plenty to talk about: weak authentication schemes are the root cause of any number of prominent breaches – from the recent attacks the Apple iCloud accounts of A-list celebrities, to the breach at retailer Target (reportedly the result of a phishing attack on an HVAC contractor that Target used.) Mark and I […]

Continue Reading

What Hollywood Can Teach Us: Passwords Matter More Than Ever

Andrey Belenko had what you might call a ‘brush with infamy’ earlier this week after a presentation he took part in on the security of Apple’s iCloud became a set piece in the news media scramble to identify the source of a huge trove of leaked celebrity photos – many depicting Hollywood A-List stars in various states of undress. “It’s not the kind of attention you want to receive,” said Belenko, a security researcher with the firm ViaForensics. “It’s all really creepy stuff.” Belenko’s link to the celebrity hacking scandal was a matter of happenstance. He was scheduled to give a presentation at a small, St. Petersburg multi-media conference, Chaos Constructions, over the weekend. Belenko was presenting research he had conducted a year earlier on the security of Apple’s KeyChain technology and iCloud – a talk he had given twice before in the last year. Prior to his talk, Belenko […]

Continue Reading

Update: Cyber Spies Digging For Clues On Iraq?

The folks over at CrowdStrike have dug deep into a campaign of targeted cyber attacks targeting Washington D.C. think tanks and say they have evidence that whomever is behind the attacks has taken a sudden interest in U.S. policy towards Iraq. Editor’s Note: This story was updated to include comments from Adam Meyers, Vice President of Security Intelligence at CrowdStrike. – PFR July 8, 2014 14:30 Writing on Tuesday, CrowdStrike CTO Dmitri Alperovitch described a new campaign by a group they dubbed “DEEP PANDA” that was targeting think tanks specializing on U.S. foreign policy and national security. Alperovitch said CrowdStrike observed a pronounced shift in targets from think tank experts on Asia to experts on Iraq and the Middle East in recent weeks. The shift corresponded with the rapid escalation of violence in Iraq as the Islamic extremist group ISIS took control of large parts of the country. “This actor, who was engaged in […]

Continue Reading

RSA: Boleto Fraud Ring in Brazil Linked To Billions in Bogus Transactions

RSA, the security division of EMC Corp. said on Wednesday that its researchers uncovered a massive online fraud ring that has infiltrated The Boleto, a popular payment method in Brazil. RSA said in a blog post on Wednesday that a coordinated investigation a “Boleto malware or ‘Bolware’ fraud ring that may have compromised 495,753 Boletos transactions over a two-year period. The value of the transactions is estimated at $3.75 billion USD, or $8.57 Brazilian Reals.  The Boleto is a popular and regulated electronic payment system that is the second most popular form of payment in the country, after credit cards. According to RSA, the malware in question allows attackers to carry out man-in-the-browser attacks that modify transaction details on an infected client system so that funds are directed into mule banking accounts controlled by the fraudsters. RSA researchers discovered 8,095 fraudulent Boleto ID numbers tied to 495,753 compromised transactions. The Bolware botnet is […]

Continue Reading
1 3 4 5 6 7 9