Top Stories

Confer graphic_Final

With $8m In Funding, Confer Taps Cloud, Crowd To Secure Endpoints

A new endpoint security startup, Confer, pulled the covers off its technology on Wednesday, announcing a new services-based endpoint protection product that it claims will provide better protection against malicious software and advanced attacks. Based in Waltham, Massachusetts, Confer has been in existence for just over a year and has received $8 million in venture funding from North Bridge Capital and Matrix Partners. The company’s cloud- and endpoint-based software enables organizations to collaborate to stop sophisticated attacks by sharing attack and malware anonymously with other Confer customers. The company said its technology will appeal to enterprise customers who have grown weary of malware infections that manage to bypass or elude traditional anti virus software. Confer is just the latest company to see dollar signs in corporations’ waning enthusiasm for anti malware software. Modern anti malware products are still focused on securing Windows endpoints. They are geared for use in the […]

Mobile Devices Taking Part In Enterprise DDoS Attacks?

Mobile phones have long been on the radar for enterprises concerned about data loss and the spread of malicious code. But a report from the firm Prolexic suggests that they may also be taking part in massive denial of service (DoS) attacks against enterprise networks. The firm Prolexic said that data it collected in the final quarter of 2013 suggests that mobile devices are playing a growing role in distributed DoS (or DDoS) attacks against the firm’s enterprise customers. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use,” said Stuart Scholly, president of Prolexic, in a statement. [Read more Security Ledger coverage of Denial of Services Attacks.]   Infecting unwitting victims with a malicious program is a common method used by botnet operators whose platforms are behind many large-scaled DDoS attacks. But Scholly said that mobile devices and mobile DDoS […]

CES 2014

Is 2014 The Year Uncle Sam Takes On Connected Device Security?

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeThe Consumer Electronics Show – or CES- kicked off last week in Las Vegas. In the last decade, CES has become one of the premiere venues for consumer device makers to launch new products and to show off prototypes of technology they hope to introduce to the public. Home entertainment megafauna dominate the coverage of CES — there was Samsung’s 85-inch LED LCD model with 4K resolution that can transform from flat-screen to curved display. But this year’s show is also a showcase for the next wave of connected devices, including wearable technology, smart appliances and connected vehicles. All these new platforms raise important questions about security, privacy and reliability. I sat down to talk about some of those issues with Mark Stanislav, the lead […]

Retail Breach - Who is Next?

Update: Retail Breaches Spread. Point of Sale Malware A Suspect.

Reuters is reporting on Monday that the recently disclosed hack of box store retailer Target Inc. was just one of a series of attacks against U.S. retailers, including Target, the luxury department store Neiman Marcus and other, as-yet-unnamed companies.* The story adds to other, recent revelations, including the breach at Neiman Marcus, which was first disclosed by the security blog Krebsonsecurity.com on Friday. Also on Monday, Target CEO Gregg Steinhafel confirmed that his company was the victim of malicious software installed on point of sale (PoS) systems at the store. According to the Reuters report, Target Corp and Neiman Marcus are just two retailers whose networks were breached over the holiday shopping season. The story cites unnamed sources “familiar with attacks,” which have yet to be publicly disclosed. Breaches of “at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target,” according […]

Week In Security: More Target Woes and CES

It was another eventful week in security, with another big revelation in the story of a hack of box retailer Target Inc. That update – which accompanied Target’s fourth quarter earnings guidance – nearly doubled the number of known victims of that attack. It also revealed that credit card data was not the only information stolen by hackers, who also made off with customer names, mailing addresses and emails. In this latest installment of Security Ledger’s Security Week in Review, we spoke with Jody Brazil, the President of the security firm FireMon about the week’s events. Jody is a seasoned security professional who works day-in-day-out with companies that are trying to manage their risk. He said that even large companies like Target can fall victim to sophisticated attacks, but the IT security may be too quick to give up on traditional defensive technologies. Jody and I had an interesting chat about […]