Recent Posts

FBI Looking for Cyber Experts to Keep Pace

As a year of mega-breaches and hacks draws to a close, one thing is clear: demand for experts with knowledge of cyber crime and digital forensics is going nowhere but up. Take, for example, the latest job post from the U.S. Federal Bureau of Investigation, which seeks “experienced and certified cyber experts to consider joining the FBI to apply their well-honed tradecraft as cyber special agents.” “We’re putting a big focus on cyber background now,” said Robert Anderson, Jr. , the executive assistant director for the Bureau’s Criminal, Cyber, Response, and Services Branch at the FBI in a video statement. “What we want are people who are going to come and be part of a team that is working different very complex types of investigations and to utilize their skill sets in that team environment.” According to a statement, the FBI has launched a campaign to bring aboard more technical […]

Continue Reading

Are Data Lakes A Key To Securing IoT Environments? | Tripwire Blog

Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems.  As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.

Continue Reading

Two Step: FBI Says North Korea Acted Alone, Had Help

The official line on perhaps the biggest security story of the year shifted noticeably this week following a report by the security firm Norse Corp. that cast doubt on the official explanation of the devastating November hack: that it was a state-sponsored operation carried out by hackers working for the government of the Democratic Peoples Republic of Korea, or DPRK. Two reports in recent days – both citing officials close to the Sony hack investigation – suggest that the FBI believes – simultaneously – that the DPRK did not act alone and that it was the only actor responsible for the attack on Sony Pictures Entertainment.

Continue Reading

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Continue Reading

Wireless Infusion Pump is Test Case for Securing Medical Devices

A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document  (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]

Continue Reading
1 283 284 285 286 287 396