Top IT Security Bloggers

  • Medical group fined $140K for tossing patients' health records into public dump

    Sophos - Naked Security
    Medical diagnoses for cancer patients, names and Social Security numbers all went into the trash, unredacted and unshredded, probably in a very misguided effort to save a few bucks on proper record destruction.

  • What the latest Java flaw really means

    Infoworld Security Blog

    The latest Java zero-day flaw has the tech world in an uproar.

    read more

  • Collaboration, intelligent data and APTs: Security predictions for 2013

    Clearswift Blog



    2013-01

    With 2012 now firmly behind us, it’s time to look ahead to what 2013 has to offer. With this in mind, Dr. Guy Bunker, Clearswift’s senior vice president of products and board member for the Jericho Forum, sets out his predictions for the key security issues and trends for the year ahead.


    Advanced Persistent Threats (APTs)
    Truly a virus for the modern world, the intent of APTs is less about creating havoc and all about making money. APTs target individuals and companies with the sole aim of stealing information for profit. They use phishing and spear-phishing to access corporate data stores and then operate ‘below the radar’, exfiltrating information over extended periods of time. We will see these attacks increase in frequency, especially in mid-sized companies where security is less mature. It's important to remember that it isn’t just large companies that possess valuable intellectual property that cyber-criminals can steal and sell on.


    Collaboration
    Many employees and companies are increasing their collaboration, but are hindered by the security implications. With data loss prevention (DLP) in mind, information security is currently determined at the file or document level. Policy today is such that the file is either ‘ok’, or blocked, and cannot be shared. However, if we take a more intelligent approach – removing the specific sensitive pieces of information – then the file would be okay to share and collaboration would continue. This mechanism would enable seamless sharing of many more documents for collaboration purposes, ultimately making working practices more efficient.


    Even within organisations, the need to keep information on a 'need to know' basis is growing and internal 'DLP' is being introduced. The change from the traditional black-and-white, go/no-go approach to a more intelligent approach: that of automatic adaptive redaction, will create a useful middle ground. Automatic redaction will enable collaboration on documents to take place with the assurance that no sensitive information has left the organisation or been shared inappropriately.


    Beyond 2013 – intelligent data
    Similar to redaction, my long-term prediction for the industry is that we will see the introduction of increasingly intelligent data to enable organisations to share information more readily. Intelligent data goes beyond setting rules for documents. Instead, it sets rules for the data contained within these documents, such as setting access to specific information under certain circumstances. This means that a single document could be shared with multiple recipients, with each one only able to view the information that is pertinent to them within their specific context. The tools to support this are not available today, but they are coming: intelligent data will herald a new era of content and context-aware information security.


    As security threats continue to evolve, it's more important than ever that businesses of all shapes and sizes have a robust security strategy in place for the year ahead and beyond. The cyber-criminals may be getting more sophisticated, but so are we.


    Guy Bunker





    Permalink

    | Leave a comment  »

  • Fun with statistics: Who hates Java the most?

    Sophos - Naked Security
    Over the past five days, lots of you have used Naked Security to find out how to turn off Java in one of the five major browsers.

    And that has given us browser statistics. There are too many variables to know what they tell us, but they do make a neat-looking graph!


  • Botnets Are Everywhere – See How They Spread in the Trend Micro Global Botnet Map

    TrendLabs - Malware Blog
    Cybercriminals today create and use botnets to perpetrate their criminal activities.  Whether it is to send out Blackhole Exploit Kit spam or to use as entry points into organizations, the one constant is that most bots (victim computers) communicate back and forth with command and control (C&C) servers.  Trend Micro’s Global Threat Intelligence, derived from [...]

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Botnets Are Everywhere – See How They Spread in the Trend Micro Global Botnet Map

  • Anonymous avenges Aaron Swartz - MIT and DoJ websites allegedly hacked

    Sophos - Naked Security
    Anonymous is reported to have downed the website of the Massachussets Institute of Technology.

    MIT's network is where internet activist Aaron Swartz was charged with leeching millions of academic articles back in 2011. Tragically, Swartz killed himsef last week.

  • Canada Student Loans borrowers in giant data breach - 583,000 records gone

    Sophos - Naked Security
    Human Resources and Skills Development Canada has admitted that the personal information of more than 500,000 student borrowers has gone missing, lost on an unencrypted removable hard disk.

    Ouch! Haven't we learned to encrypt our customers' data yet?

  • Waledac Gets Cozy with Virut

    Symantec Security Response Blogs

    Recently, we blogged about the file-infector virus known as W32.Virut and the botnet’s return to distributing new payloads.


    read more

  • "If it ain't broke" - Antifragile and Information Security

    HP Following the Wh1t3 Rabbit - Practical Enterprise Security

    Jez Humble's "Continuous Delivery" blog, while not directly speaking to IT Security professionals, often captures some incredibly salient points. His brief analysis of Nassim Talib's concept of "antifragile" is, I believe, is a must read (as is the book). While security tends to look for stability and robustness, it turns out these are (potentially) bad things...

  • How to Use Java – If You Must

    TrendLabs - Malware Blog
    With Java going through another embarrassing zero-day vulnerability recently, it has become a common bit of advice for users to “uninstall Java”. In general, this is sound advice. If possible, users should uninstall Java if they don’t need it. Unfortunately, for many users this simply isn’t an option. Many enterprises have custom apps built on [...]

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    How to Use Java – If You Must