KrebsOnSecurity has obtained an exclusive look inside the back-end operations of the recently-destroyed Grum spam botnet. It appears that the crime machine was larger and more complex than many experts had imagined. It also looks like my previous research into the identity of the Grum botmaster was right on target.
In the recently-published ESG Research Report, Security Management and Operations: Changes on the Horizon, ESG surveyed 315 security professionals working at North American=based enterprise organizations (i.e. more than 1,000 employees). We asked these folks to define the biggest security management challenges at their organizations. Not surprisingly, the top response (50%) was “budget constraints.”...
We were alerted to reports of an exploit targeting the CVE-2012-1535, a vulnerability in Adobe Flash Player to drop a backdoor into the vulnerable system. The said exploit masquerades as a .DOC file (detected as TROJ_MDROP.EVL) that possibly arrives as an attachment to email messages. Users who are tricked into opening the said file actually [...]
Megaupload founder Kim Dotcom has been facing extradition to the US for serious charges related to file-sharing service. Today, he and his lawyers will be breathing a little easier as a New Zealand Judge upholds their request.
Google's "hack the Chrome browser for money" competition is back, with Pwnium 2 set to take place at the 2012 Hack in the Box conference in Kuala Lumpur, Malaysia.
The prize pool's been doubled, if you're interested...
Back when malware were so not rampant, anti-malware software heavily relied on virus signature updates to catch malicious programs. It worked pretty well at that time, and false alarm problems were very rare unless an operational error causes faulty virus signatures to be released publicly. In recent years, with the thriving underground economy, we’ve seen [...]
We recently ran a poll on Linked In to get feedback on companies’ approaches to cloud data destruction. As of mid-August we had received 149 votes with the following results. Over a fourth responded with “What’s that?” So let’s start with a brief explanation of cloud data destruction. In the cloud, your data is often [...]
Previous: Ambient Cloud: What does it mean? We know that the Ambient Cloud is a set of network connected devices that IT departments must manage. But, who is responsible for securing the Ambient Cloud? If you are looking for help from your cloud provider, you might be disappointed. The fact is that you, the enterprise, [...]