Published on 08/18/16 06:27PM
Published on 07/31/15 02:30PM
... or lessons to learn from Fiat Chrysler Automobiles (FCA)'s recent mistakes
Many vendors are now adding Internet connectivity to their products, adding more features and enabling the device to send information back to them. Unfortunately, for the vendors who never developed connected products before, these additions also carry a greater risk of having a high-impact security vulnerability in their products. Case in point: the vulnerability recently discovered in the wireless service (Uconnect) of a Jeep Cherokee, which affects several connected cars by Fiat Chrysler Automobiles (FCA) and resulted in recalling 1.4M vehicles. The researchers who discovered it showed how this security flaw could enable hackers to take control over the car’s brakes, engine and electronic equipment.Read More
Published on 06/20/15 08:30AM
Or why using the Command and Control (C&C) server ban lists will not help with security.
If the malware botnet concept is a bit blurry to you, this article will surely clarify things. Without further ado, here are 11 frequently asked questions about malware botnets:Read More
Published on 05/08/15 02:00PM
The Internet of Things (IoT) seems to be about innovation, about developing new cool, exciting “things” that nobody has done before – developing them fast, bringing them to the market with high speed. And people developing these things do understand the importance of security. Even for a small thing such as a wireless-controlled lamp, a user wouldn't want any neighbor kid to control it. However, as the 2014 Blackhat/Defcon showed, a number of those devices have rather inadequate security and could be easily broken into. So why exactly does this happen?Read More
Published on 03/04/15 04:00PM
In POS Security: Lessons for Every Business Employing Such Systems we show how important it is for a retailer or any type of business processing credit card payments to fully understand how POS systems work and the security risks.
In this article, we’ll cover POS attack vectors and ways to detect and even prevent them. There are several ways someone may attack a POS, and we’ll analyze them one by one.
Published on 02/12/15 04:00PM
POS security is one term that we’ve been hearing for more than five years now. And its dark connotations only increased in intensity with the recent Target and Home Depot breaches that shook the two retailers to their core. But it’s not only high-profile retailers that should be wary of such attacks. Smaller companies – retail chains, restaurants and other types of business – in the US, Canada, Australia and Russia have had their POS systems breached in recent months.
So regardless of industry or location, if you have a POS system in place, or you’re considering employing one, you may become a target. To prevent this gloomy perspective, it’s recommended you fully understand how POS systems work, what types there are and the risks they present, as well as the basic security questions you need to ask a potential POS vendor when evaluating their solution.Read More
Published on 02/06/15 03:55PM
Are you looking for the right Advanced Persistent Threat (APT) protection provider? If you already have a security solution in place, talk to your current vendor first and get their view on APTs. Also, be sure to ask if they detect advanced malware threats, and whether the solution you license from them is just a “traditional, signature-based antivirus” or it has other features such as generic detection, proactive protection and heuristics.Read More
Published on 01/08/15 03:30PM
As mentioned previously in Detecting Advanced Persistent Threats – myths and realities, the technologies used by some Advanced Persistent Threat (APT) security vendors may not result in a good detection rate. To add to the problem, most companies providing APT protection do not participate in the standard industry detection tests run by reputable companies. These are the main tools that measure the “effectiveness” of a security solution in terms of how well the solution prevents the penetration of modern malware.
Typical excuses are:Read More
Published on 12/19/14 03:48PM
If you thought the Apple iCloud breach was the biggest security hit on Hollywood this year, you’d be wrong. The recent attack on the film studio Sony Pictures is considered the biggest one yet, as the damage affects not only the company, but also its employees and film collaborators. The attackers, who call themselves the Guardians of Peace #GOP, leaked a treasure trove of internal data: high-quality screening copies of Annie, Fury, Mr. Turner and Still Alice, sales projections for a number of TV shows, company budgets, IT security plans and access credentials, personal information of employees and artists working with Sony, as well as payroll and compensation data. Given the amount of top secret data leaked, the US FBI department has jumped on the investigation, along with the security company that Sony hired to clean up its networks and restore its systems.
Published on 12/02/14 11:07AM
Advanced Persistent Threats (APTs) have been a hot topic for quite some time. In the hype created around it, the media and security specialists have ventured to provide opinions and explanations on various aspects, including what an APT is, and how to protect against it. For example, security vendors offering solutions against APTs often claim that “Traditional signature-based security won't protect you from APTs”. They also explain that they offer “a signature-less, virtualized detection engine", and other modern technologies that protect against APTs. But are they really 100% effective?
And are all these claims valid?Read More