Cybercrime
IT Security Highlights from DHS Report 1-05-2010
Tuesday, January 5th, 2010Cybercrooks Stalk Small Businesses that Bank Online
The American Bankers Association and the FBI are advising small and mid-size businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking. Why? Cybercriminals launched multiple “banking Trojans” — malicious programs that enable them to surreptitiously access and manipulate online banking [...]
Register.com Press Release regarding DDoS
Saturday, April 4th, 2009Here is the press release from Register.com in its entirety:
Register.com Service Alert
April 4, 2009: 2:52PM EST
As we previously communicated, Register.com has been experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack.
We want to update you on where things stand.
As of now, all web services are operational. If you are [...]
DNS Servers under Attack
Saturday, April 4th, 2009This is not a Conficker related blog post. There is a bigger story on the radar from last week. Major web service providers have been intermittently off line with what seems to be major Distributed Denial-of-Service (DDoS) attacks against DNS providers.
An attack against DNS provider NeuStar on Tuesday morning disrupted Amazon’s S3 cloud computing service, [...]
“A Complete Revolution in Federal Cybersecurity”
Tuesday, February 24th, 2009This blog has previously discussed the CSIS Commission report on cybersecurity, and the one of the next steps towards federal cybersecurity was announced yesterday. A consortium of US federal agencies has drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list [...]
Microsoft offers $250,000 reward
Saturday, February 14th, 2009Microsoft announced that it has partnered with security companies, domain name providers, and others on a coordinated global response to the worm which has Infected as many as 12 million machines (according to a guesstimate by Arbor Networks). Participants include ICANN, VeriSign, , CNNIC, , Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, [...]
Background Checks and References are Imperative for Info Sec Professionals
Wednesday, January 28th, 2009Does your company’s Human Resources Department complete background checks and reference checks on employees? Is it documented in the employee manual? Many companies are compelled to complete these checks if they are healthcare providers, defense contractors, or children services providers, but other companies don’t want to spend the time or money to complete background checks. [...]
Hospital ignores Sysadmins, disables Windows Update, pays the Price
Wednesday, January 21st, 2009Computer malware Conficker otherwise known as DownadUp is creating havoc across the Internet, but especially at Sheffield Teaching Hospitals. The malware exploits the MS08-067 vulnerability patched by Microsoft last October. MS08-067 fixes vulnerability in the Server service that could allow remote code execution via a specially crafted RPC request. This vulnerability is particularly nasty because [...]