Recently I was with a CISO of a multi-billion dollar critical infrastructure provider in the private sector.
We were conducting a security scan and compiling a list of issues and areas that needed to be addressed as part of his overall security program. While at one of the facilities he received a notification that he shared with me. The message was that they had traced back the source of a breach that had occurred a few months back. Keep reading →
In a move that suggests the incendiary impact of malicious software, Iran has now publicly threatened the United States over the Flame malware incident that has gained worldwide attention in recent days.
Flame has been dubbed the “utlimate spy” and for good reason. Iran was the country hit the hardest by the state-of-the-art piece of malware. Keep reading →
It happened again. A number of countries have been hit by what has been called the most sophisticated piece of malware seen to date.
The malware is called Flame – appropriate given the number of computers that have been burned by this latest cyber weapon. Keep reading →
On a fine spring day in the nation’s capital, I’m not the only one to succumb to the temptation to work from home instead of heading into an airless office building. But cybersecurity experts warn that when I log into the AOL server to upload this article, I’m also opening a door for malware and hackers.
With more and more federal workers working from home or on the road all the time, including in the Department of Defense, even as cyberattacks from foreign powers are on the rise, telecommuting has become a national security issue. The solution? Smarter people – using stupider computers. Keep reading →
An old attack vector has re-emerged with a twist. This time the attackers are patient, and have defined the attack process in a manner that will increase the effectiveness.
An email with a semi-customized subject matter is sent to a selected group of targets all sharing a similar interest – CYBERSECURITY. The email is about a job opening and has two attachments. The first attachment is labeled job description. If the email recipient is interested and clicks on the download – you guessed it – malware is downloaded and installed. The second attachment is for the recipients that want to unsubscribe. If you click on that download, yes once again malware is downloaded and installed. Keep reading →
Day after day the threats we are exposed to in cyber space grow. Just recently Panda Security announced they processed their 200 millionth malware file. Just think about that for a moment, 200 million individual pieces of malware.
The company went on to say that cyber intelligence automatically detects, analyzes and classifies more than 73,000 new malware strains a day. That clearly illustrates the continuous change that goes on in the cyber threat environment. Keep reading →
A few weeks ago, I was privileged to be a panelist on the panel, “Protection and the Moral Dilemma: Going Offline in the Name of Security”, the kickoff event of the DHS GFIRST summit in Nashville, Tennessee.
The panel itself included senior security experts from across the spectrum of the public sphere: DHS, the FBI, DoD, state government, and even well-known security author Winn Schwartau. Keep reading →
When it comes to cybersecurity and assurance measures designed to protect sensitive digital assets few people would argue that the risks of attack and compromise has increased sharply over the past few years.
For example, computer security giant McAfee released their 2010 Q3 Threats Report and in it they reported that on average 60,000 new malware threats were identified each day. In their 2011 Q1 Threat Report 6 million unique pieces of malware were recorded. This was the most active quarter in malware history. These figures clearly indicate the severity of the current cyber threat. Keep reading →