Everyone is at risk of a Cyber attack because data is profitable and everyone has data. According to the Financial Times, the most common motive for cyber attack is theft, so we are all at risk. Read the article here. The answer is to decrease your vulnerability to the attack itself. With zero day flaws being found almost daily it is difficult, especially considering the recently discovered flaw that's been around for 17 years. It's due to be patched next week, but how many more like it do the bad guys know about that we don't?
Fake Outlook updates have emerged in recent weeks to install banking Trojans which bad guys use to access your online account to make fraudulent transfers. Email filtering company Red Condor has been intercepting an email phishing campaign spreading faked Microsoft Outlook alerts at a phenomenal rate.
They work because the intended victim receives a personalized email message that appears to come from a techie using a return email address from the same domain as the target. Read More...
In a recent article from Microsoft Research, users are behaving rationally when they reject security advice. According to the paper, the cost of many security policies outweighs their benefits. So, rational or not... Is it really the right thing to do?
Well, my opinion is still that the advice of experts that is based on proven best practices is worth following.
Read the article here. (pdf)
Iraqi insurgents have reportedly intercepted live video feeds from the U.S. military's Predator drones using a $25.95 Windows application that allows them to track the pilotless aircraft undetected. Read the full story
Koobface is up to new tricks and infecting a lot of people this Christmas. Using new methods involving YouTube and also Facebook. Bottom line as always... make sure you look at the URL of the site you're visiting (i.e. www.facebook.com www.youtube.com) and be very careful if sites ask you to download any updates like video codecs or Adobe Flash updates. The full stories are below:pcmag.com zdnet.com
A warning from the U.S. Computer Emergency Response Team (US-CERT) warns that clientless SSL VPN products from Juniper Networks, Cisco Systems, SonicWall, SafeNet, and others operate in a way that breaks fundamental browser security. Currently there are a few workarounds until vendors offer a fix. Read the article for more details...
I think this is a step in the right direction although some may say it's overreaching and other will probably think it's not enough. Pn thursday October 8th Comcast announced Comcast Constant Guard, a web-based Service Notice to provide information to customers that have been infected with malware. What they are attempting to do is help customers. First by advising them that they may be infected with a bot, and second by helping them through the removal process. Now if all the ISPs could take the information they already have & provide it to their customers to help them in this same manner I could focus my attention on more fruitful IT endeavors!