How Twitter Spam Steals From Google, Yahoo!

From the Infosec Island Network

Scammers have been devising ways to ride on someone else’s coattails since the dawn of time. With every new technology they find another way to make money from nothing. I was innocently monitoring my Twitter feed last night when I saw someone tweet “Sophos acquires anti-spam specialist ActiveState.: An article from: Software Industry Report hxxp://censored”. Interesting… I used to work at ActiveState and know we were acquired in 2003. Something was fishy…

DoD Endorses Certification for Hackers

From the Infosec Island Network

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD’s computer network defenders (CND’s), a specialized personnel classification within the DoD’s information assurance workforce.

File-Sharing Software Threat to Health Privacy

From the Infosec Island Network

There is a real risk of inadvertent disclosure of PHI through peer-to-peer file sharing networks, although the risk is not as large as for PFI. Anyone keeping PHI on their computers should avoid installing file sharing applications on their computers, or if they have to use such tools, actively manage the risks of inadvertent disclosure of their, their family’s, their clients’, or patients’ PHI…

Social Engineering and Enterprise Security

From the Infosec Island Network

What does our enterprise information have in common with President Obama and Vice President Biden? The need for constant protection. Your enterprise data needs protection from the host of technical and human threats that seem to evolve daily. The President and Vice President require the same protection, albeit amplified due to their position in the world power scheme…

21 More Business Sector Breaches from 2009

From the Infosec Island Network

Some of the breaches described in the notifications were reported in the media at the time, but we spotted a number from the business sector that had not been reported in the media or on this site at the time. So here is a brief roundup on another 21 breaches from the business sector last year…

19 More Financial Sector Breaches from 2009

From the Infosec Island Network

Maryland has updated its web site to provide breach notifications that it has received since its last update. The newly posted notifications are for the period ending December 31, 2009, so there will likely be more to come for 2010…

Building Your Own Malware Lab Part One

From the Infosec Island Network

Malicious software pieces like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Antivirus Labs have invested great Money for analyzing and reversing viruses, but for our case we can perform the analysis using some useful tools on our PC…

Road Map for Software Security Architects

From the Infosec Island Network

If you, as a the security architect involved in the security assessment process, are smart, you would have a security framework to meet these requirements. And if you are “lucky” the application designer will have aligned the requirements to the security framework. But, the reality is that even with an architecture supported by standards and guideline, convincing the application developers to follow it is another story…

2009 Cyber Attacks Increased by One Third

From the Infosec Island Network

Symantec’s 2010 State of Enterprise Security study also found that 100 percent of enterprises surveyed experienced cyber losses in 2009, with theft of intellectual property, customer credit card information or other financial information and customer personally identifiable information the most prevalent…

Banks, Businesses, Viruses and the UCC

From the Infosec Island Network

There’s an interesting post over at Krebs On Security talking about some poor company that is going bankrupt because TD Bank allegedly will not give them their money back after it was stolen out of their account. As such, if your company has money wired out of it’s account, the bank isn’t to be held liable - or at least that’s been their argument. This is happening all the time, so why aren’t we hearing about it all the time? Well that leads me to the worst part of this story…

Next Page »

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (109)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (597)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (306)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (583)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (369)
  • Greg George (5)
  • H1N1 (15)
  • hackers (535)
  • healthcare (130)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (531)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (34)
  • Insider Threat (486)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (67)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (497)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (207)
  • national security (449)
  • PCI (304)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (548)
  • Rachel James (10)
  • reach (7)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (498)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (97)
  • Webcast (49)

• ISR Headline Index

  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs