The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.
The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).
Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.
Read More »
Tags: advanced persistent threats, APT, cybercrime, security, security top of mind, spam, targeted attacks
Virtualization provides extraordinary benefits to organizations of all sizes. By moving multiple workloads into one physical server, companies have been able to optimize the usage of their data center infrastructure, minimize procurement and operational costs, and increase the overall efficiency of their operations. The growing number of organizations migrating mission-critical workloads to virtual environments has created a critical need to evolve infrastructure security to include these hybrid environments.
Read More »
The hacker group Anonymous has been in the news recently for a variety of reasons, including WikiLeaks, the HBGary breach, and other things. One recent item was a relatively high-profile defection from the organization, the departure of SparkyBlaze for a variety of reasons, including being “fed up with anon putting people’s data online and then claiming to be the big heroes.”
I run the @CiscoSecurity Twitter feed, so I spend a lot of time on Twitter, and saw that @SparkyBlaze was an active user, so I pinged him with a DM in an effort to get his side of the story. I also wanted to get a glimpse into things on the other side – it is probably in the best interest of everyone in the security industry to have a better understanding of Anonymous and others in the underground hacker community. While the human factors were of some interest, I was also really curious about his take on the state of corporate security and wanted to see what he had in the way of concrete recommendations for organizations wanting to prevent breaches and break-ins.
Some might ask, are we giving an illegal hacker a platform? I would say, no. Sparky himself says it very clearly: “Stay away from black hat hacking. White hat hacking is a lot more fun, you get paid for it, it is legal. A conviction for hacking and leaking a database will affect you for the rest of your life.”
Read More »
Recently sample code was posted publicly that exploits a denial of service vulnerability in the Apache HTTP Server. This particular vulnerability is receiving considerable industry attention given the popularity of Apache httpd and amid reports that exploitation has been seen in the wild. This vulnerability has been assigned CVE ID CVE-2011-3192 and currently scores a 7.8/6.3 using CVSS.
By combining inefficiencies inside the web server software with a protocol design peculiarity, an attacker could consume substantial server CPU and memory by issuing requests that contain many overlapping Range or Request-Range values. Successful exploitation would consume server resources to the point of starving those needed to field legitimate requests from other users.
Read More »
This blog was originally published here.
I recently had the good fortune of having dinner with the chief security officers (CSOs) from five major healthcare providers. The CSOs weren’t shy about what was plaguing them.
The biggest headache? Managing consumer devices. Doctors love their iPads and want to use them for work. (It must be the form factor-a next-gen version of the metal-covered chart ubiquitous on medical drama TV shows.) The real life numbers tell the same story. According to Manhattan Research, a healthcare market research firm, just one year after the iPad hit the market, 30 percent of U.S. physicians had adopted the device and an additional 28 percent plan to purchase an iPad within the next six months.
Read More »
Tags: mobile security, security