Top News:

Ask Mr. Security Answer Person with John Pescatore

This week Brad Davis of California asks:  

Q: “Can I trust my networking gear?

Well, Mr. Davis – I don’t know about you, but I was not a fan of the Harry Potter books or movies.

All those wizards with all those powers and not one of them had cured the common cold or developed a telephone system so when you reached the wrong extension at a company the person didn’t have to say “I’ll try to transfer you, but if I lose you, here is the correct extension…” – let alone solved any cybersecurity problems.

They seemed too busy playing polo on flying brooms and sending messages via owls, if you ask me.

But, in one of the 754 Harry Potter books there was one great quote by Mr. Weasley, who I believe headed up the Office for the Detection and Confiscation of Counterfeit Defensive Spells and Protective Objects, who surely had information technology in mind when he said: “Never trust anything that can think for itself, if you can't see where it keeps its brain.

Submit questions to: askme@securitycurrent.com

Read More  

LinkedIn Scammer Techniques are Getting Scary

By Richard Stiennon

LinkedIn scammers are continuing to evolve their technique when trying to get you to connect with a fake account.

Earlier I relayed six tips to identify fake accounts. On further investigation, it is evident that the groups behind these fake accounts have created so many ways that they can connect to each other to get to the 500+ number in just a couple of days. They all cross-endorse each other.

                                                       Read More  

Advice for the Incoming CISO of Target

By securitycurrent's CISO Contributors

There is no task more difficult for a CISO than stepping into that role at a large organization that has never had a CISO and has recently experienced a devastating breach that is at least in part responsible for the departure of senior IT management and the CEO. 

securitycurrent polled its contributors to compile advice for Brad Maiorino, newly appointed as the first CISO at Target.  

Read the Advice They Offered 

Black Hat Podcast Series


securitycurrent's Vic Wheatman talks to companies at the Black Hat Conference, 2014, in Las Vegas to learn about the latest cyber threats and security trends. 

Hear from experts at IBM, Trustwave and others.            

                                                                                    Read More 

 

Pivoting to the Enterprise 

Where is General (Ret) Alexander headed?

Clone Wars

Robolawyers acting as lawyer, judge and executioner.

 

Putting Breaches in Perspective 

And the Breach Level Index Finds... 

 

Facebook's New Privacy Policy on Messenger Service Overly Broad 

By Mark Rasch

In Monty Python's "The Meaning of LIfe" John Cleese and Eric Idle show up at Terry Gilliam's house to remove his liver as part of an organ donation program.

When Gilliam objects noting, "I'm still using it" the interlopers pull out his liver donation card, which permits the extraction. When Gilliam protests that the card notes that the organ is to be donated "in the event of death," Cleese notes that "nobody who has had their liver removed by us has survived long..."

                                                                                                                  Read More 

 

IT Forensics in Real Time

By Bob Tarzey  

In an ideal world threat intelligence should prevent IT security incidents from occurring in the first place; however, in reality incidents are inevitable, often with associated data breaches.

Post-event clear up requires intelligence gathering as well and the quicker this can be done the better. As incident response capability speeds up the ability to use intelligence in real time is increasing.

As Cisco’s Sourcefire, puts it: the need for security intelligence is “before, during and after.” The more timely the intelligence can be gathered, the more likely it is that it will be put to use for pro-active defence, rather than post-event clear up; this is the area of real time security analytics.

Read More  

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter