Much has already been written about the impact of Operation Aurora on the threat landscape. The international attacks on some of the world’s leading Internet companies reminded us once again of the vulnerabilities within interconnected networks that can be accessed from virtually anywhere in the world.
These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network. Continue reading this post…
Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. Continue reading this post…
Earlier today, CoreTrace announced a record breaking 2009. The results are further proof that CoreTrace’s award-winning BOUNCER technology continues to be one of the leading endpoint security solutions in the application whitelisting market.
Some of the highlights include:
- Eighth consecutive quarter of record growth.
- 500 percent revenue growth over 2008.
- GlobalSCAPE Inc. investment of $2.3 million. Continue reading this post…
Zeus isn’t just the ruler of Mount Olympia, for now Zeus is also atop the botnet world.
As I mentioned in my previous blog, the Zeus family of malware is currently the number one botnet online. According to a recent article, “Zeus Trojan moving past anti-virus protections”, this particular type of malware, which targets bank-related information, has infected 3.6 million PC’s in the United States alone. What makes this malicious code so successful is its ability to bypass even the latest anti-virus software without even knowing it. Continue reading this post…
According to Gartner’s Avivah Litan, even two-factor authentication systems can’t stop today’s cyber thieves. Over the past few months, banks around the world that rely on one-time-password authentication systems have been compromised by man-in-the-middle attacks, despite having two-factor security in place.
Thomas Claburn of InformationWeek writes in his article, “Strong Authentication Not Strong Enough,” that fraudsters are now using call forwarding to bypass security measures. Continue reading this post…