For some time now, we’ve been hearing about how users often fail to install security updates for known vulnerabilities months, or even years, after a fix is available. As an IT security professional, this blows my mind because such practices create security holes that leave computers, and now corporate networks, susceptible to targeted cyber attacks. However, I am a realist: most users do not really think or care about security until something happens to them directly.
In the article, “Malware Authors Relying on Poor User Updating Practices,” cyber criminals understand this, and are taking advantage of users’ negligence around installing the latest security updates on their PCs. According to Ralf Benzmüller, head of G Data SecurityLabs, cyber crooks are not just targeting current security gaps, they also have their eye on unclosed vulnerabilities that for one reason or another have been disregarded by users. Continue reading this post…
In the aftermath of major hacks on Sony PlayStation and Epsilon, businesses experienced an explosion of Trojans and other malicious software that Microsoft says now account for one in every 14 downloads. Also in May, it was discovered that the source code for the infamous Zeus banking malware is now freely available for cyber crooks to download. Does this mean more cyber attacks on banks are coming? Here are some of the top endpoint security stories for May 2011. Continue reading this post…
I’m very proud to announce that the CoreTrace Bouncer application whitelisting solution is in the testing process to be certified to Common Criteria Evaluation Assurance Level (EAL) 3+. As we go through evaluation under the Canadian Common Criteria Evaluation and Certification Scheme (CCS), I’m completely confident that our platform will become the first application whitelisting solution to be certified to Common Criteria EAL 3+.
As a former Air Force Information Warfare Officer, I know the dangers today’s threat landscape poses to our critical infrastructure, government and military systems. Continue reading this post…
I know this will come as a shock to all security experts, but our systems and networks are constantly under attack by an ever-expanding list of malware that threatens just about everything we do online — from working and shopping to communicating and governing. It’s true that hackers never sleep, which means that every corner presents a potential danger each time we go online. If we aren’t adequately prepared to protect the systems we rely on and get ahead of more harmful, targeted attacks, we will continue to fall victim to evolving cyber crimes that are out to exploit our systems to steal sensitive and proprietary information for personal gain, corporate espionage or international deception. We need to move to a modern, proactive security suite. Continue reading this post…
Just when browsers have become more secure from cybercrime, hackers are turning their attentions to the people using them. According to the article, “Microsoft: One in 14 downloads is malicious,” social engineering attacks have blossomed into one of the most preferred criminal tactics to get users to download harmful Trojans. With the rate of about 1 in every 14 programs downloaded by Windows users being some type of malware, Alex Stamos, a founding partner with security consulting firm, Isec Partners, said if attackers can’t get passed tougher browser defenses, they’re adopting new tricks that prey on peoples’ poor decision making.
Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:
Email from a friend: Users get a message from a friend telling them to view a video. When the link asks to download some required software, they are actually downloading a malicious program.
Continue reading this post…