Lets Encrypt Free Certificate Authority This Summer

letsE1 Lets Encrypt Free Certificate Authority This Summer

The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Worlds Biggest Data Breaches

Dataloss1 Worlds Biggest Data BreachesThe people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Anonymous Seizes Ku Klux Klan Twitter Account Over Ferguson Threats

Violet Blue wrote a great article on ZDnet about the recent Anonymous events. In summary, after racial hate group Ku Klux Klan said it would use ‘lethal force’ on Ferguson protesters, a skirmish with Anonymous erupted: Anonymous has now seized two primary KKK Twitter accounts. You can find the original post HERE.

 Anonymous Seizes Ku Klux Klan Twitter Account Over Ferguson Threats Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Darkhotel Espionage Campaign Targets Corporate Executives Traveling Abroad

darkhotel Darkhotel Espionage Campaign Targets Corporate Executives Traveling Abroad

Darkhotel hits its targets while they are staying in luxury hotels. The crew never goes after the same target twice; they operate with surgical precision, obtaining all the valuable data they can from the first contact, deleting traces of their work and fading into the background to await the next high profile target.

The most recent traveling targets include top executives from the USA and Asia doing business and investing in the APAC region: CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This threat actor is still active.

Continue Reading – Click here.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NBC News Article On Shutdown Of Silk Road 2.0 But Silk Road 3.0 Up Days Later

Silkroad1 NBC News Article On Shutdown Of Silk Road 2.0 But Silk Road 3.0 Up Days Later

NBC News post last week about the arrest of the alleged Silk Road 2.0 operator Blake Benthall found HERE. The FBI is charging Blake with running an online “black market bazaar” where anonymous users can trade illegal goods and services. Silk Road has been up since November of 2013 weeks after Silk Road 1.0 was shutdown (post on Silk Road 2.0 HERE). The funny thing is I found Silk Road 3.0 up DAYS after the shutdown of Silk Road 2.0. You can see more on this below.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Validated Designs For PCI DSS 3.0, HIPAA and FISMA

compliance Cisco Validated Designs For PCI DSS 3.0, HIPAA and FISMA

There are many reasons people invest in security. The best reason is having the desire to avoid being breached however sometimes wanting the best security doesn’t justify the investment. Many decision makers have to juggle improving the infrastructure, investing in the latest flashy technology such as high end video, etc. along with keeping things secure. Usually the flashy stuff outshines security until something with teeth forces the focus back on security. A prime example is meeting mandated regulatory compliance. Being out of compliant to many regulations could mean pricy fines as well as possibly litigation actions. This is good news for the IT guy that wants to get his security budget requests placed at the top of the stack.

To help meet regulatory compliance, Cisco has released validated design guides for general security as well as specific market verticals FOUND HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Sweet Orange Web Exploit Kit

orange Sweet Orange Web Exploit Kit

Aamir Lakhani wrote a very interesting article on a malware exploitation kit known as Sweet Orange. It is becoming very popular in underground markets and possibly the next Black Hole. The original article can be found HERE

Sweet Orange is a popular exploit kit making it rounds as one of the latest and most popular exploit kits. It can affect the latest Windows operating systems, including Windows 8.1 and Windows 7. It can also exploit newer versions of Internet Explorer, Firefox, and Google Chrome. According to Webroot, “What’s particularly interesting about the Sweet Orange web malware exploitation kit is that just like the Black Hole exploit kit, its authors are doing their best to ensure that the security community wouldn’t be able to obtain access to the source code of the kit, in an attempt to analyze it. They’re doing this, by minimizing the advertising messages posted on invite-only cybercrime-friendly web communities, and without offering any specific details, demos or screen shots unless the potential buyer directly contacts the seller and has a decent reputation within the cybercrime ecosystem”. Continue reading

VN:F [1.9.22_1171]
Rating: 4.5/5 (2 votes cast)

SSL broken, again, in POODLE attack

Peter Bright provided a fantastic writeup on the recent POODLE aka”Padding Oracle On Downgraded Legacy Encryption” attack that could be as he states “the final nail in SSLv3’s coffin”. You can find the original post HERE via the arstechnica.com website. 

Poodle SSL broken, again, in POODLE attack

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that’s used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The Fappening The Fappening: A Wake Up Call for Cloud Users

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)