There has been a lot of chatter about a new ransomware being called Locky due to how it renames the files to .locky after encrypting the data. Darkreading posted an article HERE explaining some recent news and Sophos also did a good write up HERE. This post will talk about what Locky is and how to protect your organization from Locky as well as other ransomware. Continue reading
The people at Propublica.org wrote a really cool piece on the creature of GPG, Enigmail and GPG4Win Werner Koch (original post can be found HERE). Until recently, Werner has been the one man band behind developing and maintaining a few versions of free email encryption software applications. Large organizations and governments tend to dump funds into spying and cyber defense yet can’t seem to fund developers of really important things such as email encryption. PGP isn’t good enough so its great to see Werner finally received some funding.
The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Continue reading
Jaeson Schultz and Craig Williams recently posed on the Cisco security blog about research on the latest snowshoe spam trends being seen. They explain the problem, what they are seeing and suggestions for remediation. The original post can be found HERE.
Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.
Aamir Lakhani wrote a good post on email security. The original can be found HERE
Headline Emails Lead To Data Breach
Today we use email far more than we use writing letters to communicate with our friends and relatives. In business, the use of email is ubiquitous and seems to grow exponentially each year. But who’s reading these emails besides those who they were intended for? Is sending information this way secure? Before email, we either sent our correspondence by post in an envelope or byway of fax. Both relatively secure. In the case of postal services, the interception of letters is quite rare and almost impossible for faxes. Continue reading
Data Loss Prevention (DLP) is a topic that keeps IT up at night due to a lack of knowing how vulnerable they are as well as how to remediate. In many cases, data loss is a people problem caused by users unknowing violating policy. Violations can cause your agency to end up in the headlines with huge fines. Leading DLP vendors aim to reduce risk through technologies that fall into four DLP categories. The standard DLP categories are endpoint, network, data center and email-based products that work together as one solution. Continue reading