DOS and DDOS attacks are far from a thing of the past or something that is easily mitigated. Mr. Krebs has taught us that over the last week. Organizations should take their preparations very seriously.
This article is extremely telling in terms of the true risks many of us face in supporting customers, either external or internal, from an IT security perspective. A lack of product and equipment maintenance, in terms of replacement schedules and upgrades, causes security issue after security issue, and frankly, the motivation to correct the problem by the customer comes way too late. Usually a system is either down or compromised or both.
System maintenance and system lifecycle management are important components to the success of any organization and should be talking points for any IT security professional when discussing risk management.
Please review any and all installations of BIND in your environment and patch accordingly. Potential DNS vulnerabilities should be taken seriously.
This is a great example of legislation catching up with technology. I am thrilled to see this change in California. There is no question that ransomware is a form of extortion and as such, it should be subject to the penalties associated with such a crime.
This is an important step in the battle against XSS vulnerabilities. Kudos to Google on moving the ball forward and building better tools that will hopefully lead to better web code.
This is an interesting read detailing the continued growth of fuel pump skimming, in this case with specific examples from the state of Arizona. One particularly interesting tidbit is the discussion of pump master keys. As someone who has worked around and supported from the periphery many fuel centers, I have witnessed first hand the challenges of dealing with pump locks. Most pumps are indeed keyed alike and there is a significant expense to the retailer to convert to non-standard locks. This is an issue that should be better addressed at the industry level.
There is no question that the business of ransomware is profitable and this blog post by Fortinet provides the statistics to back up that claim. Because of the financial advantages, there is every reason to expect this problem to continue to thrive and grow.
This is an interesting list of vendors/products. I am hard pressed to refer to some of these companies as “emerging”, but I do suppose they are entering into new fields and new product sets.
As someone with a spouse in the education sector, this article certainly hits home. I do see a lack of mature security in many of the educational institutions to which I have been exposed. This is an area in significant need of attention.
This is an interesting read detailing the attack on Krebs’ website and his move to Google’s Project Shield. Enjoy!