Posts Categorized: Enterprises


Two Days in Vegas: Black Hat in Brief

by

The Black Hat briefings, held Wednesday and Thursday this week, once again brought together some of the best and brightest in the security industry to share knowledge about novel attacks and better defenses against old and new attacks. And, once again, there were some eye opening moments at the conference. Right from the beginning, it was clear the scope of the conference had shifted from the previous year. Conference founder Jeff Moss described a new, more rigorous committee-driven process that Black Hat had begun to employ to scrutinize and vet talk proposals. Talks this year would be more technical, go […]

Continue Reading »

Why Put Security Into the Cloud?

by

This week, Webroot’s Thre@t Reply managed to steal some time with Ian Moyse, who knows a thing or two about the benefits of putting your computer and network security into the cloud, out where the threats are, rather than keeping your security inside your network or on individual computers. [youtube=http://www.youtube.com/watch?v=JHAZxxWzBWk] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one of our threat researchers to answer it on an upcoming Thre@t Reply video. To see any of our other video replies […]

Continue Reading »

Malicious PHP Scripts on the Rise

by

Last week, I gave a talk at the RSA Security Conference about malicious PHP scripts. For those who can’t attend the conference, I wanted to give you a glimpse into this world to which, until last year, I hadn’t paid much attention. My normal week begins with a quick scan of malware lists — URLs that point to new samples — that come from a variety of public sources. I started noticing an increasing number of non-executable PHP and Perl scripts appearing on those lists and decided to dig a little deeper. In a lot of ways, PHP is an […]

Continue Reading »

With Great Power Comes Great Responsibility

by

By Ian Moyse, EMEA Channel Director The cloud delivery model gives vendors a great amount of power. It is easier to create, deploy, maintain and enhance a service than it has been at any other point in computing history. Just look at Facebook, which grew to 500 million members in a very short period of time. People readily share within it, many with a limited understanding of the potential risks to their private information. The ability to make an enhancement and almost instantly put it into the customer’s hands is immensely powerful – and immensely dangerous. If you’re a software […]

Continue Reading »

10 Threats from 2010 We’d Prefer Remain History

by

With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay there. Operation Aurora: Google’s accusation (with Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec) that China hacked its servers, allegedly stealing private emails stored on the company’s servers. The big surprise wasn’t that it was happening, but that companies were publicly talking about it. Abused ccTLDs: 2010 saw lots […]

Continue Reading »

Christmas IE Zero-Day Thwarted. Ho ho ho.

by

Yesterday, two different 0 day exploits against Internet Explorer were published, just in time for the holidays when most of you (and many security researchers as well) are taking time off from work. The exploit, named CVE-2010-3971, is fairly serious, affecting the latest builds of IE versions 6 through 8. Well, I’d normally get all hot and bothered about the fact that this kind of event might force some of our research team to spend their precious vacation time working the problem and coming up with a comprehensive solution. Normally, but not this time. This time we headed the Black […]

Continue Reading »

Internet Misuse: Bandwidth Does Matter

by

By Ian Moyse, EMEA Channel Director Recent studies demonstrate that upwards of 25% of Internet bandwidth in an office are consumed by employees misusing the internet. According to Gartner, the average growth of business email volume is 30% annually, with the average size of the email content growing in parallel. Add to this the growth of Web misuse from streaming media, downloads, file sharing, social networking, and spam, and it becomes pretty clear that the mismanaged cost to business of non-work-related Internet use is already bad and getting worse. There are plenty of examples, including employees wasting more than two […]

Continue Reading »

Malware Threats: What Would Churchill Do?

by

By Ian Moyse, EMEA Channel Director With Christmas fast approaching, (lest we forget the shops have kindly put all the Christmas goods out in September and early October again!) we can expect online attacks to increase as per their normal schedules, ramping up through the end of the year. With apologies to Sir Winston Churchill, never in the field of Internet conflict was so much harm done to so many by so few. For all the benefits the Internet provides our lives, no single technology has given so few criminals the ability to cheaply and easily target the many. We’ve […]

Continue Reading »

Workplace Social Networking: More Like Antisocial Not-working

by

By Ian Moyse, EMEA Channel Director Hardly a week goes by when the national press doesn’t carry a story about how social networks represent a threat to privacy or security, or both. These news stories aren’t wrong: Users of social networks face a raft of risks, ranging from malware attacks and identity theft, to cyberbullying, grooming from sexual predators or stalkers, viewing or posting inappropriate content, and the ever-present risk that you (or someone you work with) might end up with your foot (or is it your keyboard?) firmly in mouth. Using social networks to give out too much information […]

Continue Reading »

Weird Malware on Display at Black Hat

by

I’m at the Black Hat Briefings this week, the annual confab of the best and brightest in computer security, catching up on the trends and tricks malware authors and data thieves employ. I just saw an impressive demo by a pair of security researchers who took a deep dive into the behaviors of four pieces of highly targeted malware. The researchers, Nicholas Percoco and Jibran Ilyas of Trustwave, ran a live demonstration of four Trojans designed to steal sensitive information and surreptitiously exfiltrate that data to the criminals. Three of the Trojans had been found installed on the servers of […]

Continue Reading »