Get In Touch
A look at security news from around the Web. The Great Bank Heist, or Death by 1,000 Cuts? (KrebsonSecurity) A look at the Carbanak gang, which deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million -- possibly as high as USD $1 billion. Google Adds Grace Period for Software Developer to Fix Security Flaws (eWeek) In what
The bad guys are using a fairly new technique to tamper with the Microsoft SQL Server Resolution Protocol (MC-SQLR) and launch DDoS attacks. In an advisory released this morning, Akamai's Prolexic Security Engineering & Response Team (PLXsert) described it as a new type of reflection-based distributed denial of service (DDoS) attack. PLXsert first spotted attackers using the technique in October. Last month, researcher Kurt Aubuchon studied another such attack and
Microsoft has released its February 2015 security bulletin. Windows, Internet Explorer, Group Policy and Office are among the affected items. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft
Awhile back, after we ran a post about SEA's phishing activities and DNS attacks, my old friend Dave Marcus -- director and chief architect of McAfee's Federal Advanced Program Group -- took issue with our advice that companies continue to push for better security awareness among employees and customers.
Having been asked to speak at a security event in Boston next month, I find myself thinking about the art of public speaking. Whether you're in sales, marketing, InfoSec or finance, it's increasingly important to have the ability to get in front of a crowd and articulate your message. The Akamai InfoSec team must do so at orientations for new employees, along with HR and other departments. And some of
I've seen way too many security advisories over the years to count. The more critical the issue, the more publishable it was. But that was my perspective as a journalist working for news organizations. In the current role, I'm seeing things from the beginning of the internal vetting process. There's a lot we want to make public, but there's a lot we have to keep to ourselves.
During my time as CSOonline's Salted Hash blogger, I wrote something I'd forgotten about until rediscovering it the other day. Three years after writing it, I think this post is still relevant.
Five security articles worth your time...US top developer of risky mobile applications (CSOonline) A new report identifies the U.S. as the top developer of malicious and privacy-intruding applications, a finding that contrasts with conventional wisdom that often places the problem squarely in Asia. 2014 cyberattack to cost Sony $35M in IT repairs (Computerworld) Sony has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment
My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. Here's what she has to say about the series: My goals for the year mean some drastic changes to the type of content you're used to seeing from me. One of these goals is to highlight the human aspect of professionals