September 18, 2015 | Garrett Gross

CoreBot - Not Your Average Banking Trojan

Its not often that you get to observe a new malware variant as it develops in the wild, especially one that goes from simple browser credential harvester to full blown banking trojan in a matter of weeks. While it might show up during antivirus scans as a generic trojan (Dynamer!ac or Eldorado), this particularly nasty sample is referred to…

September 16, 2015 | Rich Johnson

Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 2

This is Part 2 of a 'How-To' in an effort to compile a list of tools (free and commercial) that can help an IT administrator comply with the Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. The controls (ordered 1-20) are in order of importance. In other words, completing Control 1 will reduce the threat risk greater…

Get the latest
security news
in your inbox.

Subscribe via email


September 10, 2015 | Rich Johnson

Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 1

This is the first in a series about the tools available to implement the SANS Top 20 Security Controls. The subsequent parts available now are: Part 1 - we look at Inventory of Authorized and Unauthorized Devices. Part 2 - we look at Inventory of Authorized and Unauthorized Software. Part 3 - we look at Secure Configurations. Part 4 - we look at Continuous Vulnerability…

September 9, 2015 | David Geiger

5 Steps to Break into IT

At a crossroads? Want to make to the move to Information Technology? You can, whether you're fresh-faced from high school or a mid-career changer. Any career change is challenging, however, you will find that being smart, teachable, and clear on your strengths will help you transition to the world of tech. Strap yourself in- here are some practical steps…

September 4, 2015 | Kate Brew

IT Jokes from Spiceworks

We asked the SpiceHeads in the Spiceworks community for IT-related jokes recently. Here are their stories: A man flying in a hot air balloon suddenly realizes he’s lost. He reduces height and spots a man down below. He lowers the balloon further and shouts to get directions, "Excuse me, can you tell me where I am?" The man below…

August 31, 2015 | Jenny Richards

Hadoop-as-a-Service: Security and Cost Considerations

Hadoop is one of the most important tools used in the analysis and utilization of Big Data. It enables enterprises to utilize even the most complex data sets and initiatives, and to do so without incurring huge expenses. It’s highly scalable and flexible, enabling many organizations to build multi-million-dollar products by just building on the basic package. However, this…

August 31, 2015 | James Fritz

AlienVault Secures b Spot’s Network for Innovative Gambling Platform

Founded in Los Angeles, California in 2012, b Spot is a new revolutionary mobile-based game network that allows players to bet and win real cash. All of b Spot’s mobile games are free to play and when you’re ready to place a bet, you tap a “play for money button” to make a cash wager. Results from all well-known…

August 27, 2015 | Garrett Gross

Korplug and the latest Internet Explorer vulnerability exploit (CVE-2015-2502)

Microsoft just issued a patch for a zero-day vulnerability in Internet Explorer that has been exploited in several attacks. In one of the cases, a compromised website was hosting malicious code that generated an iframe overlay designed to look like the website itself. This then redirected unsuspecting victims to another website that installed a seemingly innocent file (java.html) that…

August 26, 2015 | Tony Robinson

Dynamic DNS and You Part 2: Identifying the Threat

Greetings! You all really seemed to like my last post on Dynamic DNS, so I've been invited to come back and talk more about it. In part 1 , we discussed the uses of Dynamic DNS, as well as the various providers of the service and how it all works. We then discussed that while Dynamic DNS may not malicious in and…

August 25, 2015 | Marcus Carey

Ten Principles for Highly Effective Cybersecurity Programs

I’ll start this post with the Rifleman’s Creed. This is my rifle. There are many like it, but this one is mine. My rifle is my best friend. It is my life. I must master it as I must master my life. My rifle, without me, is useless. Without my rifle, I am useless. I must fire my…

August 24, 2015 | Henry Dalziel

Information Security Conferences - How To Choose Which Ones To Attend?

With more than 100+ information security conferences and events taking place in the US each year, it can be a challenge to decide which ones to attend. Following is my take on the must-attend events and why. Conferences bring together leading vendors, speakers, thought-leaders and clients to network, discuss trends, and display new cybersecurity products and solutions. Before we dive into…

August 20, 2015 | Richard Kirk

Cybercrime – it’s just not cricket

Imagine that you are at a cricket match and a stray “6” heads straight for your friend's face who is sitting next to you. You may think at first “phew, thankfully that avoided me so I am not in danger!” but another thought could be “I'd better save my friend before he gets a…