Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-52 2014 December 28 at 7:10 p.m. MST (2014 December 29 0210 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 22-28 G1 (minor) geomagnetic storms were observed on 22 December due to effects from a coronal mass ejection. R1 (minor) solar radiation storms were observed on 22 and 27 December due to solar flares from Regions 2242 and 2249. Outlook For December 29-January 4 G1 (minor) geomagnetic storms are possible on 03 January due to effects from a large coronal hole high speed stream. A chance for R1 (minor) solar radiation storms are possible through 30 December from complex Region 2249. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Configuring and Using PKI in Your Microsoft Network
The following is external content provided as a free resource for blog readers.
| This white paper gives you a great overview of the core configuration of your Microsoft CAs. Request Free! |
Why Threat of Downtime Should Be Keeping You Up at Night
The following is external content provided as a free resource for blog readers.
| Security systems only provide protection if up and running. If video monitoring systems, access control, or other building security systems go down, it can be costly and dangerous. Learn how to protect your security systems and keep them running 24/7/365. Get this informative white paper to learn all about:
Request Free! |
Everything You Need To Know About A DDoS Attack
The following is external content provided as a free resource for blog readers.
Even if your company isn’t as large as Amazon or eBay, any amount of profit loss due to downtime should be cause for concern. Not only do you miss a potential sale in real time, that customer is less likely to come back and try to purchase from you again in the future. Request Free! |
Email Security For IT: How To Keep Your Brand Safe
The following is external content provided as a free resource for blog readers.
Not only can phishers hurt your company and customers, but your brand can take a beating too. Find out what you should be implementing to keep your brand safe. Request Free! |
Space Weather Outlook December 21, 2014 at 08:19PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-51 2014 December 21 at 6:05 p.m. MST (2014 December 22 0105 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 15-21 An R3 (Strong) radio blackout was observed on December 20. R2 (Moderate) radio blackouts were observed on December 17 and 18. R1 (Minor) blackouts were observed on December 17, 19 and 21. No G1 (Minor) or greater geomagnetic storms were observed. No S1 (Minor) or greater space radiation storms were observed, although the greater than 10 MeV flux at geosynchronous orbit was enhanced, reaching a peak flux of 3.24 pfu on December 21. Outlook For December 22-28 R1-R2 (Minor to Moderate) radio blackouts are expected through December 28. There is a chance for an R3 (Strong) or greater radio blackout through December 26. There is a chance for a G1 (Minor) geomagnetic storm on December 22. There is a chance for an S1 (Minor) or greater space radiation storm through December 28th. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook
The following is external content provided as a free resource for blog readers.
| The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions. The following kit contents will help you get the most out of your Information Security research:
Request Free! |
Network Security For Dummies -- eBook (usually $22.99) FREE for a limited time!
The following is external content provided as a free resource for blog readers.
CNN is reporting that a vicious new virus is wreaking havoc on the world’s computer networks. Somebody’s hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that’s got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against most security threats. Whether your network consists of one computer with a high-speed Internet connection or hundreds of workstations distributed across dozens of locations, you’ll find what you need to confidently:
Request Free! |
Space Weather Outlook December 14, 2014 at 09:09PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-50 2014 December 14 at 6:55 p.m. MST (2014 December 15 0155 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 8-14 A G1 (minor) geomagnetic storm was observed on 12 December. R1 (minor) radio blackouts were observed on 13 and 14 December. No S1 (minor) or greater space radiation events were observed, although 10 MeV proton flux at geosynchronous orbit was enhanced on 14 December, with a maximum flux of 2.5 pfu. Outlook For December 15-21 R1 or greater radio blackouts are possible throughout the forecast period. There is a chance for G1 (minor) storm conditions on 28 Dec through 09 Jan in response to recurrent high speed solar wind features. There is a slight chance for an S1 (minor) or greater space radiation event through the forecast period. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Grnde zur Vergabe einer vereinheitlichten Identitt an Insider
The following is external content provided as a free resource for blog readers.
| Auf der Liste der acht bedeutendsten Bedrohungen in Sachen Internetsicherheit für das Jahr 2013 führt Forbes interne Bedrohungen unter Beachtung interner Angriffe auf Basis des Schadens, den privilegierte Benutzer verursachen, sowie die Art von Daten, zu denen diese Zugang haben, auf Platz 3 “der Verheerendsten” an. Es ist von äußerster Wichtigkeit, dass Führungskräfte und IT-Richtlinienbeauftragte die Gefahr böswilliger Insider, eine gestiegene Angriffsoberfläche und das Potenzial für durch Angestellte verursachte Fehler durch Bedrohungen oder Fahrlässigkeit erkennen und bestätigen. Request Free! |
Three Ways Companies Can Avoid DDoS Attacks
The following is external content provided as a free resource for blog readers.
In this 15-minute webinar, Dyn Principal Architect Andrew Sullivan gives a quick-hit overview of DDoS attacks and three tips on how companies can help plan ahead before getting hit. Request Free! |
Proven Practices for Securing Your Website Against DDoS Attacks
The following is external content provided as a free resource for blog readers.
Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand! Request Free! |
Keurig 2.0 Genuine K-Cup Spoofing Vulnerability
Hello Slashdot! I apologize if the blog runs slow under the heavy load! -Ken
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Overview
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup.
Impact
CVSS Base Score: 4.9
Impact Subscore: 6.9
Exploitability Subscore: 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Complete
Availability Impact: None
Vulnerable Versions
Keurig 2.0 Coffee Maker
Technical Details
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup.
Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user.
Please note that a proof of concept is already available online.
Credit:
Proof of concept at http://www.keurighack.com/
Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com
NOTE: There has been some question regarding the video and who made it. This is not the security researcher you're looking for. I am not the person who created the video, and only found the KeurigHack website after I discovered this vulnerability on my own. To whoever created the website, great job!
Space Weather Outlook December 07, 2014 at 11:41PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-49 2014 December 7 at 9:29 p.m. MST (2014 December 8 0429 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 1-7 Category R1 (Minor) radio blackouts were observed on 01, 04, and 05 December while category R2 (Moderate) radio blackouts were observed on 04 December due to flare activity from Region 2222. Category G1 (Minor) geomagnetic storming was observed on 07 December due to coronal hole high speed stream activity. Outlook For December 8-14 There is a chance for R1-R2 (Minor-Moderate) radio blackouts for the forecast period due to potential significant flare activity from Region 2222 or the return of old Region 2209. Category G1 (Minor) geomagnetic storming is likely on 08 December due to continued activity from a coronal hole high speed stream. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Essential Data Security Kit including Cryptography for Dummies - FREE for a limited time!
The following is external content provided as a free resource for blog readers.
| Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking. Cryptography for Dummies will teach you everything from the terminology used in the field to specific technologies to the pros and cons of different implementations. This essential research also includes DDoS Attacks, Cloud adoption and security, and what you need to know about eliminating security risks for your company. In this kit you will receive the following resources for Data Security research: Request Free! |
5 ways to protect your company from phone and internet fraud
The following is external content provided as a free resource for blog readers.
As a telecoms operator, in order to protect your company against fraudulent attacks, your company needs to make the shift from trying to fix problems after they happen, to focusing on assessing risks ahead of time and implementing the appropriate preventative methods. But how can you prevent these? Find out in the following article... Request Free! |
Is Your Identity and Access Governance Program Vulnerable to Risk?
The following is external content provided as a free resource for blog readers.
Your organization must inventory, analyze and understand the access privileges granted to its users to effectively manage risk. Proactive Identity and Access Governance (IAG) can help you answer the critical question: “Who has access to what, and is it appropriate?” NetIQ shows you how in this paper, which they've packed with:
Learn to secure your organization by implementing a proactive IAG program. Request Free! |
Mobile and Remote Access: Balancing Convenience and Security
The following is external content provided as a free resource for blog readers.
In today's BYOD world, securing access and maintaining productivity is challenging. Users want access from their own devices, and the applications, data and services they're using are not always secured by a perimeter. How can you provide secure access without inhibiting productivity? In this paper you'll learn:
Get advice on choosing the right solution and the knowledge you need to face today's challenges. Request Free! |
Single Sign-On: with Passwords, Less is More
The following is external content provided as a free resource for blog readers.
Your workforce is using applications from a wider variety of sources than ever. Not only does this annoy your users, it's less secure. The solution is simply solved with enterprise Single Sign-On (SSO). Read this paper to learn:
Security and productivity are both at stake: put SSO to work in your organization today. Request Free! |
The Big Shift to Cloud-Based Security
The following is external content provided as a free resource for blog readers.
| As a mid-sized or smaller organization, there is a lure of feeling safety in obscurity. The truth is your company doesn't have to be a giant global corporation to be in the cross hairs of an attack. Automated exploits of common vulnerabilities can equally sweep up victims on any Internet-facing network. As for targeted attacks, smaller companies are often hit first precisely because cybercriminals know these organizations have weak security – and may be a stepping stone to connected business partners or a large parent company. The good news is you don't need to hire a crew of security experts to effectively manage IT risks and comply with security and privacy regulations. This guide explains how SMBs can use cloud-based security to protect their network and ensure compliance without breaking the bank. Request Free! |
Banking IT Systems Management: Challenges and Solutions
The following is external content provided as a free resource for blog readers.
| Banking systems need to be readily available and productive, yet secure and protected from data-breach. The risks of irregular maintenance and non-compliance of IT and security policies can cost the organization much in terms of fines, lost opportunities and a damaged reputation. With such a serious and complex challenge, employing an efficient and comprehensive solution is paramount to minimize risk and instill confidence in the organization's ability to fulfill on its compliance requirements. Download this white paper to learn:
Request Free! |
Cryptography For Dummies - eBook (usually $22.99) FREE for a limited time!
The following is external content provided as a free resource for blog readers.
Request Free! |
Space Weather Outlook December 01, 2014 at 01:23AM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-48 2014 November 30 at 11:10 p.m. MST (2014 December 1 0610 UTC) **** SPACE WEATHER OUTLOOK **** Summary For November 24-30 No space weather storms were observed. Outlook For December 1-7 There is a continued chance for an R1-R2 (Minor-Moderate) radio blackout for the forecast period (Dec 01-07) due to potential significant flare activity from active sunspot Region 2222. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Space Weather Outlook November 23, 2014 at 10:55PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-47 2014 November 23 at 8:42 p.m. MST (2014 November 24 0342 UTC) **** SPACE WEATHER OUTLOOK **** Summary For November 17-23 No significant space weather was observed during the summary period. Outlook For November 24-30 R1-R2 (minor-moderate) radio blackouts are possible through the outlook period due to the size and complexity of Regions 2209 and 2216. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
When Worlds Collide: Cloud Apps and Financial Services
The following is external content provided as a free resource for blog readers.
| Trends suggest that cloud services will soon be the new norm for financial institutions. However, there are two major hurdles to clear when moving financial data out of an on-premises network to public cloud applications: security and compliance regulations. This white paper discusses cloud access security brokers and how they can help the finance industry stay secure in the cloud as well as be compliant. Request Free! |
Isn't The Cloud Already Secure?
The following is external content provided as a free resource for blog readers.
| Successful innovations invariably reach a transitional point at which the general population stops viewing them as shiny toys and realizes these advances are valuable assets. Eventually, like email, it becomes a tool that society can't live without. The adoption of the cloud, however, hasn't been as rapid as experts predicted. Find out who's really responsible for these cloud apps, and the benefits of having a vendor that can protect your corporate data. Request Free! |
Why Some Things Shouldn't Go Viral
The following is external content provided as a free resource for blog readers.
| Email is the most used application in any modern enterprise, yet it remains the primary avenue for sensitive corporate data to leave your network. Securing email becomes even more challenging when BYOD is introduced. Employees love using a single mobile device for work and life. On the surface, this makes a lot of sense – not only is the employee already familiar with the device, but BYOD can also help cut costs. The problem? The fact that employees are using their own devices, running a variety of operating systems, and connecting over insecure Wi-Fi networks makes data security difficult to achieve. Request Free! |
Top Six Things to Consider with an Identity as a Service Solution
The following is external content provided as a free resource for blog readers.
| IT doesn't like it either. After all, they're just trying to ensure the security of your enterprise but they're often burdened with password retrieval activities when they could be focused on more value-added tasks. Because your employees have work to do, and they're suffering from password fatigue, they resort to using passwords that circumvent security practices—inviting hackers into your enterprise data. Solutions to solve the problem are often cumbersome making a complicated problem…well, more complicated. Is there a better way? Absolutely: unified identity management with an Identity as a service Solution (IDaaS). Download the white paper: Top Six Things to Consider with an Identity as a Service Solution. You'll discover how an IDaaS can help you drive user productivity, enhance IT efficiency, improve security, mitigate risk, and lower total cost of ownership. Request Free! |
What are the top 10 emerging threats in telecoms?
The following is external content provided as a free resource for blog readers.
With operators reported to be losing between 3-9% of their annual revenues to fraud, the proactive detection and efficient management of fraud and RA threats are on-going, complex business priorities that are integral to staying ahead of the fraudster. So, what can operators do to stay ahead of the game and prevent revenue losses? Read on and find out... Request Free! |
Space Weather Outlook November 16, 2014 at 09:31PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-46 2014 November 16 at 7:19 p.m. MST (2014 November 17 0219 UTC) **** SPACE WEATHER OUTLOOK **** Summary For November 10-16 Radio blackouts reaching R1 (minor) were observed on 15 November while R2 (moderate) was reached on 16 November. The source of this activity was from active Region 2209. Outlook For November 17-23 Radio blackouts reaching R1-R2 (minor-moderate) are likely through the outlook period. Region 2209 will be the likely source for any significant solar activity. Geomagnetic storms reaching G1 (minor) is expected on 17 November due to effects from a geoeffective coronal hole high speed stream. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Next Generation Criminal Fraud Detection
The following is external content provided as a free resource for blog readers.
| As fraud rises, there is a strong need for fraud tools that can detect account takeover and fraudulent transactions. IBM® Security Trusteer™ Pinpoint Criminal Detection software offers a next generation approach that helps address the challenges of traditional risk engines. Trusteer Pinpoint Criminal Detection helps you to:
Request Free! |
Three Steps to Prevent Workplace Crime
The following is external content provided as a free resource for blog readers.
| You know security is a priority – but where do you start? If you're not a security professional, initiating where to first spend your time and money can be the hardest part. In order to get you started, we've consulted the experts. From understanding what you need in a security review to gaining the power to control your entries to simply understanding the general mind of an opportunistic criminal, you can make a big difference in your company's security. Request Free! |
How to Overcome the Top 5 Business Vulnerabilities
The following is external content provided as a free resource for blog readers.
| Establishing a thriving business takes dedication and hard work. But all too often, business owners and managers find themselves too busy working to protect what they've worked so hard for to make time to put in place preventative measures as well. To make sure that more businesses are aware of the risks, Tyco IS listed the top five vulnerabilities business owners face every day. From burglary to vandalism to liability, see how you can tackle the risks with the right strategies. Request Free! |
The Case for Mobile Security Management
The following is external content provided as a free resource for blog readers.
| Since embezzlement and internal theft are leading causes of mid-sized business failure, making sure your company is secure on the inside isn't paranoia – it's smart business. Learn how you can implement simpler security measures with the convenience of your smartphone or tablet. Like never before, you can maximize your most precious non-renewable resource: your time. Give yourself one less thing to worry about and learn how to safeguard your business with your fingertips. Request Free! |
Mobility on Hold: Get Back on Track with Mobile Risk Mitigation
The following is external content provided as a free resource for blog readers.
| Fortunately, new security measures are available to mitigate the risks associated with advanced mobile banking and payment capabilities. The key to protecting the mobile channel is to realize that it is deeply connected to the online channel. Effective protection must consider risk indicators that span both channels and extend to both to protect against the full range of attack vectors. Read this white paper to learn about:
Request Free! |
Winning the War on Cybercrime: The Four Keys to Holistic Fraud Prevention
The following is external content provided as a free resource for blog readers.
| They then conduct real-time credential theft and take over accounts. The main reason for cybercriminals' continued success is that highly evasive advanced financial malware allows for a wide variety of attacks that are very difficult to detect with traditional fraud prevention technologies. Download our latest white paper to learn:
Request Free! |
The Thriving Malware Industry: Cybercrime Made Easy
The following is external content provided as a free resource for blog readers.
| In today's virtual world, the scope of organizations vulnerable to malware-driven cybercrime is quite broad. In addition to banks and credit unions that are subject to online banking fraud, financial fraud can be perpetrated on insurance companies, payment services, large e-commerce companies, airlines and many others. Request Free! |
Selecting the Right Cybercrime-Prevention Solution
The following is external content provided as a free resource for blog readers.
| Malicious software, or malware, is the primary attack tool used by cybercriminals to execute account takeover attacks, steal credentials and personal information, and initiate fraudulent transactions. The attack tactics, or crime logic, are constantly becoming more sophisticated so they can continue to exploit human and system weaknesses. Fraud-, risk- and IT-security professionals are looking to establish an effective defense against these attacks. Request Free! |
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention
The following is external content provided as a free resource for blog readers.
| Unmistakably, what led to the release of the FFIEC supplement was the introduction of advanced malware that has created an increasingly hostile online banking environment. Sophisticated malware has become the primary attack tool used by online banking fraudsters to execute account takeover, steal credentials and personal information, and initiate fraudulent transactions. To address emerging threats, the FFIEC requires organizations to continuously perform risk assessments as new information becomes available, adjust control mechanisms as appropriate in response to these changing threats and implement a layered approach to security. Consequently, financial organizations need to select solutions that are able to identify emerging threats, address their impact and apply layered security that can quickly adapt to the ever-changing threat landscape. Request Free! |
Holistic Fraud Prevention: Transforming the Customer's Experience
The following is external content provided as a free resource for blog readers.
| When evaluating and implementing fraud prevention technologies, most security professionals focus on only the fraud avoidance capabilities. They often overlook the potentially significant adverse impact on customers' experience and operational costs. Good fraud prevention solutions must be effective at identifying and preventing fraud and must do so with no negative impact. Although many fraud prevention professionals believe there must be a tradeoff between strong security on one side and customer experience and operational costs on the other, this is simply no longer the case. Strong, effective security can and should both enhance customers' experience and lower operational costs. Read this white paper to learn:
Request Free! |
Old Techniques, New Channel: Mobile Malware Adapting PC Threat Techniques
The following is external content provided as a free resource for blog readers.
Read this white paper to learn more about the emerging attack techniques used by cybercriminals in the mobile channel, including:
Request Free! |
Ten Risky Security Behaviors to Avoid: Protect Your Organization
The following is external content provided as a free resource for blog readers.
| You are a problem. You are a risk to your employer. The actions you take and the activities you perform at work, online, and even in your personal life put your employer at risk. You need to know how you are a security risk to the organization and what you can do to reduce or eliminate those risks. In this paper, I discuss ten common risky behaviors that typical workers engage in and what you can do to avoid being the weakest link in your company. Request Free! |
Space Weather Outlook November 09, 2014 at 10:23PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-45 2014 November 9 at 8:11 p.m. MST (2014 November 10 0311 UTC) **** SPACE WEATHER OUTLOOK **** Summary For November 3-9 Radio blackouts reaching the R1 (minor) level were observed on 03 - 06 November and again on 09 November. R2 (moderate) radio blackouts were observed on 03, 04 and 06 November while R3 (strong) radio blackouts were observed on 07 November. This activity was a result of significant flare activity from Region 2205. Outlook For November 10-16 The outlook calls for additional radio blackouts ranging from R1 - R3 (minor to strong) as significant flare activity is expected to persist from Region 2205 and the return of old Region 2192. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Data Center in the Crosshairs: Today's Most Dangerous Security Threats
The following is external content provided as a free resource for blog readers.
| Comprising the most valuable assets in your organization – your web, DNS, database, and email servers - data centers have become the number one target of cyber criminals, hacktivists and state-sponsored attackers. This paper analyzes the top five most dangerous threats to your data center. It also describes the impact of these threats and it reveals the latest methods, tools and techniques used by attackers to exploit data center resources. Request Free! |
DDoS Report: The Escalating Threat of DDoS Attacks
The following is external content provided as a free resource for blog readers.
| Virtually every commercial and governmental organization today is largely - if not entirely - reliant on its online services, and service availability is completely at risk from the rising tide of DDoS attacks. If you are concerned about the possibility of major service outages due to DDoS attacks, you should ensure that your vendor can scale to mitigate the largest multi-vector attacks at your network's edge. Request Free! |
Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC
The following is external content provided as a free resource for blog readers.
| If Lync customers deploy multiple Lync servers or a "pool," they need to distribute traffic loads to those servers. Load balancing is not just a best practice, it's a requirement. Microsoft advises customers to provision either hardware load balancing or DNS load balancing. If load balancing is required, IT managers can deploy Thunder Series Application Delivery Controllers (ADCs) from A10 Networks to ensure world-class performance, applications availability, and resiliency for Microsoft Lync. Security threats challenge enterprise networks at every level, and Lync applications are not immune. Distributed Denial-of-Service (DDoS) attacks are a particular danger for Lync installments. Thunder ADC acts as a reverse proxy between clients and Lync front-end servers, ensuring that all connections to servers are initiated from Thunder ADC. In this process, Thunder ADC eliminates potentially crippling DDoS attacks and other network-level threats. Request Free! |
Defending Against Network Based DDoS Attacks
The following is external content provided as a free resource for blog readers.
| In this video we turn our attention to the network side of the house. Request Free! |
Space Weather Outlook November 02, 2014 at 10:29PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-44 2014 November 2 at 8:17 p.m. MST (2014 November 3 0317 UTC) **** SPACE WEATHER OUTLOOK **** Summary For October 27-November 2 Radio blackouts reaching the R1 (minor) level were observed on 27-30 October. Radio blackouts reaching the R2 (moderate) level were observed on 27-28 October while R3 (strong) levels were observed on 27 October. This activity all originated from large, complex sunspot Region 2192. Outlook For November 3-9 Radio blackouts reaching the R1-R2 (minor-moderate) level are possible through the outlook period. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Space Weather Outlook October 27, 2014 at 03:14AM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-43 2014 October 27 at 1:02 a.m. MDT (2014 October 27 0702 UTC) **** SPACE WEATHER OUTLOOK **** Summary For October 20-26 Category R1 (Minor) radio blackouts were observed on 21-24 October and again on 26 October. A category R2 (Moderate) radio blackout was observed on 22 October. Category R3 (Strong) radio blackouts were observed on 22 and 24-26 October. Radio blackouts were due to flaring activity from Region 2192. Category G1 (Minor) geomagnetic storming was observed on 20 October due to coronal hole high speed stream activity. Outlook For October 27-November 2 Category R1-R3 (Minor-Strong) radio blackouts are likely from 27-30 October due to potential significant flare activity from Region 2192. There is a chance for an S1 (Minor) solar radiation storm from 27-31 October due to potential significant flare activity from Region 2192. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
The 10 Reasons Guide: Choosing a File Sync and Share Solution
The following is external content provided as a free resource for blog readers.
 | Workers want access to business files from anywhere, on any device, and at any time. This presents a new range of corporate security and data leakage risk challenges to today’s IT organizations. Download the white paper that explores 10 reasons why each of Accellion, Anchor/eFolder, Box, Dropbox, Egnyte, Citrix ShareFile, Google Drive and Microsoft OneDrive are not for your business. Plus, one solution that is. Request Free! |
Securing Your Future in the Cloud
The following is external content provided as a free resource for blog readers.
| To help your organization be the one that does things right, here are 10 questions to consider asking potential cloud vendors, as well as what to look for in their answers. Asking these questions should be part of the due diligence process in evaluating the security practice of a cloud provider. Getting satisfactory answers will help in the decision-making process of selecting the best provider for you. Request Free! |
5 Essential Steps to Sustainable PCI DSS Compliance
The following is external content provided as a free resource for blog readers.
| For many companies, Payment Card Industry Data Security Standard (PCI DSS) compliance seems so daunting and complex that they only follow the letter of the regulations, without focusing on the subtle areas that provide the most protection. This eBook describes the five “must-do” steps that help assure the effectiveness of a company's PCI DSS compliance program. Request Free! |
Space Weather Outlook October 19, 2014 at 08:30PM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-42 2014 October 19 at 6:19 p.m. MDT (2014 October 20 0019 UTC) **** SPACE WEATHER OUTLOOK **** Summary For October 13-19 R1 (Minor) radio blackout conditions were observed on 14, 16, and 18 October, with R3 (Strong) radio blackout conditions observed on 19 October, all due to flare activity from active sunspot Region 2192. G1 (Minor) geomagnetic storms were observed on 14 and 15 October as the result of a glancing blow passage of the coronal mass ejection (CME) that left the sun on 10 October. No S1 or greater solar radiation storms were observed. Outlook For October 20-26 R1 (Minor) or greater radio blackouts are expected during the outlook period as active sunspot Region 2192 transits the solar disk. No G1 (Minor) or greater geomagnetic storms are expected. No S1 (Minor) or greater solar radiation storms are expected. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
The FDA are Taking Cybersecurity in Medical Devices Seriously and So Should You
The following is external content provided as a free resource for blog readers.
Medical devices are undergoing a technical transformation in terms of software, interconnectivity and interoperability. This increase of function comes with an increase in risk from cybersecurity threats which puts not only the patients with medical devices potentially at risk, but has wider implications for connected digital infrastructure too. The safety, security and privacy of patients must be protected and the providers of software for medical devices must work with regulators and the wider industry to ensure this. Request Free! |
Symantec Intelligence Report: September 2014
The following is external content provided as a free resource for blog readers.
Read this report to learn more about:
Request Free! |
Five DLP Tips from Security Executives
The following is external content provided as a free resource for blog readers.
| This research paper examines the findings from a new study on DLP by Symantec. The goal of the study is to understand how DLP programs impact the effectiveness of security executives, while also protecting corporate data. Request Free! |
SANS Report - Breaches Happen: Be Prepared
The following is external content provided as a free resource for blog readers.
| This paper describes how to start with improved malware reporting and gateway monitoring and how to combine this output with security intelligence from both internal and external resources. Forward thinking organizations use these and other techniques promoted by frameworks such as the Critical Security Controls. The key is to—as quickly as possible—detect hostile activity, identify and locate affected systems and devices, and respond appropriately. Request Free! |
Protecting Your Website With Always On SSL
The following is external content provided as a free resource for blog readers.
| This white paper discusses the imperative need for Always On SSL, and the steps you can take to deliver end-to-end protection for your users. It also includes detailed accounts of four organizations – Facebook, Google, PayPal and Twitter – that are leading the way with Always On SSL in a cooperative effort to make the Internet more secure. Request Free! |
Simplify SSL Certificate Management Across the Enterprise
The following is external content provided as a free resource for blog readers.
| This white paper provides five simple steps for IT professionals to take control of SSL certificates across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these certificates throughout their lifecycle. Request Free! |
Getting Ahead of the Compliance Curve
The following is external content provided as a free resource for blog readers.
| Compliance is a fast-moving target, and it's getting harder to keep up. In a survey by IT Policy Compliance Group, a consortium dedicated to helping IT security professionals meet policy and compliance goals, 70 percent of all respondents reported being subject to multiple regulatory compliance mandates, as well as contractual obligations and industry standards. Request Free! |
Best Practices for Mobile Application Lifecycle Management
The following is external content provided as a free resource for blog readers.
| Home-grown enterprise apps improve productivity, business partnerships, customer satisfaction and bottom-line performance. Mobile Application Lifecycle Management (MALM) is the key to ensuring the protection of apps and associated data by integrating security throughout the end to end process. Download this white paper to learn how to address:
Request Free! |
Space Weather Outlook October 13, 2014 at 12:22AM
Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-41 2014 October 12 at 10:11 p.m. MDT (2014 October 13 0411 UTC) **** SPACE WEATHER OUTLOOK **** Summary For October 6-12 R1 (Minor) radio blackouts were observed on 09 October. No G1 (Minor) or greater geomagnetic storms were observed. No S1 (Minor) or greater solar radiation storms were observed. Outlook For October 13-19 No R1 (Minor) or greater radio blackouts are expected, No G1 (Minor) or greater geomagnetic storms are expected. No S1 (Minor) or greater solar radiation storms are expected. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.
Oct. is Cyber Security Awareness Month! Will you be Cyber Safe this Holiday Season?
Not only is October Breast Cancer Awareness Month, but October is also Cyber Security Awareness Month! The following are a few talking points which would be great to discuss with family, friends, and co-workers, to help spread awareness and keep yourself, and others, safe online.
Attacks Against Point of Sale Machines on the Rise
Myth: If I don't own a computer, I don't have to worry about cyber security.
Fact: Cyber Security affects everyone, even those without computers.
Did you know that you could become a victim of a cyber crime without ever owning a computer or smart phone?
Over just the past two years, cyber attacks against Point of Sale machines have drastically increased. What initially started as a collection of isolated incidents has quickly grown into a continuous stream of attacks against major retailers.
Cyber criminals have learned that it's much easier to attack the Point of Sale machines directly, instead of attacking the databases retailers use to store payment information. This means an increased threat to consumers and merchants.
Subscribe to:
Posts (Atom)