The dollar-value of online criminal activity conducted by the Russian mafia and other criminal organizations doubled in 2011, according to a new report from the Russian security firm Group-IB.
Browsing Category: SMB Security
In a ruling that could be felt throughout the business world, the U.S. Court of Appeals for the Ninth Circuit in California ruled that a man did not violate the Computer Fraud and Abuse Act (CFAA) after pilfering contacts from the client database of his former employer to help jumpstart his competing business venture.
The U.S. and other advanced nations face a drastic cyber security skills gap. Attacks from sophisticated and unsophisticated attackers are on the rise, even as more and more companies and government agencies move more of what they do online to Web based services and the cloud. Of course, the skills gap requires a bottom-up rethink of the way that technology skills are taught at both the primary and secondary level. That’s no easy task in a decentralized and highly regulated education system such as the one that exists in the U.S. where resources are addressed more towards basic skill acquisition than to teaching advanced cyber skills. Still, the Obama Administration has put cyber security at the top of its domestic and military security agendas, and there’s some evidence of positive change.
Good Samaritans are few and far between when it comes to lost cell phones, according to the conclusions of a social experiment conducted by security firm Symantec. Smart phones are unlikely to be returned by those who find them, but very likely to be perused for sensitive data including photos, social media applications and banking applications.
Money mules – the accomplices who help move stolen funds – may be the real victims of online banking scams, not the bank customers who are the ostensible targets of fraudsters, according to new research from Microsoft.
The Electronic Frontier Foundation (EFF) is sounding alarms about a collection of overly vague cyber-security bills making their way through Congress.
It can be hard to parse the results of the Verizon Data Breach Investigation Report (DBIR), what with the shifts from year to year in the sources of breach data collected. Last year’s report, if you recall, found a stunning drop in incidents of data theft in 2010, even as tracking sites like Datalossdb.org reported no noticeable change that year.Frankly, it’s hard to read the DBIR and not have the term “sample bias” float into your head time and again. But the DBIR report has always been a good way to understand the security Zeitgeist, and this year’s report is no different, with more normal-seeming results and a focus on the actions of ideologically motivated hacking groups which, Verizon claims, were linked to 58% of all the data stolen from customers in 2011.
Threatpost spent much of the last year chasing after Greg Hoglund, the founder and CEO of HB Gary. First, it was to get his reaction to the bruising encounter his firm had with the hacking group Anonymous. Then it was an endless series of requests on the aftermath of that hack, including the departure of HBGary Federal CEO Aaron Barr, and the company’s decision to pull out of the RSA Conference in 2011. When Greg finally did speak out it wasn’t to us.So we were happy when Hoglund, whose firm was recently acquired by the company Mantech International Corp., agreed to speak at the Kaspersky Lab Security Analysts’ Summit in Cancun, Mexico in February. His talk there on “Lateral Movement and Other APT Interaction Patterns Within the Enterprise” reinforced Hoglund’s reputation as one of the top experts on malicious code.Threatpost editor Paul Roberts caught up with Hoglund after the speech. And, while Anonymous and HBGary Federal were not up for discussion on the record, Hoglund offered some great insights into the delicate art of tracking down remote access trojans (or RATs) after they have a foothold in your network, as well as the mistakes companies make in trying to prevent and respond to security incidents.
The adult Web site DigitalPlayground.com was hacked. A group calling itself TheConsortium has claimed credit for the attack, saying it stole credit card information on 40,000 paying customers and even listened in on a company conference call.
You wouldn’t know it from reading the news, but business identity theft is becoming an increasingly large concern for small business owners, according to a report filed by NPR’s Yuki Noguchi today on Morning Edition.