• Black hole routing: Not a silver bullet for DDoS protection

    As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

    Traditional techniques of defense include SYN-cookies, SYN-proxy, redirects, challenges, and of course the black hole routing technique to name a few. Most of these techniques have been around since the early 2000’s when DDoS attacks first began to surface.

  • Continuous Diagnostics and Mitigation capability requirements need re-prioritization

    There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures. These measures will also be used to build cybersecurity dashboards that will be reviewed by the Office of Management and Budget (OMB) for determining funding levels and will get congressional review.

  • Declaring personal data bankruptcy and the cost of privacy

    In the digital economy, your data profile has value, but judging from what I watched happen recently in a London shopping mall, a lot of us give it away for free.

    At the Westfield shopping center in Shepherd’s Bush, a long line of Britons waited to surrender valuable personal information – demographic details, shopping habits, brand preferences, and more – in exchange for a free bar of chocolate. Really. How did the collector, a prominent British retailer, intend to use this bounty? None of the data donors I observed seemed to care. Not one paused to read the posted privacy disclosure statement. That could turn out to be one costly chocolate treat.

  • BYOD: Better stay used to it

    BYOD is a common trend in organizations today. Businesses may be thrilled they don’t have to pay for tablets or smartphones for their workforce and don’t usually have to maintain and fix them. But businesses now have to secure all these devices and endpoints.

  • RSA Conference 2015: Showcasing the future of information security

    Linda Gray is the General Manager of RSA Conferences. In this interview she talks about the growth of RSA Conference, outlines the threats that helped shape this year's agenda, and highlights sessions, speakers and trainings.

  • Are organizations ready for the embedded computing takeover?

    It is bordering on cliché to acknowledge that the Internet is a double-edged sword. As time goes by, the statement takes on even greater significance, in light of its ubiquitous presence in every aspect of our lives. When all companies had to worry about was controlling employee access to non-work-related activities such as social media, or shopping sites, securing the organization network against threats was relatively clear-cut. Simply deploy a Web access management solution and block access to the potentially troublesome sites. Unfortunately, this has changed.

  • Kill Chain 3.0: Update the cyber kill chain for better defense

    If you’re in infosec, you’ve surely heard of the kill chain - a defense model designed to help mitigate more advanced network attacks. The kill chain consists of seven proposed phases of an (external) network attack; the idea being each phase is an opportunity for specific types of defense.

  • INTERPOL and the fast-paced digital threat landscape

    Dr. Madan Oberoi is the Director of Cyber Innovation and Outreach Directorate at the INTERPOL Global Complex for Innovation in Singapore. In this interview he talks about the key developments that allow law enforcement to stay on top the fast-paced digital threat landscape, offers insight on the challenges involved in managing international cyber innovation and research within INTERPOL, and introduces INTERPOL World 2015.

  • Which kind of security professional are you?

    Since I became a part of the industry, I had to decide what kind of a security professional I wanted to be – humble or arrogant. When new to a community or a group, you look up to the leaders - the supremos - for inspiration. Fortunately, I came across recognized and very humble security professionals, and I then knew what I stood for. Whether or not I have achieved the desired level of humility is a different story, but what's important is that I'm willing to work on it.

  • How can organizations guard against hackers in 2015?

    With cloud adoption and BYOD both continuing to grow in the UK, Catalin Cosoi, Chief Security Strategist at Bitdefender, looks at the measures businesses need to take to mitigate emerging security risks.

Videos      Podcasts


Compromised cPanel "Account Suspended" pages redirect to exploit kit

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 27th