America Express issues notice of a data breach; denies responsibility; takes its time

By Katherine Teitler 

March 18, 2016

Earlier this week American Express notified customers of a potential breach involving theft of account numbers, user names, and “some other” account information—most of the juicy ingredients necessary for fraud. The company was quick to mention that it is monitoring for fraud, but it was even quicker to deny responsibility for the incident. 

Keep reading...

The Pentagon’s new bug bounty program is sending a strong message

By Katherine Teitler 

March 17, 2016

Everything is heating up on Capitol Hill: President Obama is proffering a new Supreme Court Justice nominee. The next presidential race is as much a circus as it is a true campaign. Apple and the FBI are still going at it (while other government agencies have started speaking out in favor of encryption). And the US Department of Defense recently announced its first-ever “Hack the Pentagon” bug bounty program. Mainstream media may not be overly impressed with the March 2, 2016 announcement, but the infosec community has taken note.

Keep reading...

Advancing Your Security Leadership Journey

Are you valued as much a leader as you are a security resource (with a team)?

It's the gut check question I ask of security leaders. In most cases, the answer is no. Most security leaders say they receive recognition for technical prowess, not for leadership.

Does this lack of recognition mean you aren't a leader?

Keep reading...

Password Manager

Passwords are a major component of and the primary method by which most users authenticate to websites, networks, and other closed systems. Despite security teams' best efforts, many users' passwords remain unchanged from default settings and, even when they are changed, the new password is weak, used across multiple sites, or even shared with other users. Even with their downfalls, today it's impossible to not use passwords to access online resources. 

Keep reading...

Love 'em and Lead 'em!

U.S. Army Major General John H. Stanford was asked about how one becomes a leader. "When anyone asks me that question, I tell them I have the secret to success in life. The secret to success is to stay in love. Staying in love gives you the fire to really ignite other people, to see inside other people, to have greater desire to get things done than other people. A person who is not in love doesn't really feel the kind of excitement that helps him to get ahead and lead others and to achieve. I don't know any other fire, any other thing in life that is more exhilarating and is more positive a feeling than love is."

Keep reading...

The Race to Protect Customer Privacy and Gain Trust is On

By Katherine Teitler 

March 11, 2016

Trust dies but mistrust blossoms – Sophocles

Technology is an inescapable part of our lives. Unless you live completely off the grid—grow your own food, never drive a car, transact with only the cash kept under your mattress inside your built-by-your-own-hands house—your personal information is collected, tracked, and exchanged by and among businesses. We knowingly provide private information to some; others come by it through craftily drafted terms and conditions tacked onto customer agreements (often in small print).

Keep reading...

Mobile Devices in Investigations

Once upon a time, phones were only used to make calls. For most of us, our phone is a mobile office; central to a great deal of our daily activity, our phones are the hub through which our email, text messages, news, social media, calendars, driving directions, fitness goals, and so much more are all brought to us, organized, recorded, and shared.

Keep reading...

by George Gerchow, Director, Product Management for Security & Compliance, Sumo Logic

Let me start by saying that RSA is still the place that every security nerd on the globe gathers; "It's what we do!" 

From Amber restaurant to Jillian’s at the Metreon, The Marrriott Marquee to coffee shops, Chevy's, and of course the Tonga Room at the famous Fairmont Hotel, business meetings light up the conference with a constant exchange of information between colleagues, partners, customers, and attendees. In fact, outside the walls of the Moscone and into the surrounding businesses is where much of the action takes place during this massive event. The San Francisco metropolitan area is where innovation and strategy are being outlined on napkins and cardboard coasters, not in the sessions.

Keep reading...

Rootkit

The word "rootkit" originates from the word "root," which, in computer networking, refers to the top-level directory of a file system. Logging in as a "root user" with the highest level of administrative privileges, an attacker can install malicious software; access, copy, delete, or move files; change system configurations; gain access to most areas of the network, applications, and log files and keystrokes; steal passwords; spy on a computer user; monitor traffic; or install a backdoor that will allow the hacker easy entrée back into the system on subsequent visits. "Root" is the level of access, and "kit" refers to utilities, scripts, libraries, or other files that can be accessed once the system has been "rooted."

Keep reading...

Are you Trusted to be a Security Leader?

"Trust is the lubrication that makes it possible for organizations to work." -- Warren Bennis

There is no shortage of quotes to capture the importance of trust: hard to earn, easy to lose, and essential to our success as security leaders.

Yet a troubling trend is emerging: the trust we need to be successful as security leaders is eroding.

Keep reading...

A recap of this year’s show, and cheers to 25 years!

Over 40,000 attendees and nearly 550 vendors are getting back to their inbox this week after having attended the gargantuan vendor show otherwise known as RSA. It was RSA’s silver anniversary, and as with each passing year, it gets BIGGER with age!

Like any relationship, an anniversary is a great time to step back, reflect, and renew vows. In this case, reflect with a renewed sense of improving information security globally – at least that’s the stated intention of every vendor on the show floor. For this momentous occasion, let’s pause for a moment and look at the state of our relationship – this marriage of security solutions and end users. There’s something each side can offer his or her security partner in terms of strengths, weaknesses, and opportunities.

Keep reading...

Kernel

A kernel is the central module, or "seed," of an operating system (OS). At boot, the kernel loads first into a protected area of the main memory (which cannot be overwritten), and remains there until the session terminates. The kernel is a critical component of the OS because it mediates access to system resources; the kernel interfaces with hardware on the system and allows multiple applications to use the hardware when necessary. In short, it is a bridge between applications and data processing, managing input/output requests and translating them into data, ultimately determining what programs and applications can do. For speed and efficiency, it is important that kernels remain small while providing essential services of the OS and applications.

Keep reading...

Secure Privileged Accounts Faster Than Hackers Can Strike

During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.

What's lesser known, though, is many of those breaches began with an exploit of a single, unsecured privileged account and escalated to eventually gain control over the network. Every large enterprise, whether on-premises or in the cloud, is home to potentially hundreds of thousands of vulnerable privileged accounts.

Keep reading...

Why are outdated laws governing current technology usage?

By Katherine Teitler 

February 29, 2016

Whatever side of the debate you’re on when it comes to Apple and the FBI, one thing is for certain: U.S. courts should not be using laws written in 1789 to make decisions about current technological capabilities. Over the years, many laws have been written then repealed—from prohibition to slavery to land ownership to voting rights, there’s no shortage of precedents. What may have made sense at one time no longer stood the test of time, and the courts took the action to overrule outdated practices and irrelevant laws.

Keep reading...

Bridging the Gap between Enterprise Information Security and the Business

Information security and the business need to be in a partnership, not a dictatorship with one party demanding the other follow certain rules and guidelines. Through a true partnership, information security risks can be mitigated and business disruptions limited, thereby creating an improved relationship and organizational efficacy. 

Keep reading...

DDoS

A DDoS, or distributed denial of service, is a malicious attack against a network or network resources that renders the target unavailable to users. A DDoS differs from a denial of service in that multiple compromised systems attack a target. A DDoS begins with an exploit to one vulnerable systems. Once the initial system is compromised, it becomes the DDoS "master." This "master" identifies and infects other vulnerable systems with malware, connecting all the systems, or "bots." The automated bots are remotely controlled and instructed by the master to launch an attack against a specific target during a specified time period, which results in an overload of system resources on the victim's system. The attack overwhelms the target, which could be a website, Web application, email, or other services, disrupting services and making them inaccessible to employees or customers. 

Keep reading...

By Katherine Teitler 

February 22, 2016

Encryption is not a new invention. In fact, evidence of encrypted messages dates back to 1900 BC when the Egyptians wrote alternative symbols on pyramid walls to relay secret messages to one another. In modern times, though, encryption takes on a new meaning. Encryption is an essential part of securing data that sits on or moves through networks, devices, and other information systems. 

Keep reading...

Staffing Your Team When the Market is Tight

By Katherine Teitler 
February 17, 2016

The security field needs more practitioners. The insanity that is our “always-connected” world necessitates more resources to manage, monitor, and maintain personal and enterprise data – from email accounts to mobile phones to chock-full-of-tech refrigerators. 

Keep reading...

War Dialing

War dialing, also known as "demon dialing" was a hacking technique that emerged in the late 1980s as a method for attackers to identify unauthorized or non-secure modems within an enterprise that provided access the company's voice or data network or its Intranet. Originally a manual process (think: prank calling when you were a kid), technologies rapidly evolved and new software allowed attackers to automatically scan a large block of random telephone numbers for unprotected user names or passwords. Some of the programs used in war dialing would also automatically log and enter successful connections into a database when they were found so attackers could return at a later time to leverage unauthorized access.ense in depth is a practical strategy for achieving information assurance in today’s highly networked environments, as defined by the NSA, which first applied the long-standing military strategy to network security. The basic premise of defense in depth is that layering security controls within a computing environment helps slow down an attacker’s progress should s/he gain access. 

Keep reading...

Advanced and Persistent: Neither is Necessary

The hype around advanced persistent threats (APTs) is as high as ever. Post-breach, hacked organizations sing the praises of their adversaries' skills. Practitioners are bombarded by industry marketing touting the latest APT detecting and killing technologies. You would think the number of advanced persistent threats were climbing dramatically, and that the majority of breaches were near impossible to prevent given the endless resources of bad guys.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.