By Antonio A. Rucci
Counterintelligence Special Agent (Retired), Information Technology & Technical Security Consultant

October 27, 2016

If you are engaged in in the information security (infosec) community for any length of time, regardless of whether you are Blue Team, Red Team, or Purple, one data point remains constant: You recognize the importance of partnering.

Read more ...

Lullaby

By Katherine Teitler

October 26, 2016

Last week, as much of the U.S. was inconvenienced by the widespread DDoS attack on many popular websites, Joomla! casually released a notice warning of a critical patch to its software. The update, which was published on Tuesday, October 25, 2016, according to the company’s website, only said that the new version “is a very important security fix,” bold letters and all. It further warned that “until the release is out,” the company was not able to provide any further information.

Read more ...

The times, they are a-changing

By Katherine Teitler

October 25, 2016

Until last Friday, Internet of Things (IoT) cyber attacks were largely more theoretical than practical, at least for those outside of the cybersecurity research realm. When Reddit, Twitter, Netflix, Spotify, and PayPal, among others, were taken offline or significantly slowed due to a massive distributed denial of service (DDoS) attack last week, consumers and enterprises alike had the chance to see firsthand how shoddily-manufactured internet-connected devices can be a real threat. IoT exploits quickly went from the lab into consumers’ homes, which is no big surprise to security practitioners who’ve long been advocating the need for a more rigorous cybersecurity supply chain.

Read more ...

BitTorrent

BitTorrent was created in 2001 by Bram Cohen with the stated purpose: “to build a better internet.”

BitTorrent is a content distribution and peer-to-peer software/file sharing system that speeds up the sharing process by breaking large files into small data pieces which are distributed across a network of users (sometimes called “swarms”).

Keep reading...

Life is a highway

By Katherine Teitler

October 21, 2016

Employee mobility is no longer a privilege or nice-to-have, but a given in today’s workplace. At even very small organizations, it’s not uncommon to find executives or sales people who are on the road more often than they are settled in the office, and gone are the days when working remotely is considered the entitlement of a select few. With modern mobile devices, cloud-based applications, and always-available WiFi, working from anywhere at any time has become a breeze. From a security practitioner’s perspective, however, mobile devices in the workplace create myriad challenges. 

Read more ...

Street fighting man

By Katherine Teitler

October 19, 2016

Security teams fight many battles. There are threats, vulnerabilities, exploits, improperly configured systems, legacy equipment, lean budgets, staffing shortages, and users who are fallible. Any of these things, alone, add up to challenge, but possibly the biggest challenge security teams face is the battle between the security department and the CIO.

Read more ...

Reprinted from the National Cyber Security Centre in the UK

October 18, 2016

This guidance was originally published on 21 September 2016 as part of NCSC's Password Collection. Original article begins below.

How to help your end users manage their passwords, with additional practical steps to improve your system security. This guidance focuses on the end user (rather than the system owner responsible for determining password policy). It describes how you can help your end users to manage their passwords, and provides further practical steps to improve system security.

Read more ...

Hop Point

Packets of digital data travel from source to destination through “hops,” or stops along the networking path. Data can travel in a single hop (direct) or in a multi-hop network (more than one relay). In a multi-hop network, traffic is rerouted from one gateway, router, or device to the next (somewhat akin to airline routes).

Keep reading...

Cry me a river

By Katherine Teitler

October 17, 2016

Remember the “telephone game” played at parties when you were a kid? One person would make up a sentence or phrase which she or he then whispered into the ear of the person sitting next to him/her in a circle. That person would, in turn, whisper what he/she had heard into the ear of the next person in the circle. And around the circle the message would go until it reached the initiator, who would then clarify what she/he had originally said. Inevitably, the more people in the circle, the more misguided—and generally hilarious—the message would become. 

Read more ...

Bang the drum all day

By Katherine Teitler

October 14, 2016

Defining a “good” chief information security officer is difficult. On one side, many CISOs have risen through the security ranks due to their technical prowess and were thus handed a “business position,” asked to manage a team, and required to start briefing the executive suite on the state of the company’s security. In executives’ terms. On the opposite side, other companies are hiring or promoting traditional business executives to the role.

Read more ...

With a little help from my friends

By Katherine Teitler

October 12, 2016

“Risk management” is a buzzterm of sorts. It’s also an incredibly important element of running a business. Organizations need to understand the consequences of building a new product or offering a new service, moving into an emerging market, acquiring a company, hiring additional employees in good times or laying off others in bad, changing suppliers, etc. Risk management practices date as far back as the Renaissance period, but modern-day risk management, the version we all know and love/hate today, started taking shape only about 40 years ago when risk managers—mainly focused calculating insurance at the time—started looking for alternatives to insurance policies to manage risk. Cybersecurity is newer still, and while lessons can be learned and adopted from risk managers in other disciplines, risk management for security isn’t something that can only be calculated “on paper.”

Read more ...

By Mark Arnold, Senior Research Analyst, Office of the CISO, Optiv

October 12, 2016

As a Princeton seminary student, I had the opportunity to sing with the Princeton University Gospel Ensemble (a.k.a. PUGE). One of the more memorable songs we sang was a slave spiritual adapted from the Noah Story of the Bible. Its lyrics were the following:

"Can you see the clouds gathering,

don't let it be said too late.

You better run into the ark before the rain starts."

Read more ...

Dridex

The Dridex banking Trojan was initially seen in the wild in late 2014, targeting financial institutions mainly throughout the UK. By 2015, the malware had spread to more than 20 countries, and focused heavily on English-language users.

Dridex is peer-to-peer credential-stealing malware which siphons money from victims’ banking accounts. Trend Micro calls Dridex a “Botnet-as-a-service” because the authors of the malware configured a network of servers over which the infected computers communicate with command and control.

Keep reading...

Lonely is the night

By Katherine Teitler

October 7, 2016

Rumblings about the security talent deficit are pervasive. Just like news of recent breaches, it’s hard to get through a week without reading an article, viewing a webcast, or attending a conference during which the subject is not addressed. A lack of staff to fill available enterprise information security positions is concerning; the quantity of digital information that requires protection only grows larger every day. Theoretically an increase in work requirements would see a commensurate increase in bodies to complete the work. That’s not happening, though, for various and sundry reasons, but one pretty big reason doesn’t receive as much play as others, and likely not as much as it should: Security vendors.

Read more ...

Lean on me

By Katherine Teitler

October 5, 2016

“SMBs never seem to have opportunity, funding, margin, focus, bandwidth, or the supply of unicorns that other enterprises appear to have so readily available at their fingertips.” As a security and privacy advisor to many small and medium businesses (SMBs), Darrin Reynolds continually sees security teams struggling to keep pace with the business. Information security is more integral to business growth than ever, and robust, verifiable security can be a point of differentiation, especially in the SMB market where stiff competition from the Amazons and IBMs of the world abounds. For smaller organizations, security-as-a-service (SECaaS) can be a useful option, but many organizations don’t know how or when the time is right to make the move.

Read more ...

Paperback Writer

By Katherine Teitler

October 4, 2016

Ah, the highly controversial call for presentations review process! Many infosec industry events use a CFP to find qualified speakers and tease out fresh topics. From a conference programmer’s perspective, the CFP submission process helps uncover new speakers, and it’s a productive way to learn what’s on the minds of industry speakers. 

Read more ...

Virus Signature

A virus signature is the binary pattern of a virus – an algorithm or hash (string of characters or numbers) which is a unique identifier for the virus. The virus signature, also called a “virus definition,” is like a fingerprint that can be used to identify when a virus is present on a computer. One signature may contain several virus signatures, and several viruses may share a single signature, the latter makes it easier for antivirus (AV) software to catch and quarantine a virus before it infects a machine.

Keep reading...

Man in the mirror

By Katherine Teitler

September 29, 2016

Rifts between the security team and other groups lead to inefficiency and reduced effectiveness. Information security isn’t getting as much done as is necessary in our breach-of-the-day world, yet old problems like failure to collaborate persist. One of the most harmful of these disconnected relationships is the one between security and operations teams. Seemingly, operations should be a team with which security finds commonalities; both groups, theoretically, aim for smoothly-functioning systems, which not only means users can accomplish job tasks easily, but that the users are protected while doing so.

Read more ...

We are (maybe) the champions

By Katherine Teitler

September 27, 2016

As a first time DerbyCon goer, I didn’t quite know what to expect. In its sixth year, DerbyCon is well known throughout the security community, and I’ve worked with several of the speakers, a few of the organizers, and met many security vendor representatives at MISTI and past-job events. In my mind, I had a vision based on what I’d heard, and I figured a trip to Louisville wouldn’t be strikingly similar to InfoSec World.

Read more ...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.