Security Now Blog: Addressing Today's Information Security Issues

Organizations that fail to account for endpoint security in their shift to cloud computing will increase their data leak risks. When web browsers and malware infected computers accessing cloud computing services leak confidential information with little to no indication of data loss, the economic benefits of cloud computing and the security benefits of using common applications (Kerckchoffs’ Principle) unwind. (more…)

Look around at all of the different computers in an organization.  Any one of them may be part of a Botnet, systematically stealing information and discretely infecting others as needed, and only when needed.   A different class of Botnet targets the enterprise, some call it the mini-Botnet.  Compared to the well known monster BotNets, the mini-Botnet is quiet, meticulous, and  better hidden.  They’re designed to harvest insider information and intellectual property for months and years.  And research suggests, Botnet infected PCs remain so for years. (more…)

Zero-day exploit attack alerts on versions of Adobe Acrobat seem to occur so often, people viewing this article might wonder: is this for October 2009, July 2009, or one of the many others from the last two years. Yes, this is yet another one, announced 8 October 2009. BotNet operators are certainly updating their attack code on already infected computers so they can infect any resident PDF documents that might be sent to others. They are placing spiked PDF documents on legitimate websites already compromised. In short, if the only thing standing between you and a nasty PDF is your anti-virus/spyware software, game over! (more…)

Flaws in commonly used programs such as Adobe PDF Reader, Quicktime, Adobe Flash, Microsoft Office, web browsers, and others are far in the way the primary means for cyber criminals to take what they want from consumer and enterprise computers as well as secretly Shanghai them into Botnets. Despite this, consumers and enterprises alike are not only failing to implement long-available vendor patches, but for computer protection, they continue to rely solely on a failing anti-virus/spyware technology. (more…)

The current generation of web browsers have serious structural flaws that pose disturbing security risks.  Sensitive information can be disclosed, credentials/passwords stolen, fraudulent bank transfers conducted, and far more.   The enterprise and consumers can profoundly mitigate these risks without need of a security software product.  However, risks related to these do in fact require immediate action. (more…)