Cisco’s General Counsel Mark Chandler on May 13 reacted strongly to further news of NSA exploiting Cisco gear, sparked in part by the publication of Glenn Greenwald’s book on Snowden and the leaked documents. Chandler protested that the US government is causing damage to the tech industry. Along with the publishing of No Place to Hide:…
DetailsNearly 150 million eBay users need to reset their password after unknown attackers accessed a database containing customers’ personal information, the retail giant said on Wednesday. Attackers used “a small number” of stolen employee login credentials to get onto eBay’s corporate network and access the database, eBay said. The compromise happened between late February and…
DetailsCisco announced this morning that they are adding ThreatGrid to their portfolio. ThreatGrid uses instrumented sandboxes to conduct its research of advanced malware. They address the issue created when advanced malware started to modify its behavior when it detected it was in a virtual environment, a common defense against sandboxing. Relying on emulation and a…
DetailsHow much is a security professional worth annually? A number of factors go into this equation, but suffice it to say, the security industry and the salaries have not felt the recession the same as other professions. And with suggested security professional unemployment at zero, it’s no wonder young security professionals are opting for (formal)…
DetailsAn examination of Microsoft’s Customer License Agreement (CLA) for embedded systems indicates that there is no provision for a vendor to ship appliances with multiple virtual instances of Windows, or its popular Office productivity suite. In fact shipping Windows in a virtualized environment is expressly prohibited. From the CLA: (2b3) “Company may distribute more than…
DetailsAn Iranian cyber-group has launched espionage campaigns using customized malware against United States defense companies, FireEye researchers said. The group, with the name Ajax Security Team, is behind an ongoing series of attacks against both U.S. defense companies as well as individual Iranians who attempt to bypass the Iranian government’s Internet censors, FireEye said in a report…
DetailsThis week FireEye announced both its quarterly results and the acquisition of nPulse, a network forensics tool. I was critical of FireEye’s Mandiant acquisition for one billion dollars mostly because they stressed the endpoint product, not the accretive revenue from Mandiant’s vaunted breach response services. (Taking into account today’s stock price of FEYE the Mandiant…
DetailsAt the bottom of yesterday’s post on General Alexander’s extended interview with The Australian Financial Review, Glenn Greenwald appended: “The release date for my book on the NSA, privacy, and our reporting of the surveillance story, No Place to Hide, is next Tuesday, May 13, at which time all of the previously unpublished NSA documents…
DetailsThe list of top executives at Target who have been ousted because of the massive breach late last year has now extended to its President and CEO, Gregg Steinhafel. Target’s Chief Financial Officer John Mulligan will serve as interim CEO. This is the biggest impact on a major corporation’s C-suite since the blood bath at CSX…
DetailsWindows XP users should immediately apply Microsoft’s out-of-band patch addressing the critical flaw in Internet Explorer because attackers are specifically targeting users on the older operating system, FireEye researchers warned. The zero-day vulnerability in Internet Explorer, disclosed by Microsoft on Saturday and fixed Thursday, affected all versions of Internet Explorer, from IE 6 to IE…
Details