STE WILLIAMS

The next generation of security information and event management (SIEM) systems will inevitably include new features, but security companies are currently focused on solving their customers’ problems in managing and operating the current crop of products.

While SIEM systems have been around for more than decade, companies continue to have troubles deploying and maintaining the systems. More than half of businesses need at least a pair of full-time analysts to operate the systems, while 44 percent required more than a few weeks to deploy their SIEM system, according to a survey by security-management firm EiQ Networks.

Those problems have made creating an easy-to-use SIEM system the most requested feature for the future, says Nicole Pauls, director of product management for IT-management firm SolarWinds.

“We are trying to adapt to an evolving threat space, and it does not require that we cobble together new tools,” she says. “What it really requires is that we make the tools better, so we can adapt to the threat space faster.”

With security experts recommending that companies continuously monitor their networks to gain better visibility into potential threats, more businesses are considering SIEM systems or have already embarked on network-monitoring projects. No wonder: The deployment of security-intelligence systems continues to be the top strategy for reducing the costs of a breach, correlating with a $4 million reduction in breach costs, according to the Ponemon Institute’s Cost of Cybercrime study released this month.

Yet, SIEM deployments are difficult. The complexity of integrating a variety of different data feeds requires knowledgeable security analysts. Add to that the problems in getting all the necessary stakeholders in a company to cooperate, and plenty of SIEM projects have stalled, says Mark Nicolett, managing vice president of network security for business intelligence firm Gartner. Unfortunately, vendors typically tow a marketing line of easy deployment, rather than frankly discuss the difficulties of deploying the analysis environment.

“I don’t think it is possible to ask the vendor the right set of questions to determine how difficult the deployment is going to be,” Nicolett says, adding that–without easier deployments–adding more features is a non-starter. “It is all fun to talk about what is coming next, but if it is not operational useful, who cares.”

[A high rate of false positives is a problem that affects many types of security systems, but a few proactive steps can help cut them down to size. See 3 Steps To Keep Down Security’s False-Positive Workload.]

While the marketing lines for most security-intelligence product makers may not change, executives know that they must tame the unruly learning curves of their SIEM products or risk falling behind in the market.

“There is still a lot of the vision of SIEM that has yet to be realized–things like behavioral analysis and better correlation of events,” say SolarWinds’ Paul. “We need to give customers better analysis out of the box.”

To deliver better analysis, SIEM vendors and service providers are aiming to allow companies to easily incorporate more data, threat-intelligence feeds and other information into the SIEM systems. Yet, the products also have to take into account the context of the data and the risks that a company faces, says Vijay Basani, president and CEO of EiQ Networks, a security-management services provider.

“We can take gobs of data, and spit out lots of information, but we don’t know what is important for your company,” he says. “I think that is going to change very dramatically. Approaches, like focusing on best practices, will help companies focus on the right questions.”

A large part of the move to incorporating more data in future SIEM offerings is pairing the appliances and services with a threat-intelligence feed. A number of vendors have launched threat information sharing exchanges and forums where security experts can work together on the analysis. AlienVault has the Open Threat Exchange, CyberSquared has developed Threat Connect, and Hewlett Packard recently announced Threat Central. The services combine malware analysis and open-source intelligence tools with social networking and crowdsourced analysis to create a virtual space for learning about the latest threats.

Whether Balkanized analysis environments will deliver the features needed to fuel better SIEM products is another question. Eric Schou, director of product marketing for enterprise security products at HP, believes the crowdsourced model will work because it gives each participant more value than they typically put in.

“If there isn’t that value and if they don’t feel like it improves their security posture, then they won’t take part,” says Schou.

Yet, the crowdsourced model and a mountain of threat data may not improve the effectiveness of SIEMs, warns Gartner’s Nicolett. More data is not necessarily a good thing, when you cannot even properly analyze what you have, he says.

“We are not suffering from a lack of data,” he says. “We are suffering from a lack of intelligence in analyzing it.”

If next-generation products can deliver that combination of intelligence and usability, only then will companies benefit.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/monitoring/next-generation-of-siems-ease-of-use-ana/240162875

MOUNTAIN VIEW, Calif. — Oct. 10, 2013 — NetCitadel, Inc., the pioneer in innovative threat management solutions, today announced a new analytics-driven, context aware approach for protecting enterprise networks from increasingly sophisticated security attacks and Advanced Persistent Threats (APT).

The evolution and increased frequency of malware and APTs has reduced the effectiveness of traditional threat detection and enforcement solutions. With nearly 200,000 new malware samples appearing each day 1, new detection solutions have emerged to detect the new attacks, producing more threat events than can be evaluated or managed in a timely fashion. To make matters worse, most organizations have only a handful of highly trained security analysts who are tasked with manually executing the all-important steps of investigating, verifying, prioritizing, and containing the detected threats. Clearly, the gap between detection and response is getting wider.

NetCitadel is developing the first threat management platform of its kind, one that addresses the security analysis and intelligence needs of today’s incident response teams. This analytics-driven approach uniquely adds rich context data to events generated by threat detection devices such as Advanced Malware Detection (AMD) systems and Security Incident and Event Management (SIEM) to facilitate rapid and intelligent decisions. In addition, NetCitadel’s solution integrates with existing security devices, such as firewalls and web proxies, to deliver real-time responses to security events.

“We have a rich mix of threat detection solutions to identify potential security events as they happen, but we quickly discovered that visibility was only half the battle,” said Kevin Moore, Director of Information Technology at Fenwick West LLP. “Once an event has been detected, our team still has to spend precious time researching, verifying and prioritizing events before we can start responding to the threat. NetCitadel closes the gap between threat detection and rapid response by providing our team with deep contextual data for each incident as well as supporting a variety of network enforcement options. It’s our Incident Response analyst ‘in a box’.”

Without the proper context, it is almost impossible to prioritize events and make good security decisions. Unfortunately, many security teams are forced to collect critical context data using time-consuming manual processes.

According to Gartner, “Security platforms must become context-aware — identity, application, content, location, geolocation and so on — in order to make better information security decisions.” 2

NetCitadel’s solution delivers the necessary context in an easy-to-use interface that enables security analysts to quickly verify which issues are real and which issues can be safely ignored.

“Today’s enterprises require a new paradigm for responding to advanced malware and sophisticated cyber-attacks – what they need is the ability to understand context, quickly analyze the threat, and react in real-time,” said Mike Horn, NetCitadel co-founder and CEO. “NetCitadel uniquely enables organizations to significantly reduce the time and effort required to understand and contain detected threats, creating in a highly adaptive environment that responds rapidly to new threats.”

Note 1 – Kaspersky Lab, “Best Practices That Apply to All Technical Control Layers,” June 19, 2013.

Note 2 – Gartner Inc., “Best Practices for Mitigating Advanced Persistent Threats,” by Lawrence Pingree, et al, September 12, 2013.

About NetCitadel

NetCitadel was founded by a team of security, networking and virtualization veterans to revolutionize incident response by transforming modern security events into automated actionable intelligence. Headquartered in Mountain View, Calif., the company is venture backed by NEA and other investors. For more information about NetCitadel and its solutions, call (650) 564-4285 or visit http://www.netcitadel.com.

Article source: http://www.darkreading.com/netcitadel-develops-new-approach-for-rea/240162877

Hanover, Md. – October 16, 2013 – In recognition of the 10th anniversary of National Cyber Security Awareness Month, TEKsystems Network Services practice surveyed IT and business leaders to gauge how well their organizations are currently addressing information security. National Cyber Security Awareness Month is sponsored by the Department of Homeland Security, National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center with the goal of empowering public and private sector stakeholders to create a safe, secure and resilient cyber environment.

Key findings of the study include:

There’s a Pervasive Human Capital Crisis

Organizations attempting to tackle critical IT security initiatives suffer from the shortage of IT talent.

Half of respondents believe the lack of qualified security talent is approaching a state of critical mass where their organizations are vulnerable to serious risk exposure.

Only 15% of respondents are very confident that they have the security-related skill sets needed to meet evolving threat landscapes.

Less than 20% are very confident their IT organization has an adequate allocation of information security resources in-house for security policy, identity and access management and information risk management skills. Further, more than half say it is difficult to find and source resources for these skill sets.

Security Complexities are Overwhelming

Information security is so complex that organizations cannot adequately assess their needs.

More than 60% believe the growing scope and complexity of IT security make it difficult for their organization to effectively assess current security programs and develop comprehensive strategic planning efforts.

Organizations Struggle to Keep Up

It is essential that organizations continually evolve their security strategies to keep pace with the changing ecosystem, yet IT is too bogged down by tactical activities.

The majority of the respondents indicate that their information security teams are too busy handling tactical, day-to-day work to spend the adequate amount of time on critical strategic information security initiatives.

About TEKsystems
People are at the heart of every successful business initiative. At TEKsystems, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into IT human capital management enable us to help our clients achieve their business goals–while optimizing their IT workforce strategies. We provide IT staffing solutions, IT talent management expertise and IT services to help our clients plan, build and run their critical business initiatives. Through our range of quality-focused delivery models, we meet our clients where they are, and take them where they want to go, the way they want to get there.

Article source: http://www.darkreading.com/management/study-reveals-shortage-of-it-security-ta/240162859

BROOMFIELD, Colo., Oct. 16, 2013 /PRNewswire/ — Webroot, a leader in cloud-based security intelligence solutions, today announced the release of the new edition of Webroot SecureAnywhere Business – Mobile Protection to ensure mobile devices and company data stay secure. As more organizations face the challenges of corporate data on personal devices, otherwise known as bring-your-own device (BYOD), information security becomes a primary concern. In a recent survey of mobile security decision-makers, results showed that 83% of respondents believe that mobile devices create a high security risk within the corporate environment.

(Logo: http://photos.prnewswire.com/prnh/20121016/LA94090LOGO)

“Enterprises are struggling to understand the risk and privacy impacts of the mobile applications in use in their environment,” said Tyler Shields, senior analyst at Forrester Research, Inc., in the August 2013 blog post entitled “Mobile Application Security Maturity – Leveling Up.” “Organizations must get a better handle on just how much risk is accumulating from the proliferation of mobile apps on their user’s devices.”

The latest edition of Webroot SecureAnywhere Business – Mobile Protection offers more comprehensive defense against evolving malicious threats for Android(TM) and iOS devices, unified management across both mobile devices and PCs, and increased performance and efficacy. Other upgrades include policy management within an easy-to-use administrator console, along with other enhancements that leverage real-time threat data from the cloud. The SecureWeb(TM) browsing feature has been expanded to support Google Chrome, in addition to the stock Android browser, shielding mobile devices from malicious sites, viruses and Internet threats.

“Cybercriminals are increasingly targeting employees to gain access to a company’s intellectual property, and there is an enormous amount of company data accessible on employee-owned mobile devices” said Mike Malloy, executive vice president of products and strategy at Webroot. “Businesses must supplement their endpoint security with a coherent but simple BYOD protection strategy. With this new release of Webroot SecureAnywhere Business – Mobile Protection, we have enhanced device control policies and device-level security from the management console to ensure employee device settings are consistent with corporate policies.”

Unified Management for IT Administrators With Webroot SecureAnywhere Business – Mobile Protection, IT administrators have the ability to create policies that can be updated and duplicated within the console, and create user groups to organize their end users. Administrators can easily drag-and-drop users into a group, and user devices will automatically pick up the policies associated with that group. To strengthen security, if the device password, lock screen timeout, or device administrator access does not meet policy requirements, alerts are sent directly to the console. Additionally, Webroot SecureAnywhere Business – Mobile Protection includes an enhanced device scanning engine for Android that utilizes cloud-based threat detection services in real time for improved efficacy and faster scans.

Key features of Webroot SecureAnywhere Business – Mobile Protection:

— Device and group level policies for Android and iOS devices

— Alerts sent up to management console for devices out of policy

— Cloud scanning enhancements powered by Webroot Intelligence Network(TM)

(WIN(TM)) services

— User group management

— Single point of control for mobile devices and PCs

— New application level password and lockout feature

— SecureWeb browsing functionality for stock Android browser and Google

Chrome

— Increased efficacy with cloud-powered scanning

— Lower CPU, memory, bandwidth, and battery utilization

— Smaller device footprint

Application Risk Management

In response to the increasing threat presented by mobile applications, Webroot also offers the Webroot Mobile App Reputation Service. This service categorizes and assigns each app a score using proprietary algorithms, allowing for greater detail into what the app actually does once installed, and helping IT managers determine the level of risk an organization faces when users install apps.

Utilizing data collected and analyzed by WIN cloud security services, the Webroot Mobile App Reputation Service affords mobile technology partners and customers the ability to manage the delivery of safe and compliant mobile applications. To date, Webroot has scanned more than 4.8 million iOS and Android applications.

Webroot at MobileCON 2013

Webroot will be a sponsor at MobileCON, the premier conference on mobile information technology, from October 16 to 18, 2013 at the San Jose Convention Center, in San Jose, California. The company will be showcasing Webroot SecureAnywhere Business – Mobile Protection and the Webroot Mobile App Reputation Service in booth #845 of the Security Pavilion. Visitors to the Webroot booth may register for a chance to win a Nexus 7 tablet.

In addition, Grayson Milbourne, Webroot’s director of security intelligence, will host a roundtable discussion at the conference on the impacts that malicious apps have on enterprises, and why cybercriminals are going mobile. The session, entitled “What’s Fueling the Fire? – Cybercrimes Burning Desire to Attack Mobile Devices,” will run Thursday, October 17 at 3:00 p.m.

Purchasing and Availability

The current version of SecureAnywhere Business – Mobile Protection, which supports both iOS and Android, is available online at http://www.webroot.com.

The new edition will be released November 2013 and existing customers will receive this new product version for free.

About Webroot

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security worldwide with its suite of Webroot SecureAnywhere solutions for consumers and businesses, and security intelligence solutions for enterprises and technology partners focused on cyber-security. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog:

http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

Article source: http://www.darkreading.com/mobile/webroot-enhances-mobile-threat-protectio/240162860

TEL AVIV, Israel–October 17, 2013–Skycure, a mobile security software company, today introduced its mobile IDS/IPS solution that protects iPhones and iPads by monitoring network traffic behavior and remediating suspicious activity. Unlike existing solutions that focus on device management and physical theft mitigation, Skycure is 100-percent focused on the network layer, protecting devices from being compromised by local or remote hackers.

Existing solutions either do not provide adequate protection or force users into changing how they use the device – such as by requiring them to login to a separate “walled off” area of the phone. Skycure is the first solution to offer advanced protection from external attackers while remaining invisible to the user experience.

“It is clear that mobile is the next battlefield for security. No device is ever 100-percent secure, and therefore companies need solutions such as those from Skycure,” said Jarad Carleton, principal consultant at Frost Sullivan. “The Skycure solution adopts behavioral recognition techniques that are crucial given the ever-more-sophisticated nature of malicious attacks. Whether it be through social engineering or exploitation of vulnerabilities, devices are vulnerable, and solutions such as those from Skycure will soon become a base requirement for companies.”

Also today, Skycure offered a demonstration of a particularly poignant mobile vulnerability–malicious iOS profiles–and an evaluation of how given companies are vulnerable. Within minutes, Skycure researchers can gain full control over an end user’s iPhone by installing a malicious profile. In the process, they can mirror the compromised phone or leverage the credentials stored on the phone to access the user’s Facebook, email and banking accounts. Skycure’s solution protects against compromised iOS profiles.

Skycure was founded by researchers Adi Sharabani and Yair Amit, who previously led the IT security research teams at IBM and Watchfire. The company, which also features IT security experts that previously worked at companies such as CheckPoint, Google and eBay, has already released research on a number of mobile security threats, including discovering potentially risky functionality whereby LinkedIn collects personal and calendar information without end-user knowledge. Skycure worked with LinkedIn to address and correct the issue.

“Skycure has studied the activity on mobile devices for many months, and we are concerned that these devices present new attack vectors for hackers, no matter how secure the environment claims to be,” said Yair Amit, co-founder and CTO at Skycure. “We offer a seamless way to protect the devices, backed by our research into mobile and network vulnerabilities. Our vision is to provide a comprehensive protection from attacks across three different major vectors, which we discovered in our research: attacks from the Internet, attacks from the device toward the corporate intranet, and attacks that result in sensitive data being leaked out of the device.”

The new Skycure software solution is installed as an application on end users’ phones or other devices, complemented by a cloud component that enables management, secure communications to mitigate Wi-Fi man-in-the-middle attacks, and the collecting of information about dangerous Wi-Fi-networks. The solution provides comprehensive protection for the devices and also allows corporate IT professionals to gain visibility into the threats their organizations face on a regular basis. Features and benefits of the software include:

Behavioral analysis of device and wireless network activity to keep the hackers out

Skycure’s software monitors network activity and spots behavior that demonstrates a phone has been compromised or that an active attack is in place. The solution utilizes a honeypot approach, in which Skycure lures attackers to perform actions that reveal their existence.

Close management by IT teams to enable secure, policy-driven BYOD (Bring Your Own Device)

Corporate IT teams can guard their employees’ devices by receiving alerts when suspicious activity is detected. When applicable, a fix to eliminate the threat is automatically applied. When detecting more sophisticated attacks, IT staff is alerted with a suggested remediation task. Companies can permit employees to use their own phones and be confident those devices are both secure and centrally managed, preserving productivity benefits while also eliminating the risk of data leaks due to security breaches.

No performance or operational impact

No end user will tolerate a device slow down. Skycure’s thin app is undetectable in the background and only noticeable if a concern is detected. The solution can integrate with a corporate mobile device management (MDM) deployment, but such an MDM is not a requirement.

Crowdsourcing

Skycure adds real-time intelligence into its solution to benefit all users. For example, when Skycure detects a Wi-Fi attack on one user, it takes proactive measures to make sure other users are protected when they arrive nearby the suspicious network.

“Security is a major roadblock for BYOD adoption,” said Rick Doten, CISO of Digital Management Inc. (DMI), a mobility solutions provider. “But today’s current mobile security approaches are catering to what features are ‘available,’ not what is a likely or potent threat vector. Skycure’s research is highlighting mobile threats not being considered by traditional mobile security solutions. Mobile application containers and wrappers are fine when you expect the device not to be compromised, but when a traditional Wi-Fi man-in-the-middle or side-channel attack installs a rogue profile, then no data on the device is safe. With Skycure, the devices are secure, company data is protected, and IT security teams will be alerted to any intrusion attempts.”

Initially available for iOS-driven devices, future Skycure versions will be Android-compatible.

ABOUT SKYCURE

Based in Tel Aviv and funded by Pitango Venture Capital and angel investors, Skycure (http://www.skycure.com) is a mobile security software solutions company. Skycure’s software protects mobile devices and provides companies with management functionality to enforce bring-your-own-device policies and enable the mobile workforce. Skycure’s research team regularly identifies new mobile security threats, and that intelligence is incorporated into Skycure’s solutions.

Article source: http://www.darkreading.com/mobile/skycure-launches-mobile-security-solutio/240162878

Tags: 60 Sec Security, 60 Second Security, 60 Seconds, 60SS, ads, Backdoor, Cryptography, cryptolocker, d-link, dlink, endorsement, Facebook, Google, joel, Malware, password, posting, Privacy, ransomware, schmidt, teenagers, teens, vulnerability

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/lY0ZXV4MB7w/

Tags: 60 Sec Security, 60 Second Security, 60 Seconds, 60SS, ads, Backdoor, Cryptography, cryptolocker, d-link, dlink, endorsement, Facebook, Google, joel, Malware, password, posting, Privacy, ransomware, schmidt, teenagers, teens, vulnerability

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Hf5sQ5iVw0A/

Supercharge your infrastructure

Chinese networking hardware behemoth Huawei has issued its second annual cybersecurity white paper and is calling for manufacturers around the world to set up testable security standards that will ensure everyone’s reading from the same hymn sheet.

“The biggest hurdle is that the technology industry doesn’t want mandatory global standards. Because governments and big enterprises are not using their buying power to really demand the highest level of security from network equipment suppliers, vendors are not putting their investment dollars into security unless they really need to,” John Suffolk, Huawei’s global cyber security officer, told The Wall Street Journal.

“Governments are big spenders in the information technology industry, so if many governments got together and demanded certain security standards from all vendors, the whole industry will then shift to those new standards. And once the governments do that, enterprise clients will follow and do the same.”

There are almost no common security standards being enforced and regularly tested across the industry, Suffolk said, and this piecemeal approach to security – with each vendor (including Huawei) handling just their own products – was a recipe for failure. Global standards that are verifiable, frequently tested, and fully audited, are needed to secure traffic going forward he suggested.

Suffolk, who was the UK’s CIO before heading to the Middle Kingdom, flatly denied that his employers give any data to the Chinese government and their agencies. As for moves in the US to ban the Chinese manufacturer’s kit, he pointed out that around 70 per cent of the components in Huawei’s hardware come from third-party suppliers, most of which are US firms.

As for software there’s no single programmer writing code for its stack who would be able to add in spying code he said, and the multitude of different ways companies configure their networks would make such an approach largely useless, he argued. Any hacker would be much more effective using phishing or malware attacks to spy rather than trying to subvert a whole company’s processes, he said.

The biggest change companies and governments could make to secure their networks wasn’t picking a specific, supposedly secure supplier, Suffolk said, but better overall security practice. Patching vulnerabilities, training staff to be more switched on, and limiting root privileges on the network would solve about 80 per cent of common security problems, he reckoned.

Suffolk didn’t go as far as to call out the NSA directly for weakening encryption standards and similar practices, but the white paper does point out that governments buying up zero-day security bug exploits and hoarding them wasn’t helping matters on the cyber-security front.

“Among the global vendors, the spotlight has been on Huawei more than anyone else, because we are quite unique being a Chinese-headquartered business. And therefore we have to go the extra mile when it comes to security, and we are pleased to go the extra mile. But there’s no point in Huawei improving its security on its own if nobody else in the ecosystem improves their security,” he concluded. ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/19/huawei_calls_for_globally_verified_security_standards_to_protect_data_traffic/

Earlier this week a colleague pointed out an intriguing phishing sample that he had come across.

It was interesting not because of any great sophistication or complexity, but rather that it illustrated the reuse of an old social engineering trick.

The brand being targeted in the phish campaign is Poste Italiane, a well known Italian group that includes financial and payment services in its product portfolio.

We see numerous phishing attacks targeting this group each month, with attackers keen to trick their customers into unwittingly submitting their credentials to fake login sites.

This latest attack takes a similar strategy to many recent phish campaigns, where the email contains a HTML attachment which the recipient is enticed into opening.

From: “Poste Italiane S.p.A – Informazioni”
Attachment: scarica.html

The typical social engineering to entice the user into opening the attachment is evident:

To activate the “Security web Postepay ” you need to:

– Download the attachment, open it in the browser and follow the steps requested.

Curiously, there is reference to some password protection within the attachment, and a password is provided in the message body:

To protect your personal information, the attached file is protected by a password. Your word is unique: A2345L90

Sure enough, recipients tricked into opening the HTML attachment will be prompted for a password:

Inspecting the HTML attachment reveals the code behind this – simple JavaScript to prompt the user for a password, which is then used to decode a string:

If the recipient types in the correct password (A2345L90 in this example), the string is decrypted and written back to the page:

This then loads the phish page via the frame, which references a bit.ly shortened URL:

So, all in all, nothing hugely exciting and definitely not new. (The infamous Bagle virus, which was widespread 10 years ago, mailed itself out in password-protected archives.)

So why bother using the password?

One possible answer is that is prevents security scanners seeing the HTML of the phish page or, as in this case, the HTML that loads the phish page.

This is true, although I would argue that the JavaScript used to prompt for and use the password is more unusual than simple non-obfuscated HTML.

Another possible answer relates to the expectations of the recipient.

Adding the password into the mix might be expected to make the attacks less successful: it imposes an additional barrier to the attack, since blindly double-clicking the attachment is no longer enough.

But for some users, the presence of the password may actually strengthen the social engineering of the phish, by lending it an air of security and credibility.

Within the ivory towers of SophosLabs, it is easy to think that users are attuned to the risks of email attachments.

The proliferation of email-borne phishing and malware attacks suggests this is not the case.

Sufficiently many users seem still to be falling for the same old tricks – enough for the attackers to turn a profit, at any rate.

One thing is for certain: the criminals behind the ongoing phishing campaigns against Poste Italiane are here to stay.

Follow @SophosLabs

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/TXvC120xZ2M/

Continuing with my “extra” Chet Chat podcasts when there are special occasions, this week I interviewed Robert Slade for advice on how to stay safe for National Cyber Security Awareness Month #NCSAM.

Rob has been involved in the anti-virus and security communities for more than 25 years and is the author of “Robert Slade’s guide to computer viruses”, “Viruses revealed”, “Software forensics” and “The dictionary of information security”.

For those of you unaccustomed to the screams of children, I do have to warn you about the audio quality of this Chet Chat. I interviewed Rob in a public space a little too close to a children’s play area.

My interview with Rob focuses on the family and what approaches those of us who have more computer and security knowledge can use to help those around us to stay a little safer online.

Play now:

(16 October 2013, duration 12’37”, size 8.7MB)

Download for later:

Sophos Security Chet Chat #119.5 (MP3)

Follow @rslade
Follow @chetwisniewski

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/SKaPeSKHGSk/