Man in the browser attack mitigation

Malware such as Neverquest, Zeus or GameOver Zeus is getting more aggressive every day and the stealth way it steals money makes it even more dangerous. The methods used by Neverquest and similar MITB (man-in-the-browser) attacks are described in the following video: and at the following Wikipedia page: http://en.wikipedia.org/wiki/Man-in-the-browser In short: by obtaining full control … Read more

Data Loss Incidents: preparation and response

Business operations may and usually do depend on maintaining control over critical information. You may, however, lose control over this information (whether it would be lost, deleted, stolen, published, etc) – in this case you may need to respond to a security incident. Even though you should be concerned about potentially malicious hackers breaking through … Read more

Explaining APT in a simple language

APT is the new INFOSEC marketing term – every other company / service / product is offering ‘protection from Advanced Persistent Threats” – without even explaining what the term means. Probably because if they do explain, you will lose any interest in their products? APT is not about what – code, viruses, malware, spyware or … Read more

ABC’s of Information Security

A – Assets – Something of value requiring protection (hardware, software, data, reputation) B – Backup – The three most important safeguards – backup, backup, backup C – Countermeasures and Controls – Prevent, detect, and recover from security incidents D – DAA and Other Officials – Manage and accept risk and authorize the system to … Read more