There are several cybersecurity policy issues on Capitol Hill and elsewhere worth keeping an eye on. Lawmakers in the Senate have introduced a measure that would call for trade restrictions against countries identified as hacker havens. Another proposal is meeting resistance from academics who worry about the effect of the bill’s mandatory certification programs for cyber security professionals.
The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside… Read More »
I’ve been hearing from a number of readers who followed me here from the Security Fix blog at The Washington Post, asking if I plan to resume my bi-weekly “live” chats wherein I attempt to field questions from readers about… Read More »
An Arkansas public water utility and a New Jersey town are the latest victims of an organized cyber crime gang that is stealing tens of millions of dollars from small to mid-sized organizations via online bank theft. On Thursday, officials… Read More »
A faulty update is being blamed for incapacitating an untold number of Microsoft Windows systems running anti-virus software from BitDefender. BitDefender says the problem occurred Saturday morning with a faulty update for 64-bit Windows systems that caused multiple Windows and… Read More »
I asked or simply polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points. ISPs or hosts that show up more than others on these various lists are color-coded to illustrate consistency of findings (click the image to enlarge it). The trouble is, all of these individual efforts map badness from just one or a handful of perspectives, each of which may be limited in some way by particular biases, such as the type of threats that they monitor. For example, some measure only phishing attacks, while others concentrate on charting networks that play host to malicious software and botnet controllers.
Last week, security experts launched a sneak attack against Troyak, an Internet service provider in Eastern Europe that served as a gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the global Internet. But experts say Troyak’s apparent hopscotching is in fact the expected behavior from a carefully architected, round-robin network of backup and redundant carriers, all designed to keep a massive organized criminal operation online should a disaster like the Troyak disconnection strike.
One of the systems that just sits here idling all the time in what the wife lovingly calls the Krebs on Security “command center” runs Microsoft’s free Security Essentials anti-virus and security tool. Late last week, I just happened to… Read More »
Over the past nine months, I have spent a huge amount of time investigating and detailing the plight of dozens of small businesses that have had their bank accounts cleaned out by organized criminals. One of the most frequent questions I get from readers and from my journalist peers is, “How many of these stories are you going to tell?” The answer is simple: As many as I can verify. The reason is just as plain: I’m finding that most small business owners have no clue about the threat they face or the liability they assume when banking online.
Microsoft has issued a stopgap fix to shore up a critical security hole in older versions of its Internet Explorer browser. Meanwhile, exploit code showing would-be attackers how to use the flaw to break into vulnerable systems is being circulated… Read More »
