Online account fraud is a big, automated business. NuData Security looks at hundreds of data points to identify malicious login attempts.
Stories by Roger A. Grimes
These scams rely on tricking consumers into believing they are interacting with a trusted vendor. Here’s how vendors can prevent the scams.
Do you have valuable data on your network? Noticing odd network behavior? You could be the victim of an APT attack
Whether a hacker uses a computer exploit or malware, their motivations are the same. Understanding why and how hackers hack is key to your defense.
Choose a security event information management (SEIM) vendor that helps you focus on only the security event data that needs to be investigated.
Some vendors who claim their products use artificial intelligence or machine learning technology are really using rules-based engines. Here's how to spot the lie.
The Secure Hash Algorithm version 3 fixes flaws in the now-standard SHA-2 cipher. Here's how to prepare for a migration to SHA-3 when SHA-2 is inevitably compromised.
Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.
Some people aren't taking hardware vulnerabilities like Meltdown and Spectre seriously. Here's a point-by-point rebuttal to their arguments.
Most companies are not focused on the real security threats they face, leaving them ever more vulnerable. That can change if they trust their data rather than the hype.
As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.
Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.
In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.
As long-time readers already know, I'm a big fan of Bruce Schneier, CTO and founder of <a href="http://www.counterpane.com/">BT Counterpane</a>. Besides being a cryptographic and computer security authority, cryptographic algorithm creator, and author of many best-selling books on security, Bruce produces some of the most relevant conversations on computer security. I consider his books, <a href="http://www.schneier.com/crypto-gram.html">Cryptogram newsletter</a>, and <a href="http://www.schneier.com/blog">blog</a> must-reads for anyone in computer security.
I've written many times over the years, including as recently as last week, that letting users execute and install their own software will always allow viruses, worms, and Trojans to be successfully installed. Traditionally, I've recommended that users not have admin or root access, that they let system administrators choose what software is allowed and what is blocked. But this recommendation breaks down for several reasons.