Long Live Windows XP…. And Mobile Security

At one point or another, we’ve all been blindsided by news that has literally changed our lives. Though we’re often left momentarily stunned, it’s imperative to figure out how to adjust and carry on. It’s not always easy, but you know the expression – where there’s a will, there’s a way. However, the discontinuation of support for Windows XP is not news that should take anyone by surprise, as its April 8, 2014 retirement date was officially announced almost a full year ago. Cyber criminals surely have the date circled on their calendars, as the security risks posed to the numerous users and enterprises still using Windows XP beyond that date have been well documented. Recently, these risks have become both more prominent and dangerous. ZDNet reports that, using a form of malware called Backdoor.Ploutus, hackers are starting to remotely access a portion of the 95 percent of ATMs in the United States still using the soon-to-be deceased operating system (OS). “By simply sending a text message to the compromised system, hackers can control the ATM, walk up to it, and collect dispensed cash.” Clearly, this is a major cause for concern. And it’s not exactly as if Microsoft has been trying to sweep the retirement of XP under the rug, either. In addition tosending pop-up dialog boxes encouraging users of the 488 million systems still using XP to upgrade to another Microsoft OS, the corporation even went so far as to recruit tech-savvy friends and family to help “old holdouts” make the transition. Unfortunately, the results have been lackluster. HelpNetSecurity reports that many users call these efforts a...

Countering Advanced Persistent Threats with Comprehensive Network Security

The technological savvy and tenacity of cyber criminals has never been greater, and IT administrators trying to prepare for impending attacks are often left backpedaling. With all of the different ways a corporate network may be attacked, IT administrators must strive to implement a comprehensive remote access security framework within their enterprises.  Especially with the proliferation of mobile devices, with a wide variety of operating systems, being used to access the network, companies need to make sure they have all of their bases (or, in this case, endpoints) covered. While traditional attacks, such as viruses, spyware or bot infections are far from extinct, advanced persistent threats (APTs) have recently been garnering a lot of attention. APTs give IT teams headaches, because they are extremely stealthy in nature and are almost always aimed at a very specific target. Traditional attacks are generally created to quickly harm the machine and network they’re infiltrating, leaving before they can be detected by the network’s intrusion detection system (IDS). APTs, on the other hand, are designed to remain in the network undetected for extended periods of time, all the while stealing sensitive company data. The wide range of methods and vulnerabilities that these attacks use to gain access is what makes them so tricky to discover. Unfortunately, once an attack has commenced, it usually requires an IT administrator to notice anomalies in outbound data before anyone realizes there is a problem at all. Sophisticated APTs can be very difficult to spot, especially without the right framework in place. One recent example of an APT struck the New York Times. It appears that the cyberespionage...

What We're Reading, Week of 2/21

Between The Lines, The Security Threat When the Insider Gets Outside InfoSecurity UK, Securing the Remote Working Environment Insecure About Security, It’s Time To Re-Examine Endpoint Security V3.co.uk, Facebook and Web Apps Threaten Network Security ZDNet Australia, Security Q&A: The Father of...

What We’re Reading, Week of 2/21

Between The Lines, The Security Threat When the Insider Gets Outside InfoSecurity UK, Securing the Remote Working Environment Insecure About Security, It’s Time To Re-Examine Endpoint Security V3.co.uk, Facebook and Web Apps Threaten Network Security ZDNet Australia, Security Q&A: The Father of...

What We're Reading, Week of 1/17

Enterprise Networking Planet, IPv6 Day is Coming (But Not Until June) Gartner Blog, Security Search Shenanigans – Where is NAC on the Hype Cycle? Insecure About Security, Nearly Half of Large Mid-Market and Enterprise Organizations Will Increase Networking Spending in 2011 InfoWorld, Security Admins: Prepare for Tomorrow’s Tech Trend...