When love is in the air, cyber-criminals are on the prowl

Valentine’s Day cyber-attacks

Valentine’s Day cyber-attacks could well be the beginning of an APT for enterprises!

It is that time of the year again. Cupid comes out to play with his arrows, love is in the air, pink takes over everything, roses are everywhere, and people hope to find their soul mate. When excitement is in air, cyber-criminals work overtime, get creative, and launch sophisticated attacks to empty your bank accounts, steal debit and credit card data, deploy spyware and malware, and ultimately, leave people heartbroken.


This year, cyber-attacks have assumed such grave proportions that the FBI has issued a Valentine’s Day advisory. It explains how cyber-criminals use social media platforms, mobile devices, e…

Will passwords become obsolete soon?


Will passwords soon become a thing of the past? Have they already become obsolete? This is perhaps one of the most prominent topics under discussion in the technical media these days.


A couple of weeks ago, Forbes.com published a story about the probable public launch of U2F (Universal Second Factor) – a new form of authentication by Google in alliance with Yubico. Through U2F, Google wantsto help move the web towards easier and stronger authentication, where web users can own a single easy-to-use secure authentication device built on open standards, which works across the entire web. Media reports following the story have fuelled wild speculations that traditional passwords will soon …

PCI-DSS 3.0: The Stress on Password Protection & Security [Part-2]


[In the previous post, we briefly discussed the requirements proposed for PCI-DSS 3.0. In this post, we’ll discuss the requirements in depth.]

When a customer presents a payment card to a merchant at the point of sale, a chain of operations is triggered in the background. The request-approval process happens across software applications, wireless devices, firewalls, routers, switches, storage devices, telecommunication systems, and a host of other applications. Therefore, your data’s security is directly dependent upon the security of all these devices and applications.

Although several authentication mechanisms are emerging, passwords are still the most prominent mode of authenticatio…

PCI-DSS 3.0: The ‘Security Path’ to Compliance


Security and compliance are often used synonymously, even by techies. You can ensure compliance by remaining secure; but mere compliance with certain rules and regulations does not necessarily mean your network is ‘absolutely’ secure.

Many organizations, including some of the world’s prominent enterprises have faced IT security breaches and compromises despite remaining fully compliant with numerous regulations. As organizations embrace new technologies, new threats emerge as well. So, it’s obvious that security is an ongoing activity that requires constant attention.


Among the various compliance regulations the Payment Card Industry (PCI) Data Security Standard (DSS), popu…

5 Top Targets for Today’s Hackers


Black Hat USA bills itself as “the show that sets the benchmark for all other security conferences.” While most conferences tend to over-promote themselves, given the activity at this year’s show, that actually might be something of an understatement.

From the defense of government surveillance delivered by NSA Director General Keith Alexander to briefings on the coming “cryptopocalypse” and the risks associated with embedded devices and the Internet of Things, Black Hat reminds us that a little bit of paranoia is warranted in today’s connected world.

Here are my leading candidates for surprising, damaging ways criminal hackers are breaching our online security and val…

Spate of shocking cyber attacks on universities jolt academia


It is hauntingly clear – cyber criminals have set their eyes firmly on universities, research institutions, and centers of higher learning in the United States and other parts of the world. If the cyber attacks of the past few weeks are any indication, universities are now facing the biggest threat to information security.

Attack landscape

  • On July 17, 2013, personal information of more than 72,000 staff members (past and present) of the University of Delaware in Newark was compromised. Hackers  obtained the information (names, addresses, social security numbers, etc.) by exploiting the vulnerability in a third-party software that the university used.
  • On July 18, 2013, during a routine security sca

Your Net Worth Is Online – And Less Safe Than Ever


The Black Hat USA 2013 conference, which kicks off tomorrow in Las Vegas, brings together the brightest minds in IT security each year — those who are responsible for perpetrating and protecting against the latest hacks and vulnerabilities. And not a second too soon, since every week seems to usher in another security catastrophe.

This week’s shocker was the outing of a hole in mobile device SIM cards, by Karsten Nohl, the founder of Security Research Labs in Berlin. Nohl was able to send a virus to the SIM card through a text message, then eavesdrop on calls, make purchases through the phone and even impersonate the phone’s owner. He did all this in under two minutes using an everyday PC and estimate…

IT outsourcing: When outsiders become insiders, how do you ensure information security?


Organizations outsource a part or whole of their IT services to third-party service providers for various reasons, such as cost savings, leveraging outside expertise, need to meet business demands quickly, and other critical aspects. Usually, tasks such as software development, network management, customer support, and data center management are outsourced.

Engineers and technicians working with service providers would require remote privileged access to servers, databases, network devices, and other IT applications to discharge their contractual duties. Typically, in outsourced IT environments, the technicians working with the service provider will be located at a faraway place and will …

Security Gaffes You Might Have Missed So Far This Year


If you can believe it, 2013 is already halfway over. With summer here, businesses everywhere are feeling the heat in their IT organizations – as they fight a growing array of security concerns, threatening their profitability and reputation alike.

Perhaps the greatest security measure of all is simply learning from others’ mistakes and misfortunes. So, take a look at seven of the biggest security “oops” moments so far this year.

Accidents as Threats

Last month, the French government’s SAP-based accounts payable system, Chorus, was down for four days and suffered an unrecoverable loss of AP data. According to the French State Financial Computing Agency, the ou…

If Big Data’s too scary, try Little Data (it’s free)


Here are some stats that will blow your mind: Every minute of every day, 48 hours of video content is uploaded to YouTube, Google receives over 2 million queries, over 100,000 tweets are sent and nearly 600 new websites are created. Perhaps most shocking is that quietly in the background, all of this data is tracked and stored. But what happens to it after that?

Obviously, today’s Internet is filled with vast amounts of data. When only a few short years ago a search would yield varied results, today search engines, social networks and even advertisers have realized that information must be culled, filtered and targeted for their consumers. In order to do this, many of these services collect data about you. Whil…