While organizations are deploying firewalls, public key cryptography and complying with various security and privacy regulations, many of them are still hanging onto certain misperceptions, "falsehoods" and approaches that don't work, Charles Pfleeger, a security consultant and principal of the Pfleeger Consulting Group, said in a keynote speech at a recent security event jointly held by Kaspersky Lab and NYU-Polytechnic University in New York City. "There are a lot of dumb ideas," Pfleeger said, noting that some of the misconceptions can be found within the security community itself. In his keynote speech, Pfleeger used construction analogies to illustrate the importance of building applications and designing IT architectures with security in mind. It's easier to build a house with electricity from the start, rather than breaking into a freshly painted wall later to install cables, Pfleeger said. IT and security professionals should learn to recognize bad ideas for what they are and counter the erroneous notions when they come across them, he said. For this slide show, eWEEK chatted with security experts to expand on Pfleeger's initial list to highlight myths and fatuous ideas that put enterprises and users at risk.
Three Republican presidential candidates at Tuesday's CNN-sponsored GOP debate said that cyberattacks pose an emerging national security threat to the United States. In closing comments during the debate, GOP hopeful Newt Gingrich, the former Speaker of the House, said that he views cyberattacks as one of three major security threats the U.S. is currently unprepared to deal with.
Marriott International Corp. was recently the victim of a rare type of targeted attack: A hacker pilfered sensitive documents from the hotel chain and then attempted to use the stolen intelligence to blackmail it for employment. Attila Nemeth, 26, from Hungary, has pleaded guilty in U.S. District Court to hacking and extortion charges stemming from a bizarre case in which he placed backdoor malware on Marriott computers, exfiltrated sensitive documents, and then threatened Marriott with exposing the information if the company didn't offer him an IT position.
Researchers from the Danish security firm CSIS, have intercepted a currently spreading Facebook worm. The worm spreads by sending direct messages using the privileges of the already logged in user. The message looks like an image file, whereas in reality it has an executable .scr screensaver extension. Upon execution, the sample drops a ZeuS crimeware variant on the infected host. The malware is hosted on compromised web servers across the globe.
The FBI and Department of Homeland Security say they can't find evidence to confirm any of the story that an Illinois water authority's SCADA network was hacked and that it resulted in burning out a pump in the system. "There is no evidence to support ... claims that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," according to a story published by the BBC.
The ThreatGeek Top 5 is a weekly post that identifies relevant industry news and stories. Check in to stay up to date with the latest happenings throughout the industry.