Now You Z-(eus) It, Now You Don’t: Zeus Bots Silently Upgraded to Citadel

The FraudAction Research Lab has recently analyzed a Zeus 2.1.0.1 variant downloading an additional Trojan into infected PCs by fetching a Citadel Trojan (think of the Borg on Star Trek).  RSA is witness to many Zeus botmasters who upgraded and moved up to Ice IX neighborhoods, and now, to yet another summer home – Citadel…

Assertive Personas

I was at the Gartner IAM Summit in London last week and had the chance to catch up with Robin Wilton, including attending his session on “High Identity Assurance in a Mobile World”. It was a great presentation, full of interesting ideas and insights. I was particularly struck by Robin’s discussion of personas, especially in…

Mobile: Here There Be Monsters

It’s a new, exciting era for Trojan builders. The mobile space in 2012 is a vast, unchartered territory that attracts the talent and creativity of black hatters and malware writers like moths to a flame. If you think about it, the entire mobile security space has huge ‘Here there be monsters’ sections where the cartographers…

APT and Bots: Both matter

Why Indicators of Compromise are a new Maginot Line. In the fight against Advanced Persistent Threats (APT), targeted organizations put a lot of effort into trying to block certain threat actors from getting at critical information. When a breach is detected, a process of “attribution” is put in place in order to identify who has compromised…

EU Data Directive Privacy by Design and PETs

We are a funny lot in Europe, guarding our privacy and more importantly the privacy of our data is of paramount importance.   The protection and privacy of personal data is a fundamental right within the EU. According to the Digital Agenda for Europe, concerns about privacy are among the most frequent reasons for people not…

Big Rocks, Big Ideas and Big Opportunities

From Monday’s Innovation Sandbox to Friday’s keynotes, innovation was a central theme of this year’s RSA Conference 2012  in San Francisco. As Hugh Thompson said in his final remarks, the Innovation Sandbox proved that innovation is alive and well in cybersecurity. Perhaps 2012 will indeed be, as Hugh suggested, “The Year of Innovation”. But as…

RSA 2012 – the ECAT cut

With the benefit of a weekend’s hindsight, it’s a good time to post some notes and observations from our hyper-busy week at RSA. ‘Busy’ is no exaggeration – we had over twice as many visitors to our booth as last year. Why all the extra interest? We certainly had a lot to announce as part…

Best practices for meeting new Breach notification for EU Directive Part 2

In February I talked about the key aspects of the proposed changes to the EU Data Protection Directive. Breach notification within 24 hours (where possible) is one of the proposals. So, how do you prepare to meet this aggressive timeframe and what security management tools and processes do you need to implement? Organizations expected to…