Workplace Security: Are You the Weakest Link?

As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it.  Do you re-use the same password to log in to multiple accounts?  Are you visiting social networking sites and planning your upcoming summer vacation while at work?  Have you ever logged…

Secure Crypto: “Lucky Thirteen” Attack

By Sean Parkinson, Consultant Software Engineer Once again an attack against TLS has been published and again the attack targets cipher suites that use Cipher Block Chaining (CBC) mode encryption. This Man-in-the-Middle attack is easier to perpetrate than the previous Man-in-the-Browser attacks like “BEAST” and “CRIME,” but results in many failed TLS connections and requires…

Analysis Techniques: Responding When the Attacker has a Foothold – Part II

By Tom Chmielarski, RSA Practice Lead, Advanced Cyber Defense Services (Americas) This is the second part in a series: refer to part one for the introduction. This blog series examines response options to an enterprise intrusion of some sort, be it by “APT” or Hacktivists” or some other category involving a purpose-driven actor. I’ll refer…

New Service in the Underground Offers to Secure Fraudsters’ Infrastructure – Because Fraudsters Need InfoSec Too

Whether it is to Phish, to infect, or to sell credentials, cybercriminals have always required an infrastructure to commit their crimes – servers, PHP scripts, vulnerabilities and more. Many of the trends in recent years, such as the explosion of botnets and credit card stores, have led to the rapid expansion of this infrastructure. If…

To MSSP or not to MSSP?

By Justin Grosfelt, Principle Security Consultant, RSA Advanced Cyber Defense Services It’s an increasingly common question these days, and not an easy one at that. That is, do you build your security operations capabilities in house, or do you go with a Managed Security Service Provider (MSSP)? There are certainly advantages to both and bottom…

What else is happening in infosec and fraud these days?

By Berk Veral, Senior Product Marketing Manager, RSA FraudAction and CyberCrime Intelligence I have mostly written about mobile apps; specifically on apps becoming an integral part of our daily lives. This is a fact that can be proven by the increase in the  number of apps available and downloaded via public app stores. So what…

Beyond the Zero Day: Detecting JVM Drive-bys – Part 1 of 3

By Erik Heuser, RSA Advanced Cyber Defense Services Advisory Practice Consultant With all the recent Java Virtual Machine (JVM)exploits, a lot of attention is being focused on figuring out how best to mitigate the vulnerability.  Detection has been limited to signature-based attempts, mostly firing on class names or well-known strings within the JAR/Class.  While this…

Next Generation Security Operations: Flesh and Blood

Years ago, companies had to worry about the “brick and mortar” threats – physical theft, property destruction, natural disasters.   Next, it was the “bits and bytes” threats – intellectual property theft, website defacement, denial of service attacks.   Now, there is a new element to our threat landscape – the “flesh and blood” threats.  I don’t…

Responding When the Attacker has a Foothold – Part 1

By Tom Chmielarski, RSA Practice Lead, Advanced Cyber Defense Services (Americas) Eventually most people in IT Security will face that dreaded day when they discover the organization has been breached and an attacker has established a foothold. This could be in the form of a hacked web server, a desktop beaconing with “APT” malware, a…

Analysis Techniques: The Importance of Developing Detection Use Cases

By Tom Chmielarski, RSA Practice Lead, Advanced Cyber Defense Services (Americas) A great way to get value out of a SIEM, a log management platform, or even a syslog server you can query is to spend the time to document use cases for monitoring. For simplicity I’m going to say SIEM here but I do…