Healthcare-record compliance is a SaaS problem too

Among companies handling patient records, the Health Information Technology for Economic and Clinical Health (HITECH) Act is old news. Going into effect in February 2009, this legislation sought to advance health information technology use standards to eventually make certain functions and safeguards mandatory, increasing the requirements for compliance with the Health Insurance Portability and Accountability [...]

The Era of the Hacker By Miguel Brito, SOC Analyst

Forbes recently released an article entitled “The Cybercrime Boom: It’s A Good Time to Be a Hacker”, and unless you are completely oblivious to the direction technology has been heading for the past several years now, you should agree that it is indeed, a good time to be a hacker. It seems like just about [...]

Duqu: A Breakdown, by Diego Ramirez, SOC Analyst

Duqu is the latest worm making noise in security circles and main stream media.  What’s interesting is how much we still don’t know about it. Even Virus/malware researchers at both Symantec and MacAfee can’t seem to agree specifically on the goal or exact purpose of Duqu.  The alarming thing is not only its modular design [...]

The use of legitimate channels to distribute malicious software to users, by Rory Smith, SOC Analyst

With security companies recording known and popular domains used for spreading malicious software, malicious users are constantly looking for new channels to launch their illegal campaigns. A growing trend in the wild is the distribution of malicious code through legitimate domains. A recent victim to this kind of activity would be none other than Amazon [...]

A recent study on online advertising firms, by Miguel Brito, SOC analyst

According to a recent study released by the Stanford University Law School’s Center for Internet and Society, many online advertising networks do not comply with their privacy policies. This study, which is similar to a study conducted earlier this year by Carnegie Mellon University, focused on the actions of 64 of the 75 members of [...]

The Corporate Security Halftime Report: Corporations: 0 Hackers: over 9000! by Rory Smith, SOC Analyst

We are finally halfway through what seems to be one of the most active years in terms of cyber warfare. In the last six months we have seen a variety of industry giants fall prey to malicious attackers. Fox, Google, Lockheed Martin, HB Gary, Sony, PBS, Nintendo, CIA, RSA and the US Senate have been [...]

A New Method of Code Obfuscation, by Miguel Brito, SOC Analyst

Code obfuscation is not really anything new. Malware authors are always on the lookout for new techniques to allow them to avoid detection by security products. Common exploit toolkits have even begun to use obfuscation to hide the methods they use to install malware on a victim’s Web site. Spammers also employ obfuscation and non-printing [...]

Rotten Apples, by Diego Ramirez, SOC Analyst

The cult of Mac has gotten a massive blow this past month as one of its tenants, “Macs don’t get viruses or malware”, was ripped to shreds with the advent of the Mac defender malware.   Mac Defender is a type of malware (also referred to a scare-ware or hijack ware) in which software is installed [...]

“Cookiejacking” IE vulnerability, by Gabriel Bellas, SOC Analyst

Just recently, we learned that an Italian IT professional by the name of Rosario Valotta discovered a vulnerability that affects every version of Microsoft’s Internet Explorer web browser.  The vulnerability allows a malicious user the ability to steal cookies from a user’s web browser. Once stolen, the sky’s the limit with what can be done [...]

Trending: Trusted Sites have become Trusted Targets, by Joshua Roback, SOC Supervisor

Geek.com has been claimed as yet another target of website hijacking and the irony isn’t lost on anyone.  The popular “techie” site joins the ranks of msn.com as an extremely popular, high traffic site that has unknowingly turned to the dark side.  Reports indicate that geek.com has been serving malicious <iframe> scripts, unknowingly to site [...]