The Security Program Approach is Hard, But Necessary

As part of my day job, I have the distinct pleasure of studying enterprise security programs – or at least slices of them – in their native habitat. I spend time with CISOs and other security leaders at many different levels to understand, learn from and aggregate the successes, failures and lessons from these security program elements. Before I even embarked on this role, I was known to lament the difficulty of putting together a solid security program.
read more

Malvertising Attack Hits Yahoo! Ad Network

A large malvertising attack recently hit the Yahoo! advertising network, which leveraged Microsoft Azure websites and eventually redirected browsers to pages hosting the Angler Exploit Kit to compromise systems.
The malicious campaign started on July 28, and has since been shut down, according to Malwarebytes, the security firm that discovered the attack.
read more

Researchers Uncover ‘Terracotta’ Chinese VPN Service Used by APT Crews for Cover

Building a business can be expensive and time-consuming, and owners will look for ways to save money wherever they can. Researchers from RSA Security have found a VPN provider in China that is taking this to an unusual extreme: hacking Windows servers around the world for use as VPN nodes on a network that is […]