There’s no such thing as a truly infallible system. Every platform, no matter how extensive or powerful, has points of failure. The Amazon Web Services outages we’ve seen over the years are proof enough of that – evidence that even the cloud can be brought down from time to time. “Outages are a thing that happens, whether your computing is happening in your office, in colocation, or in ‘the cloud,’ which is just a shorthand term for someone else’s computer,” writes Forbes Contributor Justin Warren. “To think that putting applications ‘ in the cloud’ magically makes everything better is naive at best.” That’s something of a bitter pill to swallow, isn’t it? Even if AWS fails infrequently, a single failure […]

Continue reading

With the advent of mobility and the coming Internet of Things, the enterprise threat surface has never been larger, nor the avenues through which criminals can gain access to essential files so varied. In the past, network-level controls were all you really needed to keep your data safe. But times have changed – and if your approach to security doesn’t change with it, then you’ve only yourself to blame when you suffer a breach. What a lot of administrators tend to forget is that protections like firewalls and authentication controls are only part of the equation. Such network-level protections only guard against a very narrow scope and set of attacks. If you want to truly protect your organization, you need […]

Continue reading

Earlier this year, the IRS revealed that hundreds of organizations were (successfully) hit a spear-phishing attack. The target? Employee tax documents that included social security numbers, addresses, and wage information. This attack didn’t just hit tiny organizations, either. There were several major corporations that fell prey to it, including Snapchat, GCI, and Mansueto Ventures. Yeah – it’s bad. “A new group of phishers is trying a new tactic: sending out emails that appear to be in-house – often from the CEO or CFO – asking HR personnel for the W-2 information of employees companywide,” explains Douglas Bonderud of Security Intelligence. “Since the email looks official and the request seems reasonable, it’s no surprise that several businesses have already been victimized.” […]

Continue reading

The Distributed Denial of Service Attack has a long and storied history in the cybersecurity space. Originally based primarily on the TCP and UDP protocols, they’ve since expanded to new horizons, as attackers think of new and creative ways to flood and shut down vulnerable systems. That isn’t to say older attack vectors are entirely obsolete, mind you. It’s important to be aware of some of the DDoS methods of yesterday, in the rare event that they make a comeback – which, as you’ll soon see, has been known to happen. Today, we’re going to discuss two of them Teardrop A Teardrop attack (which is really just a fancy way of saying “ip fragmentation) was a relatively simple thing to […]

Continue reading