Data privacy and protection is a BIG deal, and many countries are setting new regulatory standards for how to move, store, view, and report on data containing users’ personally identifiable information, or PII. Read more “Dimension’s User Anonymization makes Data Protection Easy”

WatchGuard Product Releases

WatchGuard recently announced the General Availability of major new releases of both the Fireware operating system and WatchGuard Dimension, both of which are now available to download at the software center . These releases provide increased visibility across the entire network for distributed enterprises and small and midsize businesses (SMBs). Read more “WatchGuard Product Releases”

Today my boss couldn’t get to a website. Turns out, our WebBlocker service classified it as a Compromised Website. Great! Our WatchGuard Firebox was doing a good job.?However, my boss knew the site, and the people behind it, so he wanted to know what was wrong with it Read more “Blackhat Search Engine Optimization (SEO) Injection”

Over the weekend, security researcher Mike Olsen published an article about his experience with a set of PoE security cameras that he ordered from Amazon.com. While troubleshooting a display issue, Mike found that the web portal for his cameras was using an HTML iframe element to silently load a malicious web site without his knowledge. This type of attack is a perfect example of a Cross Frame Scripting (CFS) attack. Read more “Watch Out For Malware In Your New IoT Devices”

Locky Vigilante

Recently, while working with LastLine (our APT Blocker provider) on what I thought was a low score for a ransomware file, I?uncovered something unusual. A lot of ransomware is currently being sent as a JavaScript (.js) attachment in emails. Read more “Locky Vigilante”

Early this month, I reported a new OpenSSL vulnerability in one of my Daily Security Byte videos . At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a “key recovery” attack.?By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server’s private key, and decrypt its communications. Read more “Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw”

According to unnamed sources in the Obama administration, the US government is developing?sanction against?foreign attackers who leverage cyber espionage to steal intellectual property. While?these sorts of deterrents may be necessary?to discourage cyber attacks in the age we live, they could certainly change the information security landscape. Watch today’s episode to learn more about these possible sanctions Read more “Cyber Espionage Sanctions – Daily Security Byte EP.134”