Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Fortinet – a worldwide provider of network security appliances and the market leader in unified threat management (UTM) – has forecasted following eight threats that they consider to be the most damaging / dangerous in 2012.
Continue reading “Top 8 Security Predictions for 2012 by Fortinet”
Duqu is a Remote Access Trojan designed to steal data from computers it infects.
Duqu seems to have been designed to steal information from vendors of industrial control systems. It is an intelligence gathering agent.
Continue reading “Tech Terminology Demystified – Duqu Trojan”
Typically a strong online banking authentication relies on generating a Transaction Authorisation number, sending it to the registered mobile number of the internet banking user, and the user will then have to enter the random generated authorisation code into the mobile banking site for the transaction to get authorised. Beware — danger is lurking in this scenario also.
ZITMO (Zeus-In-The-Mobile) is a trojan designed to intercept and redirect the incoming SMS including the transaction authorisation codes that come into the infectd mobiles. Another similar trojan is SPITMO (SpyEye-In-The-Mobile) with nearly the same functionality as ZITMO except for some change in how it works.
Continue reading “Internet Banking & Mobile Banking users beware – ZITMO & SPITMO is here !!”
QR – Quick Response – codes look like this:
We often mistype domain names when we are searching the web or trying to access a website. For e.g. we type instead of gmail.com, we may type gamil.com or icicibank can be typed as icici bank. Researchers have now shown that by creating ‘doppelganger’ (German origin-meaning duplicate or double) domains it is possible to steal information. A extract of the article has been included here.
Continue reading “Typosquatting-Use of Doppelganger Domains to steal data”
Private cloud is infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally.
Continue reading “Tech Terminology Demystified – Private Cloud Computing”
When a security analysis of a software application is performed, such as when using an automated code auditing tool, developers often face hundreds or thousands of individual bug reports for weaknesses that are discovered in their code. In certain circumstances, a software weakness can lead to an exploitable vulnerability. For example, a buffer overflow vulnerability might arise from a weakness in which the programmer does not properly validate the length of an input buffer. This weakness only contributes to a vulnerability if the input can be influenced by a malicious party, and if that malicious input can copied to an output buffer that is smaller than the input.
Continue reading “The new Common Weakness Scoring System – CWSS”
Everyone has at some point of time or the other deleted an important file and have been through bouts of panic!!
Here are some tips on how to recover lost data.
Continue reading “How to Recover Lost Data”
E-Discovery as a concept is gaining prominence thanks mainly to the legislative impetus in the United States. Even otherwise from a internal and IT Controls perspective it is very important to understand E-discovery and its implications for organizational controls outside of the compliance related framework that it is usually associated with. Continue reading “E-Discovery and Compliance”
‘Virtualization’ in information technology parlance is the process of breaking a single physical resource into multiple logical / virtual resources. This can be better understood through an example of server virtualization. Continue reading “‘Server Virtualization’ simplified”