- Malware 8 Practical Tips for Detecting a Website Compromise for Free
Detect website compromises using host intrusion detection tools like OSSEC, network IDS watching for anomalies, and centralized log review. Tactical measures include scanning for iframes and...
- Assessments 6 Qualities of a Good Information Security Assessment Report
Good security assessment reports start with strong executive summaries for non-technical readers, provide meaningful analysis beyond tool output, include supporting figures, describe methodology and...
- Incident Response Asymmetry of People's Time When Handling Major Security Incidents
Organizations without mature incident response programs overreact to breaches—calling all-hands meetings, micromanaging tasks, demanding night-and-day work—spending disproportionate time compared to...
- Malware 6 Ideas for a Protean Information Security Architecture
Protean security architecture uses deception to complicate attackers' jobs asymmetrically—opening fake ports redirected to honeypots, deploying honeytokens mimicking applications, using DNS...
- Malware Malvertising: Dealing With Malicious Ads - Who and How?
Ad networks could validate advertisers, research domain registrations, and examine Flash ads for malicious logic—but practices are ineffective or ignored. One organization reduced malware infections...
- Malware Malvertising: How Malicious Ads Are Deployed
Attackers deploy malvertisements by compromising ad network infrastructure or by impersonating agencies representing legitimate clients. They sound professional, pay for campaigns, and sometimes...