Collaborate Disseminate
On June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:…
The post Cat-Phishing Hackers for Fun and Profit appeared first on Speaking of Security – The RSA Blog.
Over the past few years, I have spoken to countless executives about the challenges of managing fraud risk – from corporate banking to online gaming and digital marketplaces. Whether the goal is to protect billions of investment dollars or prevent bad guys from buying online gaming credits with a stolen credit card, the same sentiments always…
The post Applying Common Marketing Practices to Save Millions in Fraud appeared first on Speaking of Security – The RSA Blog.
Continue reading Applying Common Marketing Practices to Save Millions in Fraud
There are times when trying to put together an effective authentication strategy feels like competing in track-and-field events. Business and IT are supposed to be on the same team, but far too often seem to be racing toward completely different goals. Sure, it’s important to get to the finish line fast, but not at the…
The post Ready, Set, Authenticate: Why You Need RSA SecurID® Access to Win the Race appeared first on Speaking of Security – The RSA Blog.
Continue reading Ready, Set, Authenticate: Why You Need RSA SecurID® Access to Win the Race
By Steve Mowll and Chris Williams POINT: Chris Williams – Advisory Architect, RSA Identity In our last blog, I stated the following about why we most commonly engage in security practices. And these two items were represented: We embrace identity projects because we need to satisfy compulsory mandates. We need to provide competitive protective services…
The post YIN AND YANG: TWO VIEWS ON IAM – Global Risk Standards or States & Nations Policies appeared first on Speaking of Security – The RSA Blog.
Continue reading YIN AND YANG: TWO VIEWS ON IAM – Global Risk Standards or States & Nations Policies
The EU’s Payment Services Directive II (PSD2) has generated many questions from the financial services and payments industry. So much so we have found some in the industry turning to RSA for advice and guidance on the key considerations they need to put forth as they prepare to issue requests for proposals from potential consumer…
The post Key Considerations for Selecting a Consumer Authentication appeared first on Speaking of Security – The RSA Blog.
Continue reading Key Considerations for Selecting a Consumer Authentication
It’s 10 o’clock. Do you know where your users are? Believe it or not, there was once a time when this question was easy to answer. If “Steve” was logged into the corporate network, there was a very high-level of certainty you would find him sitting in his cube, on the 4th floor of building…
The post Protecting PingFederate® Users with RSA SecurID® Access appeared first on Speaking of Security – The RSA Blog.
Continue reading Protecting PingFederate® Users with RSA SecurID® Access
In March 2017, Palo Alto Networks Unit 42 published research on a new malicious spam campaign dubbed “Blank Slate.” Named as such because the malspam message is empty. Only the malicious attachment is present, as seen in Figure 1. Figure 1: Blank Slate malspam e-mail Recently, Blank Slate struck deploying Cerber ransomware once again, affording…
The post Blank Slate: A Tale of Two Malware Servers appeared first on Speaking of Security – The RSA Blog.
By Steve Mowll and Chris Williams Point: Effective identity management strategies are business-based, and should rise above technical limitations. Steve Mowll, Identity Architect, RSA True point, but in order to have effective strategies, they must be directed towards a desired outcome. Let’s take a look at this idea using Active Directory (AD) projects as an…
The post Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure? appeared first on Speaking of Security – The RSA Blog.
Continue reading Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure?
In a previous blog I reviewed the real world pay back for being a risk leader. Let’s say your company gets it, they know that good risk management increases the likelihood objectives will be fulfilled and profits improved, and now you’ve been given the assignment to start the risk management program to make your organization a…
The post Completing the Puzzle appeared first on Speaking of Security – The RSA Blog.
When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to…
The post Defining Your Cyber Risk Appetite appeared first on Speaking of Security – The RSA Blog.