Archive for 'August 2014'

    Why Bringing Your Network Security “Inline” Lines Up With Your Goals

    By Manish Gupta | Technology
    An attacker can compromise a network and successfully exfiltrate data in less time than you might think.The 2011 security breach of EMC’s RSA Security Division showed us that it only takes a few days, if not minutes, for cyber criminals to compromise a well-protected corporate network and launch an attack that would eventually cost at least $66M to remedy. Today’s cyber attacks are fast and hard hitting, sometimes happening so swiftly that Read more...


    Your Locker of Information for CryptoLocker Decryption

    | Security News
    FireEye is no longer providing decryption solutions for CryptoLocker.  If your computer has recently been infected with ransomware, chances are that the infection has been caused by one of the many copycat attacks that use the same or similar name and method of operation. Since these new ransomware variants use different encryption keys, we have discontinued the DecryptCryptoLocker website and its associated decryption service. Here are some resources that can potentially assist Read more...


    Operation Poisoned Hurricane: Lessons for CISOs

    By Bryce Boland | Advanced Threat Trends
    The tactics described in “Operation Poisoned Hurricane” should come as a stark reminder that advanced threat actors do not stand still. They continue to refine their tradecraft, finding new and innovative ways to bypass security controls and evade detection.The technical details of the evasion techniques are complex, but the lessons for the CISO are clear:Traffic to a legitimate website is not always legitimate traffic – malware could be hiding command and control Read more...


    Android SSL Vulnerabilities: Lessons for CISOs

    We recently published a blog reporting a variety of issues with a set of security capabilities found in commonly used Android applications in the Google Play store. These capabilities frequently come from security configurations baked into the ad libraries that developers use to display ads in their apps and don't want to develop themselves. This is a laudable practice (implementing things like encryption protocols is hard and should be avoided by most software engineers), but it means that a Read more...


    Going Public About Privacy: A Six Part Series

    By Shane McGee
    This is the first of a six-article series by FireEye’s Chief Privacy Officer, Shane McGee.  In this series, Shane will explore six fundamental steps to building an effective privacy program.  There are many important topics that won’t be discussed here, e.g., setting objectives, assembling a team, third party assessments, performance metrics, and vendor interactions.  For purposes of this blog, however, we limited Shane to the six most important steps to creating a Read more...