Risk Compliance

In this informative blog, McAfee experts weigh in on the processes, legislation, and requirements that affect every company’s risk and compliance posture. From audits to reporting, this blog helps you keep up to date on issues and advancements, and informs you of the latest McAfee risk and compliance product updates.

RDP+RCE=Bad News (MS12-020)

See March 15 and 16 updates at the end of this blog. —————————————————-   The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on Read more…

Tags: Cyber Security Mom, Cybercrime, data breach, Data Protection, Endpoint Protection, enterprise, global threat intelligence, labs, malware, McAfee Labs, Microsoft Security Bulletin, MS12-020, Network Security, Risk and Compliance

Urchins, LizaMoons, Tigers, and Bears

In early April, I wrote about the famed “LizaMoon” SQL-injection attacks. I said it then, and I’ll say it again now: SQL-injection (SQLi) attacks are a constant. Some of these attacks are more visible than others.  Some adversaries find intelligent ways to hide their tracks so as not to splatter evidence of their misdeeds all over various search Read more…

Tags: Cybercrime, Data Protection, database security, enterprise, lizamoon, malware, mass sql injection, Network Security, sql attacks, SQL Injection, urchin.js

McAfee to Acquire NitroSecurity

I am excited to share that McAfee has officially announced its intent to acquire privately owned NitroSecurity.  NitroSecurity is a leading provider of security information and event management (SIEM) solutions that offers complete visibility and situational awareness to protect critical information and infrastructure. With NitroSecurity’s technology and talent, McAfee can expand its reach into the fast Read more…

Building an Arsenal of Best-in-Breed Database Security Solutions

Visit any news site on the Web, and undoubtedly you’ll come across a barrage of articles publicizing the details of yet another data breach. With the prominence of SQL injection attacks, and malicious insiders and hackers exploiting sensitive data stored on unpatched and vulnerable databases, enterprise organizations have found themselves reevaluating their security strategies. Following Read more…

Tags: database security, enterprise, Risk and Compliance

Hackers vs. Hackers: The New Frontier Of Embedded Devices

If we look at the evolution of hacking, certain techniques never go out of style, but we’re at the beginning of a big shift in terms of the targets.  The threat landscape has evolved beyond PCs, tablets, and smartphones to a whole new battleground: connected devices all around us. According to Ericsson, there will be Read more…

Tags: black hat hackers, cyber attack, embedded, Hacking Exposed, Risk and Compliance, security, white hat hackers

Five Simple Steps SMBs Can Take To Prevent A Disastrous Data Breach

Every week we see similar stories permeating the news – large enterprises falling victim to data breaches and finding themselves at the mercy of hackers looking to access and exploit sensitive customer data for personal or monetary gain. The impact of just one of these events can be devastating; for large enterprises, the short-term effect Read more…

Tags: data breach, enterprise, risk, security, SMB

Lockheed Martin, EMC, Sony: Design Inner Security Layer assuming Outer Layer is already breached.

The recent security breach at Lockheed Martin confirmed that the attacks we saw with Operation Aurora, identified by McAfee, and Stuxnet are just the beginning of a new era of targeted attacks. Cybercriminals are now executing the perfect plan to get closer to their target without raising any red flags. In the case of Operation Read more…

Tags: Lockheed Martin, malware, Night Dragon, Operation Aurora, Stuxnet, targeted attacks, Whitelisting, Zero-Day

Safeguarding Against Advanced Persistent Threats

Advanced persistent threats like we’ve seen with Stuxnet and Night Dragon target the manufacturing and process industry, including national critical infrastructure.  The industrial revolution started our reliance on automation. However as the industry became more integrated, modular and adaptable to broader industrial processing it also grew more vulnerable and susceptible to attack. Adding further complication Read more…

Tags: Advanced Persistent Threat, critical infrastructure, data breach, McAfee Application Control

Defense In Depth: Protecting From The Inside Out

Something Changed With Aurora Even before the China centered Operation Aurora attack (a.k.a. Google attacks) in which hackers broke into numerous high-profile organizations in the US to steal highly confidential information, I had been warning customers (and anyone in ear shot quite frankly) of the most effective strategies to protect against the deluge of advanced Read more…

Tags: data breach, database activity monitoring, database security, enterprise, intellectual property, Night Dragon, Operation Aurora, Sentrigo acquisition

Is Database Security an Oxymoron?

If you’re responsible for database security and feel like scaring the living daylights out of yourself, check out www.privacyrights.org/data-breach. It’ll give you some idea of just how large of a problem security breaches truly are. Significant breaches are happening on almost a daily basis—and sometimes multiple major breaches are occurring in a single day. And Read more…

Tags: data breach, database security, enterprise, ePolicy Orchestrator, Risk and Compliance