Open source malware means more (and more dangerous) attacks

Posted by Scott Petry

Nov 24, 2014

img_2014-11-24_PhishLabs

NEWS

We’ve talked quite a bit about the increasing number of attacks being reported over the past few months. This is partially due to the increasing use of web apps and reliance on the browser as a way of accessing business information. But it’s also attributable to the increase in “open source” malware. As with key layers of the Internet stack, the source code of various exploits have been released by the authors, and other developers are building on that base.

Topics: News

Protect yourself from what you research!

Posted by Josh Brotheim

Nov 18, 2014

img_Isolation-Chamber-Kitten

CORPORATE NEWS

Re-imaged machines, local sandboxes, and even process emulation on the user’s device are common tactics researchers use to insulate themselves from the malicious content they need to capture and analyze. But if you step back and think of it, these approaches violate a core tenet of security research: they expose their local resources (e.g. IP address, network gateway, local servers, local machine) to the threat.

Topics: Corporate News

Authentic8 Enables Full Encryption of User Activity Log Data

Posted by Scott Petry

Nov 18, 2014

img_2014-11-18_Encrypted-Logs

CORPORATE NEWS

MOUNTAIN VIEW, CA--(Marketwired - Nov 18, 2014) - Authentic8, maker of Silo, the cloud-based secure browser for businesses, has extended logging capabilities to enable encryption of all usage and activity data with a customer-supplied key. In today's world of web-based services, customer data is scattered across a variety of third-party providers. And companies in industries where information needs to be closely managed don't have the tools necessary to remain in compliance when using cloud-based apps.

Topics: Corporate News

Are you sure you want to expose your location to the world?

Posted by Josh Brotheim

Nov 12, 2014

img_Global-Network

CORPORATE NEWS

You wake up and want to know the day’s weather. So you point your browser to weather.com and it gives you the weather forecast. Simple. But you never typed provided any information about where you are and the website somehow knew your location. How did it know?

Topics: Corporate News

Monthly News Roundup - October 2014 (TL;DR)

Posted by Drew Paik

Oct 31, 2014

img_2014-10-10_PopSci

NEWS

Happy November! October was Cybersecurity Awareness Month, and, perhaps fittingly, it was a busy one. As security experts continued to grapple with the fallout from Shellshock, a new infrastructural vulnerability surfaced. We also saw reports of new breaches affecting everything from Dropbox to Snapchat. Here’s the TL;DR on a few stories we found interesting:

Topics: News

Authentic8 Enhances Silo for Enterprise Information Security Researchers

Posted by Ramesh Rajagopal

Oct 23, 2014

img_2014-10-23_Marketwired

CORPORATE NEWS

MOUNTAIN VIEW, CA--(Marketwired - Oct 23, 2014) - Authentic8, maker of Silo, the cloud-based secure browser for business, has expanded its product capabilities to include resources designed for information security research, incident response, emergency readiness, anti-fraud, and more. Where Silo is designed to control the use of web-based services by executing in a sandbox and implementing data-level policy controls, the new configuration, called Toolbox, brings the same isolation but includes features necessary for researchers to do their jobs more securely.

Topics: Corporate News

Securing data needs to evolve beyond building moats around castles

Posted by Ramesh Rajagopal

Oct 16, 2014

img_2014-10-15_Graham-Cluley

SECURITY

This article written by Ramesh originally appeared on www.GrahamCluley.com. Target, Home Depot, JPMorgan Chase, Salesforce – every week brings a new report of a security breach. Despite increasing investments in security software, it seems our data has never been less secure. As the way we work has shifted, the risks to our data have been spread far and wide making it even more challenging to protect.

Topics: Security

Silo closing the hole on Poodle exposure

Posted by Ramesh Rajagopal

Oct 15, 2014

img_2014-10-15_Ars-Technica

SECURITY

Another major vulnerability in the SSL protocol has been just been discovered, codenamed POODLE. Like the Heartbleed bug earlier this year -- this vulnerability undermines the secure HTTPS communication protocol that sits beneath all our most sensitive online transactions. With this vulnerability hackers have the ability to re-assemble the session cookie between websites and browsers that rely on the older SSLv3 version of the protocol. With the session cookie in hand, it is possible for the attacker to gain access to the victim's web account.

Topics: Security

Trusting third parties can lead to second-rate security

Posted by Drew Paik

Oct 14, 2014

img_2014-10-13_GuardianIDENTITY

Over the weekend, news broke that hundreds of thousands of individual users of SnapChat (many under the age of 18) fell victim to compromise through a third-party service called SnapSaved, reportedly perpetrated by the same group responsible for leaking the celebrity photos. And Dairy Queen revealed that they were the latest in a growing list of retailers that have had customer credit card information stolen as a result of malware installed by hackers using stolen passwords from third-party contractors.

Topics: Identity

Does changing your password really make a difference?

Posted by Drew Paik

Oct 7, 2014

img_2014-10-07_Gizmodo

IDENTITY

One of the most common pieces of advice in the wake of a major security breach is to change your password. Often. Let’s take a look at a competing argument: Don’t change your password because frequent changes won’t really keep you safe. The basic gist is this: regularly changing your password gains you nothing because if you’re not already compromised, you’re just swapping out a secure password for another secure password.

Topics: Identity

The official blog of Authentic8

Blog Home
Sign up for Silo
Contact Us

Subscribe to Email Updates