Cyber Security Institute
Wednesday, March 03, 2010
Database Security Lacking at Financial Services Firms
Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers’ and employees’ privacy at risk, according to a new study from the Ponemon Institute. The study, commissioned by enterprise software and consulting firm Compuware (NASDAQ: CPWR), identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.
Crackdown on Mariposa: Botnet Infected 13 Million PCs
Security software firms worked with international law enforcement agencies, the FBI and the Georgia Tech Information Security Center to neutralize and eventually arrest three criminals who allegedly masterminded a massive botnet scam that ensnared more than 13 million PCs. The suspects, who officials say called themselves the “Nightmare Days Team” and dubbed their botnet project “Mariposa,” were arrested at their Basque Country residence by Spanish authorities last month. The arrests came after a year-long investigation by local law enforcement agencies and security software vendors Panda Security, which is headquartered in Bilbao, Spain, and Defence Intelligence of Ottawa, Ontario.
Tuesday, March 02, 2010
Symantec Chief Says Cloud Security the Next Step
With enterprise data growing at an overall rate of 60 percent per year, it’s time to take a closer look at that information and determine its economic value. Because if we don’t, the bad guys certainly will. That was the warning from Symantec (NASDAQ: SYMC) CEO Enrique Salem, speaking here at the RSA Conference 2010. He warned that as computing power moves out to the cloud, that will drive a need for digital devices to provide you with greater access to that data. But, he added, mobile devices are increasing in importance along with cloud computing, and they require new security methodologies to deter data theft.
Monday, March 01, 2010
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
Verizon Offers Up Its Data Breach Framework
Verizon Business here today released to the public its framework for gathering and analyzing forensics data from a data breach that is the basis for its comprehensive annual data breach reports. The hope is that the framework will facilitate more cooperation and data-sharing among breach victim organizations.
Wednesday, February 24, 2010
Most Enterprises Worldwide Hit by Cyber Attack in 2009
Enterprises are well aware of growing security threats to their organizations, but so far have lacked the resources and staff to deal with increasingly sophisticated and malicious cyber attacks, according to Symantec’s latest “State of Enterprise Security” study. The telephone survey conducted in January contacted 2,100 businesses and government agencies in 27 countries and found that 100 percent of them had experienced cyber losses of some type in the past year. The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information that resulted in monetary loss in 92 percent of instances.
Tuesday, February 23, 2010
FTC warns 100 organisations over leaked P2P data
More than 100 organisations guilty of allowing private data to leak on P2P networks have received warning letters from US consumer watchdog the Federal Trade Commission. Customer and biz data turning up on Torrents.
Monday, February 22, 2010
Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
Criminals hid bank card-skimming devices inside gas pumps—in at least one case, even completely replacing the front panel of a pump—in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.
Next generation firewall software introduced by Palo Alto Networks
Palo Alto Networks is to launch next generation firewall software to enable finer-grained control over business and Web 2.0 applications.
Friday, February 19, 2010
Computer Jargon Baffles Users, Hinders Security
Faced with such gobbledegook, many of the world’s nearly 2 billion Internet users conclude that security is for “experts” and fail to take responsibility for the security of their own patch of cyberspace—a potentially costly mistake. That was the message from cyber experts who met this week to work out how to protect computer users from the growing problem of online theft, fraud, vandalism, abuse and espionage.
Spike In Power Grid Attacks Likely In Next 12 Months
Attacks against the power grid are likely to rise and intensify during the next 12 months as smart grid research and pilot projects advance, according to utility security experts and a recently published report that analyzes threats to critical infrastructure. The so-called Project Grey Goose Report on Critical Infrastructure points to state and/or non-state sponsored hackers from the Russian Federation of Independent States, Turkey, and China as the main threats to targeting and hacking into energy providers and other critical infrastructure networks.
Thursday, January 21, 2010
5 tips for cybersecurity-training your employees
When Dennis Lauer joined the Millennium Challenge Corp. as chief information officer two years ago, the young federal program’s growing pains included a startling lack of security. It was an almost free-for-all atmosphere, he recalled. Employees installed Apple iTunes on the agency’s network and regularly downloaded malware via pop-ups that harbored malicious code. “Almost every day we had [surreptitious] viruses, and people didn’t know not to click on” them, Lauer said. The security situation began to change for the better when the office adopted new security policies and practices. Launched in 2004, MCC had adopted a few information technology shortcuts in the early years as the U.S. government corporation embarked on its mission of helping underdeveloped nations.
Enterprises Look for Help Managing Security Logs
Managed SIM services started to gain momentum over the past two years, largely due to compliance mandates such as the Payment Card Industry data security requirements. Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management.
Thursday, January 14, 2010
Product Watch: NitroSecurity Integrates Log Management With SIEM
SIEM vendor NitroSecurity next week will roll out a new log management product and management software that brings the two traditionally separate worlds under one roof. The new NitroView ESM Version 8.4 and new Enterprise Log Manager (ELM) tools are fully integrated and provide a single view of all SIEM and log management functions.
Wednesday, January 13, 2010
IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or
According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific excluding Japan (APEJ) region are expected to post strong double-digit growth in 2010 compared to 2009. According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow some 19% to US$115.44 million in 2010. The Identity and Access Management (IAM) market is estimated to grow by 15.2% to reach US$ 326.38 million.
Monday, January 11, 2010
Virtualization security remains a work in progress
While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009. Roughly 18% of server workloads have been virtualized, and research firm Gartner expects that number to climb to 28% in 2010 and almost 50% by 2012. But adapting traditional firewall, intrusion detection, antimalware and other types of security and monitoring software to run optimally in this radically changed hypervisor-based architecture is still very much a work in progress.
Sunday, January 10, 2010
Airport breaches on the rise nationwide
Government officials imposed stricter airport security measures after the failed Christmas Day bombing of a Northwest Airlines flight to Detroit. Such breakdowns are rare, officials said, but a government report released in October shows breaches at U.S. airports nearly doubled over five years. “That’s only the breaches we know about,” said Mike Boyd, president of the Colorado-based aviation consulting firm Boyd Group International. The Transportation Security Administration reported 1,442 security breaches at the nation’s 450 commercial airports in the fiscal year ended Sept. 30, 2004, according to the Government Accountability Office report.
Friday, January 08, 2010
CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private
It’s no secret that security pros worry about cyber-attacks that can happen anytime in a networked world, but apparently, they also worry about how much end-users know about good computer hygiene and their organizations’ abilities to assess how secure they are - or aren’t. The Computer Security Institute (CSI), which holds conferences and educational events for IT workers, released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009, with an assessment of how respondents felt about their own cyber-security situations and what that assessment may mean for 2010. A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.
Thursday, January 07, 2010
Log Management Appliance facilitates regulatory compliance [and chain of custody]
netForensics, Inc., a leader in the Information Security Management market, today announced data security enhancements to nFX Cinxi One. By incorporating the latest digital signing and encryption technologies into the industry’s most comprehensive log management solution, nFX Cinxi One creates a secure chain of custody to ensure the integrity of critical enterprise log information needed to demonstrate regulatory compliance.
Tuesday, January 05, 2010
World Cup Cybercrime 2010
The Research team in ESET have put their heads together to discuss the likely shape of things to come in the next twelve months in computer security and cybercrime (and cyberwarfare, to use one of the buzzwords of the moment).
Friday, December 18, 2009
Security Heavyweights Predict 2010 Threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Social networks are going to become a prime target for cybercriminals in 2010, according to security predictions from annual security reports released this month by CA Inc., Cisco Systems Inc. and Symantec Corp. A prediction list gathered from Independent Security Evaluators (ISE) and another list issued by Websense Inc. also anticipate increased threats on or towards major social networking sites. Social networks was the only prediction highlighted by all five sources, but increased use of search engine optimization (SEO) attacks, shorts URLs and malvertising, as well as an upcoming focus on smartphones and the Mac OS X platform, were also noted on multiple accounts.
Thursday, December 17, 2009
Cloud Security Alliance releases updated guidance
The Cloud Security Alliance (CSA) on Thursday released the second version of its guidance for secure adoption of cloud computing services. The new version, Guidance for Critical Areas of Focus in Cloud Computing—Version 2.1, provides more specifics in several areas and more actionable advice, said Jim Reavis, Cloud Security Alliance co-founder and executive director.
Sun Unveils Cloud Computing Security Tools
As part of its overall strategy to help customers and partners build public and private clouds that are open and interoperable, Sun Microsystems on Thursdsay unveiled innovative open source cloud security capabilities and announced support for the latest Security Guidance from the Cloud Security Alliance. Sun is steadfast in its commitment to providing best practices and technologies that help users safeguard their critical data in the enterprise and in the cloud. The introduction of Sun’s Cloud Security architectural building blocks will help deliver enterprise-grade cloud services that are highly secure, available and easily manageable when used in public, private or hybrid cloud environments.
Wednesday, December 16, 2009
Supply Chain Security Threats: 5 Game-Changing Forces
Supply chain security is being remade by black swan events, economic blahs, and more. What can a CSO do to keep goods and information flowing? As any CSO knows, it’s not enough to mind your own business. You have to look after your business partners as well, across all links that connect to your supply chain—-whether that chain is physical or virtual. And that goes double in times of rapid change and high stress. “The threat environment is constantly changing,” says Ryan Brewer, CISO for the Centers for Medicare and Medicaid Services “Sometimes it’s hard to put your finger on what’s most important.” Who would have thought three years ago that piracy on the supply chain would be such a big concern? Sometimes the big worry is terrorism, sometimes it’s natural disasters, lately it’s malware. Here are the top five developments CSOs say have the biggest potential to wreak havoc on their supply chains.
LogLogic releases version 4.9 of its log management software
Version 4.9 contains more than 40 new features, including built-in support for direct connectivity to Fibre Channel SAN environments without additional gear or appliances and new device management capabilities that provide more system operation controls.
Tuesday, December 15, 2009
Sharjah, N.Emirates to Get Cyber Crime Court
A federal court to deal with cyber crime cases in Sharjah and the Northern Emirates will soon be established in Sharjah, according to the Minister of Justice.
Hackers Are Defeating Tough Authentication, Gartner Warns
Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns. Increasingly, such measures are overwhelmed by online criminals looking to pillage bank accounts using valid login credentials stolen from customers, the report said. Going forward, banks need to quickly implement additional layers of security to protect their customers from falling victim to online fraud, said Avivah Litan, Gartner analyst and the report’s author.
Monday, December 14, 2009
Internet Security Firms Now Targeting Region
An anticipated upsurge in Internet users in Africa and more specifically the East African region is drawing the attention of cyber security firms. The region is now much more prone to Internet threats and cyber crime.
Breach Security releases WebDefend Global Event Manager
Breach Security has released WebDefend Global Event Manager that works in conjunction with the new web application firewall service offered by Akamai Technologies. When deployed with Akamai’s web application firewall service, the WebDefend Global Event Manager defends against global application security threats by enabling customers to make distributed cloud and data centre defense-in-depth architectures operational, the company said.
Sunday, December 13, 2009
Identity theft prevention is security spending focus
Organisation expect their largest security IT expenditure to be in identity theft and abuse prevention solutions, followed by spending to prevent external threats, unintentional privacy breaches, remote access abuse and spam. The global survey of over 400 companies with 500 or more employees found that organisations felt they would most likely have to deal with PC theft or loss (54%), spam attack (45%), misuse or hacking (45%), and spying tools (45%) as the most likely security incidents, while external threats (52%), internal intentional misuse (49%), remote access abuse (47%), identity theft (47%), and virus attack (43%) would be the most damaging security incidents.