Cyber Security Institute
Tuesday, February 28, 2012
RSA Conference Trending List
So what are the top buzzing noises are the RSA conference after a couple of hours onsite
Monday, February 27, 2012
Log management deserves a company’s respect
Keeping and maintaining data logs is a corporate best practice and, in many cases, when you consider regulation and industry standards, it?s the law.
Still, few companies take advantage of the benefits of log maintenance when it comes to detecting and responding to data breaches. In fact, according to Verizon?s 2011 Data Breach Investigations Report, less than one percent of the breaches analyzed were discovered through log analysis, while 69 percent of those breaches were detectable via log evidence.
SOURCEFIRE FIRST TO PROVIDE NEXT-GENERATION IPS WITH INTEGRATED APPLICATION CONTROL
SourceFire announced the first Next-Generation Intrusion Prevention System (NGIPS) to provide fully integrated and intelligent application control. Sourcefire, which pioneered NGIPS in 2003, is extending its Agile Security™ vision by providing the world’s first NGIPS to incorporate real-time contextual awareness and full-stack visibility, together with intelligent security automation and granular application control.
Monday, February 13, 2012
Number of Malicious Sites Increase by 240% in 2011
Blue Coat Systems issued its Blue Coat 2012 Web Security Report that identifies and analyzes trends in malicious attacks over the past year and makes recommendations on strategies to keep companies safe. In 2011, the most significant evolution in the threat landscape was the use of malware networks, or malnets, to launch highly dynamic Web-based attacks. These complex infrastructures, which outlast any one attack, drove a 240% increase in the number of malicious sites during the year and are expected to launch as many as two-thirds of all new attacks in 2012.
Friday, February 10, 2012
M86 Security Labs report provides insight to plan security for 2012
M86 Security Labs just released its latest Security Labs Report detailing key trends and developments in Internet security.
Thursday, February 09, 2012
Splunk Launches Splunk App for Enterprise Security 2.0
Splunk today announced the general availability of its Enterprise Security Intelligence Solution, consisting of the Splunk App for Enterprise Security 2.0, and Splunk® Enterprise 4.3, the company’s flagship software for collecting, indexing and harnessing machine data.
Cybersecurity Is The Way To Play Defense Spending Read more: http://stocks.investopedia.com/stock-a
A recent survey by McAfee showed that 43% of respondents identified disruption to critical infrastructure as the greatest single threat posed by cyber-attacks, and nearly 57% believe that a cyber space arms race is occurring.
Cybersecurity Is The Way To Play Defense Spending Read more: http://stocks.investopedia.com/stock-a
A recent survey by McAfee showed that 43% of respondents identified disruption to critical infrastructure as the greatest single threat posed by cyber-attacks, and nearly 57% believe that a cyber space arms race is occurring.
Service providers lack confidence in LEAs
Arbor Networks’ 7th annual Worldwide Infrastructure Security Report presents a view of 2011 security through the eyes of the providers: ISPs, hosting companies, and service providers. “Ideology was the most common factor for DDoS in 2011,” it notes, “followed by a desire to vandalize.” Since we have seen hacktivists willing to issue a general ‘call to arms’ and even provide the tools to take part in attacks, it represents, concludes Arbor, ‘a sea-change in the risk-assessment model’ for both network operators and their customers.
Friday, February 03, 2012
Is Your Lawyer the Weakest Link? Hackers Are Now Targeting
A profoundly troubling article by Bloomberg details expanding efforts by hackers to attack system networks of law firms to cull confidential data on sensitive deals and transactions.
One attack in particular involved China-based hackers looking to derail a $40 billion acquisition of the world’s largest potash producer by an Australian mining conglomerate.
Thursday, October 20, 2011
New SEC security breach rules no big game changer, experts say
Late last week the Securities and Exchange Commission issued new guidance informing public companies that, under certain circumstances, they may need to disclose cyber breach information, or even potential security breaches, if there is a certain level of risk of financial impact to corporate earnings.
Monday, August 01, 2011
Incident Response and Recovery May Be the Best Defense
The ever increasing list of breaches appearing on the Open Security Foundation’s DataLossDB Web site as well as companies being targeted by the AntiSec movement made up of groups including recently-raided Anonymous, AnonOps, TeaMp0isoN, and now-dormant LulzSec continues to show that no organization is immune to successful penetration from cyberthreats. [Written by my good friend BK DeLong, an independent consultant based in Boston, MA]
Thursday, June 30, 2011
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
One of the world’s stealthiest pieces of malware infected more than 4.5 million PCs in just three months, making it possible for its authors to force keyloggers, adware, and other malicious programs on the compromised machines at any time. The latest TDL-4 version of the rootkit, which is used as a persistent backdoor to install other types of malware, infected 4.52 million machines in the first three months of this year, according to a detailed technical analysis published Wednesday by antivirus firm Kaspersky Lab.
Tuesday, June 28, 2011
Cyber attacks are escalating
Today, that highway is starting to resemble the route Mad Max traveled in The Road Warrior. Hardly a week goes by without seeing news reports about another corporation being sabotaged by hackers. This month on The Digital Future, Strategic News Service publisher Mark Anderson looks at the huge increase in Advanced Persistent Threats: efforts by nation-states to steal information and technology.
Microsoft patents spy tech for Skype
A newly patented Microsoft technology called Legal Intercept that would allow the company to secretly intercept, monitor and record Skype calls is stoking privacy concerns. Microsoft’s patent application for Legal Intercept was filed in 2009, well before the company’s $8.5 billion purchase of Skype in May. From Microsoft’s description of the technology in its patent application, Legal Intercept appears similar to tools used by telecommunication companies and equipment makers to comply with government wiretap and surveillance requests.
Federal agency issues new security rules for financial institutions
The federal agency that regulates banks today issued new rules for online security for financial institutions, instructing them to use minimal types of “layered security” and fraud monitoring to better protect against cybercrime. It’s the first time the Federal Financial Institutions Examination Council (FFIEC) has updated its rules since 2005, and the instructions to regulated financial services today focus on protecting high-dollar Automated Clearinghouse (ACH) transactions that have been targeted by sophisticated cybercrime groups that hijack business PCs in order to initiate fraudulent transactions.
Thursday, May 19, 2011
Oracle release enables dual IPv4-IPv6 provisioning, Ethernet support
… technology refreshes such as upgrading to IPv6,” said Liam Maxwell, vice … platform support for both IPv4 and IPv6 enables service providers to introduce … the operational complexities of a dual IPv4–IPv6 environment. Oracle Communications IP Service …
http://www.telecomengine.com/article/oracle-release-enables-dual-ipv4-ipv6-provisioning-ethernet-support
AOL Announces Participation in World IPv6 Day 19 May 2011 12:51 NewsAdvance.com
AOL Announces Participation in World IPv6 Day 19 May 2011 12:51 NewsAdvance.com
… a global “test flight” of IPv6 capabilities bringing together major web providers, … of supporting the migration from IPv4 to IPv6,” said Alex Gounares, CTO of … of its products and services with IPv6 in the future: For more information about …
http://www.businesswire.com/news/mgnewsadvance/20110519005467/en
Friday, May 06, 2011
Sophos acquires Astaro
Sophos buys Astaro.. wow, interesting move.
Symantec Announces Updates to Data Management, Protection and Endpoint Security Solutions
Symantec, at its Vision user conference that took place in Las Vegas this week, announced a series of updates to some of its core product offerings, spanning across its Endpoint Protection solutions to Enterprise Vault Archiving Software. Symantec Endpoint Protection Small Business Edition 12, also available as a public beta, and it will offer small organizations with limited IT staff and resources a solution they can easily deploy. In addition to the Endpoint Protection and Protection Center announcements, Symantec announced Symantec Enterprise Vault 10, Enterprise Vault.cloud, and Cloud Storage for Enterprise Vault to help organizations manage and discover their information with speed, efficiency and scale, on-premise and in the cloud.
Thursday, April 28, 2011
Symantec announces April 2011 MessageLabs Intelligence Report
This month analysis reveals that targeted attacks intercepted by Symantec.cloud rose to 85 per day, the highest figure since March 2009 when the figure was 107 per day in the run-up to the G20 Summit held in London that year. MessageLabs Intelligence has also revealed that shortened URLs have become increasingly popular recently, being used to lure people to click on advertising links; a practice known as click-fraud. In April, 1 in 168.6 emails contained malware and targeted attacks accounted for approximately 0.02% of these.
Dropbox 1.2 Experimental Build Fixes Security Issue
Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data. Dropbox 1.2 introduces a new encrpyted database format to “prevent unauthorized access to local Dropbox client database” in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.
Dropbox 1.2 Experimental Build Fixes Security Issue
Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data. Dropbox 1.2 introduces a new encrpyted database format to “prevent unauthorized access to local Dropbox client database” in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.
http://www.ghacks.net/2011/04/28/dropbox-1-2-experimental-build-fixes-security-issue/
VCs and IT Security Firms: Not Much Love in the Air
Although security breaches make the headlines regularly and Washington has plans to upgrade the security of the United States’ national infrastructure, up-and-coming IT security companies are having difficulty securing investment funds. “It seems there’s been a general shift among venture capitalists away from security,” Jim Pflaging, director and managing principal at SINET, stated at a private lunch at the 2011 IT Security Entrepreneurs’ Forum (ITSEF), held in Palo Alto recently.
Monday, April 25, 2011
AT&T starts selling ‘cell tower in a suitcase’
For the first time, AT&T is selling small, portable cellular antennas that will allow corporate and government customers to provide their own wireless coverage in remote or disaster-struck areas.
Wednesday, April 20, 2011
Data Security moves up the agenda & is now seen as important as cost savings within the public sect
The research, which was conducted using qualitative interview techniques with a range of public sector organisations across the UK shows that data security is now far higher on the agenda than in either of Becrypt’s previous two surveys. The research showed that there has been a significant change in attitudes to data security in the public sector, with 92% of those questioned now having specific policies for dealing with sensitive data.
Kaspersky -IT Security Policies Still Don’t Work According to New Research
Despite more than three quarters (77 per cent) of IT managers saying their company has a security policy in place for the use of tablets and smartphones, IT professionals are still downloading unauthorised applications onto their devices, according to online research released today by Kaspersky Lab, Europe’s largest anti-malware company.
Wednesday, April 13, 2011
Kerry-McCain privacy bill: What you need to know
A privacy bill of rights is something that tech pundits have talked about for years, but now Senators John Kerry and John McCain hope to make it a reality with a bipartisan bill in the Senate called the “The Commercial Privacy Bill of Rights Act of 2011.” The Kerry-McCain bill would force companies to let users opt out of data collection when used for behavioral ads or transfer to third parties. ... For sensitive information—religion, health records or other stuff that can cause physical or financial harm if made public—companies would need users’ consent through an opt-in.
Friday, April 01, 2011
Bank of America moves to further ramp up security with new CISO
Bank of America has named Patrick Gorman, a veteran government and corporate technology executive, as its new chief information security officer.
Friday, February 25, 2011
HIPAA privacy actions seen as warning
Department of Health and Human Services for HIPAA privacy violations should serve as a warning to all healthcare entities, say privacy analysts.
The agency announced on Thursday that it had imposed a civil monetary penalty of $4.3 million on health insurer Cignet Health for violating the Health Insurance Portability and Accountability Act’s privacy provisions. This week’s other enforcement action involved Massachusetts General Hospital, which agreed to pay HHS a total of $1 million to settle potential HIPAA privacy violations.