Cyber Security Institute

Monday, January 22, 2007

Hackers to target mobile banking, study says

This year could see a sharp rise in hacker attacks on Internet-enabled smartphones as a number of new banking and payment initiatives enter the mobile channel, a research group warned Monday.  The Tower Group, a research and advisory company focused on the financial services industry, believes that many mobile commerce offerings now emerging from the financial services sector “lack a reasonable and justifiable focus” on mobile security.



Malware more compatible with Vista than anti-malware products

Malware writers appear to be much further along in developing malware for Vista than the security industry is in making products to protect the new operating system.  Speaking exclusively to IT PRO, Tim Eades, senior vice-president of sales at security company Sana Security said that 38 per cent of malware is already Vista-compatible.  “Malware writers have gone through the WHQL (Windows Hardware Quality Labs) list to make sure that their code works on new machines,” he said.  He said that very few security vendors outside of anti-virus have products ready for the operating system.


Wednesday, January 17, 2007

Less Data, More Security

Barely a week goes by these days without news of laptops stolen or lost, and loaded with data that can expose employees, consumers or patients to identity theft.  For companies involved, data breaches harm more than a corporate image.  According to research from the Ponemon Institute, a research firm focusing on privacy and data protection practices, data breaches cost companies $182 per record lost.  An FBI survey pegged losses due to data breaches at $67.2 billion in 2006.  And it’s not just companies handling personal data, such as Social Security numbers or medical information, bearing the costs.  That’s why security experts already see a shift in security policies underway, with more to come this year.


Malware creates new challenges for anti virus vendors

We are seeing a sizeable decrease in the media grabbing pandemic outbreaks of malicious software. Yet with less headlines on high risk infectors we are still seeing an increasing overall number of malware infections, it is this new breed of malware that is costing industry millions every year – yet no-one seems to know about them One might be fooled into thinking that the lack of media attention on virus outbreaks - like Melissa, LoveLetter, Sobig.F etc- means the casual Internet user is less exposed to infections from malicious software.  Long standing customers of antivirus vendor Norman, will have seen that in the past 18 months we have released more signatures than in the previous 15 years.  The recent family of worms called W32/Stration by Norman was also given names like Email-Worm.Win32.Warezov; W32/Spamta.worm by other antivirus vendors.  The large scale outbreaks we have seen previously have shown that malware can indeed be a very powerful tool in the right hands.


Tuesday, January 16, 2007

McAfee, Inc. Reports On Online Identity Theft Trends

McAfee, Inc., announced the availability of a paper from McAfee® Avert® Labs highlighting global identity theft trends, including a dramatic increase in online and computer-based identity theft.  According to the report, the number of keyloggers—malicious software code that tracks typing activity to capture passwords and other private information—has increased by 250 percent between January 2004 and May 2006.


2006: E-security in Vietnam shaken by crimes

In 2006, a series of online attacks were directed toward e-commerce businesses, shattering the young online market in Vietnam.  “A dark corner in e-security in Vietnam” was a comment agreed upon by many who attended the conference on violations and crimes in e-commerce organised by the Department of E-Commerce (Ministry of Trade) on November 9, 2006.  According to VNCERT (the Vietnam Computer Emergency Respond Team at the Ministry of Post and Telecommunications), a series of 2006 online attacks seriously threatened e-commerce in Vietnam.  The most notorious incident happened in March 2006 when the e-commerce website of Vietco JSC suffered a severe DDoS attack.  All online services were delayed for a whole month.  Things were so bad that Vietcos director, Mr. Phung Minh Bao, had to publicise the incident on VietNamNet and ask legal authorities to help or the company would go bankrupt.  Though the culprits of the two DDoS attacks were quickly discovered and caught, in September 2006, PeaceSofts e-commerce website became the victim of another DDos attack.


Thursday, January 11, 2007

Firms Fret as Office E-Mail Jumps Security Walls

A growing number of Internet-literate workers are forwarding their office e-mail to free Web-accessible personal accounts offered by Google, Yahoo and other companies.  Its a hole you can drive an 18-wheeler through, said Paul D. Myer, president of the security firm 8E6 Technologies in Orange, Calif.  It is a battle of best intentions: productivity and convenience pitted against security and more than a little anxiety.  Corporate techies who, after all, are paid to worry want strict control over internal company communications and fear that forwarding e-mail might expose proprietary secrets to prying eyes.  Employees just want to get to their mail quickly, wherever they are, without leaping through too many security hoops.  That is too much for some employees, especially when their computers can store the passwords for their Web-based mail, allowing them to get right down to business.  For example, the flimsier security defenses of Web mail systems could allow viruses or spyware to get through, and employees could unwittingly download them at the office and infect the corporate network.


Tuesday, January 02, 2007

Enterprise Search And Destroy

New government regulations often spawn whole new markets.  A far-reaching reform of the Federal Rules of Civil Procedure (FRCP) is proving to be no exception.  The reform means that electronic documents in all forms, including e-mail, instant messages and even transcripts of video conference and VoIP calls, are fair game for litigants during the discovery phase of a lawsuit.


Monday, January 01, 2007

Banks Starting to Embrace Concept of Financial Supply Chain Management

It was the talk of the town at the October 2006 Sibos conference in Sydney.  Yet beyond payments circles, few in the financial services industry may actually know what financial supply chain management is.  But all that is about to change, according to insiders, as the concept rapidly becomes the norm among banks that wish to maintain a foothold in an increasingly globalized world where their clients’ business dealings expand across borders and time zones.  Financial supply chain management is an outgrowth of the long-established concept of the physical supply chain in the trade business.  Rather than dealing solely with the actual physical/logistical aspects of trade, however, financial supply chain management, as the name implies, covers the payments side of trade, from the moment a purchase order is cut, to the time of settlement and everything in between.