Cyber Security Institute

Monday, April 28, 2008

Experts warn over SQL injection attacks

Attackers are increasingly exploiting common database vulnerabilities to leave behind code on thousands of sites, redirecting visitors to servers that host malicious downloads, security experts warned last week.  The attacks, which apparently started at the beginning of April, attempt to use any field on a Web site that accepts user input to execute commands on the database that stores the site’s information.  In the latest spate of compromises, unknown attackers used SQL injection techniques to create malicious iframe blocks on legitimate Web sites.


Thursday, April 24, 2008

US court says IP addresses are private

A US court has ruled that users have a “reasonable expectation of privacy” in their internet surfing records and that police must obtain warrants from higher than usual courts in order to force ISPs to hand over records.


Wednesday, April 23, 2008

Market’s Message to Security Pros: Adapt or Die

It’s a fact: Business is becoming more aware than ever about IT security.  And as the scrutiny on their jobs becomes more intense, security people are finding that their priorities—and their worries—are changing.  In the past few days alone, several major organizations have published studies that bear witness to IT security pros’ shifting roles, evolving priorities, and reconsidered spending plans.  The general message: Security must reflect the shifting shape of the business, or face the consequences.


Two additional supplements for PCU

The PCI Security Standards Council announced the availability of two Information Supplements providing further clarification for PCI DSS requirement 11.3, regarding penetration testing, and Requirement 6.6, regarding application code review and application firewalls.  Both of these information supplements provide guidance to help merchants and service providers meet these two requirements in support of their PCI DSS compliance efforts.


New IBM security services for mid-sized businesses

IBM developed these services in response to recent IBM X-Force research that showed an alarming rise in organized crime attacks on smaller organizations.  According to IBM’s team of X-Force global security experts, because mid-sized companies typically lack the vast information technology (IT) resources needed to prepare for such attacks, they can often be prime targets for network attacks, data breaches and other malicious threats.


Tuesday, April 22, 2008

NetWitness Integrates With Enterprise Consoles

SIEMLink provides the data that incident response and cyber threat analysis teams need to fuse security event telemetry with the detailed session analysis provided by NetWitness NextGen.  NetWitness NextGen customers can now greatly augment and empower any existing SIEM, intrusion detection or logging console, or enterprise network management system with zero integration effort.


Cybercrime takes back seat to brand as CSO priority

Despite the escalating levels and sophistication of cyber crime, survey finds that harm to brand is the most unwelcome prospect for security bosses Reputational damage is top of mind for information security leaders again.  According to a global survey of more than 7,500 security professionals, 71 per cent said that avoiding harm to brand was their top priority, ahead of other hot topics, such as maintaining customer data privacy, controlling identity theft, and protection against breaches of laws and regulations.


Microsoft: Vulnerabilities down, threats up

The total number of vulnerabilities disclosed in 2007 fell nearly 5 percent, while the amount of malicious code detected jumped more than 40 percent, according to Microsoft’s latest Security Intelligence Report released on Tuesday.  The report, released twice a year by Microsoft, found that vulnerability disclosures sank approximately 15 percent in the second half of 2007, and 5 percent for the year as a whole.


Monday, April 21, 2008

New Tool Lets Enterprises Manage Security on Multiple Linux Servers

Trusted Computer Solutions readies software that can ‘lock down’ servers running Red Hat, CentOS, or Oracle Enterprise Linux


Friday, April 18, 2008

Enterprises Slow Fight Against Malicious Code

Rightly or wrongly, enterprises believe they are more secure than they were a year ago, and their efforts to stop malware are slacking off.  That’s one of the findings from a new study scheduled to be published next week by BT, which conducted the research as a follow-up to its 2005 study on malicious code.  The study found that the number of companies which consider malware to be a high priority has dropped since 2005, from 62 percent to 54 percent. A third of companies say “only a modest effort” is being spent to combat it, and 14 percent say they are doing little or nothing about the malicious code problem.


Wednesday, April 16, 2008

PCI Security Standards Council issues Payment Application Data Security Standard

The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced at the Electronic Transactions Association Annual Meeting and Expo the release of version 1.1 of the Payment Application Data Security Standard (PA-DSS).  Following release of the PA-DSS, this fall the Council will also roll out a program to include maintenance of a list of validated payment applications.


Tuesday, April 15, 2008

Online crime’s impact spreads

The latest estimate: $200 billion a year, rivaling the illicit markets for drug trafficking and money laundering, according to several security experts and law-enforcement officials.  The hazards of surfing and shopping online have shaken consumer confidence in e-commerce.


Check Point delivers new Power-1 appliances

Check Point today announced the launch of Check Point Power-1, a new line of Internet security appliances offering high-performance sites a simple, robust, and easy to manage security solution.  Power-1 appliances combine firewall, IPSec, VPN and intrusion prevention with advanced acceleration technologies, delivering a high-performance security platform for multi-Gbps environments. Power-1 appliances provides performance up to 14 Gbps firewall throughput, delivering the most cost-efficient firewall for high performance environments—a price/performance ratio under $4 per Mbps.


New version of Zertificon secure virtual mailroom

Z1 SecureMail family of products safeguards a company’s e-mail transmissions across the board with its encryption and signature - and, in the process, remains completely invisible to the sender.  The new version comes up with an extended functional scope, along with qualitative improvements plus features such as signature confirmation by the user, validation and archiving link for attached documents with a qualified signature - and full-scale compatibility with Solaris 9.


Friday, April 11, 2008

Oracle moves into hosted security space

In a surprise move database vendor Oracle has announced it is to offer a hosted web security service.



Thursday, April 03, 2008

Top Malware Report For March

March 2008 proved to be somewhat atypical in terms of malicious code in mail traffic. Firstly, there were no new malicious programs in the Top Twenty.