Cyber Security Institute

Wednesday, July 30, 2008

X-ForceĀ® 2008 Trend Statistics

The IBM Internet Security Systems X-ForceĀ® research and development team discovers, analyzes, monitors and records a wide array of computer security threats and vulnerabilities.  The implications of these trends provide a useful backdrop in preparing to enhance information security for the remainder of 2008 and beyond.  The overall number of vulnerabilities continued to rise as did the overall percentage of high risk vulnerabilities.  Web-based vulnerabilities and threats continue to increase: Over the past few years, the focus of endpoint exploitation has dramatically shifted from the operating system to the Web browser and multimedia applications.

MORE...

Tuesday, July 29, 2008

Lancope Ships StealthWatch System 5.8 with Enhanced Network Behavior Analysis

Lancope(R), Inc., the provider of the StealthWatch(TM) System, the most widely used network behavior analysis (NBA) and response solution, today announced the general availability of StealthWatch System 5.8.  he system-wide upgrade includes powerful new features that further utilize flow data, including Cisco IOS NetFlow(TM) or sFlow(R), to significantly extend the scalability and value of behavior-based anomaly detection and network performance monitoring for enterprise organizations.  Key benefits of this release are IPv6 support and visibility, application awareness, risk management and network performance management that support numerous IT initiatives, including WAN optimization, PCI compliance (http://www.lancope.com/solutions/compliance/pci.aspx), MPLS migrations (http://www.lancope.com/solutions/networkoperations/mpls.aspx), IPv6 rollouts and data leakage prevention.

MORE...

Lancope Ships StealthWatch System 5.8 with Enhanced Network Behavior Analysis

Lancope(R), Inc., the provider of the StealthWatch(TM) System, the most widely used network behavior analysis (NBA) and response solution, today announced the general availability of StealthWatch System 5.8.  he system-wide upgrade includes powerful new features that further utilize flow data, including Cisco IOS NetFlow(TM) or sFlow(R), to significantly extend the scalability and value of behavior-based anomaly detection and network performance monitoring for enterprise organizations.  Key benefits of this release are IPv6 support and visibility, application awareness, risk management and network performance management that support numerous IT initiatives, including WAN optimization, PCI compliance (http://www.lancope.com/solutions/compliance/pci.aspx), MPLS migrations (http://www.lancope.com/solutions/networkoperations/mpls.aspx), IPv6 rollouts and data leakage prevention.

MORE...

Monday, July 28, 2008

The changing role of information security in the enterpirse

Information security professionals believe they are moving towards a more pro-active, risk-based approach to securing their organisations and away from just IT and technology-related activities. This is one of the key findings in a study by the Information Security Forum (ISF) looking at the Role of Information Security in the Enterprise (RISE).

MORE...

Thursday, July 24, 2008

Top internal network threats in 2008 so far

Promisec discovered that 12% of infected computers had a missing or disabled anti-virus program, 10.7% had unauthorized personal storage like USB sticks or external hard drives, 9.1% had unauthorized peer-to-peer (P2P) applications installed, 8.5% had a missing 3rd party desktop agent, 2.6% had unprotected shared folders, 2.2% had unauthorized remote control software, and 2% had missing Microsoft service packs.

MORE...

Wednesday, July 23, 2008

Website infection rate three times faster than 2007

The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals.  Over 90 per cent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection.  Sophos has identified that the number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own websites easily at no charge.

MORE...

Tuesday, July 22, 2008

Security Service Tests Staff Vigilance Against Phishing Attacks

PhishMe, a new security SAAS offering from the Intrepidus Group, enables companies to launch mock phishing attacks against their own employees in the name of improving e-mail security.  “We developed a Web-based portal which is PhishMe.com, which allows our clients to drive the creation and execution of mock phishing exercises,” said Intrepidus CEO Rohyt Belani.  “We provided them all the tools ...  so in under 30 minutes they can actually set up a mock phishing attack [that] closely mimics a real phishing attack that a spear phisher would execute against the employees.”  Studies have shown spear phishing, which involves targeted attacks against a domain or organization, has picked up in the past several months.

MORE...

Thursday, July 17, 2008

Reinvigorate your Threat Modeling Process

We think about threats against our assets: our families, our jewelry, and our sentimental and irreplaceable photographs (well, those of us old enough to have photos that never existed in digital form do).  We model threats based on architecture: there’s a wall here, a picture window there, and an easily climbed tree that we can use when we forget our keys.  And we model threats based on attackers.  We worry about burglars and kids falling into pools.  We also worry about the weather, be it earthquakes, snow, or tornadoes.  If I wanted to sound like a management consultant, I’d say you employ a mature, multi-dimensional assessment process, with a heavy reliance on heuristics and low reproducibility across instances.

MORE...

Increasing threat of confidential information loss

A national security and privacy survey sponsored by CA showed that security threats from within an organization now are a bigger problem than attacks from external sources.  At the same time, the number of U.S. organizations reporting loss of confidential data and reduced customer satisfaction has increased by 55 percent and 65 percent, respectively, in the past two years.  According to the CA 2008 Security and Privacy Survey, in 2008 more than 34 percent of organizations reported a loss of confidential information as a result of security attacks and breaches, up from 22 percent in 2006.  Reduced customer satisfaction as a result of security attacks and breaches has also significantly increased from 20 percent in 2006 to 33 percent in 2008.

MORE...

Tuesday, July 15, 2008

Know Your Cybercrime Enemy - the Latest Cybercrime Organizational Structures and Modus Operandi

In its Q2 2008 Web Security Trends Report, Finjan outlines the latest developments in the cybercrime commercialization economy Farnborough, United Kingdom, July 15, 2008 - Finjan Inc., a provider of secure web gateway products, today announced the latest findings by its Malicious Code Research Center (MCRC).  In its latest trends report for Q2 2008, the center identifies and analyzes the latest Crimeware business operations, and provides a first-of-its-kind insider’s look at the organizational structure of Cybercrime organizations.

MORE...