Cyber Security Institute

Thursday, January 31, 2013

Five eyes push to declassify security vulnerability data - Networks - SC Magazine Australia - Secure

The initiative between Australia, Canada, New Zealand, Britain and the US—known as the Five Eyes—seeks to open up a wealth of security intelligence held by government agencies to help organisations better secure themselves.  Former long-serving White House cyber security advisor to George W Bush and President Barack Obama, Howard Schmidt, had worked on the project with Australian counterparts including national security advisor Dr Margot McCarthy and National Security chief information officer Rachael Noble. “Governments find this information say through their signals intelligence and they say they have to classify it, and that is not necessarily the case,” Schmidt told SC.

MORE...

RSA combines SIEM with incident visibility to create Security Analytics

The new capabilities include leveraging the power of Big Data to provide visibility and context required to help identify and defend against advanced security challenges and sophisticated threats, according to the company.  Richard Nichols, regional sales director for UK and Ireland at RSA, told SC Magazine that Security Analytics is engineered to enable the discovery of risks as they occur and is a technology that allows users to do security monitoring, incident investigation and management. RSA said that the concept combines security incident and event management data with analytics to give users one tool for visibility.  Nichols said: “We have taken the best of NetWitness and combined it with the RSA enVision platform, so it is about log collection and compliance.”

MORE...

Second Twitter hoax in two days smacks another stock - The West Australian

Sarepta Therapeutics Inc became the second company in as many days to see its shares plunge as a result of a Twitter hoax on Wednesday after a user posed as an influential short-seller and alleged improprieties at the biopharmaceutical company.  The drop mirrored a similar incident on Tuesday, when Audience Inc fell more than 25 percent following tweets that at a glance looked to be from Muddy Waters, another short-selling firm.

MORE...

Indian cyber laws lack teeth to bite data hackers

Even as India is planning to connect all major universities through the National Knowledge Network (NKN) and put most of the research papers and academic notes in the pipe, cyber security experts feel that Indian laws are not stringent enough to deal with data hacking incidents.

MORE...

DDoS attack sizes plateau, complex multi-vector attacks on the rise

Arbor Networks released its 8th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Based on survey data provided by network operators from around the world, this annual report is designed to help network operators make more informed decisions about their security strategies as they relate to the integrity of mission-critical Internet and other IP-based infrastructure. The increase in botted hosts is not surprising given the number and complexity of malware variants that exist, their rate of evolution and the consequent inability of Intrusion Detection Systems (IDS) and Anti-Virus (AV) systems to fully protect them.

MORE...

F5 Networks introduces application delivery firewall

When deployed with F5’s new VIPRION 4800 hardware, the F5 application delivery firewall solution provides performance levels well beyond what other vendors can offer. By consolidating the network and security functions of several BIG-IP modules into an integrated solution, F5 helps organizations reduce management complexity and overhead, while maintaining superior performance and scalability.  At the core of F5’s application delivery firewall solution, the BIG-IP Advanced Firewall Manager product is an innovative network firewall built on full-proxy architecture to provide outstanding security. ...  This application-centric security model leverages F5’s industry-leading application delivery capabilities and intelligence to enhance customers’ overall security posture, while alleviating the complexity associated with mapping application infrastructure to static constructs such as traditional firewall zones.

MORE...

Cisco shows the global picture of information security

Cisco released findings from two global studies that provide a vivid picture of the rising security challenges that businesses, IT departments and individuals face, particularly as employees become more mobile in blending work and personal lifestyles throughout their waking hours.  Despite popular assumptions that security risks increase as a person’s online activity becomes shadier, the highest concentration of online security threats do not target pornography, pharmaceutical or gambling sites as much as they do legitimate destinations visited by mass audiences, such as major search engines, retail sites and social media outlets. Security risks rise in businesses because many employees adopt “my way” work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between.  The business security implications of this “consumerization” trend are magnified by a second set of findings from the Cisco Connected World Technology Report (CCWTR), which provides insight into the attitudes of the world’s next generation of workers, Generation Y.

MORE...

Cisco has 14k BYOD iPads, says Android malware is not a big threat - BYOD, android malware, cisco, i

Cisco has 60,000 Internet-connected devices in its BYOD program at the end of 2012 and just under 14,000 were iPads, the company says in its 2013 Annual Security Report.  Apple’s iPads and iPhones have flooded in under Cisco’s BYOD program which the company’s executives have partially credited for killing Cius, the doomed enterprise Android tablet that Cisco pronounced dead late last May. While it reports Android malware growth at 2,577 percent, it notes that mobile malware encounters are “only 0.5 percent of all web malware encounters” in 2012.

MORE...

Wednesday, January 30, 2013

Governance Must Drive All Security Initiatives… Even Cloud

You need to know who IS accessing resources, and if they don’t have the proper credentials, you need to be notified immediately to take further preventive action.  You need to know your rights, liabilities (SLA) for any application or service acquired and that they conform to your risk management practices.  Effective governance is the ability to have a centralized map of all these information roads and create certain controlled access points, road blocks (encryption), privileged private lanes/public highways…in short, governance is about accountability.

MORE...

Tuesday, January 29, 2013

Cisco to buy Czech vendor Cognitive Security for real-time analytics | ITworld

Cisco plans to acquire Cognitive Security, a security software company that uses real-time behavioral analysis to detect security threats. Together, the technologies will work with a common policy engine built into networks, with distributed enforcement, according to a Cisco blog post.

MORE...

Solera Networks Becomes Industry’s First Security Intelligence and Analytics Solution with Common Cr

Solera Networks, the industry’s leading Big Data Security Intelligence and Analytics provider, today announced that Solera DeepSee Software and Solera DeepSee Central Manager have been awarded Common Criteria Evaluation Assurance Level 3+ certification.  Common Criteria certification is recognized in over 25 countries as a critical validation of security technology, and will make the Solera DeepSee Platform more accessible to federal agencies and commercial enterprises. It also assures commercial businesses that a product has been certified as meeting a standard measure of security, whether it is used internally or in solutions for customers. ...  Solera DeepSee Software and Solera DeepSee Central Manager were evaluated under the terms and conditions of the Common Criteria Scheme and were certified to comply with the requirements for EAL 3+ Common Criteria Assurance Level.

MORE...

Cross-site scripting attacks up 160%

Each quarter, FireHost reports on the Superfecta – a group of four cyberattacks that are the most dangerous – and warns that both Cross-Site Scripting and SQL Injection attacks have become even more prevalent since the third quarter of 2012.  The four attack types which make up the Superfecta, and which pose the most serious threat to the private information hosted in your database are Cross-site Scripting (XSS), Directory Traversal, SQL Injection, and Cross-site Request Forgery (CSRF).  However, the large increase in Cross-Site Scripting attacks, which rose from just over one million in Q3 2012 to 2.6 million in Q4 – an increase of more than 160 percent, seemingly dwarfs the other three attack types with 57% of the Superfecta.

MORE...

Report: DDoS attacks harder to detect and defeat

Burlington, Mass.-based network security and management solutions provider Arbor Networks today released its 2012 Worldwide Infrastructure Security Report which offers an unsettling analysis of the evolving distributed denial of service (DDoS) threat for both service providers and enterprises. “It’s the easiest way to break down a company or attack a network and in many ways we’re seeing it as part of a broader set of attacks that are more sophisticated and conducted by nation states.” Today, according to the report, the threat is even greater, morphing into something called hybrid or multi-vector attacks in which hackers use a variety of channels, devices, and tactics to launch their assaults, leaving data centers especially vulnerable.

MORE...

Monday, January 28, 2013

Enterprises using new tech to deceive hackers

Within active defense strategies, honeypots are the most widely used tactic, but enterprises are now moving toward other technologies such as using fake data to deceive cybercriminals.  Honeypots are still the widely used tactic to mislead and “bait” hackers, but organizations are moving toward newer technologies to trace and deceive cybercriminals.  The Intrusion Deception software is designed to identify and thwart attackers before they attack by inserting fake codes and files throughout a Web site, so attackers are detected earlier with greater accuracy, Koretz explained.

MORE...

Browser-hijacking malware talks to attackers using SPF email validation protocol | Security - InfoWo

A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the SPF (Sender Policy Framework ) in order to receive instructions from attackers without being detected, according to security researchers from Symantec.

MORE...

Sunday, January 27, 2013

Cutwail botnet on spam rampage, delivers Cridex worm

Since its inception some six years ago, the Cutwail / Pandex botnet experienced its fair share of setbacks, but it’s still going strong.  The main reason for its existence is to send out millions of spam messages per day, and it occasionally also harvests information such as email addresses in order to include them in new spam campaigns.  As the Virut botnet a week ago, this most resilient of botnets has recently been rented by cyber crooks wishing to infect computers with malware - in this case, the backdoor Cridex worm.

MORE...

The United States is a hive for botnets

McAfee Labs research has revealed that the United States of America is the world’s number one country for hosting active botnet command servers, beating out other contenders on the list by a huge margin.

MORE...

Saturday, January 26, 2013

UK signs up to World Economic Forum cyber crime initiative

Foreign secretary William Hague signed up to the Cyber Resilience principles put forward by the WEF, with the UK joining over 70 companies and government bodies across 25 countries in committing to securing digital networks from cyber attacks. Hague said in a statement that public and private sector organisations must work together to ensure that business can be conducted in a safe digital environment. “We hope that signing the WEF Principles on Cyber Resilience will encourage business leaders all over the world to lead the way in creating shared principles for a resilient and thriving internet,” Hague said.

MORE...

Pandora’s Box - New US Cyber Security Bills Create a Worm Hole in the Internet Galaxy

There are two Bills that are floating through the corridors of power on the Hill that could potentially change the course of civil and political rights within the United States and the world. The two Bills touch on a common thread that are premised on “national security” however there are interesting challenges that will surface should the Bills be passed that affect global public interest that require further examination, introspection and discussion.

MORE...

Friday, January 25, 2013

Cyber attack is imminent, says DHS Secretary Napolitano

Homeland Security Secretary Janet Napolitano spoke at the Wilson Center [on 14 Jan 2013] and said that a cyber attack could happen “imminently.”  Jane Harman — director, president, and CEO of the Wilson Center — asked, “What would a cyber 9/11 look like and how soon could it happen?”  The secretary of defense has, I have, the Attorney General has, the Chair of the Joint Chiefs has, saying, ‘Look, we shouldn’t wait until there is a 9/11 in the cyber world.  There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage that could be caused.’”

MORE...

Netcraft removes phishing attacks in less than half the industry average time - Software Industry To

Recently NetCraft became aware that their median times for takedowns are very much better than the industry average calculated by the Anti-Phishing Working Group (APWG) in its most recent Global Phishing Survey. ...  In contrast, banks and other companies using our countermeasures service have experienced a median phishing attack availability of 2 hours and 12 minutes calculated over NetCraft most recent 100 takedowns, with the attacks removed in just 38% of the industry average time.

MORE...

Skype calls purportedly being tapped, Skype-based malware spreads - TechSpot

The latest ding against the Microsoft-owned company comes from Reporters Without Borders’ online censorship project leader Grégoire Pouget, who told The Verge, “Many journalists or activists have reported to us that their Skype communications have been intercepted.”

MORE...

RSA launches integrated business continuity, disaster recovery and crisis management software

RSA, the Security Division of EMC Corporation, has introduced a new integrated business continuity, disaster recovery and crisis management software solution to its RSA Archer product suite.
RSA Archer Business Continuity Management and Operations is claimed to be ‘one of the industry’s most tightly integrated solutions designed to address business continuity, disaster recovery and crisis management’. Engineered to align with BS25999, NIMS and ISO 22301, it offers a standards-based approach to business continuity planning. Notably, deeper integration with other GRC processes such as enterprise risk management, incident management and third-party management, helps allow companies to align recovery efforts with organizational objectives and priorities for enhanced visibility, accountability and reporting.

MORE...

Wednesday, January 23, 2013

Three indicted for making, spreading Gozi Trojan - Computerworld

Three individuals were indicted in New York Wednesday for allegedly creating and distributing the Gozi malware that’s said to have caused tens of million of dollars in losses at several major U.S. banks.  The trio is alleged to have conspired to steal at least $50 million from online bank accounts of people whose computers were hit with the Gozi virus. The indictments alleged that the three individuals, described as software experts, used Gozi to infect at least 100,000 computers around the world, including 25,000 in the United States.  In 2009, according to the indictment, Kuzmin was approached by unnamed co-conspirators seeking to use the Gozi malware to attack customers of American banks.

MORE...

Three indicted for making, spreading Gozi Trojan - Computerworld

Three individuals were indicted in New York Wednesday for allegedly creating and distributing the Gozi malware that’s said to have caused tens of million of dollars in losses at several major U.S. banks.  The trio is alleged to have conspired to steal at least $50 million from online bank accounts of people whose computers were hit with the Gozi virus. The indictments alleged that the three individuals, described as software experts, used Gozi to infect at least 100,000 computers around the world, including 25,000 in the United States.  In 2009, according to the indictment, Kuzmin was approached by unnamed co-conspirators seeking to use the Gozi malware to attack customers of American banks.

MORE...

DNS attacks increase by 170%

Radware’s latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks.  While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks.  This has created a vulnerable blind-spot as defenders lack the capabilities and resources to mitigate attacks in the “during” phase which attackers can exploit to their advantage.

MORE...

‘Watering hole’ attackers hunt from Reporters without Borders - watering hole attack - CSO | The Res

The same Internet Explorer 8 flaw that hackers had a zero-day exploit for attacks on a US think thank website last year is now being used for attacks on visitors to human rights websites.  The website of NGO ‘Reporters without Borders’ is the latest launchpad for a so-called ‘watering hole attack’, which have hit numerous human rights website in the past weeks, Avast security researcher Jindrich Kubec wrote in a post Tuesday.

MORE...

Tuesday, January 22, 2013

Two-thirds of banks suffered a DDoS attack in 2012

More than two-thirds (64%) of banks in the US have suffered at least one Distributed Denial of Service (DDoS) attack in the past 12 months, according to independent research commissioned by Corero Network Security.  IT and IT security managers at 650 banks responded to the survey, which also revealed that almost one in two banks (49%) of respondents had suffered multiple DDoS attacks in the past 12 months.  Surprisingly, however, 50% of respondents cited insufficient personnel and expertise and a lack of effective security technology as the key barrier impacting their ability to deal with DDoS attacks.

MORE...