Cyber Security Institute
News
Monday, February 13, 2012
Number of Malicious Sites Increase by 240% in 2011
Blue Coat Systems issued its Blue Coat 2012 Web Security Report that identifies and analyzes trends in malicious attacks over the past year and makes recommendations on strategies to keep companies safe. In 2011, the most significant evolution in the threat landscape was the use of malware networks, or malnets, to launch highly dynamic Web-based attacks. These complex infrastructures, which outlast any one attack, drove a 240% increase in the number of malicious sites during the year and are expected to launch as many as two-thirds of all new attacks in 2012.
Thursday, February 09, 2012
Service providers lack confidence in LEAs
Arbor Networks’ 7th annual Worldwide Infrastructure Security Report presents a view of 2011 security through the eyes of the providers: ISPs, hosting companies, and service providers. “Ideology was the most common factor for DDoS in 2011,” it notes, “followed by a desire to vandalize.” Since we have seen hacktivists willing to issue a general ‘call to arms’ and even provide the tools to take part in attacks, it represents, concludes Arbor, ‘a sea-change in the risk-assessment model’ for both network operators and their customers.
Friday, February 03, 2012
Is Your Lawyer the Weakest Link? Hackers Are Now Targeting
A profoundly troubling article by Bloomberg details expanding efforts by hackers to attack system networks of law firms to cull confidential data on sensitive deals and transactions.
One attack in particular involved China-based hackers looking to derail a $40 billion acquisition of the world’s largest potash producer by an Australian mining conglomerate.
Thursday, October 20, 2011
New SEC security breach rules no big game changer, experts say
Late last week the Securities and Exchange Commission issued new guidance informing public companies that, under certain circumstances, they may need to disclose cyber breach information, or even potential security breaches, if there is a certain level of risk of financial impact to corporate earnings.
Thursday, June 30, 2011
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
One of the world’s stealthiest pieces of malware infected more than 4.5 million PCs in just three months, making it possible for its authors to force keyloggers, adware, and other malicious programs on the compromised machines at any time. The latest TDL-4 version of the rootkit, which is used as a persistent backdoor to install other types of malware, infected 4.52 million machines in the first three months of this year, according to a detailed technical analysis published Wednesday by antivirus firm Kaspersky Lab.
Tuesday, June 28, 2011
Cyber attacks are escalating
Today, that highway is starting to resemble the route Mad Max traveled in The Road Warrior. Hardly a week goes by without seeing news reports about another corporation being sabotaged by hackers. This month on The Digital Future, Strategic News Service publisher Mark Anderson looks at the huge increase in Advanced Persistent Threats: efforts by nation-states to steal information and technology.
Microsoft patents spy tech for Skype
A newly patented Microsoft technology called Legal Intercept that would allow the company to secretly intercept, monitor and record Skype calls is stoking privacy concerns. Microsoft’s patent application for Legal Intercept was filed in 2009, well before the company’s $8.5 billion purchase of Skype in May. From Microsoft’s description of the technology in its patent application, Legal Intercept appears similar to tools used by telecommunication companies and equipment makers to comply with government wiretap and surveillance requests.
Friday, May 06, 2011
Sophos acquires Astaro
Sophos buys Astaro.. wow, interesting move.
Thursday, April 28, 2011
Dropbox 1.2 Experimental Build Fixes Security Issue
Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data. Dropbox 1.2 introduces a new encrpyted database format to “prevent unauthorized access to local Dropbox client database” in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.
Dropbox 1.2 Experimental Build Fixes Security Issue
Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data. Dropbox 1.2 introduces a new encrpyted database format to “prevent unauthorized access to local Dropbox client database” in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.
http://www.ghacks.net/2011/04/28/dropbox-1-2-experimental-build-fixes-security-issue/
VCs and IT Security Firms: Not Much Love in the Air
Although security breaches make the headlines regularly and Washington has plans to upgrade the security of the United States’ national infrastructure, up-and-coming IT security companies are having difficulty securing investment funds. “It seems there’s been a general shift among venture capitalists away from security,” Jim Pflaging, director and managing principal at SINET, stated at a private lunch at the 2011 IT Security Entrepreneurs’ Forum (ITSEF), held in Palo Alto recently.
Monday, April 25, 2011
AT&T starts selling ‘cell tower in a suitcase’
For the first time, AT&T is selling small, portable cellular antennas that will allow corporate and government customers to provide their own wireless coverage in remote or disaster-struck areas.
Wednesday, April 20, 2011
Kaspersky -IT Security Policies Still Don’t Work According to New Research
Despite more than three quarters (77 per cent) of IT managers saying their company has a security policy in place for the use of tablets and smartphones, IT professionals are still downloading unauthorised applications onto their devices, according to online research released today by Kaspersky Lab, Europe’s largest anti-malware company.
Friday, April 01, 2011
Bank of America moves to further ramp up security with new CISO
Bank of America has named Patrick Gorman, a veteran government and corporate technology executive, as its new chief information security officer.
Friday, February 25, 2011
HIPAA privacy actions seen as warning
Department of Health and Human Services for HIPAA privacy violations should serve as a warning to all healthcare entities, say privacy analysts.
The agency announced on Thursday that it had imposed a civil monetary penalty of $4.3 million on health insurer Cignet Health for violating the Health Insurance Portability and Accountability Act’s privacy provisions. This week’s other enforcement action involved Massachusetts General Hospital, which agreed to pay HHS a total of $1 million to settle potential HIPAA privacy violations.
Wednesday, January 05, 2011
Help desk calls on the rise
At a time when IT is supposed to be getting simpler, less complex and easier to manage, more people are calling help desks for assistance than ever before, according to a new study. What HDI found is that the number of incidents reported to help desks via chat, e-mail, telephone, self-help systems, social media, the Web and walk-ins is rising, with 67% of all help desk operations experiencing increases in 2010.
Friday, December 03, 2010
Lost Laptops Cost Companies Billions, Study Says
A new survey shows U.S. businesses and other organizations are losing billions of dollars due to lost and stolen laptop computers. But two-thirds of the organizations surveyed do not take advantage of even basic security practices, such as encryption, backup, and anti-theft technologies, the study says. “The Billion Dollar Lost-Laptop Study,” conducted by Intel and the Ponemon Institute, analyzed the scope and circumstances of missing laptop PCs.
Monday, November 08, 2010
How to have a Disastrous Crisis
It can get better
These are the some things you should do when a crisis occurs if you really want things to go wrong. (I.e. You don’t want to do these thing)
Sunday, July 25, 2010
FTC Slaps Twitter Down Hard For Lax Security, Privacy Violations
Social networking service Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, the FTC said yesterday. The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including access to nonpublic user information, tweets that consumers had designated private, and the ability to send out phony tweets from any account—including those belonging to then-President-elect Barack Obama and Fox News.
Thursday, May 27, 2010
Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements
The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices. Targeted to vendors of POS devices, this newly released framework marks a critical step toward SPVA’s mission of widespread understanding of payment security issues and the adoption of best practices. “The SPVA’s end-to-end security requirements guidelines set a baseline for the industry and represent the first step to further strengthen payment security standards globally,” said T.K. Cheung, SPVA chairman and Hypercom vice president global quality & security.
Tuesday, May 25, 2010
McAfee, Symantec add mobile security to lineup
Two well-known anti-virus software companies are expanding their reach into the security marketplace. McAfee said Tuesday that it’s buying mobile security company Trust Digital. The announcement comes about a week after competitor Symantec’s decision to pay $1.28 billion to buy a division of VeriSign that sells security technology to websites.
Monday, May 24, 2010
Guardian Analytics raises $9 million as cybercrime rates soar
As cases of cybercrime against US business bankers reach epidemic proportions, California-based banking security firm Guardian Analytics has raised $9 million in funding, led by Sutter Hill Ventures with participation by existing investor Foundation Capital.
Saturday, May 22, 2010
Google Rolls Out Encrypted Search
Google kept this one until after the Google I/O 2010 conference, but it’s certainly a big announcement. Google has now enabled SSL (Secure Sockets Layer) encryption of its search engine ensuring that any web search user’s conduct stays private. The service includes a modified logo to help indicate that you’re searching using SSL and that you may encounter a somewhat different Google search experience,” he explained. Google has started adopting https:// secure connections for some of its services, most notably for Gmail, for which SSL connections are enabled by default for all traffic.
Friday, May 21, 2010
Cloud: Does ROI Matter?
Nobody asked about return on investment during the American Revolution. Specific cloud implementations may fail or succeed. In my research on cloud ROI for our upcoming InformationWeek Analytics report, I haven’t yet found an end user that has put together a stringent return-on-investment analysis using discounted cash flow techniques. I also spoke to a bunch of cloud providers during my research. Moorman said that the enterprise users that he speaks to are chiefly focused on how organizations look at adding cloud computing to the mix of what they’re doing today in a safe way, rather than “having a big TCO debate.” He rightly points out that IT budgets and ROI studies can be maneuvered in much the same way that statistics can be—you can tell just about any story you want to if you frame it right. Crenshaw told me, “We don’t really recommend that customers do a pie-in-the-sky model that shows that IT costs are going to drop 50-60%” because, he says, “maybe it’s credible, maybe it’s not.”
Google halts deletion of Street View Wi-Fi data
Google has stopped deleting the personal data its Street View cars collected from open Wi-Fi networks, following what the company called “some uncertainty” over the deletion process. For three years, Street View cars collected Wi-Fi payload data across 30 different countries. Some countries have asked Google to delete the data - and in some cases, it has complied - while others have requested that the data be kept for the time being. “On the instructions of the Irish data protection commissioner, Google destroyed all Wi-Fi data relating to collection in Ireland,” read an open letter from Privacy International to the European privacy commissioners earlier this week. The action could be seen as collusion to destroy evidence.”
Wednesday, May 19, 2010
ARC says Cyber Security Market Driven by Risk
The Industrial Control System (ICS) market is driven by not only business risk but also by safety and environmental concerns. In addition, national risks are becoming more of a concern and entering the risk equation in the form of regulations, compliance, and the possibility of financial penalties. “ICS cyber security is extremely dynamic, requiring constant attention and quickly bringing today’s practices in question.
Tuesday, May 18, 2010
Bye-Bye Landlines, Voice Communication?
Two separate reports paint quite a picture of how the way Americans communicate has changed—with dramatic implications for how business communications will be done in the future, as well. One quarter of U.S. homes have given up their landlines and use only a cell phone, according to a new survey conducted by the National Center for Health Statistics, a part of the Centers for Disease Control and Prevention. At the same time, The New York Times reports that while almost 90 percent of households in the United States now have a cell phone, the growth in voice minutes used has stalled in favor of data communications.
AusCert 2010: Australia protected by anti-DDoS vigilantes
An informal, low-lying group of sharp minds might be the world’s best defence against Distributed Denial of Service (DDoS) attacks, but legal uncertainty is hindering their capabilities. And it is through this IT grapevine that these groups of researchers and engineers will be notified when a significant DDoS attack strikes. But according to SecureWorks malware researcher and group member, Joe Stewart, these DDoS defenders may face persecution for launching what he says are essential retailiatory attacks due to legal grey areas.
Risk of cyber-attacks growing: CSIS memo
A top secret memo written by Canada’s spy agency warns that cyber-attacks on government, university and industry computers have been growing “substantially.” The heavily censored briefing note, obtained by CBC News using Canada’s access to information law, outlines the increasing vulnerability of Canada’s energy, financial and telecommunications systems face from cyber-attackers. “Compromises of computer and combinations networks of the Government of Canada, Canadian universities, private companies and individual customer networks have increased substantially,” says the June 2009 memo written by the Canadian Security Intelligence Service.
CA unveils new cloud products and community
CA Technologies, which has changed its name from CA Inc., has launched a series of cloud computing products and services at CA World this week in Las Vegas. Cloud Commons —a collaborative community and website for IT professionals, which will help them figure out how to best use cloud computing—has been unveiled by CA Technologies. Among the website’s many features is an initiative, led by two Carnegie Mellon University researchers, for an industry-wide, globally accepted measure for calculating the benefits and risks of cloud-computing services. The researchers are seeking industry involvement via a consortium being formed with researchers from other educational institutions, end user organizations and technology providers, who have expertise in measuring and managing IT-enabled services.