Cyber Security Institute
Trends
Monday, March 01, 2010
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
Monday, February 22, 2010
Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
Criminals hid bank card-skimming devices inside gas pumps—in at least one case, even completely replacing the front panel of a pump—in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. The scam was first discovered when a California bank’s fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah.
Wednesday, January 13, 2010
IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or
According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific excluding Japan (APEJ) region are expected to post strong double-digit growth in 2010 compared to 2009. According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow some 19% to US$115.44 million in 2010. The Identity and Access Management (IAM) market is estimated to grow by 15.2% to reach US$ 326.38 million.
Sunday, January 10, 2010
Airport breaches on the rise nationwide
Government officials imposed stricter airport security measures after the failed Christmas Day bombing of a Northwest Airlines flight to Detroit. Such breakdowns are rare, officials said, but a government report released in October shows breaches at U.S. airports nearly doubled over five years. “That’s only the breaches we know about,” said Mike Boyd, president of the Colorado-based aviation consulting firm Boyd Group International. The Transportation Security Administration reported 1,442 security breaches at the nation’s 450 commercial airports in the fiscal year ended Sept. 30, 2004, according to the Government Accountability Office report.
Friday, December 18, 2009
Security Heavyweights Predict 2010 Threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Social networks are going to become a prime target for cybercriminals in 2010, according to security predictions from annual security reports released this month by CA Inc., Cisco Systems Inc. and Symantec Corp. A prediction list gathered from Independent Security Evaluators (ISE) and another list issued by Websense Inc. also anticipate increased threats on or towards major social networking sites. Social networks was the only prediction highlighted by all five sources, but increased use of search engine optimization (SEO) attacks, shorts URLs and malvertising, as well as an upcoming focus on smartphones and the Mac OS X platform, were also noted on multiple accounts.
Sunday, December 13, 2009
Identity theft prevention is security spending focus
Organisation expect their largest security IT expenditure to be in identity theft and abuse prevention solutions, followed by spending to prevent external threats, unintentional privacy breaches, remote access abuse and spam. The global survey of over 400 companies with 500 or more employees found that organisations felt they would most likely have to deal with PC theft or loss (54%), spam attack (45%), misuse or hacking (45%), and spying tools (45%) as the most likely security incidents, while external threats (52%), internal intentional misuse (49%), remote access abuse (47%), identity theft (47%), and virus attack (43%) would be the most damaging security incidents.
Thursday, December 10, 2009
Top five security challenges of 2010
Social networking sites like Twitter, LinkedIn, Facebook and MySpace will pose one of the biggest threats in 2010, according to TriGeo Network Security, a provider of security information and event management (SIEM) technology for midmarket enterprises. According to the Identity Theft Resource Center, the number of data breaches in 2009 is on track to drop by nearly 50 percent when compared with 2008. Two more American states will pass data breach laws.
Tuesday, December 08, 2009
Hackers Targeting Banks, Social Sites
A yearly security report released Tuesday by technology company Cisco says that banks and online social networks are growing targets for cyber criminals. Strategies used to hack into social-networking sites include grabbing passwords and then utilizing the fact that people only have one password for all their accounts. Cisco said that a specific computer worm has been spread to more than three million computers since 2008.
Monday, November 16, 2009
FBI Says Hackers Targeting Law Firms, PR Companies
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. The FBI has issued an advisory that warns companies of “noticeable increases” in efforts to hack into the law firms’ computer systems—- a trend that cyber experts say began as far back as two years ago but has grown dramatically. In many cases, the intrusions are what cyber security experts describe as “spear phishing,” attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person’s business and appear to come from a trusted source.
Tuesday, November 10, 2009
SaaS Offerings May Play Key Role In Small Business Security, Report Says
Hackers don’t care how big your business is. As a result, many small and midsize businesses today have enterprise-class security vulnerabilities—and only a fraction of enterprise security budgets. To help close the gap, many SMBs are turning to third-party security services, according to a new report published today by Dark Reading and InformationWeek Analytics. The report outlines some of the differences between the needs of the small business and those of the large enterprise. “The biggest thing SMB IT pros have going for them is an intimate knowledge of how the business operates, where its sensitive data resides, and what its weak points are,” the report states.
Thursday, November 05, 2009
Canada - Beef information Service
The Beef Information Centre (BIC), which works with industry leaders in the promotion of Canadian beef, is commending McDonald’s Canada for its long-standing commitment to sourcing beef from Canadian producers. This is especially timely in light of an Internet email hoax spreading false information about McDonald’s Canada’s beef sourcing practices.
Monday, November 02, 2009
Phishing, worms spike this year, say Microsoft and McAfee
Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft’s report covering the first half of 2009.
Wednesday, October 21, 2009
Information Security Still a Priority In IT Budgets
A survey from PricewaterhouseCoopers shows that infosec budgets are seeing little in the way of cuts, and are even increasing in some cases.
Just because there’s a global economic crisis doesn’t mean the security teams at the world’s companies will be getting any kind of break in their work.
Friday, May 01, 2009
Experts Chart Spike in Cyber Sieges
Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption. These “distributed denial of service” or DDoS attacks use robot networks or “botnets”—many hundreds or thousands of compromised PCs—to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors. While DDoS attacks have been a common threat since the dawn of the commercial Internet, DDoS watchers, such as Arbor Networks, have tracked a recent spike in the number, sophistication and size of attacks against major Internet providers. Attackers also appear to be picking bigger targets.
Friday, March 27, 2009
New Rootkit Attack Hard To Kill
Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software. Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.
Tuesday, February 17, 2009
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Number of reported cyber incidents jumps
Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks. The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials. Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.
Thursday, January 29, 2009
McAfee highlights perils of offshoring sensitive data
Global companies may have lost over $1tn (£696bn) worth of intellectual property last year owing to data theft, according to new research from McAfee presented today at the World Economic Forum in Davos. Respondents to the study indicated that they lost a combined $4.6bn (£3.2bn) worth of intellectual property last year, and spent around $600m (£418m) repairing damage from data breaches.
Friday, January 16, 2009
New Report Predicts Increased Security Spend
Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates. Hot on the heels of Forrester Research’s recent prediction that enterprise businesses will increase security spending from 11.7 percent to 12.6 percent of their overall IT budgets during 2009, gateway filtering specialists Finjan have published results of a survey that highlights even more optimistic growth estimates.
Wednesday, January 14, 2009
Gartner EXP Worldwide Survey of More Than 1,500 CIOs Shows IT Spending to Be Flat in 2009
As enterprises face a challenging economic environment, IT spending budgets will be essentially flat with a planned increase of 0.16 percent in 2009, according to results from the 2009 CIO survey by Gartner Executive Programs (EXP). The worldwide survey of 1,527 CIOs was conducted by Gartner EXP from September 15 to December 15 2008 and represents CIO budget plans reported at that time. Flat IT budgets were found across enterprises in North America and Europe, with slight increases in Latin America and a slight decrease in Asia/Pacific.
Monday, January 12, 2009
Cyber attacks ranked 3rd danger behind nuclear war
Cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction - and they are increasingly hard to prevent, FBI experts say. “Other than a nuclear device or some other type of destructive weapon, the threat to our infrastructure, the threat to our intelligence, the threat to our computer network is the most critical threat we face,” he added. US experts warn of “cybergeddon”, in which an advanced economy - where almost everything of importance is linked to or controlled by computers - falls prey to hackers, with catastrophic results.
IT security spending will increase to match cybercrime threat in 2009
In light of the economic downturn and rising cybercrime attacks as indicated in Finjan’s Web Security Trends Report Q4 2008, Finjan conducted an online survey among 200 IT and security professionals.
Friday, January 09, 2009
SIEM: the Answer to Awkward Security Questions
What’s the one security question that you don’t want to be asked about your company? The author believe it’s the same question that Her Majesty the Queen raised when she visited the London School of Economics in November 2008. Describing the global credit crunch as “awful”, she asked an LSE professor: “Why did nobody notice what was happening?” This exchange neatly sums up a key IT security problem.
Monday, January 05, 2009
Cyber Security Reaches “Tipping Point” in 2008; Attacks on Critical Infrastructure Systems and Cyber
The year 2008 was a time security threats and malicious activity reached a tipping point, and 2009 stands to be the year critical infrastructure systems become prime targets for cyber criminals and the global financial crisis will be exploited for a variety of malicious activities, according to a new report released today from VeriSign (NASDAQ: VRSN) iDefense Security Intelligence Services.
Friday, December 12, 2008
Study: One-Quarter Of Antivirus Apps Aren’t Working
More than one-quarter of business PCs are running antivirus software that has been disabled or was never properly installed, according to a study that will be published on Monday. Promisec, a company that makes endpoint management tools, conducted the study on 100,000 PCs to prove a point: that antivirus management consoles from leading vendors are not accurately reporting when their software isn’t working.
Thursday, December 11, 2008
Bit9 Identifies ‘The Dirty Dozen’ - 2008’s Most Popular Applications With Critical Security Vulnerab
Bit9, Inc., the pioneer and leader in Enterprise Application Whitelisting, unveiled its annual ranking of popular consumer applications with known security vulnerabilities. Often running outside of the IT department’s knowledge or control, these applications can be difficult to detect; they create data leakage risk in endpoints that are otherwise secure; and cause compliance breaches that can result in costly fines. The list this year expanded to include 12 applications, up from 10 last year, due to the increase in vulnerabilities and the popularity of applications such as Skype and Yahoo!
Wednesday, October 15, 2008
The Global State of Information Security 2008
Not to be alarmist, but WAKE UP, PEOPLE! Our information security is, in many ways, failing. Ask the 11 alleged hackers charged in August with breaking into TJX and other retailers by way of insecure Wi-Fi. Forty million credit and debit card numbers were stolen. Ask the Medicaid claims processor at the outsourcer EDS. In February she pleaded guilty to stealing Social Security numbers and dates of birth, and selling them for use on fake tax returns. Ask the courier hired by the University of Utah Hospital to take backup tapes to offsite storage. One day in June, he used his own car instead of his company’s secured van. The tapes, containing billing data for 2.2 million patients, were stolen from his front seat. Or you could, as we did, ask 7,097 business and technology executives worldwide about their security troubles. In this, our sixth year of conducting the “Global State of Information Security” survey with PricewaterhouseCoopers, we got an earful about the challenges, worries and wins in security technology, process and personnel.
Friday, October 03, 2008
Kaspersky Lab: Kaspersky Lab Reports Significant Increase Of In-The-Wild Threats In September 2008 S
Kaspersky Lab, a leading provider of security solutions that protect against viruses, Trojans, worms, spyware, crimeware, rootkits, phishing, hacker attacks and spam, today revealed that 35,103 different malicious and potentially unwanted programs were detected on users’ computers by the Kaspersky Security Network (KSN) during September 2008. Kaspersky Lab first detected and added the rootkit to its anti-malware databases on 28th August 2008 and throughout September it actively spread across the Internet.
Wednesday, October 01, 2008
EU to introduce ‘virtual strip searches’ at airports by 2010
According to a draft European Commission regulation, seen by The Daily Telegraph, the new millimetre wave imaging scanners are to be used “individually or in combination, as a primary or secondary means and under defined conditions” to provide a “virtual strip search” of travellers. Dominic Grieve, Shadow Home Secretary, stressed that while body scanners may be an effective security tool “the implementation must be carried out by the British government in a proportionate manner, based on UK security requirements rather than the dictates of Brussels”. The new imaging technology creates an image of an unclothed body which privacy critics argue “amounts to a virtual strip search” has been tested on a voluntary basis at Heathrow’s Terminal Four.
Tuesday, September 23, 2008
For US Enterprises, Computer Crime Starts at Home
According to separate research reports published yesterday, the United States is the most common source of attacks, and that trend could continue as attackers find ways to exploit networks here at home. This year alone, some 20.6 million attempted attacks have originated from computers within the U.S., the company says. China ran second, with 7.7 million attempted attacks emanating from computers within its borders. Brazil was third with about 166,987 attempted attacks.