November 2009 – Page 2 – CyberSecurity Institute

FBI Says Hackers Targeting Law Firms, PR Companies

Posted on November 16, 2009December 30, 2021 by admini

Alan Paller, director of research at SANS Institute, a computer-security organization, said Monday that a major law firm in New York was hacked into in early 2008 in an attack that originated in China.

U.S. officials have been cautious about publicly linking cyber attacks to China. But recent government reports have described computer attacks believed to have originated in China, although it is unclear if the intrusions were conducted by, or with the endorsement of, any element of the Chinese government. As is often the case with cyber crime, Paller said it is difficult to tell whether hackers were working on behalf of the country’s government, located in that country, or simply routing computer traffic through that country.

While some computer network attacks may be linked to countries such as China, in some cases they now can be orchestrated by independent cyber crime groups.

http://cbs4denver.com/wireappolitics/FBI.alert.says.2.1316357.html

Microsoft study shows growing threat of computer worms

Posted on November 15, 2009December 30, 2021 by admini

Private users get off lightly, by comparison, partially because they are more likely than corporate customers to make sure their computers have the newest security software installed.

Germany and Austria both have PC infection rates significantly below the global average of 0.87 per cent: 0.3 and 0.21 per cent, respectively. Despite the higher risk of worm attacks, the study say worms only make up about 6.7 per cent of all attacks, meaning they are only the fourth most predominant threat. Nonetheless, a year ago, that figure was 16.8 million.

Microsoft presents its Security Intelligence Report twice a year, updating readers on the actual state of computer security and dangerous programmes.

http://www.topnews.in/microsoft-study-shows-growing-threat-computer-worms-2236347

Hackers create tools for disaster relief

Posted on November 15, 2009December 30, 2021 by admini

“We’re saying, partner with the private sector and we can push technology forward and innovate.”

Several projects explored the use of maps, including one group that built a widget that allows a user to click on a point in a map to have the coordinates automatically inserted into a message that can then be posted to multiple social networks at once via the HelloTXT service.

The first-place prize went to a group primarily from NASA that worked on a mobile notification app that can be used when regular cellular networks are so bogged down people can’t make phone calls. Using the “I’m OK” app, people can easily notify friends and family members that they are safe via SMS by clicking one button.

http://news.cnet.com/8301-27080_3-10398073-245.html

New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit

Posted on November 14, 2009December 30, 2021 by admini

“My project is the first Web application honeypot with a working vulnerability emulator able to respond properly to attacker requests,” says Lukas Rist, who created Glastopf.

Unlike other Web honeypots that use templates posing as real Web apps, Glastopf basically adapts to the attack and can automatically detect and allow an unknown attack. The project uses a central database to gather the Web attack data from the Glastopf honeypot sensors installed by participants who want to share their data with the database.

“The project will contribute real-world data and statistics about attacks against Web apps — an area where we do not have good collection tools yet,” says Thorsten Holz, Rist’s mentor on the project. “They can, for example, find compromised servers in their space that host PHP bots, or other data related to remote file inclusion vulnerabilities,” he says.

http://darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=221300001

Security Pros Not Confident In Their Incident Response Plans, Study Says

Posted on November 13, 2009December 30, 2021 by admini

Enterprises suffer an average of two breaches a year, but only a third of IT professionals are completely confident in their incident response plans, according to a study published earlier this week. According to a study conducted by data recovery and forensics service provider Kroll Ontrack, about three-quarters of U.K….

California Plans to Launch Information Security Operations Center

Posted on November 13, 2009December 30, 2021 by admini

In California, we are confronting the challenges in a coordinated and efficient fashion that will increase protections for the citizens and businesses of this state,” said Weatherford, in a statement announcing the plan.

A California First Weatherford’s new statewide information security plan is the first ever developed for California state government, and it represents a significant milestone for the CISO, given the sprawling nature of California state government and the size and independence of its state agencies.

In an interview with Government Technology earlier this year, Weatherford said California state agency CIOs needed an enterprise security strategy to help guide their efforts.

http://www.govtech.com/gt/733337?topic=117671