January 2013 – CyberSecurity Institute

Second Twitter hoax in two days smacks another stock – The West Australian

Posted on January 31, 2013December 30, 2021 by admini

Just as Muddy Waters confirmed it did not send such a tweet about Audience, so too did Andrew Left, the California-based investor who runs Citron, said his company did not send a message about Sarepta.

The twin incidents targeted a pair of Nasdaq stocks that are not among the most actively traded on a daily basis, showing how certain company shares are vulnerable to information posted on social media networks, even if the information is misleading.

“You need a more volatile stock for this kind of manipulation – obviously if you were to try it on IBM it wouldn’t work,” said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham, New Jersey.

The tweet, with the user name “@citreonresearc,” alleged that drug trial results from the biopharmaceutical company had been tainted and doctored, according to screen shots of the posting captured by Twitter users.

Matt, a trader in San Diego who did not want to give his last name, but who goes by the handle @given2tweet on Twitter, said, “There’s a real severity to that tweet.

The company, which has a market cap of about $692 million, is volatile, moving more than 1 percent in six of the past seven sessions.

Audience went public in May 2012 and has a market cap of $254 million as of Tuesday’s closing price, rising about 15 percent so far this year.

Link: http://au.news.yahoo.com/thewest/business/a/-/tech/16031129/second-twitter-hoax-in-two-days-smacks-another-stock/

Cisco shows the global picture of information security

Posted on January 31, 2013December 30, 2021 by admini

In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers’ IT departments – departments that are paid to protect employee identities and devices. As Generation Y graduates from college and enters the workforce in greater numbers, they test corporate cultures and policies with expectations of social media freedom, device choice, and mobile lifestyles that the generations before them never demanded. As the first chapter of the Connected World Technology Report indicated in December, Gen Y is constantly checking social media, email and text updates, whether it’s in bed (3 of 4 surveyed globally), at the dinner table (almost half), in the bathroom (1 of 3), or driving (1 of 5).

Nine of 10 (90 percent) IT professionals surveyed said they have a policy governing the use of certain devices at work, yet only two of five Gen Y respondents said they were aware of such a policy. IT professionals know that many employees don’t follow the rules, but they don’t understand how prevalent it is: More than half (52 percent) of IT professionals globally believe their employees obey IT policies, but nearly 3 out of 4 (71 percent) of the Gen Y workforce say that they don’t obey policies. In other words, Gen Y is less averse to complete strangers at retail sites monitoring their activity than their own employers’ IT teams – teams that are there to protect them and their companies’ information.

Link: http://www.net-security.org/secworld.php?id=14334

DDoS attack sizes plateau, complex multi-vector attacks on the rise

Posted on January 31, 2013December 30, 2021 by admini

DDoS: Attack sizes plateau; complex multi-vector attacks on the rise – The largest attack reported was 60 Gbps, same as 2011; and 46 percent reported multi-vector attacks.

This year’s results confirm that application-layer and multi-vector attacks are continuing to evolve while volumetric attacks are starting to plateau in terms of size. … Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defenses an organization has in place – to achieve their goals. … This year’s report includes a case study on the ongoing attacks against U.S. financial services organizations, a great example of a multi-vector attack.

Data centers and cloud services are increasingly victimized – 94 percent of data center operators reported attacks, and 90 percent of those reported operational expenses as a business impact.

As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage. DNS infrastructure remains vulnerable – 27 percent experienced customer-impacting DDoS attacks on their DNS infrastructure—a significant increase over the 12 percent of respondents from last year’s survey. 71 percent of respondents reported good visibility at Layers 3 and 4 but only 27 percent reported Layer 7 visibility.

Link: http://www.net-security.org/secworld.php?id=14323

Indian cyber laws lack teeth to bite data hackers

Posted on January 31, 2013December 30, 2021 by admini

The death of web-freedom activist Aaron Swartz, has once again turned the limelight on the Cyber security issues and laws governing the virtual world. While, Swartz, could have encountered over 30 years in prison if convicted following his trial under US laws, in India he could have gotten away with just three years imprisonment and Rs 5 lakh fine for the same charges.

In case, any university or institute network is hacked by someone, the maximum punishment is 3 years and Rs 5 lakhs fine under Section 66, read with 43 (I). Moreover, it is a bailable offence in India, while in the US it is a non-baliable offence,” Cyber Security expert Pavan Duggal said.

According to Salman Warris, a New Delhi-based cyber law expert, the current legislations are not suffice to deal with data hacking incidents in India. “In the US and Europe there is a complete legislation dedicated to data protection, while under Indian Act there are only two provisions related to data protection.

Aaron Swartz could also have had to shell out a penalty worth millions of dollar for allegedly downloading material from JSTOR. According to a senior professor associated with a leading university,”There has been instances in the past, where the university website has been hacked into. Whatever happen to MIT could happen to any institute, said Kamalesh Bajaj, CEO of Data Security Council of India (DSCI), a Nasscom initiative.

Link: http://www.business-standard.com/india/news/indian-cyber-laws-lack-teeth-to-bite-data-hackers/204728/on

F5 Networks introduces application delivery firewall

Posted on January 31, 2013December 30, 2021 by admini

With support for SAML 2.0, F5 now offers improved single sign-on (SSO) capabilities for web-based, VDI, and client/server applications—whether hosted in corporate data centers or the cloud. In addition, BIG-IP APM offers identity federation across multiple product instances within an organization, reducing the number of passwords needed by users to access corporate applications.

BIG-IP ASM now features support for applications written with the Google Web Toolkit, meaning security teams can enforce application security policies that use this widely adopted framework. Additionally, BIG-IP ASM can better detect and mitigate clickjacking, a growing web threat that attackers use to trick others into revealing personal information.

Link: http://www.net-security.org/secworld.php?id=14332

RSA combines SIEM with incident visibility to create Security Analytics

Posted on January 31, 2013December 30, 2021 by admini

With this you get full security visibility of data for log and packet and it gives the user more intelligence and if something is known, if it has been seen before.”

Jon Oltsik, senior principal analyst at Enterprise Strategy Group, said: “The sophistication of advanced attacks and the associated malware is growing every day testing the limitations of existing security analytics tools.”

Marrying intelligence-driven security with Big Data analytics has the potential to help enterprises address the complex problem of advanced threats and thus meet a significant need in the marketplace.”

Link: http://www.scmagazineuk.com/rsa-combines-siem-with-incident-visibility-to-create-security-analytics/article/278162/