Security News Curated from across the world
Verizon is boosting its risk-correlation analysis through use of security-event management (SEM) so it can provide a deeper level of detail about the confidentiality, integrity and availability of data in specific customer computer equipment.
http://www.itworld.com/security/60354/verizon-service-steps-analysis-security-risks
Cyber Cartels, groups of young and modern cyber criminals likened by VeriSign iDefense to drug cartels of the 1980s, targeted commercial — not individual — banking accounts for fraud operations and security measures meant to protect those accounts and routinely defeated the protections.
“The cyber security landscape has fundamentally changed where ‘script kiddies’ no longer perpetrate the lion’s share of malicious activity online,” said Jason Greenwood, vice president and general manager, VeriSign iDefense Security Intelligence Services.
http://www.marketwire.com/press-release/Verisign-Inc-NASDAQ-VRSN-930692.html
The endpoint security tool vendor hopes the report will help drive users to try out its “clientless” management tools, which it says can take a more accurate reading of the status of AV software on remote endpoints.
In many cases, users had turned off the antivirus software, thinking that would make their computers run faster, the researchers say.
“What we’re seeing are companies paying Symantec, McAfee, and others for protection that is only working about 75 percent of the time,” adds Alan Komet, vice president of marketing for Promisec.
http://www.darkreading.com/security/antivirus/showArticle.jhtml;jsessionid=EA1KQQBHQNWVKQSNDLPCKH0CJUNN2JVN?articleID=212500149
Each application on the list has the following characteristics: Runs on Microsoft Windows. Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
To read the full list of applications, which includes products from Symantec, Yahoo!, Trend Micro, Sun Microsystems and more, visit here (http://bit9.com/landing/2008vulnerableapps.php) to download the research note.
http://www.darkreading.com/security/app-security/showArticle.jhtml;jsessionid=W4TNO0P1S4NS2QSNDLRSKH0CJUNN2JVN?articleID=212400451
1. ATM Network Fraud According to Paul Kocher, president and chief scientist of Cryptography Research Institute, the number one area that institutions will see fraud growing over the next year is in ATM networks.
2. Check Fraud The area of check fraud is also becoming continuously more sophisticated, and the underlying technological systems haven’t kept pace with the sophistication of the adversaries, says CRI’s Kocher.
3. ‘Laser-Guided’ Precision Strikes The organization and sophistication of criminals is increasing, and so is the sophistication of their attacks.
4. Phishing Attacks To Continue In 2008, the financial services industry has seen an increase in the numbers of phishing attacks that are expected to continue into 2009, including sophisticated spear phishing and Rock Phish attacks.
5. Check Image Fraud Traditionally, after a successful phishing attack, the criminal would extract the needed information and go onto the online account and remove the victim’s bank funds.
6. Zero Day Attacks Another area that financial institutions will need to keep an eagle eye on is the shift in the way financial fraud is happening.
7. Low ‘N Slow Attacks Imagine having the best firewalls, intrusion detection systems and an unbeatable monitoring system installed, says eIQnetwork’s Rothman.
8. Drive-By Attacks Deliver Institutions need to educated and warn customers and employees to beware the online look-alikes and infected websites, says Tom Wills, Javelin Strategy Research’s Senior Analyst for Security & Fraud.
9. Phones Will Be Ringing All institutions need to keep a close ear and eye on their phone channel, says Wills.
10. Insider Threat This is one of the most important issues that financial institutions are going to face in the coming year, says Jody Westby, Adjunct Distinguished Fellow at Carnegie Mellon University’s CyLab and CEO of Global Cyber Risk, a Washington, DC-based cyber intelligence firm.
http://www.bankinfosecurity.com/articles.php?art_id=1098
More specifically, half of the IT managers said that outsourcing was a high or very high security risk to their organizations today and in the next one to two years; 44 percent also pointed to data breaches as a comparable risk today, while 40 percent expect them to be so in the next one to two years.
Security professionals, meanwhile, ranked data breaches and cybercrime higher: Sixty-six percent consider data breaches high or very high risks today, while 65 percent rank them as such for the next year to two years.
“We see a big disconnect between IT and security in their thoughts about data breaches and how risky that is to a business,” says Pat Clawson, CEO of Lumension.
While 92 percent of security professionals say their organizations had suffered a cyberattack, only 55 percent of IT staffers said the same, while 32 percent said they were uncertain. Interestingly, both IT and security departments don’t rate virtualization as high risk.
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=W4TNO0P1S4NS2QSNDLRSKH0CJUNN2JVN?articleID=212300005