admini – Page 165 – CyberSecurity Institute

Online crime’s impact spreads

Posted on April 16, 2008December 30, 2021 by admini

Nearly 60% of Americans are fearful someone will steal their account passwords when they bank online, and 38% do not trust making payments online, according to a survey of 1,000 U.S. adults conducted by TNS Sofres on behalf of digital-security company Gemalto.

Bank accounts were the most commonly advertised item for sale on underground computer servers, accounting for 22% of all items in the last six months of 2007, according to a Symantec report this week.

Several analysts, including John Pescatore of Gartner, point to the escalating threat of bots, sprawling networks of compromised PCs controlled by criminal groups. The top bot nets send a staggering 100 billion spam e-mail messages each day, SecureWorks says.

Speaking of spam and other forms of malicious software code, hackers are using YouTube videos to advertise their goods.

In one post, a group from Albania offers to illegally break into corporate networks to steal data and implant malware, says Don Jackson, director of threat intelligence at SecureWorks.

http://www.usatoday.com/tech/news/computersecurity/2008-04-10-cybercrime-computer-security_N.htm

Check Point delivers new Power-1 appliances

Posted on April 16, 2008December 30, 2021 by admini

With a 6.1 Gbps intrusion prevention speed, customers also gain the ability to stop application layer threats at industry-leading speeds. Consequently, organizations facing application security threats, such as worms or buffer overflows, will be able to stop them while maintaining high performance for business critical applications.

Multiple Power-1 appliances can be centrally managed with other Check Point security gateways through a single console, thus simplifying network security management and reducing administrative costs.

http://www.net-security.org/secworld.php?id=6021

New version of Zertificon secure virtual mailroom

Posted on April 16, 2008December 30, 2021 by admini

It functions in compliance with S/MIME and OpenPGP, the two internationally established standards for e-mail security, and is compatible to all current e-mail programmes.

Another new feature of this product is its validation and archiving link for attached documents — such as i.e., invoices with a qualified signature.

The new version recognises, effective immediately, any attachments in incoming e-mails with a qualified signature (SigG/SigV), then validates them and transmits the validation report as an XML file, analogue to GDPDU – along with the e-mail itself — to an existing archiving system.

http://www.net-security.org/secworld.php?id=6023

Oracle moves into hosted security space

Posted on April 12, 2008December 30, 2021 by admini

Oracle follows security companies such as Symantec, Scansafe and Mcafee into the “security as a service” space. Oracle – whose service will launch later this year – says companies will be able to decouple security features from particular applications and centralise security processes.

Gartner believes security as a service will see an annual growth rate of more than 30 per cent through 2012, as companies move more broadly to using web.hosted applications. The global enterprise security market is worth more than 5.5bn annually, and is growing over 10 per cent a year, according to Canalys research.

http://seclists.org/isn/2008/Apr/0070.html

Top Malware Report For March

Posted on April 3, 2008December 30, 2021 by admini

Secondly, the new malicious programs which had appeared in the last few months were also absent from the rankings, although there had been no indication that this would happen.

And finally, this month’s chart contains an increased number of worms which we’ve been detecting for years.This epidemic indicated that someone was preparing to create an enormous botnet.

Our old friend, NetSky.q, continues to lead the rankings this month, and Mydoom.m rose a significant nine places to come in second. The last time these two worms were in such close competition with each other was way back in 2004.

The only program which could more or less be termed new in the entire Top Twenty is another Trojan-Downloader.

All the representatives of the Zhelatin (Storm Worm) and Warezov families have disappeared from the rankings. Worms from the NetSky family have come to fill the void created by the absence of new epidemics, with three of the five programs re-entering the rankings in March belonging to this family.

Overall, March has been the most peaceful month that we’ve seen for a while.

http://www.net-security.org/qualys2008/rsa2008c.html

Top 10 vulnerabilities in Web Applications in Q4 2007

Posted on March 1, 2008December 30, 2021 by admini

Open SSL Off-By-One Overflow
Java Web Start Bugs
Adobe Acrobat URI Handling Bug
IBM Lotus Notes Buffer Overflow
RealPlayer Input Validation Flaw
IBM WebShere Application Server Input Validation Hole
IBM WebShpere Input Validation Hole
PHP Buffer Overflows, Filtering Bypass and Configuration Bypass Bugs
Apache Input Validation Hole
Adobe Flash Player Bugs

http://www.net-security.org/secworld.php?id=5865