admini – Page 197 – CyberSecurity Institute

Singapore: Cyber-security challenges set to grow in 2007

Posted on December 21, 2006December 30, 2021 by admini

Indeed, recognising that money is now the driving force behind most malicious hacking attempts, the local financial sector has already taken steps to tighten security for their Internet transactions. This comes after several attempts by hackers to spoof the online banking portals of local banks, with OCBC falling prey to such a phishing scam earlier this year. To meet a mandate spelt out by the Monetary Authority of Singapore, banks operating in Singapore have all rolled out so-called two-factor authentication tools in the last few months.

Threats have become Web-based and these have exploited those who have become comfortable with making transactions online,’ added Trend Micro’s Mr Chong. While technology-based defences are improving, they must be complemented by a security-conscious mindset to be more effective. ‘It has been especially challenging trying to educate Singaporeans about the risks on the Internet and thus to educate them on how to get protected,’ said Mr Chong. ‘In Asia, consumers are still thinking about virus attacks on a big scale, while the consumers in the US and Europe are already feeling the impact of targeted attacks that have caused financial losses through the compromise of their personal information,’ he added.

http://business-times.asiaone.com/sub/bizit/story/0,4574,218959,00.html?

Check Point to acquire NFR Security

Posted on December 19, 2006December 30, 2021 by admini

The acquisition of Rockville, Md.-based NFR Security, founded a decade ago by IDS pioneer Marcus Ranum, follows Check Points failure earlier this year to complete the acquisition of IDS and IPS vendor Sourcefire. NFR Security, which has 22 employees, does not publish figures related to its earnings. While not discussing NFR Securitys exact earnings, Shwed acknowledged NFR isnt a big money-maker, but it isnt losing money.

Gartner analyst John Pescatore said the NFR Security acquisition is clearly a replacement for the failed merger with Sourcefire. Pescatore said the merger between Check Point and NFR Security will probably work out well because NFR Security has good technologies that can be combined with Check Points strength in firewalls and management.

http://www.networkworld.com/news/2006/121906-check-point-acquires-nfr-security.html

Targeted security attacks on the rise

Posted on December 15, 2006December 30, 2021 by admini

Corporate and industrial espionage attacks are on the rise using targeted trojans intended to steal intellectual property and confidential information, according to the 2006 Annual MessageLabs Intelligence Report.

Mark Sunner, chief technology officer at MessageLabs said: ‘2006 was the year that spammers took the security industry by storm and showcased their new tactics and techniques for mass disruption.

Now accounting for almost nine out of 10 emails, spam has categorically shed its title of being a nuisance and is a perilous threat which all companies need to be protected against.’

A key component in the success of these highly targeted attacks is the distribution of spyware and adware which has grown into a multibillion dollar industry and fuelled an increase in the number of botnets being created.

http://www.computing.co.uk/computing/news/2171089/targeted-attacks-rise

Gartner Prediction for 2007

Posted on December 14, 2006December 30, 2021 by admini

This prediction is part of Gartner’s 10 key predictions that showcase the trends and events that will change the nature of business and IT in 2007 and beyond.

http://www.it-observer.com/news/7010/gartner_75_networks_have_undetected_malware/

Visa U.S.A. adds financial incentives, fines to PCI program

Posted on December 14, 2006December 30, 2021 by admini

Visa’s new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director at Visa U.S.A. “This program is part of our larger strategy for protecting cardholder data and to ensure that we are doing everything we can to protect it from compromise,” she said.

It targets the financial institutions responsible for the largest 1,200 merchants — known in PCI-speak as Level 1 and Level 2 merchants — which together account for about two-thirds of Visa’s total transaction volumes, she said.

Though nearly 18 months have passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2 merchants are currently compliant with the requirements, according to Visa.

As part of the compliance validation process, merchants will need to show that they have purged all magnetic stripe data, Card Verification Value data and PIN data from their point-of-sale (POS) and other systems, Fischer said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9006100&source=NLT_AM&nlid=1

Rustock Trojan A Model For Future Threats

Posted on December 13, 2006December 30, 2021 by admini

Rustock, like other recent in-the-news exploits such as “Stration,” is designed to send spam from hijacked computers.

Rustock hooks into the Windows 32-bit kernel, and patches several APIs (Applications Programming Interfaces) to hide the new registry keys and files it installs.

Polymorphic exploits, which first appeared in 1990, are rarely seen today, Martin says, but Rustock has revived the practice as another defensive strategy against security software, which uses pattern detection and threat-specific signatures to sniff out malware.

http://www.informationweek.com/showArticle.jhtml;jsessionid=3SBBS032AKJBOQSNDLRSKH0CJUNN2JVN?articleID=196603916