Security News Curated from across the world
“The swelling amount of spyware, as illustrated in the Aladdin CSRT report, is a direct representation of the fast-growing network of organized criminals that empower themselves through computers rather than physical theft,” said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit.
http://www.it-observer.com/news/6444/enterprises_attacks_tripled/
Muglia, who indicated the software is an attempt to modernize the product and make it more proactive for protecting computers, said an early beta version has been made available to some customers, with a public beta planned for the fourth quarter.
ForeFront was the most notable unveiling to underscore the company’s new “People Ready Business” plan for empowering developers and IT professionals through new software.
Muglia said Microsoft plans to prepare for this wave with the ‘People Ready Business’ plan to helping developers manage complexity and achieve agility; protect information, control access; advance the business with IT solutions; and amplify the impact of people.
http://www.internetnews.com/dev-news/article.php/3612626
“The Federal Reserve will continue to work with our counterparts in the federal government to encourage enhanced feedback on how reporting is contributing to our common fight against money laundering and terrorism,” Bies said.
http://www.marketwatch.com/News/Story/Story.aspx?guid=%7B16693B48-1BEC-4B01-B138-7812489927B4%7D&siteid=google
Yet it’s not only carriers that could be concerned with the type of attack Pena and Moore launched, says Seshu Madhavapeddy, CEO of VoIP security company Sipera Systems.
Madhavapeddy says these types of attacks are relatively easy to carry out and could hit at enterprises just as easily as carriers.
Infonetics Research predicts spending on VoIP will jump from $1.2 billion in 2004 to more than $23 billion in 2009.
Emerging technologies like unified communications that include voice, video, and data in one console, intended to drive collaboration through the roof, have the potential to put more and more information at the fingertips of hackers. They warn about phishing not unlike what companies and consumers see in e-mails.
And VoIP networks are just as susceptible to crippling denial-of-service attacks as are data networks, and mass calls generated by a worm could overload networks or kill productivity with ceaseless phone calls and messages.
http://www.informationweek.com/news/showArticle.jhtml;jsessionid=CI2HW0LHSD1GKQSNDLOSKHSCJUNN2JVN?articleID=188702963
The report also found that many customers are exploring network access control and content security solutions, which is delaying their purchase of core network security products until later in 2006.
In addition, Jeff Wilson, principal analyst at Infonetics Research, noted in a statement, “VPN/firewall functionality — the core of most integrated security appliance products — is truly reaching the commodity stage.
http://www.darkreading.com/document.asp?doc_id=96672&WT.svl=cmpnews1_1
Remediation costs, such as a credit monitoring service which Fidelity offered each customer to allow them to monitor that no fraud is taking place, can add up to several million more dollars. And the loss of some percentage of its angry customers, perhaps as much as 20% of its clients, will add even more to the total cost of the data breach. It is also likely that Fidelity will ultimately be assessed fines/penalties from government agencies, resulting in total monetary loss to Fidelity from this one data breach in excess of $10M. “Then you add on the cost of the personal credit watchdog services that companies often provide users who are victimized, plus the potential loss of business from the negative publicity, and the total loss to the company grows rapidly,” he said. And the loss of some key business information can also be a violation of the new business regulations, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA).
Gold suggested that companies need to take a series of steps to mitigate the risk both on laptops and smaller mobile devices:
1. Educate users
2. Password protection is set to “on”
3. Mobile management system
4. Determine which files can and cannot be downloaded
5. Encryption
6. Enforce connection/VPN security standards
7. Require active firewall protection and virus protection
8. Enable device lockdown and “kill” functions
9. Log device
The good news is that at least partial solutions for common BlackBerry, Windows Mobile and Palm OS handhelds are available on the market today.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000996&source=rss_topic17