Security News Curated from across the world
Andrew Durant, BDO’s head of fraud investigation, says to combat such crimes firms need better employee access management and fraud detection systems. But detective chief inspector Stuart Dark from the Metropolitan Police’s Economic and Specialist Crime Unit, says employee screening and internal processes are equally important.
http://www.computing.co.uk/computing/news/2152055/poor-security-blamed-increase
US IT managers regard keeping anti-virus software and firewalls up to date; using intrusion detection and prevention technologies, and implementing vulnerability/patch management on their networks as the three most important measures. In contrast, international managers place a higher priority on IPS/IDS technologies (33 percent compared with 20 percent in the US) and on file encryption (18 percent compared with 7 percent of US businesses).
“IT executives are making it very clear how seriously they take cybercrime threat, both from internal and external sources,” said Stuart McIrvine, director of IBM’s security strategy. “The nature of crime is changing, and businesses, technology providers and law enforcement must work together to ensure the right safeguards are being put in place to securely operate in today’s environment.”
http://www.techworld.com/security/news/index.cfm?NewsID=5568
“Today’s attackers are smarter and stealthier,” warned Bruce Schneier, founder and chief technology officer at Counterpane. “They are much more likely to install spyware, as they are more interested in making money.
http://www.vnunet.com/vnunet/news/2152006/financial-sector-top-target
In terms of the background of this case, as set forth by the FTC, CardSystems provided merchants with products and services used for obtaining approval for credit and debit card purchases from banks that issued cards.
The FTC specifically charged that CardSystems created unnecessary risks in storing information, did not adequately assess the vulnerability of its computer network to commonly known attacks, did not implement low-cost and available defenses to such attacks, failed to use strong passwords to ward off hackers, did not use available security measures to limit access between its computer network and the Internet, and failed to employ adequate measures to detect unauthorized access to personal information.
http://news.com.com/2010-1029_3-6047097.html?part=rss&tag=6047097&subj=news
In its previous report, Symantec cautioned that malicious code for profit was on the rise, and this trend continued during the second half of 2005.
Malicious code threats that could reveal confidential information rose from 74 percent of the top 50 malicious code samples last period to 80 percent this period.
http://www.itnews.com.au/newsstory.aspx?CIaNID=30685
Bogus emails that form the basis of phishing attacks contain URLs that direct the victim to a single IP address, which hosts the so-called ‘smart redirector’. When the potential victim clicks on the link, the redirector checks all related phishing websites, identifying which sites are still live before redirecting the user to one of them.
RSA Cyota senior product manager Andrew Moloney said: “As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimise the effect this has on their hit rates.
According to the Anti-Phishing Working Group, almost 50,000 phishing websites were created last year, with more than 7,000 appearing in December alone.
http://www.theregister.co.uk/2006/03/08/smart_redirect_phish_attack/