Author: admini

Microsoft pulls faulty Exchange 2013 patch HOURS after release

Posted on by admini

Exchange 2007 and 2010 users should still apply the fix since the security patch causes no difficulties if installed on older versions of Microsoft’s email server software.

“If you already installed MS13-061 on Exchange 2007 and or 2010 it looks like you should be good to go as the issue does not seem to occur with those versions,” explained Ziv Mador, Director of Security Research at Trustwave.

MS13-061 addresses three vulnerabilities in Microsoft Exchange that can stem from bugs in the third-party library Outside In, which is licensed from Oracle.

Sysadmins would be well advised to apply a stop-gap workarounds which includes turning off document processing involving Outside In – at least, pending the availability of a functional security patch.

Link: http://www.theregister.co.uk/2013/08/15/faulty_exchange_2013_update_pulled/

Read more

IT security spend keeps rising: Is there ROI?

Posted on by admini

Information technology security spending will apparently keep growing forever, but it’s unclear what the returns look like.

Security requirements aren’t going to go away as long as the bad guys are out there.

Canalys noted that security remains a priority for businesses even as they cut back elsewhere. Asia Pacific IT security spending will be up 9 percent in 2013 with North America growing 5 percent.

Meanwhile, medium sized businesses will grow IT security spending a 7 percent clip to hit $8.5 billion in 2017.

Link: http://www.zdnet.com/it-security-spend-keeps-rising-is-there-roi-7000019277/?s_cid=e589&ttag=e589

Read more

Linux gets hit by a trojan — it’s time to sudo apt-get scared!

Posted on by admini

“The Trojan’s developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian.

While this trojan does seem nasty and scary, it is unlikely to spread easily given Linux users’ propensity towards common-sense about installing software.

Link: http://betanews.com/2013/08/09/linux-gets-hit-by-a-trojan-its-time-to-sudo-apt-get-scared/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

Read more

Concerns Over Cyber Security Risks Outweigh Traditional Risks for Large Firms: Study

Posted on by admini

“We are reaching a tipping point where the majority of companies we surveyed now rank cyber security risks as high as other major insurable business risks,” said Michael Bruemmer, vice president at Experian Data Breach Resolution.

Among those companies that had an incident in the past 24 months, 70 percent of respondents said the experience increased their interest in these policies.

However, those costs are only a fraction of the average maximum financial exposure that the companies surveyed (breached or not) believe they could suffer because of cyber incidents. Respondents quantified the average potential maximum financial risk of a data breach at $163 million, with some projecting more than $500 million in damages.

For those firms that chose to go without coverage, 43 percent indicated that it is because of the cost and too many exclusions, restrictions and uninsurable risks.

“Going through the process of evaluating cyber insurance for their company, 62 percent of the people said that they felt like their company was in a better state of readiness because of going through the process of evaluating cyber insurance, which means that just the preparation and awareness help to improve their level of capability for an incident response for a data breach,” said Bruemmer.

Link: http://www.insurancejournal.com/news/national/2013/08/07/301071.htm

Read more

CISO spending priorities revealed

Posted on by admini

As to where the money is going, respondents said five areas were ‘priority one or two’ (where one is most important and five is least important).

Notable changes occur in spending priorities between 0-12 months (FY 2013) and 12-24 (FY 2014) months on data security, document security and social media security.

54% of respondents indicated spending on data security would be high priority in 2014 (up from 38% in 2013). 38% of respondents indicated spending on document security would be high priority in 2014 (more than double the 15% in 2013). 23% of respondents indicated spending on social media security would be high priority in 2014 (more than triple the 8% in 2013).

Link: http://www.net-security.org/secworld.php?id=15346

Read more

Sophisticated Malware Is Stumping Security Pros

Posted on by admini

“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report.

Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.

Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack.”

In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user.

About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization.

“While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties.

Link: http://www.crn.com/news/security/240158935/sophisticated-malware-is-stumping-security-pros.htm

Read more