Category: News

The patch also updates Apple’s provided version of Java to 1.6.0_41; the update is available by choosing Software Update from the Apple menu or visiting the Mac App Store and clicking on Updates.

In line with the company’s recent policy on Java, these downloads will disable Apple’s built-in Java plugin; users who try to run applets in their browser will instead be prompted to download the latest version of the Java plug-in from Oracle. One additional casualty this time around, for 10.7 and later, is the Java Preferences app that usually lives in OS X’s Utilities folder—Apple says it’s no longer necessary for configuration.

Apple is only the latest target in a recent spate of cyber attacks that have hit institutions like the New York Times and the Wall Street Journal along with tech companies like Facebook and Twitter; most of those attacks have been traced back to China.

Link: http://www.pcworld.com/article/2028740/apple-confirms-cyber-attack-will-release-security-tool.html

Some other areas include activities which will endanger the national security of the other party, transnational organised crimes, terrorism and any other crimes referred to in this agreement, human trafficking as well as illegal immigration, particularly abuse of women and children and also cyber crimes and other offences which take place by misuse of communication and telecommunication devices.

On a question about methods of co-operation, Rehman Malik said each country will adopt measures for implementation of this agreement which would identify group or persons involved in transnational organized crimes or who are wanted for such crimes and providing relevant information such as pictures, fingerprints.

The other areas are exchange of information on laws for prevention of crimes, which have been included in this agreement, exchange of information and experiences on strengthening the management and controlling of borders such as through equipping the border stations and regular meetings between border guards and exchange of information and experiences on new types of narcotics, psychotropic substances, basic and chemical substances and the routes used for drug trafficking.

As per agreement both the countries would also cooperate in exchange of experiences in organising, training, management and education of their own forces as well as exchange of experts in order to expand bilateral co-operation to prevent organised crimes, terrorist acts, drug trafficking.

The Minister said co-operation between the two countries to prevent and combat terrorism is an important element of this agreement and added both the countries have agreed to combat the activities of terrorists groups which are considered as an offence according to the internal laws and regulations of either of the two countries or against the international convention to which both the countries are signatories.

He said the two countries have agreed to establish a joint working group headed by the Deputy Interior Minister of Iran for Security and the Secretary, Ministry of Interior of Pakistan for monitoring the performance of this agreement, to offer solutions in respect of problems faced during the course of implementation of the agreement and for reviewing and updating of this agreement, if and when required.

Link: http://www.brecorder.com/general-news/172:pakistan/1155671:pakistan-and-iran-sign-security-cooperation-agreement/?date=2013-02-20

In addition to ensuring that firewalls and other security measures are up to industry standard, a thorough security assessment will also identify where sensitive data is stored and whether this can be segmented or further removed from the rest of the IT system. This must include a specific plan to ensure that valuable time is not lost as the organization decides who is in charge of the response efforts.

Corporates should determine in advance of an incident what the chain of command will be for the incident response team.

Whether law enforcement can play any meaningful role in the aftermath of a hacking incident is often dictated by the type of incident involved. Even if law enforcement could determine the scope of the incident for the corporate victim, there are serious downsides to this approach for most organizations.

Hackers rarely leave a detailed list of what they stole and only painstaking reconstruction of a hacker’s activities through sophisticated computer forensics can determine if regulators or individuals need to be notified about the breach.

This could prove a public relations disaster, especially since the public often blames the corporate victim for failing to prevent the incident, regardless of the facts.

Link: http://www.continuitycentral.com/feature1050.html

While the majority of network breaches are caused by social engineering – that is, leveraging the end user as an attack vector though which unauthorized access is gained to sensitive computing assets such as communication and database servers – some other protective measures are available now and should be implemented immediately to effectively curb future exploits that can threaten even the most protected computer enclaves.

Although social engineering points to a failure at the top of the organization to link information security with corporate strategy (as well as a lack of end user training that could effectuate a first line of defense against would-be attackers), more frequent reviews of corporate strategies needs to be done, with special attention paid to ensuring that the firm’s information security strategies are aligned with business strategies.

Infected USB drives, for example, sprinkled in corporate parking lots and commuter trains floors is a common attack methodology used by adversaries to gain access to computer networks with miniscule effort, since the workers themselves are culpable of spotting them, picking them up, and inserting them into their computers when they arrive at work.

Locating IP addresses (the addressing scheme the Internet uses to relay information) of misconfigured devices is a trivial task, since one can simply search online search to learn how to perform ‘penetration testing’ , and since most laptop and tablet users don’t know how to configure their devices and user accounts properly before plugging into the Internet, it becomes even easier to hack into systems.

The overall objective here, of course, is to bring about a highly skilled IT workforce that possessed, for example, a thorough understanding of proper incident handling techniques so when breaches do occur, they can quickly be identified, contained, and eradicated, not to mention the payoff that firms acquire when reviewing recent unsuccessful hacking attempts and adjusting the firm’s overall security strategy.

Furthermore, insight into common attack methods, malware analysis capabilities, network defense-in-depth techniques, and sound information security governance and policy frameworks that can boost the defensive postures of all firms and is also a necessary component of responding to the threats from network-based attacks.

This fact, coupled with the relatively miniscule amount of proven cyber warriors available today ultimately limits the ability of most firms to simply keep up with the ever-morphing catalog of millions of computer worms and viruses that grow by the thousands each day, hence the call for more certified IT security practitioners.

To protect against the potential devastation that the nefarious activities by hackers everywhere pose to all of us, it is vital stay in lockstep with the protocols being used by the most sophisticated malware purposefully designed to evade the most cleverly configured intrusion prevention & intrusion detection systems currently used throughout U.S. companies, but we are falling short.

Link: http://thehill.com/blogs/congress-blog/homeland-security/283481-us-must-do-better-in-preparing-professionals-to-help-fight-cyber-attacks

Only one in five emails were legitimate and email spam increased to 76 percent.

Analysis and news headlines show that multistage attacks with multiple vectors have challenged security capabilities, as they worked to find weak spots and circumvent defenses. Attacks identified by Websense indicate a need for integration at the actual defense level and deep content security intelligence with real-time security defenses.

When independent solutions are in place, there is no way to ensure that email, web, mobile, social and data loss defenses are each prepared to perform their role to cohesively address an emerging threat.

Link: http://www.net-security.org/virus_news.php?id=2411

Several U.S. newspapers, including the Post, The Wall Street Journal and The New York Times accuse Chinese hackers of infiltrating their computer systems.

Duncan Clarke of Stanford University, who also chairs BDA — a China-based investment and advisory firm — said that if China is responsible for directing corporate espionage, it would be to help Chinese companies compete with their U.S. rivals. And we have not seen that level of concern in other countries, so the risk is that you actually hurt your own interests by taking too hard a line on this.”

The U.S. government has been concerned for years about the “significant and growing” threat of hackers stealing data for economic gain, and a report in The Wall Street Journal says businesses have long been well aware of the problem. So far, Washington’s response has included everything from giving written guidance to businesses on intellectual property crimes, to setting up a toll-free number to report problems, to unsuccessful efforts to get Congress to pass legislation on the issue.

Link: http://www.voanews.com/content/us-report-highlights-economic-threat-of-hacking/1601067.html