Category: News

“For example, if a registrant experienced a material cyber attack in which malware was embedded in its systems and customer data was compromised, it likely would not be sufficient for the registrant to disclose that there is a risk that such an attack may occur. Instead, as part of a broader discussion of malware or other similar attacks that pose a particular risk, the registrant may need to discuss the occurrence of the specific attack and its known and potential costs and other consequences,” the SEC explained.

David Navetta, a founding partner of the Information Law Group, and Nicole Friess, an associate at the law firm, wrote in their blog, “SEC Issues Guidance Concerning Cyber Security Incident Disclosure,” not to expect a wave of new public security breach disclosures from listed companies as a result of the SEC guidance. “While cyber security risk has always been a potential financial disclosure issue, and something that directors and officers need to take into account, the SEC guidance really highlights the issue and brings it to the fore. Even so, materiality is still going to a big issue, and not every breach will need to be reported as many/most will not likely involve the potential for a material impact to a company,” they wrote.

“It’s not as if companies are not already expected to report a breach that is material to earnings, such as Heartland, TJX, and many others have in the past. What the SEC has done is underline that IT security risks to materiality are no different than any other types of risks and need to be considered as such,” he says.

While we may not see a wave of new breach disclosures, Navetta and Friess estimate that many firms are not as prepared internally as they need to be in order to determine the potential impact of IT security breaches.

http://www.csoonline.com/article/691951/new-sec-security-breach-rules-no-big-game-changer-experts-say?source=CSONLE_nlt_update_2011-10-20

TDL-4 is endowed with an array of improvements over TDL-3 and previous versions of the rootkit, which is also known as Alureon or just TDL. As previously reported, it is now able to infect 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy, which was designed to allow drivers to be installed only when they have been digitally signed by a trusted source.

“The changes in TDL-4 affected practically all components of the malware and its activity on the web to some extent or other,” the Kaspersky researchers wrote in their report.

Like the Popureb trojan and the Torpig botnet (aka Sinowal and Anserin), it also infects the master boot record of a compromised PC’s hard drive, ensuring that malware is running even before Windows is loaded.

In the event there is a takedown of the 60 or more command and control servers used to maintain the TDSS botnet (hard but not impossible given the recent eradications of the Rustock and Coreflood botnets), the infected TDSS machines can receive instructions using a custom built Kad client.

The Kaspersky researchers were able to analyze the number of TDL-4 infections by exploiting a flaw that exposed three MySQL databases located in Moldova, Lithuania, and the US. Remarkably, the data revealed no Russian users, most likely because the affiliate programs that pay from $20 to $200 for every 1,000 TDSS infections don’t provide rewards for installations on computers based in Russia.

http://www.theregister.co.uk/2011/06/29/tdss_alureon_advances/

Many of the victims are in industries that are strategically important to China, and/or are engaged in business with China. But these charges can be hard to prove, and China has “plausible deniability” on its side.

The world’s corporations are under attack, and Mark says they need to take strict measures to protect their “crown jewels” of intellectual property. They need to take the same steps that the Pentagon takes to protect its secrets:

Mark says secrecy plays right into the hands of the attackers, and corporations need to speak out and become part of the solution to stopping these attacks.

http://www.kplu.org/post/cyber-attacks-are-escalating

According to Microsoft, Legal Intercept is designed to silently record communications on VoIP networks such as Skype.

“Data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent.” The data as modified is then passed to a protocol entity that uses the data to establish a communication session,” the description notes.

“With new Voice over Internet Protocol (VoIP) and other communication technology, the POTS model for recording communications does not work,” Microsoft noted in the patent application.

Michael Froomkin, a professor of law at the University Of Miami School Of Law, said that from the patent description it sounds as if the technology would allow Microsoft to do is make Skype CALEA capable. CALEA (Communications Assistance for Law Enforcement Act) requires telecommunications carriers and makers of communications equipment to enable their equipment so it can be used for surveillance purposes by federal law enforcement agencies. “First, making a communication technology FBI-friendly means also making it dictator-friendly, and in the long run this is not good for movements like the Arab Spring,” he said.

http://www.computerworld.com/s/article/9218002/Microsoft_patents_spy_tech_for_Skype?source=CTWNLE_nlt_dailyam_2011-06-29

“The combination of Astaro’s comprehensive portfolio of network security solutions alongside our endpoint, mobile, and email and web threat and data protection capabilities will enable us to continue to deliver on our vision of providing complete security without complexity wherever the user and company data resides,” stated Steve Munford, Chief Executive Officer, Sophos.

The market for multi-function security appliances has continued to grow because organizations of all sizes want better protection against security threats and need to support their users and distributed workplaces in a comprehensive, easy to use, efficient way.

…Astaro, with $56 million in billings and 30% year over year growth in 2010, is the fourth largest dedicated unified threat management (UTM) provider, leads the market and has sustained fast growth due to its strong track record of innovation and robust portfolio of feature rich network security solutions.

…“Demand for network security solutions with more comprehensive and high-quality protection is accelerating fast, and yet companies are struggling with the complexity of multiple security solutions to serve these needs,” stated Jan Hichert, Chief Executive Officer, Astaro. … Together, we will deliver to customers the ability to apply consistent security and web and application controls regardless of where the user is or where the network boundary may lie.”

…Solutions Fuelled by Best-in-Class Threat and Data Protection and Web and Application Control: Solutions will offer complete protection to meet complex threats and malware challenges, especially from the web, applications and social engineering vectors that require full visibility and coordination, supported by SophosLabs and renowned malware and threat expertise.

Enriched Channel Offerings: The combination of Sophos and Astaro will offer partners a complete and differentiated range of security solutions and services to meet customer needs not answered in the market today. Partners can deliver coordinated threat and data protection, and policy from any endpoint to any network boundary with solutions that can be deployed in any way: software, virtual, appliance, via a cloud services platform and backed by security updates from Sophos Live Protection for real-time, high-performance protection for end users no matter where they are.

http://blogs.csoonline.com/1498/sophos_acquires_astaro

“In any space there are some large outcomes, and that’s true for security as well, but you’re not going to see tons and tons of them,” Asheem Chandna, a partner at Greylock Partners, stated at the ITSEF lunch.

The vast majority of the 950 companies in the security industry in the United States are capitalized under US$5 million, and there are probably “fewer than 5 or 10 percent of them that are above $50 million,” said Maria Kussmaul, a founding partner at America’s Growth Capital.

Venture capitalists are putting their money in other areas such as social networking, mobile and green technology because they can get a higher possible rate of return, SINET’s Pflaging told TechNewsWorld. As proof, they point to fewer homeruns and the fact that many IT security firms plateau at $20 million to $30 million, Pflaging added.

“To me, the bigger issue, which hasn’t been well-discussed, is the trend towards more security M&A from the system integrator community, especially those SI companies with a government focus,” SINET’s Pflaging stated. Large IT manufacturers such as HP (NYSE: HPQ), IBM (NYSE: IBM), Cisco (Nasdaq: CSCO) and Dell (Nasdaq: DELL) will battle their former government channel partners such as SAIC and Raytheon to provide IT security to the government sector, he said. “As someone who sits as a trusted advisor to many in the security space, I can say that the M&A activity in 2010 and a greater awareness of the importance of cybersecurity at the national level has created more interest in finding the next generation of breakout security companies,” Pflaging remarked.

Investment in security technology is beginning to grow because of a combination of major platform shifts, the increasingly sophisticated threat landscape, and increased regulatory compliance being demanded by governments.

“VCs are beginning to move aggressively to invest in the sector given the high-profile cases of intellectual property theft such as the RSA hack and Aurora, cyber attacks such as Stuxnet, identity theft such as those that hit Heartland Payments and TJ Maxx, and cyberwarfare such as the Georgia conflict,” Yepez stated. “We are going from about 2.5 billion devices connected to the Internet today to about 50 billion by 2020, and this “translates directly in vulnerabilities and IT security-related risks,” he explained.

http://www.technewsworld.com/story/72322.html?wlc=1303999908