Three Things CIOs Should Know About Cyber-Security At the Information Security Forum, we know that cyber-security is a key business priority as organizations become progressively more digital and cyber-threats grow, both in number and sheer sophistication. With the explosion of today’s digital age, cyber-security is one of the principal issues…
Newsalert – August 25, 2014
Traditional Log Management Is Dead. Long Live Autonomic Analytics! (25 Aug 2014 05:46 GMT) … technical resources or organizational size. Log management technologies need to move beyond … of log management because the inherent complexity is hidden by the log management infrastructure … working smarter, as should your log management…
Banks Sue Target, Security Firm Over Data Breach | Fox Business
Target (TGT) and one of its security vendors, Trustwave, were hit with another lawsuit earlier this week over the wide-scale data breach at the retailer. Two banks, Trustmark (TRMK) and Houston-based Green Bank, are seeking damages of more than $5 million … Link: http://www.foxbusiness.com/industries/2014/03/26/banks-sue-security-firm-trustwave-over-target-breach-report-343636749/
Gameover malware targets accounts on employment websites – Techworld.com
A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts. Gameover is one of several Trojan programs that are based on the infamous Zeus … Link: http://news.techworld.com/security/3508691/gameover-malware-targets-accounts-on-employment-websites/
Tenable Launches Security “App Store” For SecurityCenter 4.7
“Tenable’s advanced analytics have allowed us to extend SecurityCenter as both a solution for security assessments and one for data center maintenance and operations. We are looking forward to the ‘security apps’ in 4.7,” said Russell Butturini, Senior Enterprise Security Architect at Healthways, a global disease management and well-being provider and ranked #8 on Information Week 500.
These analytics are directly accessible from within the SecurityCenter console and offer extensive visibility for multiple teams – network, security, operations, and compliance. The apps dramatically cut time and resources required to identify and respond to vulnerabilities, advanced threats, and compliance violations without the need to write complex scripts or rely on 3rd party tools.
Extended mobile device coverage to track mobile device types, users, and vulnerabilities through active, passive scanning and MDM integration.
“Tenable’s mandate is to protect its clients 24/7, so we realize that our solutions’ capabilities need to be as dynamic as the current threat landscape,” said Ron Gula, CEO of Tenable. “We provide customers with the only real-time vulnerability management platform with built-in scan, log, and network analysis technology to assess IT infrastructure risk. With this release, we’re making SecurityCenter even more strategic for our customers by providing direct access to the latest security and compliance intelligence as identified by our world class researchers.”
Cybercrime-as-a-Service, the rise of hacking services
The service doesn’t utilize Google for finding vulnerable Web sites on a mass scale, instead it allows the cybercriminal to manually enter the Web site about to get unethically pen-tested. Even if the service cannot automatically hack into the Web site (based on what the service claims are private techniques for exploitation) the specially displayed output is supposed to increase the probability for a successful compromise
At the moment the impact of the specific service is limited due its actual inability cause widespread damage but the availability of a huge quantity of tools and hacking services represents an alarming reality that is causing a sensible increase in blended, automated attacks.
The same Danchev already profiled other DIY tools such as Google Dorks Web site exploitation tools, brute forcing applications and stealth Apache module for backdoor distribution, the greater the number of these tools on the market and the greater the number of cyber criminals who provide for the complete outsourcing of attacks.
According last McAfee report “Cybercrime-as-a-Service” security experts observed a sensible increase for attack-as-a-service proposal, the study profiled as example Password cracking services and Denial-of-services.
“If the budget allows, a budding cybercriminal can skip the process of conducting research, building appropriate tools, and developing an infrastructure to launch a cyberattack by choosing a service that will outsource the entire process.” the report states.