Monday, March 16, 2009

Around The Horn vol.1,64

Alerts

More UDP Activity, (Mon, Mar 16th)

Martin I. wrote in a bit ago in response to the diaries from Saturday and Sunday ...(more)...

new rogue-DHCP server malware, (Mon, Mar 16th)

Thanks to Irwin for alerting us about a new version of rogue DHCP server malware he found in his net ...(more)...

SB09-075: Vulnerability Summary for the Week of March 9, 2009

Vulnerability Summary for the Week of March 9, 2009

Security News

Brief: Analyst: Security elusive in the "cloud"

Analyst: Security elusive in the "cloud"

March 9-15, 2009

Report Highlight: Phishers Find Vulnerable New Friends in Social Networks

Authentication with a twist

And now for something completely different. I promise nothing about provisioning and/or federation this week. In this issue, and the next, it's straight-forward, clear-cut authentication we'll discuss, but with a twist.

4 Steps to the Security Industry's Economic Survival

Everyone is focused on clinging to a job or finding a new one in these dark economic times. In doing so, avoiding controversy and risk is usually standard operating procedure. But it shouldn't be, according to several security industry heavyweights who attended the recent SOURCE Boston conference.

AlgoSec puts its firewall analysis software on an appliance

AlgoSec is coming out with an appliance that has its firewall analysis software already installed, giving customers a fourth option for using the company's tools.

BBC in hot water for hiring botnet

The BBC has been come in for sharp criticism over the decision by its Click computing show to hire a live botnet to demonstrate the ease with which spam can bombard e-mail users.

DHS Exec's Exit Raises Red Flags on NSA's Security Role

The abrupt resignation of one of the U.S. government's top cybersecurity officials has exposed widespread -- though not universal -- opposition to the National Security Agency's expanding role in federal security initiatives.

Two start-ups, Egress and SafeMashups, make debut today

Two start-ups, Egress Software Technologies and SafeMashups, each make their debut today with security products that have a crypto-tech edge to make data flowing across the Internet safer.

Securing Your Virtualized Environment

Virtualization promises to make IT departments more flexible, more efficient and -- perhaps most crucial in these tough times -- more frugal. But one advantage the technology doesn't provide is an escape from the need for strong security measures.

Five tips for an effective enterprise mobility strategy

Once upon a time, the IT team at a large U.S. healthcare institution got a call from the shipping department saying that several cases of Wi-Fi-enabled devices had arrived on the loading dock. IT knew nothing of the shipment, since the devices had been ordered by nursing administrators.

Will the real mobile enterprise device please stand up?

In the consumer-centric mobile device world, constant updates and cool features are the norm. But that's not what enterprises are looking for when they choose to standardize on a mobile device.

McAfee Debuts ‘Combating Threats’ Series

By David Marcus on Zero-Day

McAfee Avert Labs will now produce more detailed documentation on prevalent threat families. The “Combating Threats” document series is designed to arm security staff within organizations with more information concerning prevalent threat families as well as to provide additional mitigation steps that can be taken. The first two documents in this series, “W32/Virut Family” [...]

Malware Again Attacks Ichitaro Word Processor

By Shinsuke Honjo on Web and Internet Safety

For years, the Japanese word processor Ichitaro has been attacked by malware authors exploiting flaws in the application. So it is no surprise that in the last week we discovered in the wild specially crafted Ichitaro document files exploiting a new vulnerability. This time, the crafted file (detected as the Exploit-TaroDrop.g Trojan) drops and [...]

Breaking News: Waledac Terror Attack in a City Near You

By Micha Pekrul on Web and Internet Safety

Users should always take care while surfing the Internet and reading mail, and today maybe more than usual: Another spam run from the Waledac botnet is on the loose, this time misusing the good reputation of the news agency Reuters. After the “President Inauguration,” “Valentine Scam,” and the “Economic Crisis,” this time the social-engineering trick [...]

Democrats.org Cans the Spam

By Craig Schmugar on Web and Internet Safety

Last week I blogged about how the community forum of Democrats.org was being abused to help manipulate Google’s search results; to lead people to malware.  It appeared that by the end of last week, Democrats.org began the cleanup process of removing all the bogus posts, which seems to have been completed as of this time.  [...]

New DNS trojan taints entire LAN from single box
One 'sploit pwns all

Internet security experts are warning of a new rash of malware attacks that can hijack the security settings of a wide variety of devices on a local area network, even when they are hardened or don't run on Windows operating systems.…

Web scam hoodwinks web founding father
Berners-Lee burned

Even the inventor of the world wide web isn't immune from online crime.…

Better metrics needed for security, says expert
Awash in bad data

BOSTON — The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security's cyber group told attendees at the SOURCE Boston conference on Thursday.…

Geo-located malware appears over the horizon
Dirty bomb ruse used to punt worm

Malware authors have incorporated technology designed to find the geographic location of prospective marks as a tactic to enable more convincing social engineering scams.…

BBC Click paid cybercrooks to buy botnet
Your licence fees at work

BBC Click has admitted paying cybercrooks thousands of dollars to buy access to a botnet as part of a controversial cybercrime investigation, broadcast over the weekend.…

Egress Secures Data Exchange to Prevent Enterprise Data Breaches (E-Week Security)

Other News

Ex-Google, Yahoo Staffers Release Hadoop Distribution

Cloudera has launched its commercial distribution of the large-scale Hadoop computing framework.

Will the economic crisis destabilize Tajikistan?

By Ilan Greenberg on dispatches

VOSAY, Tajikistan—Taking a car from Dushanbe, Tajikistan's easy-going capital city, to the Afghanistan border requires special permission from government authorities. I didn't have it. Which was why I found myself near the border in a town called Vosay, drinking tea and cognac with a local man after we had aborted his harebrained plan to take his special "short cut" over the mountains to a string of border hamlets where the Tajik police rarely go.

No comments:

Post a Comment

My Blog List