Finovate: Privacy is dead, long live the PIN
By Josh Lowensohn
What's something we often use for security in the real world but not online? PIN codes. We use them at stores, banks, and ATMs, so why not use them online? For one, a QWERTY keyboard lets you create a much stronger, and often easier-to-remember password than you could with ...
Originally posted at Webware
Microsoft tightens Windows 7 security for USB drives
By Elinor Mills, Ina Fried
In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.
As a result of the change, most USB drives will not be able to automatically launch a program ...
Phishing with Swine Flu as bait
By Elinor Mills
Phishers and spammers have caught Swine Flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.
The e-mail scams have a subject line related to the Swine Flu and typically contain either a link to a phishing Web ...
Another Adobe Reader security hole emerges
By Elinor Mills
Updated 4:35 p.m. PDT with Adobe saying Windows, Mac and Unix versions of Reader are affected and more details.
Security experts are recommending that people disable JavaScript in Adobe Reader following reports of a vulnerability in the popular portable document format reader on Tuesday.
The vulnerability appears to ...
Industrial Control Systems Safe? I Think Not
By Darknet on power station security
It seems like there is some serious hacking going on, attacks on power stations and industrial control systems. You’d think most of these systems would be offline, or at least behind a solid DMZ. But as we’ve seen before they often get exposed by people plugging into the LAN then accessing the net through dial-up or [...]
Adobe Reader, Acrobat Hit With Another Zero-Day
PDF reader is now a favorite target for attackers, prompting security experts to recommend open-source alternatives
SANS Tells Congress: Feds' Checkbook Is Cyberdefense 'Weapon'
Senate hearing debates whether the White House or the Department of Homeland Security shoudl head up U.S. cybersecurity operations
Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT
IT security spending sees cutbacks, but situation isn't as dire as in the rest of IT, studies say
Security Vendors Offer More Freebies, Deals To Existing Customers
Customers are asking their vendors for -- and getting -- free enhanced features and better deals from their security vendors
The Cloud Security Alliance looks to standardize security for cloud computing
A wide ranging group has set down principles for cloud security and is seeking help advancing them.
Guide to enterprise password management drafted
I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are generally easy for users to circumvent, there are too many of them (and so users write them… oh never mind), and nothing can stop users from writing them down (and sticking them in their wallets, under their keyboards, behind their screens, in their desk drawers….). And yet we constantly hear non-technical managers resisting smart-token-based authentication or proximity cards because they are supposedly too expensive.
McAfee launches 'online 911' for cybercrime victims
McAfee has launched a new Web site designed to help cybercrime victims recover from hacker attacks.
BitLocker, TPM won't defend all PCs against VBootkit 2.0
Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled last week but these technologies won't be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows.
Microsoft retires AutoRun (kinda, sorta)
Security as second fiddle
Microsoft's security team plans to retire a much-abused feature in its Windows operating system that uses flash drives and other removable media to spread malware.…
Adobe users imperiled by critical Reader flaw
Move over, Microsoft
Updated Once again, Adobe is scouring its Reader application for bugs following reports that it's susceptible to two vulnerabilities that could allow attackers to remotely execute malicious code on end-users' machines.…
Loudmouth workers leaking data through social networking sites
Twitter ye not
Almost two-thirds (63 per cent) of sys administrators fear that workers share too much personal information through social networking websites, according to a poll by IT security firm Sophos.…
Hire your very own Fred the Shred
Old school, industrial-grade data destruction
Infosec: DiskShred Ltd and Secure IT Disposals have both introduced services guaranteeing storage device destruction involving lorry-borne industrial grade shredders turning up at your site, chewing up disk and tape drives and grinding them to bits.…
Infosec opens in new venue
Dolly birds and cybercrime
Infosec: Infosec, the annual IT security trade show, kicked off in a new venue on Tuesday with 310 firms competing for attention and security spending.…
Two Adobe 0-day vulnerabilities, (Wed, Apr 29th)
There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulne ...(more)...
Internet Explorer 8, now being pushed, (Tue, Apr 28th)
If you were to go to your Windows Update. ...(more)...
Updated List of Domains - Swineflu related, (Tue, Apr 28th)
F-Secure has just published a list of SwineFlu related domains. We have not had a chance to ch ...(more)...
RSA Conference Social Security Awards, (Tue, Apr 28th)
It is confirmed and published that we here at the SANS Institute Internet Storm Center have won the ...(more)...
Senators hear call for federal cybersecurity restructuring
By Robert Westervelt
Congress is mulling over whether to give more authority on cybersecurity issues to the Department of Homeland Security or create a new office within the White House.
Cyberwarfare, targeted attacks pose increasing infosec threat
By Eric Parizo
A malware expert at the Computer Forensics show says despite notable gains for the industry, the danger posed by cyberwarfare and organized crime pose a host of major challenges.
ICE Act would create White House cybersecurity post
By SearchCompliance.com
The Information and Communications Enhancement (ICE) Act would create a White House "cyber office" that would coordinate between government agencies and the private sector.
Former Federal Reserve Bank employee arrested
By SearchFinancialSecurity.com Staff
An IT analyst and his brother allegedly used stolen data, including sensitive bank employee information, to obtain loans.
RSA researcher Ari Juels: RFID tags may be easily hacked
By Neil Roiter
SearchSecurity.com caught up with Dr. Ari Juels and asked the well-known cryptographer about RFID security, cloud storage innovations and his new novel.
Operational risks could mire virtualization deployment, panel says
By Robert Westervelt
Future virtualization platforms and features could cause confusion when managing who owns virtual machines within an organization and how network traffic can be monitored.
Compliance drives opportunities for security integrators
By Kelley Damore
At the 2009 RSA Conference, new regulations and initiatives such as NERC, HITRUST and CNCI could signal some opportunities in healthcare and energy verticals.
White House cybersecurity advisor calls for public-private cooperation
By Michael S. Mimoso, Editor, Information Security magazine
Melissa Hathaway delivered precious few details about her 60-day review of the country's cybersecurity policies and structures during her RSA Conference keynote.
Cloud computing security group releases report outlining trouble areas
By Robert Westervelt, News Editor
The non-profit Cloud Security Alliance says its comprehensive report serves as the starting point for a broader discussion on cloud computing security issues.
SIEM: Not for small business, nor the faint of heart
By Neil Roiter, Senior Technology Editor
Technologists say security information and event management success depends not on the product, but on the risk and information management program implemented with it. Also, small businesses lack the resources to get much value from SIEM systems.
How to Secure Microsoft SharePoint
Enterprises are increasingly turning to affordable collaboration tools such as Microsoft SharePoint to meet the needs of rapid and secure collaboration among their employees, partners and customers. Knowledge Center contributor Shane Buckley explains how IT administrators can secure Microsoft SharePoint in their organization to keep up with security and compliance demands.
- Microsoft SharePoint. These are two words that conjure up both relief and fear. First, the relief: with over 85 million licenses sold and $1 billion in sales, it's clear that organizations are rapidly embracing Microsoft SharePoint as an affordable technology that can solve the not-so-insignificant ...
How to Secure Your Network from Kaminsky's DNS Cache Poisoning Flaw
Savvy network security administrators recognize that multiple defenses offer the best protection against insidious security threats. Knowledge Center contributor Sandy Wilbourn explains what the Kaminsky DNS cache poisoning flaw is and how to secure your enterprise's network from the Kaminsky DNS cache poisoning flaw.
- The seriousness of the recent DNS cache poisoning vulnerability, discovered by security researcher Dan Kaminsky, raises the bar for network security administrators and should provoke development of a comprehensive plan to address this insidious threat. Every enterprise has a caching DNS server and...
How to Unify Identities to Reduce Identity and Access Management Challenges
Organizations struggle with complex, heterogeneous environments that require users to have multiple identities for accessing the applications they need. As these identities grow, they require an increased level of control and visibility, presenting IT with identity and access management challenges in efficiency, security and compliance. Knowledge Center contributor Jackson Shaw explains how a get to one strategy that automates identity administration, consolidates directories and utilizes the organization's existing infrastructure and directory can minimize these identity and access management challenges.
- Today's complex, heterogeneous enterprises contain multifaceted and diverse information systems. The proliferation of the personal computer and the networking of those computers have caused the number and types of systems that are accessed, as well as the number of employees who must be granted acce...
Microsoft Changes Windows 7 Feature to Fight Malware
Microsoft announces it is altering the AutoPlay feature in Windows 7 to prevent it from enabling the AutoRun task for USB devices. According to Microsoft, this was done as a security move because malware, including the notorious Conficker worm, is increasingly abusing the AutoRun feature to propagate.
- Microsoft is building a small but important change into Windows 7 to help slow the spread of malware. According to Microsoft, the company is changing the way the AutoPlay feature operates to prevent it from enabling the AutoRun task for USB devices. The move, Microsoft officials said, was do...
McAfee Move Targets SMB Security
Security vendor McAfee is making a push into the SMB security space with a line of McAfee UTM Firewalls and a new SAAS offering it says could cut costs for businesses. The McAfee Web Protection Service includes anti-malware capabilities and reputation-based filtering.
- McAfee has its eyes on the small and midsize business market with a push based on software as a service and unified threat management. The focus on SMBs follows a similar move by Symantec, which recently announced plans for an SMB-focused version of Symantec Endpoint Protection. In McAfee's case...
Application Security Starts in the Development Lifecycle
Application security starts during the development process. Thwarting hackers means reducing the number of security vulnerabilities out there, something that starts with proper planning, those in the field said.
- IT is an interesting world, one where the Web is simultaneously a key driver for business and a popular gateway for attackers. With both these forces at work, it shouldnt be surprising enterprises are starting to take application security more seriously. Statistics from a recent survey by the Open...
Jeffrey Carr: Projecting Borders into Cyberspace
Projecting Borders into Cyberspace
Brief: JavaScript flaw reported in Adobe Reader
JavaScript flaw reported in Adobe Reader
McAfee Launches Cybercrime Self-help Site (PC World)
In technology
PC World - Antivirus software maker McAfee today launched a new Web site intended to provide advice and services to those who suspect they may be victims of cybercrime.
Conficker worm dabbling with mischief (AFP)
In technology
AFP - The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."
McAfee Launches 'online 911' for Cybercrime Victims (PC World)
In technology
PC World - McAfee has launched a new Web site designed to help cybercrime victims recover from hacker attacks.
How Anonymous Hackers Triumphed Over Time
By Ryan Singel
Anonymous, the troublemaking collective, rigs a Time magazine web poll to make it leader the most influential person in the world. Here's how they did it.
Senator Balks at White House Control of Cybersecurity
Susan Collins, (R-Maine), wants to make sure Congress has an oversight role.
Swine Flu Might Sicken the Net
Analysis: Is the Internet ready for a pandemic?
Experts Disagree on Cybersecurity Role for DHS
Some at the hearing question whether the new White House czar is needed
McAfee Launches Cybercrime Self-help Site
The antivirus company launched a new site today with decent, albeit basic, advice for possible victims of malware or ID theft.
'Hackers Wanted' Ad Fed Security Misconception
I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was dead.
Cloud Computing Security: Who Knew?
Cloud computing is big even though there is less than perfect agreement on just what it is.
Posts
No comments:
Post a Comment