Week of 16 Jun 2014 Iraqi government blocks social media (ComputerWeekly.com | 17 Jun 2014)
The government in Iraq is reportedly blocking access to social media sites amid growing armed conflict in the country
Week of 08 Jul 2013 The cloud security issues holding back cloud adoption in India (11 Jul 2013)
Security fears are cited as major obstacles to cloud adoption worldwide, and India is no exception with major hurdles to clear before mass adoption.
Week of 04 Mar 2013 Emerging threats include kinetic attack, offensive forensics: RSA 2013 (04 Mar 2013)
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.
Week of 25 Feb 2013 Bad outsourcing decisions cause 63% of data breaches (28 Feb 2013)
Bad outsourcing decisions nearly two-thirds of data breaches investigated by security firm Trustwave in the past year
Every Global 2000 organisation faces $398m in potential losses from new and evolving attacks on their ability to control trust with cryptographic keys and digital certificates, a study has revealed
Week of 03 Dec 2012 Cutwail botnet spam campaign tied to Zeus banking Trojan (05 Dec 2012)
The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials.
In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.
Week of 26 Nov 2012 Study finds most antivirus products ineffective (27 Nov 2012)
Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva.
Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro.
Week of 19 Nov 2012 Cloud security begins with the contract, says expert (21 Nov 2012)
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.
Deceptive environments, phony data in the enterprise can fool attackers and increase the cost of hacking, says noted cybersecurity expert Paul Kurtz.
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.
A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.
Week of 12 Nov 2012 Adobe investigates scope of customer forum breach (14 Nov 2012)
Names, email addresses and encrypted passwords of thousands of customers may have been exposed in a breach of the software maker's customer forum.
NASA to deploy whole-disk encryption following breach (15 Nov 2012)
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.
Week of 05 Nov 2012 Mobile impacting cloud security issues, says panel (07 Nov 2012)
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies.
November 2012 Patch Tuesday to include Windows 8 patch (08 Nov 2012)
Microsoft's November 2012 Patch Tuesday release will include four critical bulletins to fix flaws in Windows 8 and other products.
Week of 29 Oct 2012 Apple iOS 6.0.1 update fixes four security holes (02 Nov 2012)
iOS platform gets an update to 6.0.1 to fix security and stability problems. WebKit holes and kernel faults list among Apple’s list of patched bugs.
Hackers share attack techniques and vulnerability information, shedding light on what threats matter most, according to a new study.
ISACA to revamp IS Audit and Assurance Standards (01 Nov 2012)
Risk and compliance knowledge provider ISACA issues an exposure draft of IS audit standards; seeks feedback from Indian technology professionals.
Week of 22 Oct 2012 Users neglect enterprise mobile device security measures, survey finds (23 Oct 2012)
Some employees are failing to enable security capabilities on their smartphones and tablets, putting corporate email and other sensitive data at risk.
Week of 15 Oct 2012 Google no longer playing with Android malware (18 Oct 2012)
Some say the Android malware problem is out of hand, and it appears Google is taking additional steps to block attacks in its Google Play store.
MiniFlame is highly specific espionage malware, but experts indicate that financially motivated cybercriminals could make the threat more widespread.
Public Wi-Fi usage has gone up significantly in the past year, and many people are using insecure hotspots to access work information.
When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc.
Week of 08 Oct 2012 Application vulnerability disclosures rise, Microsoft finds (11 Oct 2012)
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft.
The new requirements for digital certificates kicks in with the October update, which includes one critical bulletin and six important bulletins.
Week of 01 Oct 2012 Age-old vulnerabilities, attack techniques consistently trip enterprises (02 Oct 2012)
Windows security has improved, but longstanding Unix and network vulnerabilities remain an easy target for determined attackers.
Week of 24 Sep 2012 Adobe to revoke certificate following fraudulent use (27 Sep 2012)
Malicious utilities were created using the fraudulent certificates to appear to be valid Adobe products running on Windows systems.
Research firm discovers new Java sandbox vulnerability (26 Sep 2012)
A Java sandbox flaw could allow malicious code to run on any system running Java 5, 6, or 7. Users are advised to disable the Java browser plugin.
Most distributed denial-of-service attacks are easily filtered out, but individuals with the technical skills can mirror legitimate traffic.
Once inside, skilled attackers can scout for exploitable flaws and set up private communication channels to support cyberespionage campaigns.
Week of 17 Sep 2012 ESET calls Flashback Trojan threat now 'extinct' (21 Sep 2012)
ESET reports on how the Flashback Trojan changed the relationship between Apple and Java.
Microsoft issued an out-of-band security bulletin, addressing a zero-day vulnerability and four other flaws in Internet Explorer.
A temporary automated fix plugging the dangerous flaw is available until an official patch is released.
Week of 10 Sep 2012 Microsoft disrupts Nitol botnet, outs hidden PC malware (14 Sep 2012)
The Nitol botnet controlled more than 500 strains of embedded malware that Microsoft says has been plaguing the PC supply chain.
Two important bulletins were issued in Microsoft's September 2012 Patch Tuesday.
A new URL generation algorithm and domain obfuscation are among the new features designed to trip up malware analysis and avoid detection.
Week of 03 Sep 2012 Aurora attackers target defense firms, use flurry of zero-days (07 Sep 2012)
Cybercriminals tied to the 2009 Aurora attacks have used a flurry of zero-day exploits and a new "watering hole" attack technique in targeted campaigns.
FireEye warns of steady increase in advanced malware (04 Sep 2012)
Social engineering tactics often involve email attachments targeting various industry sectors, says the security firm.
Microsoft released an advance notification on two important bulletins and encouraged customers to address a SSL certificate update before October.
Week of 27 Aug 2012 Oracle issues Java security update fixing dangerous zero-day vulnerabilities (30 Aug 2012)
The latest update fixes widely exploited zero-day vulnerabilities. Metasploit manager praises company for fast turnaround.
Week of 20 Aug 2012 Disttrack discovery highlights growing use of targeted malware (21 Aug 2012)
W32.Disttrack, a worm that corrupts files and overwrites the MBR, further proves attackers now favor targeted malware for penetrating enterprises.
Adobe has released updates for six critical vulnerabilities, following a patch just one week ago that addressed other critical flaws.
Week of 13 Aug 2012 August 2012 Patch Tuesday fixes flaw being actively targeted by attackers (14 Aug 2012)
A dangerous flaw in Windows Common Controls affects multiple systems and software, including Office, SQL Server and Visual Basic 6.0 Runtime.
The Microsoft Malicious Software Removal Tool release warns users of Win32/Bafruz family backdoor Trojan.
Oracle said it would begin providing timely security updates to Java for Mac OS X.
Week of 06 Aug 2012 Five critical vulnerabilities expected in August 2012 Patch Tuesday (09 Aug 2012)
Microsoft said it would address ten vulnerabilities in the August 2012 Patch Tuesday, including flaws in Internet Explorer.
Kaspersky Lab has exposed a new cyberespionage toolkit it says is used in nation-state-sponsored attacks targeting people in the Middle East.
The most serious Android mobile malware uses SMS premium messages to make cybercriminals money, a tried and true attack method.
Week of 30 Jul 2012 Dropbox to implement two-factor authentication after security breach (01 Aug 2012)
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website.
Scope of Dropbox security breach is undetermined (01 Aug 2012)
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses.
Week of 23 Jul 2012 Apple's AuthenTec purchase may pave way for iOS biometrics (27 Jul 2012)
In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's.
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities.
Researcher Charlie Miller says Near Field Communication or NFC security issues open a huge attack surface on smartphones.
Week of 16 Jul 2012 Attackers dropping Mahdi spyware on oil facilities, embassies, say researchers (18 Jul 2012)
The Mahdi Trojan contains a keylogger that can record a victim's keystrokes and upload the data to a remote server.
Researchers have explored the updated Windows 8 memory protection security features and will present their findings at Black Hat 2012.
Week of 09 Jul 2012 Microsoft repairs dangerous XML Core Services zero-day flaw (10 Jul 2012)
The Microsoft XML Core Services vulnerability is being actively targeted by cybercriminals. In addition, Microsoft issued a critical update to Internet Explorer 9.
Microsoft has revoked more than two dozen digital certificates used to validate the authenticity of its software.
Week of 02 Jul 2012 Botnet infections in the enterprise have experts advocating less automation (02 Jul 2012)
Having skilled IT pros closely monitoring intrusion prevention systems to investigate network traffic anomalies can reduce infections, experts say.
Citadel malware toolkit going underground, says RSA (03 Jul 2012)
The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity.
DDoS mitigation a key component in network security (02 Jul 2012)
With DDoS attacks increasing in frequency, size and complexity, it’s time for online businesses to start protecting themselves.
Microsoft will issue nine bulletins, three rated “critical” as part of its July Patch Tuesday, addressing critical flaws in Windows and Internet Explorer 9.
Network threat detection moves beyond signatures (02 Jul 2012)
Network threat detection requires content monitoring and analysis, rather than solely relying on matching network packets to existing signatures.
Week of 25 Jun 2012 FBI undercover operation leads to huge online credit card fraud sting (26 Jun 2012)
Twenty-four people arrested across eight countries in international cybercrime takedown.
The Flame malware, believed to be a joint U.S.-Israeli project, shows stark differences between the tactics used by China and those used by the West.
Week of 18 Jun 2012 Google detects 9,500 new malicious websites daily (20 Jun 2012)
Malicious sites discovered via Google’s Safe Browsing effort include compromised websites and others designed for malware distribution or phishing.
A software implementation issue enables an attacker to escalate privileges or break out of a virtual machine environment.
The Metasploit pen testing software contains working exploits that can target Microsoft XML Core Services flaw and a hole in Internet Explorer.
A hacktivist group known as UGNazi claims responsibility for multiple Twitter outages today, though Twitter has denied any attacks on its service.
Week of 11 Jun 2012 Global Payments processor breach expands, merchant data exposed (14 Jun 2012)
The processor said its breach did not exceed 1.5 million cards, but added that the personal data provided by merchant applications was also exposed.
This month’s Patch Tuesday release includes seven bulletins that address 26 vulnerabilities in Windows, Internet Explorer, .Net Framework and Dynamics AX.
The feature can automatically remove revoked certificates from Windows Vista and Windows 7 systems. The measure is in response to the Flame attacks.
A spear phishing campaign contains a message about industrial control systems security and a malicious .pdf file that downloads malware to steal data.
Stuxnet-Flame link confirmed, Kaspersky researchers say (11 Jun 2012)
A module found inside the original Stuxnet code base included the Flame malware toolkit.
Week of 04 Jun 2012 Adobe Flash Player security update fixes flaws, issues Firefox shield (08 Jun 2012)
Adobe repaired seven dangerous vulnerabilities in its latest Flash Player update and added sandboxing protection for Firefox and Mac users.
LinkedIn investigating user account password breach (06 Jun 2012)
More than 6 million passwords may have been stolen from the servers of social network LinkedIn and posted to a Russian hacking forum.
The fraudulent Microsoft certificates were used in the Flame malware attacks and could be used by less sophisticated cybercriminals, according to Microsoft.
The overhaul to Windows Update is to follow Microsoft’s emergency update, revoking three fraudulent certificates that could be used in broad attacks.
Week of 28 May 2012 CISOs struggle with visibility, complexity in enterprise risk management (29 May 2012)
McAfee says organizations must juggle visibility, system complexity challenges when balancing compliance-driven priorities with the threat landscape.
Flame, a package of components commonly available in most banking Trojans and remote access toolkits, is detectable by current antivirus, experts say.
A sophisticated malware toolkit has targeted Iran, Lebanon, Syria, Sudan and Israel, and is believed to be part of a cyberespionage operation.
Tinba banking Trojan sniffs network traffic, steals data (31 May 2012)
Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group.
Week of 21 May 2012 Android Malware Genome Project aims to nurture mobile security research (23 May 2012)
Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples.
Google Chrome gets security overhaul, patches 13 bugs (24 May 2012)
Software giant updates Google Chrome stable channel to v19.0.1084.52 in a security only update.
The PCI Council will continue to issue recommendations for mobile payment security, according to Bob Russo, general manager of the PCI SSC.
Week of 14 May 2012 Android security model doing best to enable mobile malware spread (16 May 2012)
At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.
Gartner report: UTM market on the upswing, expert says (14 May 2012)
Gartner released a report detailing market growth from 2010-2011 throughout the UTM vendor industry.
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
PCI Council urges P2P encryption for mobile payments (16 May 2012)
A PCI Council guidance document requires merchants to use a validated PIN entry device or secure card reader to accept payments using mobile devices.
Week of 07 May 2012 Microsoft fixes code targeted by Duqu in May 2012 Patch Tuesday (08 May 2012)
Experts suggest patience when dealing with this month’s round of Microsoft updates.
PCI virtualization compliance still a challenge (09 May 2012)
No black and white when it comes to PCI compliance in virtualized environments, experts say.
Week of 30 Apr 2012 Adobe pushes patch for actively exploited Flash Player vulnerability (04 May 2012)
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users.
GlobalPayments breach update explains scope of lapse (02 May 2012)
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customers
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March.
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework.
Week of 23 Apr 2012 Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says (25 Apr 2012)
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report.
VMware downplays ESX hypervisor source code leak (25 Apr 2012)
Company says source code was leaked online but says may not mean increased risk.
Week of 16 Apr 2012 HP study finds widespread custom Web application flaws (18 Apr 2012)
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws.
HP warns of malware in HP ProCurve switches' flash cards (16 Apr 2012)
HP has notified customers that some ProCurve 5400 zl switches were shipped that contained compact flash cards infected with malware.
Week of 09 Apr 2012 BYOD security policy, not MDM, at heart of smartphone security (13 Apr 2012)
Effective security policies, not a mobile device management platform, will solve corporate mobile device security issues, according to a security expert.
Dangerous Samba vulnerability affects all Linux systems (11 Apr 2012)
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn.
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws.
Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems.
Week of 02 Apr 2012 April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical (05 Apr 2012)
Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework.
Cisco IOS gets fixes for 12 DoS bugs (02 Apr 2012)
Cisco releases 9 advisories to address 13 vulnerabilities on March patch day as part of its bi-annual IOS patching exercise.
A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch.
Week of 26 Mar 2012 Adobe Flash Player patch fixes critical holes, releases silent automatic updater (29 Mar 2012)
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2
This is the story of how Bank of India turned around its business continuity strategy from a state of chaos as it geared up for BS 25999 certification.
The credit card giants tell banks that a third-party payment processor may have been breached, causing the loss of tens of thousands of card numbers.
Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself.
Week of 19 Mar 2012 Chrome gets fixes for 6 ‘high rated’ security bugs (22 Mar 2012)
Google has updated its Chrome browser to 17.0.963.83. This regular stable channel release fixes a total of 10 vulnerabilities, 6 of which are rated high.
The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
Analyst says move is important step in addressing the need for mobile application control and document management capabilities.
Researchers at NC State found that ad libraries used in Android apps access personal information unnecessary for proper functionality.
Week of 12 Mar 2012 Attack code surfaces for Microsoft RDP vulnerabilities (16 Mar 2012)
Antimalware vendors say proof-of-concept exploit code has surfaced on several Chinese websites. Experts recommend patching Windows systems now.
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins.
The Dell-SonicWall acquisition broadens Dell’s increasingly formidable data center infrastructure and services strategy with a next-generation firewall product.
Dell’s security portfolio expands with purchase of unified threat management and next generation firewall vendor SonicWall from private equity firm.
Week of 05 Mar 2012 Adobe Flash Player update repairs two vulnerabilities, introduces “Priority” ratings (06 Mar 2012)
Adobe Flash Player update addresses two vulnerabilities that can be targeted by attackers to execute malicious code and obtain sensitive information.
Apple iOS 5.1 patches 81 vulnerabilities (09 Mar 2012)
Alongside its ‘new iPad’ release, Apple Inc. releases iOS 5.1, the latest version of its mobile computing platform with fixes for 81 security holes.
NIST releases SP 800-153 WLAN security guidelines (07 Mar 2012)
The recently released NIST SP 800-153 addresses security of WLANS. Join us, as we take a closer look at the document’s recommendations.
Microsoft’s March bundle of updates repairs seven vulnerabilities, including a critical Windows flaw.
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011.
Week of 27 Feb 2012 FBI Director Mueller: For U.S., cybersecurity threats will surpass terrorism (01 Mar 2012)
At RSA Conference 2012, FBI Director Robert Mueller said the bureau is ramping up to fight cybersecurity threats and boost information-sharing efforts.
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel.
Week of 20 Feb 2012 CrowdStrike to make RSA 2012 debut with Android attack via Webkit (25 Feb 2012)
Firm led by well-known security experts George Kurtz and Dmitri Alperovitch will focus on defending against targeted attacks.
BYOD policy issues are a big concern for enterprises grappling to secure employee smartphones and tablets, say analysts previewing RSA 2012.
Understanding IPv6 security issues can be a challenge, but the protocol's co-inventor says enterprises can no longer afford to ignore IPv6 security concerns.
Week of 13 Feb 2012 Adobe Flash patches zero-day XSS, 6 critical vulnerabilities (16 Feb 2012)
Ships patch for Adobe Flash Player zero-day XSS bug as well as six critical bugs in out-of-cycle update.
Flaws in Internet Explorer and the Windows C Runtime library could be used to gain access to system files and download additional malware onto a victim’s machine.
Centrify mobile security supports Apple iOS and Google Android devices and can connect them to Microsoft Active Directory, but it lacks the robust management features found in major MDM suites,...
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking...