Week of 16 Jun 2014 Iraqi government blocks social media (ComputerWeekly.com | 17 Jun 2014)
The government in Iraq is reportedly blocking access to social media sites amid growing armed conflict in the country
Week of 08 Jul 2013 The cloud security issues holding back cloud adoption in India (11 Jul 2013)
Security fears are cited as major obstacles to cloud adoption worldwide, and India is no exception with major hurdles to clear before mass adoption.
Week of 04 Mar 2013 Emerging threats include kinetic attack, offensive forensics: RSA 2013 (04 Mar 2013)
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.
Week of 25 Feb 2013 Bad outsourcing decisions cause 63% of data breaches (28 Feb 2013)
Bad outsourcing decisions nearly two-thirds of data breaches investigated by security firm Trustwave in the past year
Every Global 2000 organisation faces $398m in potential losses from new and evolving attacks on their ability to control trust with cryptographic keys and digital certificates, a study has revealed
Week of 03 Dec 2012 Cutwail botnet spam campaign tied to Zeus banking Trojan (05 Dec 2012)
The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials.
In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.
Week of 26 Nov 2012 Study finds most antivirus products ineffective (27 Nov 2012)
Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva.
Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro.
Week of 19 Nov 2012 Cloud security begins with the contract, says expert (21 Nov 2012)
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.
Deceptive environments, phony data in the enterprise can fool attackers and increase the cost of hacking, says noted cybersecurity expert Paul Kurtz.
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.
A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.
Week of 12 Nov 2012 Adobe investigates scope of customer forum breach (14 Nov 2012)
Names, email addresses and encrypted passwords of thousands of customers may have been exposed in a breach of the software maker's customer forum.
NASA to deploy whole-disk encryption following breach (15 Nov 2012)
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.
Week of 05 Nov 2012 Mobile impacting cloud security issues, says panel (07 Nov 2012)
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies.
November 2012 Patch Tuesday to include Windows 8 patch (08 Nov 2012)
Microsoft's November 2012 Patch Tuesday release will include four critical bulletins to fix flaws in Windows 8 and other products.
Week of 29 Oct 2012 Apple iOS 6.0.1 update fixes four security holes (02 Nov 2012)
iOS platform gets an update to 6.0.1 to fix security and stability problems. WebKit holes and kernel faults list among Apple’s list of patched bugs.
Hackers share attack techniques and vulnerability information, shedding light on what threats matter most, according to a new study.
ISACA to revamp IS Audit and Assurance Standards (01 Nov 2012)
Risk and compliance knowledge provider ISACA issues an exposure draft of IS audit standards; seeks feedback from Indian technology professionals.
Week of 22 Oct 2012 Users neglect enterprise mobile device security measures, survey finds (23 Oct 2012)
Some employees are failing to enable security capabilities on their smartphones and tablets, putting corporate email and other sensitive data at risk.
Week of 15 Oct 2012 Google no longer playing with Android malware (18 Oct 2012)
Some say the Android malware problem is out of hand, and it appears Google is taking additional steps to block attacks in its Google Play store.
MiniFlame is highly specific espionage malware, but experts indicate that financially motivated cybercriminals could make the threat more widespread.
Public Wi-Fi usage has gone up significantly in the past year, and many people are using insecure hotspots to access work information.
When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc.
Week of 08 Oct 2012 Application vulnerability disclosures rise, Microsoft finds (11 Oct 2012)
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft.
The new requirements for digital certificates kicks in with the October update, which includes one critical bulletin and six important bulletins.
Week of 01 Oct 2012 Age-old vulnerabilities, attack techniques consistently trip enterprises (02 Oct 2012)
Windows security has improved, but longstanding Unix and network vulnerabilities remain an easy target for determined attackers.
Week of 24 Sep 2012 Adobe to revoke certificate following fraudulent use (27 Sep 2012)
Malicious utilities were created using the fraudulent certificates to appear to be valid Adobe products running on Windows systems.
Research firm discovers new Java sandbox vulnerability (26 Sep 2012)
A Java sandbox flaw could allow malicious code to run on any system running Java 5, 6, or 7. Users are advised to disable the Java browser plugin.
Most distributed denial-of-service attacks are easily filtered out, but individuals with the technical skills can mirror legitimate traffic.
Once inside, skilled attackers can scout for exploitable flaws and set up private communication channels to support cyberespionage campaigns.
Week of 17 Sep 2012 ESET calls Flashback Trojan threat now 'extinct' (21 Sep 2012)
ESET reports on how the Flashback Trojan changed the relationship between Apple and Java.
Microsoft issued an out-of-band security bulletin, addressing a zero-day vulnerability and four other flaws in Internet Explorer.
A temporary automated fix plugging the dangerous flaw is available until an official patch is released.
Week of 10 Sep 2012 Microsoft disrupts Nitol botnet, outs hidden PC malware (14 Sep 2012)
The Nitol botnet controlled more than 500 strains of embedded malware that Microsoft says has been plaguing the PC supply chain.
Two important bulletins were issued in Microsoft's September 2012 Patch Tuesday.
A new URL generation algorithm and domain obfuscation are among the new features designed to trip up malware analysis and avoid detection.
Week of 03 Sep 2012 Aurora attackers target defense firms, use flurry of zero-days (07 Sep 2012)
Cybercriminals tied to the 2009 Aurora attacks have used a flurry of zero-day exploits and a new "watering hole" attack technique in targeted campaigns.
FireEye warns of steady increase in advanced malware (04 Sep 2012)
Social engineering tactics often involve email attachments targeting various industry sectors, says the security firm.
Microsoft released an advance notification on two important bulletins and encouraged customers to address a SSL certificate update before October.
Week of 27 Aug 2012 Oracle issues Java security update fixing dangerous zero-day vulnerabilities (30 Aug 2012)
The latest update fixes widely exploited zero-day vulnerabilities. Metasploit manager praises company for fast turnaround.
Week of 20 Aug 2012 Disttrack discovery highlights growing use of targeted malware (21 Aug 2012)
W32.Disttrack, a worm that corrupts files and overwrites the MBR, further proves attackers now favor targeted malware for penetrating enterprises.
Adobe has released updates for six critical vulnerabilities, following a patch just one week ago that addressed other critical flaws.
Week of 13 Aug 2012 August 2012 Patch Tuesday fixes flaw being actively targeted by attackers (14 Aug 2012)
A dangerous flaw in Windows Common Controls affects multiple systems and software, including Office, SQL Server and Visual Basic 6.0 Runtime.
The Microsoft Malicious Software Removal Tool release warns users of Win32/Bafruz family backdoor Trojan.
Oracle said it would begin providing timely security updates to Java for Mac OS X.
Week of 06 Aug 2012 Five critical vulnerabilities expected in August 2012 Patch Tuesday (09 Aug 2012)
Microsoft said it would address ten vulnerabilities in the August 2012 Patch Tuesday, including flaws in Internet Explorer.
Kaspersky Lab has exposed a new cyberespionage toolkit it says is used in nation-state-sponsored attacks targeting people in the Middle East.
The most serious Android mobile malware uses SMS premium messages to make cybercriminals money, a tried and true attack method.
Week of 30 Jul 2012 Dropbox to implement two-factor authentication after security breach (01 Aug 2012)
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website.
Scope of Dropbox security breach is undetermined (01 Aug 2012)
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses.
Week of 23 Jul 2012 Apple's AuthenTec purchase may pave way for iOS biometrics (27 Jul 2012)
In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's.
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities.
Researcher Charlie Miller says Near Field Communication or NFC security issues open a huge attack surface on smartphones.
Week of 16 Jul 2012 Attackers dropping Mahdi spyware on oil facilities, embassies, say researchers (18 Jul 2012)
The Mahdi Trojan contains a keylogger that can record a victim's keystrokes and upload the data to a remote server.
Researchers have explored the updated Windows 8 memory protection security features and will present their findings at Black Hat 2012.
Week of 09 Jul 2012 Microsoft repairs dangerous XML Core Services zero-day flaw (10 Jul 2012)
The Microsoft XML Core Services vulnerability is being actively targeted by cybercriminals. In addition, Microsoft issued a critical update to Internet Explorer 9.
Microsoft has revoked more than two dozen digital certificates used to validate the authenticity of its software.
Week of 02 Jul 2012 Botnet infections in the enterprise have experts advocating less automation (02 Jul 2012)
Having skilled IT pros closely monitoring intrusion prevention systems to investigate network traffic anomalies can reduce infections, experts say.
Citadel malware toolkit going underground, says RSA (03 Jul 2012)
The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity.
DDoS mitigation a key component in network security (02 Jul 2012)
With DDoS attacks increasing in frequency, size and complexity, it’s time for online businesses to start protecting themselves.
Microsoft will issue nine bulletins, three rated “critical” as part of its July Patch Tuesday, addressing critical flaws in Windows and Internet Explorer 9.
Network threat detection moves beyond signatures (02 Jul 2012)
Network threat detection requires content monitoring and analysis, rather than solely relying on matching network packets to existing signatures.
Week of 25 Jun 2012 FBI undercover operation leads to huge online credit card fraud sting (26 Jun 2012)
Twenty-four people arrested across eight countries in international cybercrime takedown.
The Flame malware, believed to be a joint U.S.-Israeli project, shows stark differences between the tactics used by China and those used by the West.
Week of 18 Jun 2012 Google detects 9,500 new malicious websites daily (20 Jun 2012)
Malicious sites discovered via Google’s Safe Browsing effort include compromised websites and others designed for malware distribution or phishing.
A software implementation issue enables an attacker to escalate privileges or break out of a virtual machine environment.
The Metasploit pen testing software contains working exploits that can target Microsoft XML Core Services flaw and a hole in Internet Explorer.
A hacktivist group known as UGNazi claims responsibility for multiple Twitter outages today, though Twitter has denied any attacks on its service.
Week of 11 Jun 2012 Global Payments processor breach expands, merchant data exposed (14 Jun 2012)
The processor said its breach did not exceed 1.5 million cards, but added that the personal data provided by merchant applications was also exposed.
This month’s Patch Tuesday release includes seven bulletins that address 26 vulnerabilities in Windows, Internet Explorer, .Net Framework and Dynamics AX.
The feature can automatically remove revoked certificates from Windows Vista and Windows 7 systems. The measure is in response to the Flame attacks.
A spear phishing campaign contains a message about industrial control systems security and a malicious .pdf file that downloads malware to steal data.
Stuxnet-Flame link confirmed, Kaspersky researchers say (11 Jun 2012)
A module found inside the original Stuxnet code base included the Flame malware toolkit.
Week of 04 Jun 2012 Adobe Flash Player security update fixes flaws, issues Firefox shield (08 Jun 2012)
Adobe repaired seven dangerous vulnerabilities in its latest Flash Player update and added sandboxing protection for Firefox and Mac users.
LinkedIn investigating user account password breach (06 Jun 2012)
More than 6 million passwords may have been stolen from the servers of social network LinkedIn and posted to a Russian hacking forum.
The fraudulent Microsoft certificates were used in the Flame malware attacks and could be used by less sophisticated cybercriminals, according to Microsoft.
The overhaul to Windows Update is to follow Microsoft’s emergency update, revoking three fraudulent certificates that could be used in broad attacks.
Week of 28 May 2012 CISOs struggle with visibility, complexity in enterprise risk management (29 May 2012)
McAfee says organizations must juggle visibility, system complexity challenges when balancing compliance-driven priorities with the threat landscape.
Flame, a package of components commonly available in most banking Trojans and remote access toolkits, is detectable by current antivirus, experts say.
A sophisticated malware toolkit has targeted Iran, Lebanon, Syria, Sudan and Israel, and is believed to be part of a cyberespionage operation.
Tinba banking Trojan sniffs network traffic, steals data (31 May 2012)
Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group.
Week of 21 May 2012 Android Malware Genome Project aims to nurture mobile security research (23 May 2012)
Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples.
Google Chrome gets security overhaul, patches 13 bugs (24 May 2012)
Software giant updates Google Chrome stable channel to v19.0.1084.52 in a security only update.
The PCI Council will continue to issue recommendations for mobile payment security, according to Bob Russo, general manager of the PCI SSC.
Week of 14 May 2012 Android security model doing best to enable mobile malware spread (16 May 2012)
At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.
Gartner report: UTM market on the upswing, expert says (14 May 2012)
Gartner released a report detailing market growth from 2010-2011 throughout the UTM vendor industry.
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
PCI Council urges P2P encryption for mobile payments (16 May 2012)
A PCI Council guidance document requires merchants to use a validated PIN entry device or secure card reader to accept payments using mobile devices.