http://www.infosecurity-us.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Sun, 14 Mar 2010 00:24:49 GMT http://www.infosecurity-us.com/ http://www.infosecurity-us.com/_common/img/template/infosec-us/site-logo.gif http://www.infosecurity-us.com/view/8025/us-is-malicious-server-leader-says-avg/ The US plays host to the largest number of malicious web servers, according to a study released by anti-malware company AVG. Sat, 13 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/8025/us-is-malicious-server-leader-says-avg/ http://www.infosecurity-us.com/view/8024/aetna-boots-data-breach-class-action-suit/ Health insurer Aetna has succeeded in having a class-action lawsuit over an alleged security breach dismissed. Fri, 12 Mar 2010 21:00:00 GMT http://www.infosecurity-us.com/view/8024/aetna-boots-data-breach-class-action-suit/ http://www.infosecurity-us.com/view/8021/facebook-users-subject-to-yet-another-malware-attack/ Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection. Fri, 12 Mar 2010 20:11:00 GMT http://www.infosecurity-us.com/view/8021/facebook-users-subject-to-yet-another-malware-attack/ http://www.infosecurity-us.com/view/7994/russian-brides-attempt-to-thaw-the-ice-for-winter-spammers/ The latest monthly spam report shows that, regardless of the world economy, there is one item that is particularly hot this winter: Russian mail-order brides. This is according to newly released figures from McAfee. Thu, 11 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7994/russian-brides-attempt-to-thaw-the-ice-for-winter-spammers/ http://www.infosecurity-us.com/view/7992/provider-takedown-guts-zeus-infrastructure/ Yet another botnet suffered severe losses to its functionality this week, in what appears to be a growing campaign among the white hat community to take down these virulent networks. Troyak-AS, which was the upstream provider for the six worst Zeus hosting ISPs, has been taken offline. Thu, 11 Mar 2010 19:19:00 GMT http://www.infosecurity-us.com/view/7992/provider-takedown-guts-zeus-infrastructure/ http://www.infosecurity-us.com/view/7960/lack-of-precise-definitions-plagues-cybersecurity-legislation/ According to one security expert, anywhere from 14 to 35 pieces of legislation aiming to effect cybersecurity are in the works, depending on how one defines its role within the genre. These bills range from comprehensive to very focused, but, as some security experts claim, they all have common drawbacks. Wed, 10 Mar 2010 21:51:00 GMT http://www.infosecurity-us.com/view/7960/lack-of-precise-definitions-plagues-cybersecurity-legislation/ http://www.infosecurity-us.com/view/7959/lifelock-hit-with-12m-settlement-payment/ Identity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services. Wed, 10 Mar 2010 21:31:00 GMT http://www.infosecurity-us.com/view/7959/lifelock-hit-with-12m-settlement-payment/ http://www.infosecurity-us.com/view/7958/twitter-launches-antiphishing-offensive/ Popular micro blogging site Twitter has launched a service designed to stop phishing scams from victimizing its users. Wed, 10 Mar 2010 21:12:00 GMT http://www.infosecurity-us.com/view/7958/twitter-launches-antiphishing-offensive/ http://www.infosecurity-us.com/view/7957/ubisoft-servers-go-down-drm-blamed/ Computer games giant Ubisoft had to apologize to users after its online gaming service collapsed over the weekend. Ubisoft executives said that "exceptional demand" was to blame for the problem before the company blamed the downtime on an attack, the following day. Wed, 10 Mar 2010 20:50:00 GMT http://www.infosecurity-us.com/view/7957/ubisoft-servers-go-down-drm-blamed/ http://www.infosecurity-us.com/view/7945/rsa-identityfinder-announces-social-networking-id-theft-product-/ IdentityFinder, the identity theft prevention company, are set to offer protection for social networking sites later this year. Wed, 10 Mar 2010 12:00:00 GMT http://www.infosecurity-us.com/view/7945/rsa-identityfinder-announces-social-networking-id-theft-product-/ http://www.infosecurity-us.com/view/7925/brocade-half-of-network-solutions-only-stop-one-in-four-network-attacks/ Almost one in five participants at the RSA conference last week believe that their companies' security policies are being effectively enforced, according to figures released by data center fabric company Brocade. That said, at least half of them seem to be unhappy with their companies' security technology solutions. Wed, 10 Mar 2010 09:56:00 GMT http://www.infosecurity-us.com/view/7925/brocade-half-of-network-solutions-only-stop-one-in-four-network-attacks/ http://www.infosecurity-us.com/view/7924/microsoft-suffers-continued-internet-explorer-hits-on-patch-tuesday/ Microsoft took customers through a fairly sedate patch Tuesday this week, releasing just two bulletins addressing issues in its applications. However, all did not go without a hitch, as yet another zero-day vulnerability emerged for Internet Explorer. Wed, 10 Mar 2010 09:51:00 GMT http://www.infosecurity-us.com/view/7924/microsoft-suffers-continued-internet-explorer-hits-on-patch-tuesday/ http://www.infosecurity-us.com/view/7923/us-government-not-properly-coordinating-cybersecurity-efforts-warns-gao/ The US government is still failing on cybersecurity thanks to a lack of clear definitions among different agencies, the US Government Accountability Office has warned. Tue, 09 Mar 2010 21:23:00 GMT http://www.infosecurity-us.com/view/7923/us-government-not-properly-coordinating-cybersecurity-efforts-warns-gao/ http://www.infosecurity-us.com/view/7880/florida-couple-indicted-for-data-theft/ A husband-and-wife team from Coral Gables has been indicted for the second time in a year for the theft and sale of privacy data. Authorities claim that in both cases, the couple received payments from personal injury lawyers in exchange for patients’ personal privacy data from a local ambulance company. Tue, 09 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/7880/florida-couple-indicted-for-data-theft/ http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/ In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach. Mon, 08 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/ http://www.infosecurity-us.com/view/7882/staff-put-on-leave-in-merion-spy-cam-case/ Police are reviewing pictures from web cams in the Lower Merion School District spying case, it was revealed over the weekend, as two IT staff were put on leave pending further investigation. Mon, 08 Mar 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7882/staff-put-on-leave-in-merion-spy-cam-case/ http://www.infosecurity-us.com/view/7871/weekly-brief-march-8-2010/ Infosecurity US rounds up the significant events from the last week. Mon, 08 Mar 2010 18:47:00 GMT http://www.infosecurity-us.com/view/7871/weekly-brief-march-8-2010/ http://www.infosecurity-us.com/view/7837/rsa-rewind-national-security-heavyweights-talk-cybersecurity/ In what may have been the most star-studded event of last week’s RSA Conference in San Francisco, a panel of experts gathered during one keynote to discuss how governments can come together to combat cybersecurity threats without compromising individual liberties. Mon, 08 Mar 2010 07:00:00 GMT http://www.infosecurity-us.com/view/7837/rsa-rewind-national-security-heavyweights-talk-cybersecurity/ http://www.infosecurity-us.com/view/7836/isc-survey-shows-it-professionals-weathered-the-recession-in-fairly-good-shape/ Although the IT profession is not exactly immune from recent economic troubles, freshly revealed polling results from (ISC)² – the non-profit IT security trade group – indicate that security personnel are still in demand and, for the most part, gainfully employed. Fri, 05 Mar 2010 22:31:00 GMT http://www.infosecurity-us.com/view/7836/isc-survey-shows-it-professionals-weathered-the-recession-in-fairly-good-shape/ http://www.infosecurity-us.com/view/7797/rsa-napolitano-issues-dhs-national-cybersecurity-challenge-to-security-community/ Department of Homeland Security Secretary Janet Napolitano delivered one of the Wednesday keynote addresses, which focused on cybersecurity, at this year’s RSA Conference in San Francisco. She would close her remarks by issuing a challenge to the security community to help raise public awareness of cybersecurity issues. Thu, 04 Mar 2010 00:36:00 GMT http://www.infosecurity-us.com/view/7797/rsa-napolitano-issues-dhs-national-cybersecurity-challenge-to-security-community/ http://www.infosecurity-us.com/view/7796/rsa-isc-cyber-security-awareness-for-kids-/ At the RSA Conference 2010 in San Francisco, (ISC)²,Microsoft, and RSA conference co-sponsor a session to train member volunteers for its Safe and Secure online programme. Wed, 03 Mar 2010 19:50:00 GMT http://www.infosecurity-us.com/view/7796/rsa-isc-cyber-security-awareness-for-kids-/ http://www.infosecurity-us.com/view/7794/rsa-qualys-teams-with-imperva-on-website-security/ Hard on the heels of announcing a free website infection scanning service, Qualys has teamed up with fellow IT security vendor Imperva to integrate some of their respective software offerings. Wed, 03 Mar 2010 18:57:00 GMT http://www.infosecurity-us.com/view/7794/rsa-qualys-teams-with-imperva-on-website-security/ http://www.infosecurity-us.com/view/7762/rsa-solera-networks-partners-with-emc-/ Active network forensics company Solera Networks announced its partnership with EMC at RSA Conference 2010 on March 2 in San Francisco. Wed, 03 Mar 2010 00:53:00 GMT http://www.infosecurity-us.com/view/7762/rsa-solera-networks-partners-with-emc-/ http://www.infosecurity-us.com/view/7761/hot-topic-at-rsa-the-pitfalls-and-promise-of-social-networking/ A unique panel session convened at the RSA Conference in San Francisco today to discuss the pros and cons of social networking on the job, specifically by the under-30 set. Tue, 02 Mar 2010 22:00:00 GMT http://www.infosecurity-us.com/view/7761/hot-topic-at-rsa-the-pitfalls-and-promise-of-social-networking/ http://www.infosecurity-us.com/view/7760/rsa-schmidt-announces-transparent-national-us-cybersecurity-strategy/ Howard Schmidt, Cyber security advisor to President Obama, announced the launch of www.whitehouse.org/cybersecurity - a brand new web page launched to prove the commitment of the US government to its transparent cybersecurity strategy - during his keynote at RSA conference 2010 in San Francisco. Tue, 02 Mar 2010 21:53:00 GMT http://www.infosecurity-us.com/view/7760/rsa-schmidt-announces-transparent-national-us-cybersecurity-strategy/ http://www.infosecurity-us.com/view/7758/rsa-microsoft-reveal-plans-for-a-safer-internet-/ In his keynote address at the RSA Conference 2010 in San Francisco, Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, outlined how Microsoft will apply its end to end trust vision to cloud computing. Tue, 02 Mar 2010 20:51:00 GMT http://www.infosecurity-us.com/view/7758/rsa-microsoft-reveal-plans-for-a-safer-internet-/ http://www.infosecurity-us.com/view/7755/rsa-securing-cloud-computing-is-industry-responsibility-says-art-coviello/ In his keynote at RSA 2010, San Francisco, RSA President Art Coviello spoke of the industry’s latest and greatest challenge: securing cloud computing. Tue, 02 Mar 2010 18:37:00 GMT http://www.infosecurity-us.com/view/7755/rsa-securing-cloud-computing-is-industry-responsibility-says-art-coviello/ http://www.infosecurity-us.com/view/7754/rsa-m86-introduces-onestop-appliance-technology-and-launches-into-cloud/ M86 Security has taken the wraps off a one-stop integrated security appliance that combines its threat analysis technology with a drill-down dashboard interface. At the same time the company has extended its web gateway technology into the cloud computing environment. Tue, 02 Mar 2010 18:00:00 GMT http://www.infosecurity-us.com/view/7754/rsa-m86-introduces-onestop-appliance-technology-and-launches-into-cloud/ http://www.infosecurity-us.com/view/7752/rsa-pci-dss-survey-shows-that-encryption-is-tops-when-it-comes-to-endtoend-security/ According to a survey of qualified security assessors (QSA), the optimum methodology for end-to-end security protection is encryption. Tue, 02 Mar 2010 17:41:00 GMT http://www.infosecurity-us.com/view/7752/rsa-pci-dss-survey-shows-that-encryption-is-tops-when-it-comes-to-endtoend-security/ http://www.infosecurity-us.com/view/7751/rsa-check-point-unveils-secure-usb-drive-technology/ Check Point Software Technologies has taken the wraps off a secure USB drive system. Known as Abra, the unit is designed to offer PC or Windows-based terminal users a secure virtualised workspace that is highly portable between machines. Tue, 02 Mar 2010 17:35:00 GMT http://www.infosecurity-us.com/view/7751/rsa-check-point-unveils-secure-usb-drive-technology/ http://www.infosecurity-us.com/view/7721/veracode-report-exposes-application-security-failures/ According to the Veracode ‘State of Software Security’ report, between 58 and 88 percent of all applications submitted to Veracode for verification did not achieve an acceptable security score upon first submission. The exact percentage depends on the standard applied, based on application criticality. Tue, 02 Mar 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7721/veracode-report-exposes-application-security-failures/ http://www.infosecurity-us.com/view/7716/time-for-cloud-computing-says-webroot-cto/ Gerhard Eschelbeck, CTO of Webroot, tells Infosecurity’s Eleanor Dallaway that “2010 is the right time to engage in cloud computing”, as they catch up in Silicon Valley. Mon, 01 Mar 2010 20:18:00 GMT http://www.infosecurity-us.com/view/7716/time-for-cloud-computing-says-webroot-cto/ http://www.infosecurity-us.com/view/7696/rsa-qualys-introduces-free-malware-detection-/ Qualys has become the first on-demand network and site vulnerability company to launch a free malware detection service, designed to protect websites from malicious activities and stop visitors from being infected by malware. Mon, 01 Mar 2010 12:35:00 GMT http://www.infosecurity-us.com/view/7696/rsa-qualys-introduces-free-malware-detection-/ http://www.infosecurity-us.com/view/7648/mykonos-to-launch-counterhacker-tool/ Web application security company Mykonos Software has launched an appliance designed to watch what hackers are doing and take counter measures to confuse and divert them. Fri, 26 Feb 2010 00:35:00 GMT http://www.infosecurity-us.com/view/7648/mykonos-to-launch-counterhacker-tool/ http://www.infosecurity-us.com/view/7649/microsoft-topples-waledec-botnet-for-now/ The Waledec network is down – at least temporarily – thanks to an injunction sought by Microsoft and awarded by a federal judge, forcing registrars to shut down command-and-control domains. Fri, 26 Feb 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7649/microsoft-topples-waledec-botnet-for-now/ http://www.infosecurity-us.com/view/7650/xforce-document-vulnerabilities-on-the-rise/ Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry. Fri, 26 Feb 2010 00:00:00 GMT http://www.infosecurity-us.com/view/7650/xforce-document-vulnerabilities-on-the-rise/ http://www.infosecurity-us.com/view/7638/ftc-warns-organizations-about-data-breach-risks-from-p2p-file-sharing/ The Federal Trade Commission sent letters to nearly 100 organizations this week, warning them that customer and/or employee data are currently available on P2P networks according to its recent probe. Thu, 25 Feb 2010 15:00:00 GMT http://www.infosecurity-us.com/view/7638/ftc-warns-organizations-about-data-breach-risks-from-p2p-file-sharing/ http://www.infosecurity-us.com/view/7605/researchers-identify-anonymous-users-through-web-browser-history-and-social-networks/ Researchers have combined stolen web browser history data with membership of social networking groups to identify large numbers of users who would otherwise be anonymous, it was revealed this week. Thu, 25 Feb 2010 00:35:00 GMT http://www.infosecurity-us.com/view/7605/researchers-identify-anonymous-users-through-web-browser-history-and-social-networks/ http://www.infosecurity-us.com/view/7606/comcast-will-transition-to-dnssec-/ Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year. Thu, 25 Feb 2010 00:24:00 GMT http://www.infosecurity-us.com/view/7606/comcast-will-transition-to-dnssec-/ http://www.infosecurity-us.com/view/7567/understaffed-companies-putting-it-security-at-risk-says-symantec/ A lack of IT staff resources is hindering corporate security, according to a study released by Symantec this week. And companies are exacerbating the issue by embarking on new IT projects that create security problems. Wed, 24 Feb 2010 00:33:00 GMT http://www.infosecurity-us.com/view/7567/understaffed-companies-putting-it-security-at-risk-says-symantec/ http://www.infosecurity-us.com/view/7569/adobe-fixes-adobe-download-manager-flaw-by-deleting-the-software/ Adobe has taken the easy option to fix the zero-day remote execution flaw discovered in its Adobe Download Manager last week. It advised users to simply delete the software so that it wouldn't come back again. Wed, 24 Feb 2010 00:27:00 GMT http://www.infosecurity-us.com/view/7569/adobe-fixes-adobe-download-manager-flaw-by-deleting-the-software/ http://www.infosecurity-us.com/view/7568/intel-targeted-by-january-cyberattack/ Intel was the target of a concerned cyberattack in January – around the same time that Google identified the Operation Aurora attack, according to a 10-K filing that the chip maker made to the SEC. Wed, 24 Feb 2010 00:10:00 GMT http://www.infosecurity-us.com/view/7568/intel-targeted-by-january-cyberattack/ http://www.infosecurity-us.com/view/7566/rutgers-team-demonstrates-new-smart-phone-security-threat/ A team of investigators at Rutgers University has revealed research indicating that smart phones can be compromised by sophisticated rootkits. Tue, 23 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7566/rutgers-team-demonstrates-new-smart-phone-security-threat/ http://www.infosecurity-us.com/view/7554/no-expectation-of-privacy-for-p2p-files-says-9th-circuit-court-of-appeals/ A Nevada man had his appeal of a child pornography conviction denied last week by the 9th Circuit Court in San Francisco. The defendant, Charles A. Borowy, claimed that his fourth amendment right prohibiting unlawful search and seizure was violated by an FBI agent who downloaded and viewed files from the man’s computer using the LimeWire P2P service. Tue, 23 Feb 2010 15:16:00 GMT http://www.infosecurity-us.com/view/7554/no-expectation-of-privacy-for-p2p-files-says-9th-circuit-court-of-appeals/ http://www.infosecurity-us.com/view/7529/weekly-brief-february-22-2009/ Infosecurity rounds up some of the week's security news Tue, 23 Feb 2010 08:00:00 GMT http://www.infosecurity-us.com/view/7529/weekly-brief-february-22-2009/ http://www.infosecurity-us.com/view/7528/spybot-worm-spreads-via-direct-p2p-file-sharing/ Researchers have identified Spybot.AKB, a worm that spreads across P2P networks and email systems. Mon, 22 Feb 2010 23:32:00 GMT http://www.infosecurity-us.com/view/7528/spybot-worm-spreads-via-direct-p2p-file-sharing/ http://www.infosecurity-us.com/view/7527/pennsylvania-school-district-hit-by-injunction-fbi-investigation-after-web-cam-incident/ A federal judge has ordered a suburban Philadelphia school not to reactivate a security system that enabled it to monitor students in their homes without their knowledge. The judge made the emergency ruling after a student sued the school, alleging an invasion of privacy after someone at the school took a picture of him in his home. Mon, 22 Feb 2010 22:41:00 GMT http://www.infosecurity-us.com/view/7527/pennsylvania-school-district-hit-by-injunction-fbi-investigation-after-web-cam-incident/ http://www.infosecurity-us.com/view/7524/fortify-and-hp-attack-hybrid-web-software-testing-market/ Fortify Software and HP have teamed up to release Hybrid 2.0, a tool designed to test web applications for security flaws. Mon, 22 Feb 2010 22:00:00 GMT http://www.infosecurity-us.com/view/7524/fortify-and-hp-attack-hybrid-web-software-testing-market/ http://www.infosecurity-us.com/view/7491/pgp-upgrades-encryption-and-key-management-server-porfolio/ PGP has released a new version of its Key Management Server designed to pull together disparate key management systems for enterprise customers. Mon, 22 Feb 2010 08:27:00 GMT http://www.infosecurity-us.com/view/7491/pgp-upgrades-encryption-and-key-management-server-porfolio/ http://www.infosecurity-us.com/view/7490/adobe-download-manager-row-escalates-with-new-vulnerability/ Adobe continued to fight fires on the security front last week, as a researcher discovered a second flaw in its Adobe Download Manager software tool. Mon, 22 Feb 2010 08:21:00 GMT http://www.infosecurity-us.com/view/7490/adobe-download-manager-row-escalates-with-new-vulnerability/ http://www.infosecurity-us.com/view/7486/school-linked-to-operation-aurora-attack-is-tied-indirectly-to-hacktivist-group/ Two schools in China have been linked to the Operation Aurora attack that targeted Google and other companies last year – and one of them has been tied to a national network of hacktivist groups. Fri, 19 Feb 2010 21:46:00 GMT http://www.infosecurity-us.com/view/7486/school-linked-to-operation-aurora-attack-is-tied-indirectly-to-hacktivist-group/ http://www.infosecurity-us.com/view/7444/pleaserobme-gathers-web-20-data-to-make-a-point/ A playful new website is trying to raise awareness about personal and home security issues online. PleaseRobMe gathers location information from web 2.0 websites that geotag content for mobile users, presenting them as a list of users who are not at home. Thu, 18 Feb 2010 23:46:00 GMT http://www.infosecurity-us.com/view/7444/pleaserobme-gathers-web-20-data-to-make-a-point/ http://www.infosecurity-us.com/view/7443/zeus-gang-hits-75-000-computers/ The same criminal gang that targeted government and military computers with its malware has also infected 75 000 computers in almost 200 countries with a virulent strain of the banking trojan, according to research from network monitoring company NetWitness. Thu, 18 Feb 2010 22:33:00 GMT http://www.infosecurity-us.com/view/7443/zeus-gang-hits-75-000-computers/ http://www.infosecurity-us.com/view/7442/new-york-state-holds-software-developers-accountable/ The state of New York is proposing language for inclusion in procurement documents that it hopes will help to enforce secure application development practices among suppliers. Thu, 18 Feb 2010 21:53:00 GMT http://www.infosecurity-us.com/view/7442/new-york-state-holds-software-developers-accountable/ http://www.infosecurity-us.com/view/7445/spam-shortened-urls-and-software-vulnerabilities-highlight-latest-security-threat-report/ Rebounding spam traffic, increased use of shortened URLs to deliver malicious payloads, and continued vulnerabilities among some of the most popular software applications were among the most serious security threats over the last six months 2009 according to data from M86 Security. Thu, 18 Feb 2010 19:59:00 GMT http://www.infosecurity-us.com/view/7445/spam-shortened-urls-and-software-vulnerabilities-highlight-latest-security-threat-report/ http://www.infosecurity-us.com/view/7412/us-loses-cyberwarfare-game/ A simulated cyber attack has shown once again that the US is unprepared for cyberwarfare, a year after the federal government conducted an extensive review of its cyber security stance. Thu, 18 Feb 2010 00:54:00 GMT http://www.infosecurity-us.com/view/7412/us-loses-cyberwarfare-game/ http://www.infosecurity-us.com/view/7413/security-groups-outline-top-25-programming-errors-for-2010/ The SANS Institute and Mitre have come together to update their annual list of top 25 software programming security bugs. SQL injection is the number one danger to software customers, according to the organizations. Thu, 18 Feb 2010 00:30:00 GMT http://www.infosecurity-us.com/view/7413/security-groups-outline-top-25-programming-errors-for-2010/ http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-details-compromised/ Electronics retailer Small Dog Electronics has suffered from a systems breach that left 3000 customers' credit card details compromised. Thu, 18 Feb 2010 00:18:00 GMT http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-details-compromised/ http://www.infosecurity-us.com/view/7409/hotmail-outage-leads-to-contaminated-search-results/ Yesterday’s outage of Windows Live caused a disruption in the web-based Hotmail email service. This presented a golden opportunity for online crooks to poison search results related to the incident. Wed, 17 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7409/hotmail-outage-leads-to-contaminated-search-results/ http://www.infosecurity-us.com/view/7362/comodo-unveils-chromiumbased-browser/ Internet security software and whitelisting firm Comodo has unveiled a secure browser designed to compete with Google's Chrome. Tue, 16 Feb 2010 22:32:00 GMT http://www.infosecurity-us.com/view/7362/comodo-unveils-chromiumbased-browser/ http://www.infosecurity-us.com/view/7361/symantec-to-unveil-data-indexing-technology/ At the RSA security show next month, Symantec will unveil a data indexing technology designed to identify the owners of files by querying enterprise storage systems. Called Data Insight, the product will have multiple applications, including cost reduction, data leakage prevention, and even IT forensics. Tue, 16 Feb 2010 22:23:00 GMT http://www.infosecurity-us.com/view/7361/symantec-to-unveil-data-indexing-technology/ http://www.infosecurity-us.com/view/7360/new-hampshire-seeks-to-outlaw-biometric-ids/ Some Granite State lawmakers are not too keen on the use biometric data for identity verification, as the New Hampshire House of Representatives is currently considering a bill that would block its use in nearly all state- and privately issued identification. Tue, 16 Feb 2010 19:36:00 GMT http://www.infosecurity-us.com/view/7360/new-hampshire-seeks-to-outlaw-biometric-ids/ http://www.infosecurity-us.com/view/7322/weekly-brief-february-16-2009/ Infosecurity covers the news that didn't make it into our top stories last week. Tue, 16 Feb 2010 00:40:00 GMT http://www.infosecurity-us.com/view/7322/weekly-brief-february-16-2009/ http://www.infosecurity-us.com/view/7320/military-and-intelligence-personnel-targeted-again-by-zeus-trojan/ Some rather industrious spammers have targeted military and intelligence employees for the second time in a week. But this time they used the pretense of the previous attack in an attempt to deliver the Zeus trojan. Mon, 15 Feb 2010 23:00:00 GMT http://www.infosecurity-us.com/view/7320/military-and-intelligence-personnel-targeted-again-by-zeus-trojan/ http://www.infosecurity-us.com/view/7296/adobe-issues-another-outofband-patch/ Adobe plans an out-of-band patch to resolve yet another critical security flaw across multiple products. Mon, 15 Feb 2010 08:37:00 GMT http://www.infosecurity-us.com/view/7296/adobe-issues-another-outofband-patch/ http://www.infosecurity-us.com/view/7295/microsoft-patch-causes-blue-screen-of-death-on-infected-machines/ Microsoft found itself in patch hell this week, withdrawing an update resolving an important vulnerability in Windows. The company found that some users infected with malware experienced problems restarting their machines after installing the bug fix. Fri, 12 Feb 2010 19:12:00 GMT http://www.infosecurity-us.com/view/7295/microsoft-patch-causes-blue-screen-of-death-on-infected-machines/ http://www.infosecurity-us.com/view/7288/google-buzz-attacked-for-privacy-violation/ Google was fighting security, privacy, and censorship issues this week following the launch of Buzz, its social networking service. As Iran reportedly shut down Gmail, others reported that the service was revealing who Buzz users had the most contact with, leading to potential personal security issues. Fri, 12 Feb 2010 17:38:00 GMT http://www.infosecurity-us.com/view/7288/google-buzz-attacked-for-privacy-violation/ http://www.infosecurity-us.com/view/7285/us-to-be-hit-by-simulated-cyberattack/ On Tuesday, the US will undergo a simulated cyberattack to help policymakers decide how well the country would cope. Fri, 12 Feb 2010 16:54:00 GMT http://www.infosecurity-us.com/view/7285/us-to-be-hit-by-simulated-cyberattack/ http://www.infosecurity-us.com/view/7257/warnings-issued-for-valentines-spam-and-malware/ As is often the case around major holidays, especially those where giving gifts seems compulsory, most major security vendors are warning about scam emails focused on Valentine’s Day. Thu, 11 Feb 2010 21:47:00 GMT http://www.infosecurity-us.com/view/7257/warnings-issued-for-valentines-spam-and-malware/ http://www.infosecurity-us.com/view/7252/mozilla-backtracks-on-addon-malware-claim/ Mozilla has apologized for its existing apology concerning a malware-infected add-on for Firefox. Last week, the company reported that a second experimental add-on for the browser had been infected by malware. After working with McAfee, it now says that the detection was a false positive. Thu, 11 Feb 2010 17:15:00 GMT http://www.infosecurity-us.com/view/7252/mozilla-backtracks-on-addon-malware-claim/ http://www.infosecurity-us.com/view/7251/pumpanddump-hacker-pleads-guilty/ An Indian resident has pleaded guilty to conspiracy and aggravated identity theft after engineering an international fraud scheme to hack online brokerage accounts in the US. Thu, 11 Feb 2010 17:00:00 GMT http://www.infosecurity-us.com/view/7251/pumpanddump-hacker-pleads-guilty/ http://www.infosecurity-us.com/view/7244/nigerian-government-uses-music-in-cybercrime-fight/ The Nigerian Government is working with Microsoft on a public awareness program that uses music to fight cybercrime in the country. Thu, 11 Feb 2010 15:42:00 GMT http://www.infosecurity-us.com/view/7244/nigerian-government-uses-music-in-cybercrime-fight/ http://www.infosecurity-us.com/view/7242/three-botnets-responsible-for-half-of-all-computer-infections/ Fewer botnets are becoming responsible for more infected machines, according to a report from McAfee. Thu, 11 Feb 2010 15:29:00 GMT http://www.infosecurity-us.com/view/7242/three-botnets-responsible-for-half-of-all-computer-infections/ http://www.infosecurity-us.com/view/7241/number-of-victims-grows-for-bluecross-data-breach/ The number of victims affected by a data theft from Chattanooga-based health insurer BlueCross BlueShield has ballooned, following a decision by the company to notify family members of customers that are covered by a group plan. Thu, 11 Feb 2010 15:20:00 GMT http://www.infosecurity-us.com/view/7241/number-of-victims-grows-for-bluecross-data-breach/ http://www.infosecurity-us.com/view/7218/spyeye-continues-battle-of-the-botnets/ Researchers have identified another example of a botnet that attempts to neutralize other botnet software. Peter Coogan, a researcher at Symantec, noticed a crimeware toolkit from Russia called SpyEye, which appears to neutralize the competing Zeus crimeware kit. Thu, 11 Feb 2010 00:24:00 GMT http://www.infosecurity-us.com/view/7218/spyeye-continues-battle-of-the-botnets/ http://www.infosecurity-us.com/view/7215/government-employees-targeted-by-zeus-trojan-/ Defense and intelligence agencies in the US and UK were among the intended targets of a Zeus trojan campaign, according to findings by Websense. Wed, 10 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7215/government-employees-targeted-by-zeus-trojan-/ http://www.infosecurity-us.com/view/7216/identity-fraud-soars-in-us-as-criminals-get-more-sophisticated/ Identity fraud in the United States has risen to an all time high, according to a report from Javelin Strategy and Research. The 2010 Identity Fraud Survey Report reveals that the number of identity fraud victims in the country has risen by the highest amount in a single year since the survey started seven years ago. Wed, 10 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/7216/identity-fraud-soars-in-us-as-criminals-get-more-sophisticated/ http://www.infosecurity-us.com/view/7185/adobe-sorry-for-late-flash-bug-patch/ Adobe has apologized for a bug in its Flash Player that it has only just patched, 16 months after it was originally filed. Wed, 10 Feb 2010 11:00:00 GMT http://www.infosecurity-us.com/view/7185/adobe-sorry-for-late-flash-bug-patch/ http://www.infosecurity-us.com/view/7184/stakkato-to-be-tried-in-sweden-for-cisco-hack/ The US Government has handed over responsibility for the trial of a young hacker accused of stealing Cisco source code to Sweden, his home country. Wed, 10 Feb 2010 10:00:00 GMT http://www.infosecurity-us.com/view/7184/stakkato-to-be-tried-in-sweden-for-cisco-hack/ http://www.infosecurity-us.com/view/7183/enisa-issues-golden-rules-for-mobile-social-networking-/ Today the European Network and Information Security Agency (ENISA) released a report on social networking via mobile devices. In honor of Safer Internet Day, and in an effort to remain unencumbered by our location here in the US, Infosecurity would like to share ENISA’s tips for more secure navigation of mobile social media. Tue, 09 Feb 2010 20:22:00 GMT http://www.infosecurity-us.com/view/7183/enisa-issues-golden-rules-for-mobile-social-networking-/ http://www.infosecurity-us.com/view/7177/it-spending-poised-for-increase-in-president-obamas-proposed-2011-budget/ Infosecurity reviewed spending on IT investments in President Obama’s proposed fiscal year 2011 budget. The Administration claims it will continue to support increased IT and information security outlays, but a look at IT spending from 2009 through the projected 2011 budget does not exactly support this assertion. Tue, 09 Feb 2010 16:28:00 GMT http://www.infosecurity-us.com/view/7177/it-spending-poised-for-increase-in-president-obamas-proposed-2011-budget/ http://www.infosecurity-us.com/view/7122/penn-state-researchers-hinder-worm-propagation/ Researchers at Penn State University have devised an algorithm designed to slow down the kind of rapidly-spreading network worm that can infect large portions of the internet quickly. Mon, 08 Feb 2010 20:32:00 GMT http://www.infosecurity-us.com/view/7122/penn-state-researchers-hinder-worm-propagation/ http://www.infosecurity-us.com/view/7121/irs-phishing-scam-targets-corporate-email/ Security firm eSoft is warning clients about an IRS phishing con that is specifically targeting businesses and corporate email accounts. Mon, 08 Feb 2010 19:12:00 GMT http://www.infosecurity-us.com/view/7121/irs-phishing-scam-targets-corporate-email/ http://www.infosecurity-us.com/view/7120/research-shows-china-was-the-internets-largest-malware-source-in-january/ A report from security vendor Kaspersky Lab shows that malware originating from China topped its monthly report of digital pollution providers, broken down by country of origin, for January 2010. Mon, 08 Feb 2010 17:19:00 GMT http://www.infosecurity-us.com/view/7120/research-shows-china-was-the-internets-largest-malware-source-in-january/ http://www.infosecurity-us.com/view/7118/microsoft-prepares-for-patch-tuesday/ Microsoft will not be patching last week's Internet Explorer vulnerability with this month's patch Tuesday releases, which are scheduled for tomorrow. Mon, 08 Feb 2010 17:00:00 GMT http://www.infosecurity-us.com/view/7118/microsoft-prepares-for-patch-tuesday/ http://www.infosecurity-us.com/view/7111/weekly-brief-february-8-2009/ Infosecurity rounds up the week's news Mon, 08 Feb 2010 16:29:00 GMT http://www.infosecurity-us.com/view/7111/weekly-brief-february-8-2009/ http://www.infosecurity-us.com/view/7085/iphone-backup-cracker-launched/ Moscow-based password cracking software company ElcomSoft has released a password breaker for iPhone backups. Fri, 05 Feb 2010 21:00:00 GMT http://www.infosecurity-us.com/view/7085/iphone-backup-cracker-launched/ http://www.infosecurity-us.com/view/7084/firefox-pulls-two-infected-addons-from-site/ Mozilla has had to pull two experimental add-ons for the Firefox browser from its website. The add-ons, which somehow made it through the quality control process, target Windows users with trojan malware. Fri, 05 Feb 2010 20:36:00 GMT http://www.infosecurity-us.com/view/7084/firefox-pulls-two-infected-addons-from-site/ http://www.infosecurity-us.com/view/7078/infosecurity-virtual-conference-on-end-point-security-offers-a-range-of-expert-viewpoints/ Infosecurity is pleased to report that a prestigious array of presenters have been lined up for the latest virtual conference, due to take place on February 25. Fri, 05 Feb 2010 16:27:00 GMT http://www.infosecurity-us.com/view/7078/infosecurity-virtual-conference-on-end-point-security-offers-a-range-of-expert-viewpoints/ http://www.infosecurity-us.com/view/7044/post-reports-on-partnership-between-google-and-the-nsa-to-prevent-cyberattacks/ An article in today’s Washington Post uncovers a somewhat hush-hush collaboration between Google and the National Security Agency in an effort to prevent future cyberattacks. Thu, 04 Feb 2010 21:00:00 GMT http://www.infosecurity-us.com/view/7044/post-reports-on-partnership-between-google-and-the-nsa-to-prevent-cyberattacks/ http://www.infosecurity-us.com/view/7043/us-named-country-with-most-malware/ Information security and data protection vendor Sophos has released a list of the top 10 countries hosting malware. The report reveals that websites in the US are accountable for hosting 37.4% of malware worldwide. Thu, 04 Feb 2010 20:57:00 GMT http://www.infosecurity-us.com/view/7043/us-named-country-with-most-malware/ http://www.infosecurity-us.com/view/7042/house-passes-cybersecurity-research-bill/ The House of Representatives has passed legislation designed to enhance cybersecurity research and development in the US. Thu, 04 Feb 2010 20:15:00 GMT http://www.infosecurity-us.com/view/7042/house-passes-cybersecurity-research-bill/ http://www.infosecurity-us.com/view/7041/us-illequipped-to-cope-with-mounting-cyberattack-threat/ The US is at risk of a crippling cyberattack and is currently unable to defend itself adequately, according to testimony given before Congress yesterday. Thu, 04 Feb 2010 19:35:00 GMT http://www.infosecurity-us.com/view/7041/us-illequipped-to-cope-with-mounting-cyberattack-threat/ http://www.infosecurity-us.com/view/7040/new-internet-explorer-bug-allows-personal-information-to-be-stolen/ Microsoft has discovered another flaw in Internet Explorer. The latest vulnerability could allow attackers to harvest any files from a victim's hard drive. Thu, 04 Feb 2010 19:00:00 GMT http://www.infosecurity-us.com/view/7040/new-internet-explorer-bug-allows-personal-information-to-be-stolen/ http://www.infosecurity-us.com/view/7010/researchers-develop-way-to-catch-online-gaming-cheats/ Researchers have formulated a way to identify cheating in online games in a discovery that could revolutionize the growing market for virtual gaming assets. Wed, 03 Feb 2010 20:56:00 GMT http://www.infosecurity-us.com/view/7010/researchers-develop-way-to-catch-online-gaming-cheats/ http://www.infosecurity-us.com/view/7011/mcafee-targets-small-to-mediumsized-businesses-with-quickstart-service/ McAfee has announced a service to help get SMBs up to speed with their security needs. Security Quickstart Services specifically targets small to medium-sized businesses, providing help with implementing, maintaining and optimizing security best practices. Wed, 03 Feb 2010 20:40:00 GMT http://www.infosecurity-us.com/view/7011/mcafee-targets-small-to-mediumsized-businesses-with-quickstart-service/ http://www.infosecurity-us.com/view/7009/internet-explorer-8-reaches-top-browser-spot/ Internet Explorer 8 is now the world's most-used browser, according to the latest figures from Network Applications. Wed, 03 Feb 2010 20:36:00 GMT http://www.infosecurity-us.com/view/7009/internet-explorer-8-reaches-top-browser-spot/ http://www.infosecurity-us.com/view/7008/us-navy-unveils-new-cyber-command/ Last week Adm. Gary Roughead, chief of US naval operations, officially announced the creation of the US Navy’s new Fleet Cyber Command, which aims to integrate the weapons of cyberspace and information within the Navy’s arsenal. The Fleet Cyber Command was formed in conjunction with re-establishment of the US 10th Fleet during a ceremony held at Ft. Meade, Maryland, on Jan. 29. Wed, 03 Feb 2010 18:17:00 GMT http://www.infosecurity-us.com/view/7008/us-navy-unveils-new-cyber-command/ http://www.infosecurity-us.com/view/6979/trustwave-report-reveals-companies-making-same-old-mistakes/ Compliance and security service provider Trustwave has released its 2010 Global Security Report. The company has found that companies are still suffering from attacks using familiar exploit types that have been around for years. Organizations are implementing new technologies without securing existing ones, the report found. Tue, 02 Feb 2010 20:57:00 GMT http://www.infosecurity-us.com/view/6979/trustwave-report-reveals-companies-making-same-old-mistakes/ http://www.infosecurity-us.com/view/6977/attack-fools-iphone-into-trusting-fake-certificates/ An anonymous researcher has posted a proof-of-concept attack that fakes a trusted root certificate on the iPhone. Researchers have confirmed that the attack works, making it possible for anyone to create a web page that is deemed to be trusted by Apple. Tue, 02 Feb 2010 20:00:00 GMT http://www.infosecurity-us.com/view/6977/attack-fools-iphone-into-trusting-fake-certificates/ http://www.infosecurity-us.com/view/6976/microsoft-enhances-sdl/ Microsoft announced three enhancements to its secure development lifecycle (SDL) initiative at the BlackHat DC conference this week. Tue, 02 Feb 2010 19:21:00 GMT http://www.infosecurity-us.com/view/6976/microsoft-enhances-sdl/ http://www.infosecurity-us.com/view/6974/report-shows-a-70-surge-in-malware-and-spam-on-web-20-services/ Research just published by Sophos claims to show a 70% increase in the number of companies reporting spam and malware attacks via social networks. Tue, 02 Feb 2010 18:33:00 GMT http://www.infosecurity-us.com/view/6974/report-shows-a-70-surge-in-malware-and-spam-on-web-20-services/ http://www.infosecurity-us.com/view/6946/weekly-brief-february-2-2010/ Infosecurity rounds up the week's news Tue, 02 Feb 2010 10:27:00 GMT http://www.infosecurity-us.com/view/6946/weekly-brief-february-2-2010/ http://www.infosecurity-us.com/view/6936/us-house-websites-hacked-after-state-of-the-union-/ Websites for 49 members of the US House of Representatives were hacked shortly after President Obama’s State of the Union address last Wednesday night. The attacks appear to have been carried out by the Red Eye Crew according to researchers at security consultant Praetorian Security Group. Mon, 01 Feb 2010 18:00:00 GMT http://www.infosecurity-us.com/view/6936/us-house-websites-hacked-after-state-of-the-union-/ http://www.infosecurity-us.com/view/6920/google-and-neustar-propose-security-fix-for-dns-geolocation-technology/ Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems. Mon, 01 Feb 2010 14:19:00 GMT http://www.infosecurity-us.com/view/6920/google-and-neustar-propose-security-fix-for-dns-geolocation-technology/ http://www.infosecurity-us.com/view/6915/eff-launches-web-browser-entropy-tool/ A new tool released by privacy advocacy group EFF is designed to help users find out how identifiable their web browsers are online. Mon, 01 Feb 2010 13:51:00 GMT http://www.infosecurity-us.com/view/6915/eff-launches-web-browser-entropy-tool/ http://www.infosecurity-us.com/view/6896/facebook-users-plagued-by-rogue-application/ Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most. Fri, 29 Jan 2010 21:40:00 GMT http://www.infosecurity-us.com/view/6896/facebook-users-plagued-by-rogue-application/ http://www.infosecurity-us.com/view/6895/pricewaterhousecoopers-loses-personal-records-of-alaska-public-employees/ PricewaterhouseCoopers has lost the personal records of 77 000 former and current public employees of the state of Alaska, it emerged this week. Fri, 29 Jan 2010 21:15:00 GMT http://www.infosecurity-us.com/view/6895/pricewaterhousecoopers-loses-personal-records-of-alaska-public-employees/ http://www.infosecurity-us.com/view/6894/google-chrome-web-browser-gets-more-security-features/ Google Chrome, the internet browser launched in late 2008, has been enhanced with a selection of new security features designed to make it harder for malware writers to infect client machines. Fri, 29 Jan 2010 20:33:00 GMT http://www.infosecurity-us.com/view/6894/google-chrome-web-browser-gets-more-security-features/ http://www.infosecurity-us.com/view/6890/iphone-cracker-repeats-exploit-on-playstation-3/ George Hotz, the first iPhone cracker – and who reportedly spent more than 500 hours developing the first jailbreak application for the Apple's iPhone back in 2007 – has apparently cracked the Sony Playstation 3. Fri, 29 Jan 2010 15:49:00 GMT http://www.infosecurity-us.com/view/6890/iphone-cracker-repeats-exploit-on-playstation-3/ http://www.infosecurity-us.com/view/6872/oil-and-gas-companies-hit-hardest-by-cyberwarfare/ The oil and gas sector has been the hardest hit by stealthy infiltration, according to a report from the Center for Strategic and International Studies (CSIS). The sector was hit by stealth attacks 17% more than the cross-sector average, with almost three oil companies in four having had hackers fly under their radar. Thu, 28 Jan 2010 22:42:00 GMT http://www.infosecurity-us.com/view/6872/oil-and-gas-companies-hit-hardest-by-cyberwarfare/ http://www.infosecurity-us.com/view/6871/plainscapital-bank-sues-customer-in-liability-over-account-security/ A legal case filed by a bank against a customer in the US promises to test the liability of customers in the event of security breaches. Dallas, Texas-based PlainsCapital bank is suing a business customer, Hillary Machinery, for not taking adequate measures to protect its banking details. Thu, 28 Jan 2010 22:00:00 GMT http://www.infosecurity-us.com/view/6871/plainscapital-bank-sues-customer-in-liability-over-account-security/ http://www.infosecurity-us.com/view/6869/all-is-not-ok-in-oklahoma-state-tax-website-victim-of-hack/ The website of the Oklahoma Tax Commission was the apparent victim of a hack yesterday, one in which visitors to the website were prompted to accept an Adobe license agreement and download software. The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches. Thu, 28 Jan 2010 20:16:00 GMT http://www.infosecurity-us.com/view/6869/all-is-not-ok-in-oklahoma-state-tax-website-victim-of-hack/ http://www.infosecurity-us.com/view/6868/software-and-application-evaluator-whatapp-nears-public-release/ This spring, a project under development to help assess the security and privacy of software applications will go public. WhatApp, an online resource where experts and the public alike can rate applications based on how well-behaved they are, will help consumers to exercise their privacy rights, said its project manager. Thu, 28 Jan 2010 19:15:00 GMT http://www.infosecurity-us.com/view/6868/software-and-application-evaluator-whatapp-nears-public-release/ http://www.infosecurity-us.com/view/6841/security-and-malware-threats-to-mac-and-apple-products-are-on-the-rise-/ An annual report from security software provider Intego acknowledges it was a busy year for security threats to Apple devices, including the Mac OS X and iPhones. And while the Mac OS may be a less frequent target of malware authors, security threats to Apple products are proliferating as these devices land in the hands of more and more users. Wed, 27 Jan 2010 19:23:00 GMT http://www.infosecurity-us.com/view/6841/security-and-malware-threats-to-mac-and-apple-products-are-on-the-rise-/ http://www.infosecurity-us.com/view/6807/us-oil-companies-hacked-report-links-attack-to-sources-within-china/ Reports in the Christian Science Monitor suggest that at least three large US oil companies have been the victims of targeted attacks. The custom-made spyware used in the attack appears to have sent the information to China, at least in one case. Tue, 26 Jan 2010 21:46:00 GMT http://www.infosecurity-us.com/view/6807/us-oil-companies-hacked-report-links-attack-to-sources-within-china/ http://www.infosecurity-us.com/view/6806/healthcare-hacks-on-the-rise/ Attempts to hack healthcare organizations doubled in the fourth quarter of last year, according to Atlanta-based managed security firm SecureWorks, setting the sector aside from others. Tue, 26 Jan 2010 21:13:00 GMT http://www.infosecurity-us.com/view/6806/healthcare-hacks-on-the-rise/ http://www.infosecurity-us.com/view/6805/technology-site-techcrunch-hacked/ Technology pundit site TechCrunch was victim of a hack over the weekend by attackers who defaced it, just days before Apple's release of its tablet device – arguably the most anticipated product in recent history. Tue, 26 Jan 2010 20:49:00 GMT http://www.infosecurity-us.com/view/6805/technology-site-techcrunch-hacked/ http://www.infosecurity-us.com/view/6803/mixed-predictions-on-anticipated-it-spending-for-2010/ Recent reports indicate that IT spending is set to increase in 2010. This comes on the heels of 2009, which saw negative IT spending growth worldwide and may have been the worst year on record for IT spending. Tue, 26 Jan 2010 16:50:00 GMT http://www.infosecurity-us.com/view/6803/mixed-predictions-on-anticipated-it-spending-for-2010/ http://www.infosecurity-us.com/view/6788/2010-virtual-conference-on-endpoint-security-beyond-the-perimeter-full-conference-programme-revealed/ Infosecurity US magazine is excited to announce the 2010 virtual conference on endpoint security, to be held on February 25, 2010. This one-day event brings a series of topical keynote sessions direct to your computer, giving you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world. Tue, 26 Jan 2010 16:00:00 GMT http://www.infosecurity-us.com/view/6788/2010-virtual-conference-on-endpoint-security-beyond-the-perimeter-full-conference-programme-revealed/ http://www.infosecurity-us.com/view/6777/kaspersky-inadvertently-blocks-google-ads/ Kaspersky provoked a flurry of complaints from irate users after its anti-malware tool began blocking sites with Google advertisements yesterday. Mon, 25 Jan 2010 22:43:00 GMT http://www.infosecurity-us.com/view/6777/kaspersky-inadvertently-blocks-google-ads/ http://www.infosecurity-us.com/view/6776/weekly-brief-january-25-2010/ Infosecurity rounds up the week's news Mon, 25 Jan 2010 21:33:00 GMT http://www.infosecurity-us.com/view/6776/weekly-brief-january-25-2010/ http://www.infosecurity-us.com/view/6775/economy-forces-down-prices-for-dodgy-viagra/ Prices for male impotency drugs sold by spammers aren't as stiff as they once were, according to a new report from Messagelabs. The asking price for 'little blue pills' have softened up, as the economy has lost its staying power. Mon, 25 Jan 2010 21:23:00 GMT http://www.infosecurity-us.com/view/6775/economy-forces-down-prices-for-dodgy-viagra/ http://www.infosecurity-us.com/view/6704/prank-malware-spreads-across-internet/ Anti-virus company ESET has discovered what it thinks is a prank gone wrong. The company suspects that Win32/Zimuse, which has swept the US, was originally intended as a localized malware attack against a group of Slovakian bikers. Fri, 22 Jan 2010 20:50:00 GMT http://www.infosecurity-us.com/view/6704/prank-malware-spreads-across-internet/ http://www.infosecurity-us.com/view/6703/more-details-emerge-on-hydraq-trojan/ Hydraq, the trojan delivered by the Operation Aurora attackers, uses VNC techniques to stream live video from victims' machines, said Symantec in an analysis of the malware. Fri, 22 Jan 2010 20:20:00 GMT http://www.infosecurity-us.com/view/6703/more-details-emerge-on-hydraq-trojan/ http://www.infosecurity-us.com/view/6664/websense-protects-facebook-users-against-malware/ Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware. Thu, 21 Jan 2010 23:35:00 GMT http://www.infosecurity-us.com/view/6664/websense-protects-facebook-users-against-malware/ http://www.infosecurity-us.com/view/6663/microsoft-marlinspike-threaten-google-data-gathering-policy/ Google faced challenges to its search engine's data gathering policy this week from two sides. Microsoft bettered the search engine giant by revising its own search privacy policy, while security researcher Moxie Marlinspike delivered a service that allows users to bypass Google's data gathering procedures altogether. Thu, 21 Jan 2010 22:31:00 GMT http://www.infosecurity-us.com/view/6663/microsoft-marlinspike-threaten-google-data-gathering-policy/ http://www.infosecurity-us.com/view/6662/rockyou-users-display-poor-password-skills/ Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security. Thu, 21 Jan 2010 21:48:00 GMT http://www.infosecurity-us.com/view/6662/rockyou-users-display-poor-password-skills/ http://www.infosecurity-us.com/view/6624/further-evidence-links-aurora-attack-to-china/ Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China. Thu, 21 Jan 2010 00:13:00 GMT http://www.infosecurity-us.com/view/6624/further-evidence-links-aurora-attack-to-china/ http://www.infosecurity-us.com/view/6623/internet-explorer-zeroday-vulnerability-spreads-to-microsoft-office-as-fixes-surface/ Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office. Wed, 20 Jan 2010 19:27:00 GMT http://www.infosecurity-us.com/view/6623/internet-explorer-zeroday-vulnerability-spreads-to-microsoft-office-as-fixes-surface/ http://www.infosecurity-us.com/view/6622/sourcefire-launches-faster-ips-configuration/ Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model. Wed, 20 Jan 2010 19:00:00 GMT http://www.infosecurity-us.com/view/6622/sourcefire-launches-faster-ips-configuration/ http://www.infosecurity-us.com/view/6585/microsoft-promises-internet-explorer-patch-as-windows-zeroday-surfaces/ Microsoft has promised an Internet Explorer out-of-band patch for the zero-day vulnerability discovered earlier this month. In the meantime, a trusted researcher has highlighted a flaw in all versions of Microsoft Windows that could lead to privilege escalation. Tue, 19 Jan 2010 22:25:00 GMT http://www.infosecurity-us.com/view/6585/microsoft-promises-internet-explorer-patch-as-windows-zeroday-surfaces/ http://www.infosecurity-us.com/view/6584/phonefactor-develops-biometric-verification-system-for-phonebased-authentication-/ Multi-factor mobile authentication firm PhoneFactor has developed a biometric verification system for its phone-based authentication platform. The system uses biometric validation of a user's voiceprint to provide what it says is three-factor authentication. Tue, 19 Jan 2010 21:39:00 GMT http://www.infosecurity-us.com/view/6584/phonefactor-develops-biometric-verification-system-for-phonebased-authentication-/ http://www.infosecurity-us.com/view/6583/blackhats-replace-brawn-with-brain-in-attacking-networks/ Blackhats are working smarter rather than harder in attacks on network infrastructure, according to a comprehensive report on internet infrastructure security from Arbor Networks. Tue, 19 Jan 2010 21:32:00 GMT http://www.infosecurity-us.com/view/6583/blackhats-replace-brawn-with-brain-in-attacking-networks/ http://www.infosecurity-us.com/view/6540/fireeye-claims-protection-against-internet-explorer-zeroday-attack/ Security appliance company FireEye has said that its products can detect the latest zero-day vulnerability in Internet Explorer without any software patches. Mon, 18 Jan 2010 22:45:00 GMT http://www.infosecurity-us.com/view/6540/fireeye-claims-protection-against-internet-explorer-zeroday-attack/ http://www.infosecurity-us.com/view/6539/pdf-attacks-target-defense-community/ Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently. Mon, 18 Jan 2010 18:51:00 GMT http://www.infosecurity-us.com/view/6539/pdf-attacks-target-defense-community/ http://www.infosecurity-us.com/view/6537/internet-explorer-zeroday-code-goes-public/ The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend. Mon, 18 Jan 2010 18:19:00 GMT http://www.infosecurity-us.com/view/6537/internet-explorer-zeroday-code-goes-public/ http://www.infosecurity-us.com/view/6513/internal-security-risks-webinar-this-wednesday/ The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses. Mon, 18 Jan 2010 00:45:00 GMT http://www.infosecurity-us.com/view/6513/internal-security-risks-webinar-this-wednesday/ http://www.infosecurity-us.com/view/6509/time-inc-employee-fired-over-customer-credit-card-issue-/ Time Inc has written to customers and the New Hampshire Attorney General's office, warning of a potential security breach following the possible misuse of customer credit card information by an employee. Sun, 17 Jan 2010 23:23:00 GMT http://www.infosecurity-us.com/view/6509/time-inc-employee-fired-over-customer-credit-card-issue-/ http://www.infosecurity-us.com/view/6508/weekly-brief-january-18-2010/ Infosecurity rounds up the security news from the past week. Sun, 17 Jan 2010 20:43:00 GMT http://www.infosecurity-us.com/view/6508/weekly-brief-january-18-2010/ http://www.infosecurity-us.com/view/6502/blackhats-and-whitehats-react-to-haiti-tragedy/ Blackhats and whitehats reacted with typical polarity to the disastrous Haiti earthquake this week. One faction unleashed a torrent of malware capitalizing on the tragedy, while the other organized a series of 'hackathons' to help develop technologies that would assist the humanitarian mission. Fri, 15 Jan 2010 22:34:00 GMT http://www.infosecurity-us.com/view/6502/blackhats-and-whitehats-react-to-haiti-tragedy/ http://www.infosecurity-us.com/view/6493/online-criminals-looking-to-profit-from-haiti-earthquake-/ Proving that there is no situation too tragic to exploit, cyber scofflaws have been quick to capitalize on the world’s interest in the recent earthquake in Haiti. With so many people looking to reach out and donate to victims of the tragedy, one group of black hats are attempting to rake in some of that cash by exploiting search engine optimization (SEO) techniques. Fri, 15 Jan 2010 16:21:00 GMT http://www.infosecurity-us.com/view/6493/online-criminals-looking-to-profit-from-haiti-earthquake-/ http://www.infosecurity-us.com/view/6474/isaca-launches-risk-management-certification/ Security organization ISACA has launched a new risk management qualification for information security professionals. The Certified in Risk and Information Systems Control (CRISC) certification targets professionals in the IT area who use information security controls to manage risk in technology environments. Fri, 15 Jan 2010 00:33:00 GMT http://www.infosecurity-us.com/view/6474/isaca-launches-risk-management-certification/ http://www.infosecurity-us.com/view/6473/darpa-enters-second-leg-of-cybersecurity-testing-project/ The Defense Advanced Research Projects Agency, or DARPA, has awarded $55.5m in contracts to bolster a secretive cybersecurity monitoring system, it was announced this week. Fri, 15 Jan 2010 00:12:00 GMT http://www.infosecurity-us.com/view/6473/darpa-enters-second-leg-of-cybersecurity-testing-project/ http://www.infosecurity-us.com/view/6472/internet-explorer-vulnerability-used-in-google-attack/ More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code. Fri, 15 Jan 2010 00:00:00 GMT http://www.infosecurity-us.com/view/6472/internet-explorer-vulnerability-used-in-google-attack/ http://www.infosecurity-us.com/view/6431/hacked-google-threatens-to-pull-plug-in-china/ Google is threatening to unplug its controversial Chinese search engine, following a massive hacker attack on its infrastructure that it says was designed to access the accounts of human rights activists. And the company was not the attackers’ only target, it claims. Thu, 14 Jan 2010 00:32:00 GMT http://www.infosecurity-us.com/view/6431/hacked-google-threatens-to-pull-plug-in-china/ http://www.infosecurity-us.com/view/6432/connecticut-goes-after-health-net-for-breach/ The state of Connecticut is suing health insurer Health Net, following a data breach that saw 446 000 Connecticut residents’ records compromised, it said yesterday. Thu, 14 Jan 2010 00:30:00 GMT http://www.infosecurity-us.com/view/6432/connecticut-goes-after-health-net-for-breach/ http://www.infosecurity-us.com/view/6430/security-tops-datacenter-agenda-in-2010/ Security is the most important initiative for datacenter managers for the coming year, according to Symantec’s latest State of the Datacenter report. Thu, 14 Jan 2010 00:26:00 GMT http://www.infosecurity-us.com/view/6430/security-tops-datacenter-agenda-in-2010/ http://www.infosecurity-us.com/view/6415/facebook-and-mcafee-team-up-on-security/ Facebook has signed McAfee as a supplier to help protect its user base. The two companies have worked on a custom scanning and repair tool, along with education materials that will target the social networking giant's 350 million users. Wed, 13 Jan 2010 12:18:00 GMT http://www.infosecurity-us.com/view/6415/facebook-and-mcafee-team-up-on-security/ http://www.infosecurity-us.com/view/6412/employees-downloading-more-illegal-files/ Software as a service company ScanSafe has found a 55% increase in illegal download attempts over corporate networks. Wed, 13 Jan 2010 11:54:00 GMT http://www.infosecurity-us.com/view/6412/employees-downloading-more-illegal-files/ http://www.infosecurity-us.com/view/6391/adobe-issues-quarterly-patch/ Adobe distributed its first quarterly critical security update yesterday, finally patching a vulnerability that had been targeted by a zero day attack. Wed, 13 Jan 2010 00:34:00 GMT http://www.infosecurity-us.com/view/6391/adobe-issues-quarterly-patch/ http://www.infosecurity-us.com/view/6390/maryland-seeking-to-become-a-cybersecurity-hub/ The Governor of Maryland set out an aggressive campaign to position the state as a national hub for cybersecurity this week, launching a report cataloging Maryland's current efforts in the cybersecurity and electronic intelligence space. Wed, 13 Jan 2010 00:29:00 GMT http://www.infosecurity-us.com/view/6390/maryland-seeking-to-become-a-cybersecurity-hub/ http://www.infosecurity-us.com/view/6389/mba-in-cybersecurity-launched/ The University of Dayton, Ohio, and the Advanced Technical Intelligence Center (ATIC) are partnering to offer an MBA in cybersecurity management. Wed, 13 Jan 2010 00:24:00 GMT http://www.infosecurity-us.com/view/6389/mba-in-cybersecurity-launched/ http://www.infosecurity-us.com/view/6388/suffolk-county-national-bank-hacked/ Suffolk County National Bank received a nasty Christmas present on December 24th after discovering a hack that saw over 8,000 customers' accounts compromised. The breach is estimated to have cost $351 000, it warned investors. Wed, 13 Jan 2010 00:16:00 GMT http://www.infosecurity-us.com/view/6388/suffolk-county-national-bank-hacked/ http://www.infosecurity-us.com/view/6378/report-reveals-hacking-to-be-top-cause-of-data-breaches-in-2009/ Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. For the first time this past year, malicious attacks, which include hacking and insider theft, overtook human error as the leading cause of data breach in the US. This is according to a recent report compiled by the Identity Theft Resource Center, a San Diego-based non-profit that tracks occurrences of identity theft. Tue, 12 Jan 2010 16:00:00 GMT http://www.infosecurity-us.com/view/6378/report-reveals-hacking-to-be-top-cause-of-data-breaches-in-2009/ http://www.infosecurity-us.com/view/6344/microsoft-targets-security-issues-with-policy-site/ Microsoft has launched a technology policy website designed to encourage policy debates in key areas such as cloud computing, security, and privacy. Mon, 11 Jan 2010 16:29:00 GMT http://www.infosecurity-us.com/view/6344/microsoft-targets-security-issues-with-policy-site/ http://www.infosecurity-us.com/view/6318/massive-cyberfraud-ring-exposed/ Nineteen individuals have been charged with conspiracy to commit wire fraud after the FBI alleged a cybercrime conspiracy costing victims more than $15 million. Mon, 11 Jan 2010 00:57:00 GMT http://www.infosecurity-us.com/view/6318/massive-cyberfraud-ring-exposed/ http://www.infosecurity-us.com/view/6319/weekly-brief-january-11-2009/ Infosecurity rounds up the week's security news Mon, 11 Jan 2010 00:18:00 GMT http://www.infosecurity-us.com/view/6319/weekly-brief-january-11-2009/ http://www.infosecurity-us.com/view/6316/adobe-finally-jumps-on-silent-update-bandwagon/ It's official — Adobe is releasing an automatic silent updater for its PDF Reader product on April 13. The company confirmed the news to Infosecurity US this week. Fri, 08 Jan 2010 16:54:00 GMT http://www.infosecurity-us.com/view/6316/adobe-finally-jumps-on-silent-update-bandwagon/ http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Fri, 08 Jan 2010 16:24:00 GMT http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ http://www.infosecurity-us.com/view/6280/2009-was-a-record-year-for-malware/ A PandaLabs report claims that 2009 will go down as perhaps the most prolific in malware history. In 2009, malware creators tapped into search tools used by the majority of web surfers, and exploited current events and popular culture. Thu, 07 Jan 2010 16:54:00 GMT http://www.infosecurity-us.com/view/6280/2009-was-a-record-year-for-malware/ http://www.infosecurity-us.com/view/6262/organizations-stumped-on-compromised-device-containment/ Over 40% of executives don't know how to stop compromised devices from polluting their networks, according to a poll conducted by Deloitte. Wed, 06 Jan 2010 16:28:00 GMT http://www.infosecurity-us.com/view/6262/organizations-stumped-on-compromised-device-containment/ http://www.infosecurity-us.com/view/6260/cybersitter-sues-china-for-22-billion/ US security firm CYBERsitter is suing the Chinese government for $2.2 billion for software piracy, after it allegedly used the company's source code as part of its controversial Green Dam project. Wed, 06 Jan 2010 15:25:00 GMT http://www.infosecurity-us.com/view/6260/cybersitter-sues-china-for-22-billion/ http://www.infosecurity-us.com/view/6259/pharma-victims-targeted-for-extortion-according-to-fda/ Online scammers are re-scamming Internet pharmaceutical customers with a new ploy: posing as government agents and extorting money from them, says the US Food and Drug Administration. Wed, 06 Jan 2010 14:56:00 GMT http://www.infosecurity-us.com/view/6259/pharma-victims-targeted-for-extortion-according-to-fda/ http://www.infosecurity-us.com/view/6256/cracked-usb-drives-show-nist-certification-is-not-so-secure/ Vendors of encrypted USB drives are recalling their NIST-certified products and issuing security updates after a fundamental flaw was found in the way that information is accessed. The flaw enables attackers to access encrypted data without trying to tackle the AES256 encryption algorithm used by the drives. Wed, 06 Jan 2010 14:29:00 GMT http://www.infosecurity-us.com/view/6256/cracked-usb-drives-show-nist-certification-is-not-so-secure/ http://www.infosecurity-us.com/view/6241/home-depot-fraudsters-charged-sentenced/ A Pennsylvania woman has been charged with identity theft and device fraud after forging driver's licenses and selling them on to third parties. Tue, 05 Jan 2010 17:00:00 GMT http://www.infosecurity-us.com/view/6241/home-depot-fraudsters-charged-sentenced/ http://www.infosecurity-us.com/view/6240/sophisticated-zeroday-hits-adobe-reader/ More details are emerging of a zero-day attack on Adobe's PDF reader and Acrobat applications, and security experts are calling it highly sophisticated. Moreover, anti-malware tools have been woefully poor at spotting it. Tue, 05 Jan 2010 16:29:00 GMT http://www.infosecurity-us.com/view/6240/sophisticated-zeroday-hits-adobe-reader/ http://www.infosecurity-us.com/view/6184/mcafee-hybrid-apps-will-be-hacker-target/ Applications that blur the boundaries between online and offline software will be a primary hacker target this year, according to McAfee. Mon, 04 Jan 2010 00:38:00 GMT http://www.infosecurity-us.com/view/6184/mcafee-hybrid-apps-will-be-hacker-target/ http://www.infosecurity-us.com/view/6183/ewu-exposes-130-000-student-records/ Eastern Washington University has notified present and former students of a massive data breach of its systems that could affect up to 130 000 people. Mon, 04 Jan 2010 00:00:00 GMT http://www.infosecurity-us.com/view/6183/ewu-exposes-130-000-student-records/ http://www.infosecurity-us.com/view/6182/weekly-brief-janary-4-2010/ Infosecurity rounds up the information security news from the holiday season. Sun, 03 Jan 2010 22:00:00 GMT http://www.infosecurity-us.com/view/6182/weekly-brief-janary-4-2010/ http://www.infosecurity-us.com/view/6155/isfs-howard-schmidt-becomes-us-cybersecurity-czar/ Howard Schmidt, president and CEO of the Information Security Forum (ISF) was appointed White House Cybersecurity Coordinator just before the Holidays. Tue, 29 Dec 2009 17:00:00 GMT http://www.infosecurity-us.com/view/6155/isfs-howard-schmidt-becomes-us-cybersecurity-czar/ http://www.infosecurity-us.com/view/6082/weekly-brief-december-21-2009/ Infosecurity rounds up the week's information security news. Mon, 21 Dec 2009 10:00:00 GMT http://www.infosecurity-us.com/view/6082/weekly-brief-december-21-2009/ http://www.infosecurity-us.com/view/6084/voip-vulnerabilities-on-the-rise/ The number of known vulnerabilities in VoIP products have almost tripled since 2006, according to a report from McAfee. Mon, 21 Dec 2009 09:55:00 GMT http://www.infosecurity-us.com/view/6084/voip-vulnerabilities-on-the-rise/ http://www.infosecurity-us.com/view/6083/conficker-still-rampant-in-some-countries-networks/ The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%. Mon, 21 Dec 2009 09:45:00 GMT http://www.infosecurity-us.com/view/6083/conficker-still-rampant-in-some-countries-networks/ http://www.infosecurity-us.com/view/6086/watchguard-offers-managed-services-package-for-channel-partners/ Unified threat management vendor WatchGuard Technologies has enhanced its managed security offering with its Managed Security Services Program (MSSP). Mon, 21 Dec 2009 09:40:00 GMT http://www.infosecurity-us.com/view/6086/watchguard-offers-managed-services-package-for-channel-partners/ http://www.infosecurity-us.com/view/6085/identity-thief-gets-nine-years/ An identity thief who used victims' credentials to register credit cards fraudulently was sentenced to more than nine years in prison wihout parole late last week. Mon, 21 Dec 2009 09:33:00 GMT http://www.infosecurity-us.com/view/6085/identity-thief-gets-nine-years/ http://www.infosecurity-us.com/view/6025/adobe-admits-to-another-pdf-security-vulnerability/ Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January. Thu, 17 Dec 2009 19:00:00 GMT http://www.infosecurity-us.com/view/6025/adobe-admits-to-another-pdf-security-vulnerability/ http://www.infosecurity-us.com/view/6028/firefox-tops-apps-security-vulnerability-list-for-2009/ The Firefox browser topped the list of software applications with most security vulnerabilities in 2009, according to a report from application whitelisting firm Bit9. Thu, 17 Dec 2009 17:00:00 GMT http://www.infosecurity-us.com/view/6028/firefox-tops-apps-security-vulnerability-list-for-2009/ http://www.infosecurity-us.com/view/6023/secure-dns-server-launched/ Secure64 Software has released a DNS cache server that is designed to protect against cache poisoning attacks. Thu, 17 Dec 2009 15:15:00 GMT http://www.infosecurity-us.com/view/6023/secure-dns-server-launched/ http://www.infosecurity-us.com/view/5984/rogue-antivirus-tired-google-wave-wired-says-kaspersky/ Rogue anti-virus programs will become far less prevalent next year as other technologies such as Google Wave attract malware vendors' attention, said a forecast from Kaspersky this week. Thu, 17 Dec 2009 13:59:00 GMT http://www.infosecurity-us.com/view/5984/rogue-antivirus-tired-google-wave-wired-says-kaspersky/ http://www.infosecurity-us.com/view/5985/botnet-numbers-growing-fourfold-each-year/ The number of computers infected by botnet malware has almost quadrupled each year since 2004, according to a report to be released by Project Honey Pot next week. Wed, 16 Dec 2009 21:51:00 GMT http://www.infosecurity-us.com/view/5985/botnet-numbers-growing-fourfold-each-year/ http://www.infosecurity-us.com/view/5980/fortinet-ships-secure-email-appliances/ Unified threat management company Fortinet is shipping two new secure email appliances. The appliances, called FortiMail-5001A and -2000B, are aimed at high-volume carrier and managed service provider companies. Tue, 15 Dec 2009 18:36:00 GMT http://www.infosecurity-us.com/view/5980/fortinet-ships-secure-email-appliances/ http://www.infosecurity-us.com/view/5951/researcher-documents-koobface-google-reader-trick/ A Webroot researcher has documented the process that the Koobface malware uses to create malicious Google Reader pages. Tue, 15 Dec 2009 06:46:00 GMT http://www.infosecurity-us.com/view/5951/researcher-documents-koobface-google-reader-trick/ http://www.infosecurity-us.com/view/5950/google-chrome-in-anonymity-blunder/ The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports. Tue, 15 Dec 2009 06:35:00 GMT http://www.infosecurity-us.com/view/5950/google-chrome-in-anonymity-blunder/ http://www.infosecurity-us.com/view/5949/spam-volumes-exceeded-premccolo-levels-this-year/ One year after the McColo shutdown, spam volumes have not only recovered, but have grown beyond what they were before the rogue ISP was taken offline. Tue, 15 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5949/spam-volumes-exceeded-premccolo-levels-this-year/ http://www.infosecurity-us.com/view/5920/weekly-brief-december-14-2009/ Infosecurity sums up the week's information security news. Mon, 14 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5920/weekly-brief-december-14-2009/ http://www.infosecurity-us.com/view/5892/pentagon-site-still-at-risk/ A Romanian hacker has exposed security flaws in the Pentagon’s public website that have remained unfixed despite warnings of their existence at least nine months ago. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5892/pentagon-site-still-at-risk/ http://www.infosecurity-us.com/view/5893/microsoft-fixes-browser-flaw/ Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5893/microsoft-fixes-browser-flaw/ http://www.infosecurity-us.com/view/5894/hacker-makes-plea-bargain/ The hacker accused of helping to perpetrate the largest credit card theft in US history has agreed to plead guilty as part of a plea bargaining deal with federal prosecutors. Fri, 11 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5894/hacker-makes-plea-bargain/ http://www.infosecurity-us.com/view/5836/cybersecurity-task-force-established/ The Senate Select Committee on Intelligence has set up a bi-partisan taskforce on cybersecurity to evaluate potential online threats and provide recommendations for action to the US intelligence community. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5836/cybersecurity-task-force-established/ http://www.infosecurity-us.com/view/5837/financial-institutions-battered-by-phishing-attacks/ Financial institutions are subjected to an average of 16 phishing attacks per week, costing them between $2.4 and $9.4 million in losses each year. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5837/financial-institutions-battered-by-phishing-attacks/ http://www.infosecurity-us.com/view/5838/firms-failing-on-pci-dss/ A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study. Thu, 10 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5838/firms-failing-on-pci-dss/ http://www.infosecurity-us.com/view/5778/cloud-based-wireless-password-crack-service-launches/ A hacker who found a flaw in the SSL protocol last year has launched a new project that cracks wireless network passwords using a cloud based computing service. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5778/cloud-based-wireless-password-crack-service-launches/ http://www.infosecurity-us.com/view/5806/isa-stimulus-not-regulation-to-spur-cybersecurity/ Market stimulus, not regulation, is the key to enhancing cybersecurity at a national level, according to a report issued by a cybersecurity advocacy group last week. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5806/isa-stimulus-not-regulation-to-spur-cybersecurity/ http://www.infosecurity-us.com/view/5809/facebook-bolsters-online-safety-efforts/ Facebook is trying to quash concerns over the privacy and safety of its online users, by pulling together several advocacy groups to form a safety advisory board. Tue, 08 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5809/facebook-bolsters-online-safety-efforts/ http://www.infosecurity-us.com/view/5753/webinar-data-leak-prevention-security-and-log-management-webinar-scheduled/ The issue of data leaks have been in the news constantly these last 12 months, with a litany of companies hit by publicly embarrassing leaks, losses and thefts. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5753/webinar-data-leak-prevention-security-and-log-management-webinar-scheduled/ http://www.infosecurity-us.com/view/5764/weekly-brief-december-7/ Infosecurity magazine reviews the past week`s information security news. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5764/weekly-brief-december-7/ http://www.infosecurity-us.com/view/5769/adobe-to-patch-mystery-flaw-tomorrow/ Adobe has announced that it will be issuing a critical update for its Flash and Air products tomorrow - but isn't telling us what the vulnerabilities are. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5769/adobe-to-patch-mystery-flaw-tomorrow/ http://www.infosecurity-us.com/view/5774/google-launches-dns-service/ Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing. Mon, 07 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5774/google-launches-dns-service/ http://www.infosecurity-us.com/view/5718/malware-rebounds-as-cause-of-data-loss/ Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5718/malware-rebounds-as-cause-of-data-loss/ http://www.infosecurity-us.com/view/5730/email-zeus-trojan-scams-on-the-rise/ Online criminals are stepping up their campaign to infectInternet users with the Zeus trojan, according to new research published by Atlanta-based managed security firm SecureWorks. Email campaigns in particular are on the rise, the company has said. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5730/email-zeus-trojan-scams-on-the-rise/ http://www.infosecurity-us.com/view/5739/cameroon-is-worst-neighborhood-on-web-for-cybersecurity/ The Cameroon '.CM' domain tops the list of the riskiest top-level domains in terms of cybersecurity, according to a report from McAfee. Fri, 04 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5739/cameroon-is-worst-neighborhood-on-web-for-cybersecurity/ http://www.infosecurity-us.com/view/5641/feds-tighten-up-cybersecurity-hiring-policies/ The federal government is tightening up hiring policies for cybersecurity professionals by launching cybersecurity competency models for its employees. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5641/feds-tighten-up-cybersecurity-hiring-policies/ http://www.infosecurity-us.com/view/5649/bitly-tools-up-to-stop-spam/ URL shortening service Bit.ly has announced that it will be using three new services to help secure its service from spam and malware. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5649/bitly-tools-up-to-stop-spam/ http://www.infosecurity-us.com/view/5664/flu-spoof-delivers-trojan/ The inevitable H1N1 flu trojan attacks have started. Yesterday, McAfee detected a new H1N1-related spam campaign, spoofing emails from the Center for Disease Control (CDC) and asking victims to fill out a 'vaccination profile' as part of a state-wide flu vaccination program. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5664/flu-spoof-delivers-trojan/ http://www.infosecurity-us.com/view/5665/prevx-apologizes-over-microsoft-black-screen-claim/ Anti-malware firm Prevx has apologized to Microsoft after admitting that the 'black screen of death' - a condition that renders Windows unusable after bootup - was not caused by faulty system patches after all. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5665/prevx-apologizes-over-microsoft-black-screen-claim/ http://www.infosecurity-us.com/view/5667/webroot-stores-email-in-cloud/ Boulder, Colorado-based web security firm Webroot has expanded its range of cloud based security services with a software as a service (Saas) based email archiving offering. Wed, 02 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5667/webroot-stores-email-in-cloud/ http://www.infosecurity-us.com/view/5614/weekly-brief-december-1-2009/ Infosecurity reports on the past week's news Tue, 01 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5614/weekly-brief-december-1-2009/ http://www.infosecurity-us.com/view/5647/ibm-snaps-up-guardium/ IBM has acquired Guardium, a company that sells enterprise database monitoring and security software. The acquisition gives IBM a software product that helps automate security compliance tasks, the companies said. Tue, 01 Dec 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5647/ibm-snaps-up-guardium/ http://www.infosecurity-us.com/view/5549/air-force-cybersecurity-unit-prepares-operations/ The newly-created 24 U.S. Air Force is about to bring limited aspects of its cybersecurity command operations center online. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5549/air-force-cybersecurity-unit-prepares-operations/ http://www.infosecurity-us.com/view/5605/atm-skimming-sentenced/ Romanian fraudster Tibenu Szebeni has been given 27 months in prison and made to pay back $52 000 in ill-gotten gains after being convicted of ATM skimming. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5605/atm-skimming-sentenced/ http://www.infosecurity-us.com/view/5610/bots-used-as-password-crackers/ Botnet machines are being used as password crackers, according to data released by Microsoft on Friday. Mon, 30 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5610/bots-used-as-password-crackers/ http://www.infosecurity-us.com/view/5546/microsoft-publishes-heapspraying-protection-research/ Microsoft has published an article describing a new tool that it hopes will thwart memory-based heap-spraying attacks on software. Thu, 26 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5546/microsoft-publishes-heapspraying-protection-research/ http://www.infosecurity-us.com/view/5547/allot-web-filtering-helps-isps-lock-out-child-pornography/ Allot Communications has launched WebSafe, a web filtering service targeting broadband service providers to help protect against illegal content such as child pornography. Thu, 26 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5547/allot-web-filtering-helps-isps-lock-out-child-pornography/ http://www.infosecurity-us.com/view/5502/symantec-hacked-in-sql-attack/ Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5502/symantec-hacked-in-sql-attack/ http://www.infosecurity-us.com/view/5503/godfather-of-spam-ralsky-goes-down/ Spam king Alan Ralsky was sentenced to four years in jail this week, for pump-and-dump stock spamming. Nine other spammers were also sent to jail for the same crime. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5503/godfather-of-spam-ralsky-goes-down/ http://www.infosecurity-us.com/view/5504/easing-economy-changes-spam-content/ Better economic conditions mean that spammers are once again advertising third party products and services, rather than mounting spam campaigns attempting to garner business for themselves, a new report from Kaspersky said this week. Wed, 25 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5504/easing-economy-changes-spam-content/ http://www.infosecurity-us.com/view/5453/employees-ready-to-steal-data-during-economic-crunch/ Economically challenged employees are likely to abandon their ethics in pursuit of new jobs by stealing corporate data, according to a survey from security firm Cyber-Ark. Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5453/employees-ready-to-steal-data-during-economic-crunch/ http://www.infosecurity-us.com/view/5478/iphone-banking-trojan-creates-botnet-from-apple-devices/ A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan. Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5478/iphone-banking-trojan-creates-botnet-from-apple-devices/ http://www.infosecurity-us.com/view/5479/china-engaged-in-longterm-information-warfare-activity-says-us-government/ China is waging a long-term sustained information warfare campaign against the US, according to a report by the US-China Economic and Security Review Commission (USCC). Tue, 24 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5479/china-engaged-in-longterm-information-warfare-activity-says-us-government/ http://www.infosecurity-us.com/view/5419/mobile-working-raises-information-security-issues-for-government/ Mobile working and online collaboration are two of the most threatening trends when it comes to information security in the federal government, according to a report released by the Ponemon Institute. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5419/mobile-working-raises-information-security-issues-for-government/ http://www.infosecurity-us.com/view/5420/canadians-too-privacy-intrusive-on-financial-data-logging/ The Canadian government is collecting more personal financial information on citizens than the law allows, according to the country's federal Privacy Commissioner. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5420/canadians-too-privacy-intrusive-on-financial-data-logging/ http://www.infosecurity-us.com/view/5421/infosecurity-us-weekly-brief-november-23-2009/ Infosecurity US rounds up the last week's information security news. Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5421/infosecurity-us-weekly-brief-november-23-2009/ http://www.infosecurity-us.com/view/5422/health-net-comes-under-scrutiny-for-data-loss/ Medical insurance firm Health Net is under investigation by at least two Attorney Generals, following a data loss that has exposed up to 1.5 million customer records Mon, 23 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5422/health-net-comes-under-scrutiny-for-data-loss/ http://www.infosecurity-us.com/view/5382/imation-ships-wireless-usb-drive/ Imation has announced what it says is the world's first wireless USB external hard drive. Fri, 20 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5382/imation-ships-wireless-usb-drive/ http://www.infosecurity-us.com/view/5402/rogue-blogs-pollute-google-results/ Another round of SEO attacks has been discovered targeting Google. Criminals are crafting custom rogue blogs designed to target the 'long tail' of obscure Google searches to avoid having to compete with more popular searches in Google results, according to cyber intelligence company Cyveillance. Fri, 20 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5402/rogue-blogs-pollute-google-results/ http://www.infosecurity-us.com/view/5346/smart-grid-could-lead-to-privacy-stupidity-warns-commissioner/ A smart electricity grid could lead to some stupid privacy decisions, according to a report issued by the Information and Privacy Commissioner of Ontario, Canada. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5346/smart-grid-could-lead-to-privacy-stupidity-warns-commissioner/ http://www.infosecurity-us.com/view/5378/dnssec-encrypted-domain-technology-gets-welcome-boost/ Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5378/dnssec-encrypted-domain-technology-gets-welcome-boost/ http://www.infosecurity-us.com/view/5380/gumblar-goes-into-overdrive/ The Gumblar botnet has moved into overdrive, changing its operating model to dramatically increase its infection rates, according to the latest monthly threat report from ScanSafe. Thu, 19 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5380/gumblar-goes-into-overdrive/ http://www.infosecurity-us.com/view/5323/defense-contractor-gets-serious-about-information-security/ Lockheed Martin has formed an information security alliance with a collection of technology providers that will focus on self-healing systems to help solve information security problems. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5323/defense-contractor-gets-serious-about-information-security/ http://www.infosecurity-us.com/view/5324/mcafee-nations-engaged-in-cold-warstyle-cyberwarfare/ Nations are secretly stockpiling tools and techniques in preparation for sophisticated cyberwarfare against each other, McAfee said in its annual Virtual Criminology report yesterday. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5324/mcafee-nations-engaged-in-cold-warstyle-cyberwarfare/ http://www.infosecurity-us.com/view/5325/los-alamos-fails-to-toe-information-security-line-again/ Los Alamos National Laboratory has spent $45 million on information security for its classified computer network in the past eight years, but it is still inadequate, according to a report from the Government Accountability Office. Wed, 18 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5325/los-alamos-fails-to-toe-information-security-line-again/ http://www.infosecurity-us.com/view/5276/network-ips-far-from-adequate-says-icsa-labs/ Seven in every 10 network IPS products never attain security certification because they are inadequate, according to a damning report from ICSA Labs, a division of Verizon business. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5276/network-ips-far-from-adequate-says-icsa-labs/ http://www.infosecurity-us.com/view/5281/astaro-offers-free-firewall-version-of-its-utm-system/ Unified threat management firm Astaro is offering a free version of its UTM product, focusing on firewall functions and targeting SMBs. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5281/astaro-offers-free-firewall-version-of-its-utm-system/ http://www.infosecurity-us.com/view/5289/microsoft-discovers-windows-7-zeroday-flaw/ Microsoft has discovered a zero-day denial of service vulnerability in the server message block (SMB) protocol used in Windows 7. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5289/microsoft-discovers-windows-7-zeroday-flaw/ http://www.infosecurity-us.com/view/5290/sophos-warns-against-tamiflu-scam/ Sophos has warned internet users against buying Tamiflu online, the drug designed to help stop people getting infected by the H1N1 virus also known as the swine flu. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5290/sophos-warns-against-tamiflu-scam/ http://www.infosecurity-us.com/view/5291/misconfigured-modems-leave-web-open-to-ddos-attacks/ Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox. Tue, 17 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5291/misconfigured-modems-leave-web-open-to-ddos-attacks/ http://www.infosecurity-us.com/view/5252/weekly-brief-november-16-2009/ Infosecurity rounds up this week's information security news. Mon, 16 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5252/weekly-brief-november-16-2009/ http://www.infosecurity-us.com/view/5222/microsoft-gets-agile-with-security-development-lifecycle/ Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5222/microsoft-gets-agile-with-security-development-lifecycle/ http://www.infosecurity-us.com/view/5223/trustwave-enters-incident-management-business/ Security and PCI compliance tools vendor Trustwave has launched an Incident Readiness Service to prepare and help protect organizations from security incidents, and help test incident response plans. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5223/trustwave-enters-incident-management-business/ http://www.infosecurity-us.com/view/5224/megad-spam-count-zeroes-out-after-fireeye-botnet-takedown/ Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down. Fri, 13 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5224/megad-spam-count-zeroes-out-after-fireeye-botnet-takedown/ http://www.infosecurity-us.com/view/5187/indorse-beefs-up-image-watermarking/ InDorse Technologies has released a software program that embeds policy information directly within its watermarking designed to protect image data. The watermarking product, called InDorse Image Assurance (InDIA), is designed to prevent the distribution of pirated photos and video gaming images to unauthorized personnel. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5187/indorse-beefs-up-image-watermarking/ http://www.infosecurity-us.com/view/5188/iphone-hacker-tool-unveiled/ Just days after an iPhone worm was discovered in the wild, Mac security firm Intego has discovered a hacker tool targeting the iPhone that exploits the same vulnerability. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5188/iphone-hacker-tool-unveiled/ http://www.infosecurity-us.com/view/5189/report-federal-agencies-overstretched-on-cybersecurity/ Only half of the federal government's agencies feel that they have an adequate security budget, according to a report released this week. And yet, cybersecurity incidents are on the rise. Thu, 12 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5189/report-federal-agencies-overstretched-on-cybersecurity/ http://www.infosecurity-us.com/view/5150/facebook-hits-back-at-hacked-groups-claims/ Facebook hit back at a grassroots digital privacy group this week, after it criticized the social media giant's handling of its Groups functionality. Control Your Info, a group hoping to highlight information privacy flaws in social media applications, revealed that it is possible for anyone to take over ownership of a Facebook group that has no administrators. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5150/facebook-hits-back-at-hacked-groups-claims/ http://www.infosecurity-us.com/view/5151/unisys-adds-more-secure-cloud-options/ Unisys has announced a locally-hosted version of its secure cloud computing system, along with updates to its existing managed public cloud offering. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5151/unisys-adds-more-secure-cloud-options/ http://www.infosecurity-us.com/view/5153/phishers-prepare-christmas-campaign/ Phishers are gearing up for the Christmas holiday season, according to the latest report from Symantec. Phishing attacks were up 17% in October compared to the previous month, and phishers continue to automate their attacks by increasingly resourcing to phishing toolkits. Wed, 11 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5153/phishers-prepare-christmas-campaign/ http://www.infosecurity-us.com/view/5115/google-cloud-platform-used-for-botnet-control/ Botnet controllers have been using cloud based systems such as the Google cloud platform as command and control nodes for infected PCs, said a researcher at Arbor Networks. Tue, 10 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5115/google-cloud-platform-used-for-botnet-control/ http://www.infosecurity-us.com/view/5068/spam-king-sanford-wallace-owes-facebook-us107m/ Spam king Sanford Wallace has been ordered to pay US$710.7 million to social networking company Facebook following a federal court case. Wallace is said to have compromised Facebook accounts using phishing emails, and used them to send spam to other members. Mon, 09 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5068/spam-king-sanford-wallace-owes-facebook-us107m/ http://www.infosecurity-us.com/view/5092/weekly-brief-november-9-2009/ Breaches, Certifications, Charges, Vulnerabilities, and Acquisitions. Infosecurity sums up the past week's news. Mon, 09 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5092/weekly-brief-november-9-2009/ http://www.infosecurity-us.com/view/5066/open-source-software-in-us-government/ The Department of Defense has updated its guidance on open source software for the first time since 2003. Sun, 08 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5066/open-source-software-in-us-government/ http://www.infosecurity-us.com/view/5067/pirate-bay-clampdown-saw-illegal-file-sharing-sites-rocket/ The closure of the popular Pirate Bay torrent tracking service earlier this year created a flood of alternative illegal file sharing sites and malware distribution hubs, according to a report released by McAfee. Sun, 08 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5067/pirate-bay-clampdown-saw-illegal-file-sharing-sites-rocket/ http://www.infosecurity-us.com/view/5063/swine-flu-could-give-internet-a-cold/ A physical pandemic such as the swine flu (H1N1) could swamp internet service providers serving residential users, according to a report from the Government Accountability Office – and the Department Of Homeland Security doesn't have a plan to deal with it. Sat, 07 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5063/swine-flu-could-give-internet-a-cold/ http://www.infosecurity-us.com/view/5065/ufo-hacker-gary-mckinnon-gets-lastminute-relief/ UK UFO hacker Gary McKinnon has been thrown a lifeline by UK home Secretary Alan Johnson following the production of medical evidence which suggests that his health could be at risk if extradited. Sat, 07 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5065/ufo-hacker-gary-mckinnon-gets-lastminute-relief/ http://www.infosecurity-us.com/view/5052/spearphishing-emails-target-customers-of-illequipped-banks/ The FBI has slammed poor security in financial institutions, after identifying a drastic rise in money being stolen from small to medium-sized businesses via spearphishing emails, it said in an intelligence note early this week. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5052/spearphishing-emails-target-customers-of-illequipped-banks/ http://www.infosecurity-us.com/view/5053/antivirus-vendors-stonyfaced-at-loselose-/ Anti-virus companies are failing to get the joke after the release of a free arcade game for the Mac that deletes the users' files during play. Lose/Lose warns 'victims' that it is about to delete files on their hard drives before they begin playing, and it keeps its word. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5053/antivirus-vendors-stonyfaced-at-loselose-/ http://www.infosecurity-us.com/view/5060/microsoft-releases-sirv7-network-worms-on-the-rise/ Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide. Fri, 06 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/5060/microsoft-releases-sirv7-network-worms-on-the-rise/ http://www.infosecurity-us.com/view/4915/weekly-brief-nov-2-2009/ Spammers, breaches, cloud concerns, and government moves make this week's headlines in our infosecurity weekly brief. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4915/weekly-brief-nov-2-2009/ http://www.infosecurity-us.com/view/4922/us-opens-cyber-security-command-centre/ The US has officially opened a state-of-the-art unified command center for government cybersecurity in Arlington, Virginia. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4922/us-opens-cyber-security-command-centre/ http://www.infosecurity-us.com/view/4924/window-7-users-struggle-to-boot-up/ Windows 7 owners are having problems installing their new operating system, especially over Vista, according to comments on Microsoft's support site. Mon, 02 Nov 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4924/window-7-users-struggle-to-boot-up/ http://www.infosecurity-us.com/view/4890/twitter-not-adequately-checking-urls-says-kaspersky/ Twitter is failing to block malicious websites that are being posted to it via URL shortening services, according to researchers from Kaspersky, who have applied their own back-end service to help solve the problem. Fri, 30 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4890/twitter-not-adequately-checking-urls-says-kaspersky/ http://www.infosecurity-us.com/view/4859/tipping-point-gets-multithreaded-with-intrusion-prevention-system-launch/ Tipping Point unveiled its latest intrusion prevention system this week, featuring an updated software / hardware combo that the company said is better at handling many tasks at once. Thu, 29 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4859/tipping-point-gets-multithreaded-with-intrusion-prevention-system-launch/ http://www.infosecurity-us.com/view/4824/experts-downplay-cyberwarfare-/ A prominent strategic think tank published a report downplaying the potential for conflict in cyberspace, adding to influential voices that question the role of cyberwarfare. Wed, 28 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4824/experts-downplay-cyberwarfare-/ http://www.infosecurity-us.com/view/4842/fbi-director-almost-fell-for-phishing-attack/ The director of the FBI and the man charged with protecting the US from cyberthreats, Rober Mueller, has given up online banking after a phishing scare. Wed, 28 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4842/fbi-director-almost-fell-for-phishing-attack/ http://www.infosecurity-us.com/view/4754/weekly-brief-october-26-2009/ Information security: Breaches, walls, charges, tools, and deals. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4754/weekly-brief-october-26-2009/ http://www.infosecurity-us.com/view/4761/man-jailed-for-selling-pirated-software-on-ebay/ A US court has sentenced a man to three years in jail for selling more than $1m worth of pirated software on eBay. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4761/man-jailed-for-selling-pirated-software-on-ebay/ http://www.infosecurity-us.com/view/4762/rsa-europe-fbi-and-soca-need-help/ The US Federal Bureau of Investigation (FBI) and the UK Serious Organised Crime Agency (Soca) have called for greater collaboration with the IT security industry in fighting cybercrime. Mon, 26 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4762/rsa-europe-fbi-and-soca-need-help/ http://www.infosecurity-us.com/view/4693/rapid7-acquires-metasploit-open-source-project/ Rapid7, the vulnerability management security specialist, has acquired Metasploit, the ongoing open source security project that developed the Metasploit Framework. The move is billed as allowing Rapid7 to enhance its penetration testing technologies. Wed, 21 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4693/rapid7-acquires-metasploit-open-source-project/ http://www.infosecurity-us.com/view/4659/symantec-says-internet-users-plagued-by-fake-antivirus-software/ Research just published by Symantec claims to show that users are increasingly being fooled into installing fake anti-virus software - aka scamware - onto their machines. Tue, 20 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4659/symantec-says-internet-users-plagued-by-fake-antivirus-software/ http://www.infosecurity-us.com/view/4627/find-out-how-to-implement-leastprivilege-security-management-for-linux-and-unix/ A least-privilege security model has its merits, but it can be challenging to implement in for example Linux and UNIX environments where administrators often share passwords to root- or other superuser accounts. Find out how to implement least-privilege security management for Linux and UNIX for free on October 27 at 10am Pacific Time. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4627/find-out-how-to-implement-leastprivilege-security-management-for-linux-and-unix/ http://www.infosecurity-us.com/view/4633/microsoft-security-essentials-gets-15-million-downloads-in-first-week/ More than 1.5 million Windows users downloaded Microsoft's free anti-virus and anti-malware tool, Security Essentials in the week after it was released, the software firm has claimed. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4633/microsoft-security-essentials-gets-15-million-downloads-in-first-week/ http://www.infosecurity-us.com/view/4636/google-apps-ad-campaign-goes-global/ Google is to expand a mass-market advertising campaign for its cloud-based office software services beyond the US today. Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4636/google-apps-ad-campaign-goes-global/ http://www.infosecurity-us.com/view/4638/weekly-brief-october-19-2009/ US$4000 lost in Facebook scam; Michigan's airport website closed due to malware; the first Windows 7 security patches appear; and more. We report on the IT security news... Mon, 19 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4638/weekly-brief-october-19-2009/ http://www.infosecurity-us.com/view/4579/walmart-epos-system-source-code-hacked-how-secure-is-the-payment-card-data/ Reports are coming in that the source code of the Wal-Mart highly customized point-of-sale (EPOS) computer system - used in almost 900 of its stores across the US - has been hacked. Fri, 16 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4579/walmart-epos-system-source-code-hacked-how-secure-is-the-payment-card-data/ http://www.infosecurity-us.com/view/4600/lawsuits-fly-over-tmobile-sidekick-cloud-data-loss/ T-Mobile has reportedly been hit by two class action lawsuits alleging that the cellular carrier misled consumers into believing that their data was secure after data was lost in the cloud Fri, 16 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4600/lawsuits-fly-over-tmobile-sidekick-cloud-data-loss/ http://www.infosecurity-us.com/view/4539/report-the-department-of-homeland-security-could-try-harder-on-web-security/ The Department of Homeland Security is putting its websites at risk by failing to patch software and conduct regular security assessments, according to a report from the inspector general, Richard Skinner. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4539/report-the-department-of-homeland-security-could-try-harder-on-web-security/ http://www.infosecurity-us.com/view/4549/us-phishing-attacks-decline-in-third-quarter/ The third quarter security trends report from Commtouch and its security alliance partners suggests that phishing is now on the decline, after peaking in the summer. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4549/us-phishing-attacks-decline-in-third-quarter/ http://www.infosecurity-us.com/view/4562/qsa-system-is-broken-says-heartland-ceo/ In a session titled ‘Enhancing payment security in 2010’, Robert O. Carr, Chairman and CEO or Heartland Payment Systems - the subject of potentially the world’s biggest data security breach earlier this year - declared that the model used by quality security assessors (QSA) is “broken”. Wed, 14 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4562/qsa-system-is-broken-says-heartland-ceo/ http://www.infosecurity-us.com/view/4512/weekly-brief-october-13-2009/ Trends, Tussles, Tools, and Attacks: We round up the last week's information security news. Tue, 13 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4512/weekly-brief-october-13-2009/ http://www.infosecurity-us.com/view/4498/google-voice-under-us-federal-spotlight/ US communication authorities are investigating allegations by telecoms group AT&T that Google has an unfair advantage because Google Voice is not covered by federal rules that govern phone service providers. Mon, 12 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4498/google-voice-under-us-federal-spotlight/ http://www.infosecurity-us.com/view/4500/fbi-nets-100-in-operation-phish-phry/ Police and FBI agents yesterday charged nearly 100 people in the US and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. Mon, 12 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4500/fbi-nets-100-in-operation-phish-phry/ http://www.infosecurity-us.com/view/4453/comcast-gets-proactive-with-malware-infected-customers/ Comcast is piloting a service that will notify customers that have been infected with malware, the company said this week. Fri, 09 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4453/comcast-gets-proactive-with-malware-infected-customers/ http://www.infosecurity-us.com/view/4454/adobe-reader-struck-by-yet-another-zeroday-security-flaw/ Adobe is warning that a critical security vulnerability in its Adobe Reader and Acrobat programs are being exploited in the wild. Fri, 09 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4454/adobe-reader-struck-by-yet-another-zeroday-security-flaw/ http://www.infosecurity-us.com/view/4444/football-and-hockey-seasons-off-to-a-malicious-start-on-web-says-esoft-/ Research revealed by eSoft, the web content filtering company, suggests there has a been a "startling increase" in compromised sports websites, including Fox Sports, the popular sports portal operated by Fox News. Thu, 08 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4444/football-and-hockey-seasons-off-to-a-malicious-start-on-web-says-esoft-/ http://www.infosecurity-us.com/view/4365/ibm-offers-sme-cloud-email-for-just-300-per-user/ IBM has surprised the cloud computing industry by launching a cloud-based email service - claiming to offer "reliability, privacy and security" - for just $3.00 per user per month. Tue, 06 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4365/ibm-offers-sme-cloud-email-for-just-300-per-user/ http://www.infosecurity-us.com/view/4346/weekly-brief-october-5-2009/ Deviousness, Defenses, and Disappointments - read all about the week's security news in our weekly brief. Mon, 05 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4346/weekly-brief-october-5-2009/ http://www.infosecurity-us.com/view/4370/rogue-malware-explodes-in-2009/ Business in rogue anti-virus software is booming, according to a new report from the Anti Phishing Working Group (APWG). In the first half of this year, the number of such programs plaguing internet users increased by 585%. Mon, 05 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4370/rogue-malware-explodes-in-2009/ http://www.infosecurity-us.com/view/4306/researchers-turn-wireless-network-into-xray-tool/ Researchers at the University of Utah have devised a way to visually monitor a room using cheap wireless sensors. The technique, known as ' variance-based radio tomography', effectively enables its users to see through walls, explain Jerry Wilson and Neal Patwari, authors of a paper on the subject. Fri, 02 Oct 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4306/researchers-turn-wireless-network-into-xray-tool/ http://www.infosecurity-us.com/view/4252/microsoft-ships-free-antivirus-tool/ Microsoft officially shipped Microsoft Security Essentials, its free anti-virus product, yesterday. The product, which had been beta tested under the codename Morro, is designed as a free software offering specifically for home users. Wed, 30 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4252/microsoft-ships-free-antivirus-tool/ http://www.infosecurity-us.com/view/4262/google-deactivates-gmail-email-account-after-us-bank-error/ In an interesting turn of events, a small bank in the US inadvertently emailed data on around 1300 of its customers to a random Gmail account. Then, after failing to contact the owner of the Gmail account, successfully requested a court to order Google to deactivate the Gmail account in question. Wed, 30 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4262/google-deactivates-gmail-email-account-after-us-bank-error/ http://www.infosecurity-us.com/view/4226/netflix-second-data-challenge-on-revealing-customers-dvd-rental-habits-has-privacy-experts-hopping-mad/ Privacy advocates are furious at plans by DVD rental service Netflix to unveil more data about the rental habits of its customers. Experts argue that the data could easily be used to identify customers and draw inferences about their lifestyles. Tue, 29 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4226/netflix-second-data-challenge-on-revealing-customers-dvd-rental-habits-has-privacy-experts-hopping-mad/ http://www.infosecurity-us.com/view/4220/weekly-brief-september-28-2009/ Takedowns, Tools, Threats, and Tsk, Tsk! We review the week's information security news. Mon, 28 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4220/weekly-brief-september-28-2009/ http://www.infosecurity-us.com/view/4168/malicious-advertising-malware-hit-popular-websites/ Popular websites have been made to serve up malware via malicious advertising delivered by advertising banner services. Fri, 25 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4168/malicious-advertising-malware-hit-popular-websites/ http://www.infosecurity-us.com/view/4131/hackers-pose-as-internet-telephony-firm-in-new-york-times-ad-scam/ The New York Times has admitted it has been the victim of a complex scam, in which a group of hackers purchased ad space on the famous publisher's website, then posed as internet telephony company Vonage, to infect users with malware. Thu, 24 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4131/hackers-pose-as-internet-telephony-firm-in-new-york-times-ad-scam/ http://www.infosecurity-us.com/view/4095/canon-printer-protects-data-in-copied-documents/ Printer company Canon has unveiled a printer that can automatically protect the data in copied documents. The Canon ImageRunner Advance printer, targeted at medium to large enterprises, features Scan Lock, a system which superimposes a watermark on copied documents, coded as a series of microdots. Wed, 23 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4095/canon-printer-protects-data-in-copied-documents/ http://www.infosecurity-us.com/view/4122/chatinthemiddle-phishing-attack-targets-online-banking/ RSA, the security division of EMC has discovered a phishing attack it calls ‘chat-in-the-middle’, which targets online banking customers tricking them into divulging username and passwords. Wed, 23 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4122/chatinthemiddle-phishing-attack-targets-online-banking/ http://www.infosecurity-us.com/view/4068/mit-projects-raise-privacy-questions/ Two experiments conducted at MIT are raising questions about the level of privacy among those who use modern tools such as mobile phones and social networks - and suggesting that there is even less of it than most of us already thought. Tue, 22 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4068/mit-projects-raise-privacy-questions/ http://www.infosecurity-us.com/view/4047/weekly-brief-september-21-2009/ Talk, Tools, Techniques, Trials, and Traps - get the lowdown on the week's security news in our weekly brief. Mon, 21 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4047/weekly-brief-september-21-2009/ http://www.infosecurity-us.com/view/4025/epic-obama-must-try-harder-on-electronic-privacy/ Eight months into its first year, the Obama administration could still try harder when it comes to electronic privacy and digital rights, according to a report card issued by an advocacy group. Fri, 18 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4025/epic-obama-must-try-harder-on-electronic-privacy/ http://www.infosecurity-us.com/view/4031/mobilecloud-workforce-security-issues-covered-in-webinar-recording/ An informative webinar - in which BigFix, Trend Micro and one of their joint customers in the healthcare sector looked at some of the problems in the mobile workforce and allied IT security sectors - was a great success this Thursday. Fri, 18 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/4031/mobilecloud-workforce-security-issues-covered-in-webinar-recording/ http://www.infosecurity-us.com/view/3993/it-security-priorities-all-wrong-according-to-sans-/ IT managers are focusing on the wrong security threats, according to a report from the SANS Institute. Wed, 16 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3993/it-security-priorities-all-wrong-according-to-sans-/ http://www.infosecurity-us.com/view/3996/us-electricity-grid-could-suffer-cascading-blackouts-from-small-attacks/ A Chinese researcher has discovered weaknesses in the US electricity grid that could enable attacks causing cascading blackouts by attacking relatively small parts of the network. Wed, 16 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3996/us-electricity-grid-could-suffer-cascading-blackouts-from-small-attacks/ http://www.infosecurity-us.com/view/3963/infosecurity-weekly-brief-september-15-2009/ Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week. Tue, 15 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3963/infosecurity-weekly-brief-september-15-2009/ http://www.infosecurity-us.com/view/3937/commuter-matching-website-highly-vulnerable-to-sql-injections/ RideMatch.info, a website used by several California-based companies and transportation boards to match commuters on similar routes, has been found to be potentially vulnerable to massive SQL injections that could result in the disclosure of users' personal data. Mon, 14 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3937/commuter-matching-website-highly-vulnerable-to-sql-injections/ http://www.infosecurity-us.com/view/3951/deploying-effective-it-security-on-a-tight-budget-webinar/ This week promises to be an exciting one for Infosecurity and its readers as, while President Obama is reportedly close to appointing a Frank Kramer, former assistant defense secretary under President Bill Clinton, as his new cybersecurity chief, we will be hosting a topical IT security webinar looking at how to protect your critical data on a budget. Mon, 14 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3951/deploying-effective-it-security-on-a-tight-budget-webinar/ http://www.infosecurity-us.com/view/3945/fake-antivirus-team-exploits-september-11-anniversary-/ Online scams related to holidays, global events, and popular news stories are common, but September 11 scammers really scraped the bottom of the moral barrel last week. Scareware scammers are using the eighth anniversary of the September 11 attacks to sell their fake anti-virus software to unsuspecting users. Sun, 13 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3945/fake-antivirus-team-exploits-september-11-anniversary-/ http://www.infosecurity-us.com/view/3922/identity-theft-911-looks-at-identity-theft-in-educational-environments/ Lapses in data security at major colleges and universities across the USA over the past four years have exposed tens of millions of personal records of students, alumni, faculty and staff and put them at risk of identity fraud and theft, according to a report from Identity Theft 911, the ID theft resolution service. Fri, 11 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3922/identity-theft-911-looks-at-identity-theft-in-educational-environments/ http://www.infosecurity-us.com/view/3864/astaro-offers-free-business-firewall-for-vmware/ Astaro Corp., has released a free business firewall for the VMware environment. The IT security vendor says that the firewall - which offers the base functionality of its Astaro Security Gateway Virtual Appliance by using a special license key - will allow organizations with virtual environments to secure their network from external threats. Thu, 10 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3864/astaro-offers-free-business-firewall-for-vmware/ http://www.infosecurity-us.com/view/3831/congress-weighs-changes-in-web-advertising-privacy/ Congress is working on proposed privacy legislation that would give consumers much more control over the personal and private information they generate and share with third-party companies on the internet during their everyday online activities. Wed, 09 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3831/congress-weighs-changes-in-web-advertising-privacy/ http://www.infosecurity-us.com/view/3862/microsoft-faces-two-zeroday-security-flaws/ Microsoft may be forced to release an out-of-cycle security update for a vulnerability published the same day as the firm released its September Patch Tuesday update. Wed, 09 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3862/microsoft-faces-two-zeroday-security-flaws/ http://www.infosecurity-us.com/view/3832/us-academics-develop-cloud-attack-methodology-/ A group of academics with the University of California in San Diego and MIT claim to have discovered a cloud attack methodology called a side channel attack. By signing up to Amazon's cloud computing service and placing a virtual machine on the same physical machine as a target application, they claim the security of the cloud application can be compromized. Tue, 08 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3832/us-academics-develop-cloud-attack-methodology-/ http://www.infosecurity-us.com/view/3809/weekly-brief-september-7-2009/ In this week’s information security news: Marshal8e6 rebrands as M86 Security; Australian federal police mock hackers - and are hacked in return; Raytheon releases industry's fastest cross-domain sharing solution; and more... Mon, 07 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3809/weekly-brief-september-7-2009/ http://www.infosecurity-us.com/view/3813/how-is-the-information-security-industry-coping-in-the-economic-downturn/ As the recession continues to chew into budgets, and cybercriminals see increased opportunity for looting, CISOs need to ensure that their information security defences remain strong but affordable. Find out more for free! Mon, 07 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3813/how-is-the-information-security-industry-coping-in-the-economic-downturn/ http://www.infosecurity-us.com/view/3798/how-to-protect-critical-data-on-a-tight-budget/ Whilst threats against business critical data have been rising steadily in recent times, almost all companies have had their IT security budgets cut or placed under intense scrutiny. Sat, 05 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3798/how-to-protect-critical-data-on-a-tight-budget/ http://www.infosecurity-us.com/view/3761/tollfree-pbx-hack-highlights-need-for-code-auditing-/ Reports that a North Carolina business has been left with a US$2500 phone bill after phone phreakers hacked its PBX via the firm's toll-free number shows the danger of failing to audit all aspects of a systems' software, said Fortify, the application vulnerability specialist. Fri, 04 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3761/tollfree-pbx-hack-highlights-need-for-code-auditing-/ http://www.infosecurity-us.com/view/3769/learn-about-how-to-keep-security-and-it-ready-for-a-pandemic/ With the recent scares about the swine flu, more and more businesses feel the need to plan for a pandemic, but are their security and IT up to the challenge? Fri, 04 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3769/learn-about-how-to-keep-security-and-it-ready-for-a-pandemic/ http://www.infosecurity-us.com/view/3734/virtualization-could-double-in-2010-but-what-about-security/ The number of organizations with at least half of their servers virtualized is expected to double in 2010 to 51%, according to a survey of 480 IT professionals about virtualization conducted by identity and access management vendor Centrify Corporation. Thu, 03 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3734/virtualization-could-double-in-2010-but-what-about-security/ http://www.infosecurity-us.com/view/3737/us-could-get-slower-broadband-than-the-uk/ The US could end up with slower broadband speeds than the UK if the Federal Communications Commission (FCC) accepts submissions on the definition of broadband from US internet service providers (ISPs). Thu, 03 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3737/us-could-get-slower-broadband-than-the-uk/ http://www.infosecurity-us.com/view/3701/windows-mobile-refresh-to-launch-in-october/ Microsoft will launch the latest version of its operating system for mobile devices next month. Wed, 02 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3701/windows-mobile-refresh-to-launch-in-october/ http://www.infosecurity-us.com/view/3706/network-box-looks-at-the-problem-of-authentication/ Many authentication systems are not secure, especially as users often fail to remember a multiple of usernames and passwords, according to security company Network Box’s latest white paper Authentication, Who Are you? Wed, 02 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3706/network-box-looks-at-the-problem-of-authentication/ http://www.infosecurity-us.com/view/3672/weekly-brief-september-1-2009/ In this week’s information security news: Trojan eavesdrops on Skype; Snow Leopard only recognizes two Trojans; private messages are sent to wrong recipients; search warrants are needed for digital data; and more… Tue, 01 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3672/weekly-brief-september-1-2009/ http://www.infosecurity-us.com/view/3674/web-20-no-a-business-enabled-or-a-security-nightmare-find-out-more-later-this-month/ Whilst Web 2.0-driven websites and services have made the mobile internet almost as popular as the desktop web, the technology is an information security manager's nightmare, with code extensibility, IP interactions and website flexibility driving a steamroller through traditional information security systems. So what are IT managers to do? Tue, 01 Sep 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3674/web-20-no-a-business-enabled-or-a-security-nightmare-find-out-more-later-this-month/ http://www.infosecurity-us.com/view/3619/google-patches-two-serious-flaws-in-chrome/ Google has patched two serious security holes in its Javascript and XML engines, according to a blog post on the Google Chrome website. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3619/google-patches-two-serious-flaws-in-chrome/ http://www.infosecurity-us.com/view/3639/facebook-shuts-apps-privacy-loophole/ Facebook has amended its privacy practices and policies to give users more control over the information they keep on the social networking site, following a report from the Canadian Privacy Commissioner. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3639/facebook-shuts-apps-privacy-loophole/ http://www.infosecurity-us.com/view/3641/us-civil-liberties-union-tells-uk-to-defend-mckinnon/ The American Civil Liberties Union has called on the UK foreign secretary to review the "lopsided" extradition treaty to prevent people like UFO hacker Gary McKinnon being "unfairly" removed from their home country to stand trial abroad. Fri, 28 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3641/us-civil-liberties-union-tells-uk-to-defend-mckinnon/ http://www.infosecurity-us.com/view/3552/phonefactor-allows-tradein-of-twofactor-security-tokens/ Two-factor security vendor PhoneFactor is taking its clue from the CARS Cash for Clunkers rebate announcing a Cash for Security Clunkers program where organisations can trade in their security tokens for a phone authentication platform. Tue, 25 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3552/phonefactor-allows-tradein-of-twofactor-security-tokens/ http://www.infosecurity-us.com/view/3511/weekly-brief-august-24-2009/ In this week’s information security news: Microsoft patch exploited by hackers; Office 2010 sandbox security welcomed by security industry; hackers get their revenge on police; and more… Mon, 24 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3511/weekly-brief-august-24-2009/ http://www.infosecurity-us.com/view/3516/data-breaches-who-has-been-named-and-shamed-in-the-last-year-find-out-more-on-24-september/ Infosecurity Magazine’s 2009 Virtual Conference on Information Security will look at recent data breaches in both public and private sectors in a session headed by Bloor Research, CheckPoint and the Open Security Foundation. Mon, 24 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3516/data-breaches-who-has-been-named-and-shamed-in-the-last-year-find-out-more-on-24-september/ http://www.infosecurity-us.com/view/3453/us-largest-card-incident-hacker-has-track-record-says-miami-herald/ As the fall-out in the Albert Gonzalez credit card hacking case - in which the card hacker was charged earlier this week with gaining unauthorized access to 130 million people's card details from major merchants - continues, the Miami Herald has published an interesting profile of the person that many are calling a super-hacker. Fri, 21 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3453/us-largest-card-incident-hacker-has-track-record-says-miami-herald/ http://www.infosecurity-us.com/view/3368/radisson-database-hacked/ Radisson Hotels & Resorts has announced that its computer systems have been accessed without authorisation between November 2008 and May 2009. Radisson is not saying, however, whether the unauthorised incursion was caused by hackers or an internal security issue, nor how many customers are affected by the incident. Thu, 20 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3368/radisson-database-hacked/ http://www.infosecurity-us.com/view/3356/us-man-charged-with-stealing-130-million-payment-card-details/ In what security experts are calling 'the largest ever identity theft case in modern history', a US man has been charged with stealing data relating to 130 million payment cards. Wed, 19 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3356/us-man-charged-with-stealing-130-million-payment-card-details/ http://www.infosecurity-us.com/view/3359/advance-internets-microsoft-deal-shows-local-ad-sales-freeforall/ Advance Internet, the division representing 36 newspaper websites owned by the Newhouse family, has entered into a ground-breaking deal with Microsoft. Wed, 19 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3359/advance-internets-microsoft-deal-shows-local-ad-sales-freeforall/ http://www.infosecurity-us.com/view/3296/delaware-man-fined-210-000-for-selling-pirate-software-online/ Whilst eBay and other major internet auction sites appear to have cleaned up their acts on the pirate software front, smaller sites are still letting some postings through. Tue, 18 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3296/delaware-man-fined-210-000-for-selling-pirate-software-online/ http://www.infosecurity-us.com/view/3194/ncsa-preps-for-national-cybersecurity-awareness-month/ The National Cyber Security Alliance (NCSA) - one of the primary promoters of National Cyber Security Awareness Month each October - has launched a website to encourage broad-based participation in education and awareness activities on cybersecurity this year. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3194/ncsa-preps-for-national-cybersecurity-awareness-month/ http://www.infosecurity-us.com/view/3197/campaign-monitor-hit-by-hacker-server-incursion/ Campaign Monitor, the Australia-based email marketing software developer, has warned users of compromise to its servers that took place over last weekend. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3197/campaign-monitor-hit-by-hacker-server-incursion/ http://www.infosecurity-us.com/view/3238/bigfix-podcasts-talk-about-security-compliance-issues-black-hat-and-defcon-/ If you want to hear an eclectic mix of views on recent events in the world of IT security, you could do worse that visit the Bigfix blog site, where Amrit Williams, the firm's chief technology officer, has been talking with industry luminary Ryan Russell in his latest podcast. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3238/bigfix-podcasts-talk-about-security-compliance-issues-black-hat-and-defcon-/ http://www.infosecurity-us.com/view/3240/webbased-malware-attacks-soaring-says-scansafe/ In its second quarterly report on IT security threats of 2008, software-as-a-service (SaaS) specialist ScanSafe reported that web-based malware had surged by over a third when compared to the first quarter of the year. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3240/webbased-malware-attacks-soaring-says-scansafe/ http://www.infosecurity-us.com/view/3277/weekly-brief-august-17-2009-/ In this week's information security briefs: Poor password management a rising problem; Gartner says that IT products and services are heading for regulation by 2015; how Google helped Twitter fend off its DDOS attacks, and more... Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3277/weekly-brief-august-17-2009-/ http://www.infosecurity-us.com/view/3283/voice-biometrics-the-challenges-and-opportunities-find-out-more-for-free-/ Infosecurity’s 2009 Virtual Conference on Information Security on 24 September includes a session on `Voice Biometrics - a new IT security technology entering the fast lane'. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3283/voice-biometrics-the-challenges-and-opportunities-find-out-more-for-free-/ http://www.infosecurity-us.com/view/3289/china-drops-internet-censorship-software-plan/ China has dropped controversial plans to force PC makers to install internet filtering software on all new computers. Mon, 17 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3289/china-drops-internet-censorship-software-plan/ http://www.infosecurity-us.com/view/3180/mobile-laptop-usage-soaring-but-what-about-company-security/ The amusing tale of how New York coffee shops - apparently fed up with laptop users hogging their table space and using up electricity for hours on end - has a much darker message, according to Sean Glynn, Director at security vendor Credant Technologies. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3180/mobile-laptop-usage-soaring-but-what-about-company-security/ http://www.infosecurity-us.com/view/3181/the-ipod-and-iphone-could-be-used-for-hacking/ Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3181/the-ipod-and-iphone-could-be-used-for-hacking/ http://www.infosecurity-us.com/view/3182/advice-for-safer-access-to-facebook-twitter-and-other-social-networking-sites/ As many readers of Infosecurity may have noticed, Web 2.0-driven social networking sites like Facebook and Twitter have become attractive targets for phishing and scamming attacks as online criminals follow the latest internet trends that are attracting the most users. Wed, 12 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3182/advice-for-safer-access-to-facebook-twitter-and-other-social-networking-sites/ http://www.infosecurity-us.com/view/3145/hold-software-providers-accountable-for-it-failures/ Regulation could protect businesses and governments from poor IT implementations that have cost billions of dollars. But at present, software is generally shipped with a disclaimer which states that the manufacturer does not guarantee it will work, unlike regulated industries such as pharmaceuticals where the supplier is held accountable for a failure in manufacturing. Tue, 11 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3145/hold-software-providers-accountable-for-it-failures/ http://www.infosecurity-us.com/view/3147/government-cybersecurity-guidelines-lacking-/ A new set of cybersecurity guidelines - released by NIST - the National Institute of Standards and Technology - leaves a lot to be desired when it comes to the protection needed for government agency computers, said the Cyber Secure Institute. Tue, 11 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3147/government-cybersecurity-guidelines-lacking-/ http://www.infosecurity-us.com/view/3127/koobface-social-networking-worm-gets-a-facelift/ Koobface, the first - and arguably the most successful of the social networking worms - is back, having been significantly tweaked by black hat hackers on the internet, reports Kaspersky Lab, the anti-malware and IT security vendor. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3127/koobface-social-networking-worm-gets-a-facelift/ http://www.infosecurity-us.com/view/3129/twitter-facebook-still-suffering-from-internet-packet-delays/ The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3129/twitter-facebook-still-suffering-from-internet-packet-delays/ http://www.infosecurity-us.com/view/3131/weekly-brief-august-10-2009/ In this week's information security briefs: ISPs team up in bid to tackle botnet problem; Former superhacker Kevin Mitnick dumped by ISP; US cyber-security tsar steps down; US military worried over Twitter security and more... Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3131/weekly-brief-august-10-2009/ http://www.infosecurity-us.com/view/3142/whats-going-wrong-with-information-security-in-government-infosecuritys-virtual-conference/ Infosecurity is pleased to confirm further details of the 2009 Virtual Conference on Information Security, which takes place online on 24 September. Mon, 10 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3142/whats-going-wrong-with-information-security-in-government-infosecuritys-virtual-conference/ http://www.infosecurity-us.com/view/3093/us-phishing-attacks-soared-50-plus-during-july-/ Research just released by Symantec shows that phishing attacks rose 52% in July while spam - as a percentage of all email - stayed about the same compared as the previous month. Fri, 07 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3093/us-phishing-attacks-soared-50-plus-during-july-/ http://www.infosecurity-us.com/view/3069/symantec-teams-up-with-lifelock-to-expand-offline/ After 27 years in the online and IT world, Symantec is moving into the offline/off-computer world thanks to a partnership with LifeLock Inc., a proactive provider of identify theft protection. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3069/symantec-teams-up-with-lifelock-to-expand-offline/ http://www.infosecurity-us.com/view/3071/managed-wireless-security-set-to-hit-1-billion-by-2014/ A study just released by ABI Research predicts a period of healthy growth for managed wireless security solutions, with growth averaging 27% a year for the period 2008 to 2014. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3071/managed-wireless-security-set-to-hit-1-billion-by-2014/ http://www.infosecurity-us.com/view/3085/twitter-goes-down-under-a-sustained-ddos-attack/ At around 3:00 pm on Thursday afternoon, Twitter, the extraordinarily popular microblogging portal, fell silent, apparently the victim of a sustained distributed denial of service (DDOS) attack. Thu, 06 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3085/twitter-goes-down-under-a-sustained-ddos-attack/ http://www.infosecurity-us.com/view/3046/companies-invest-in-it-but-do-not-measure-it-value/ Despite 30% of IT security companies increasing their investments in IT this year, fewer than half have a shared understanding of IT value across the enterprise and two-thirds fail to fully measure it, according to ISACA. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3046/companies-invest-in-it-but-do-not-measure-it-value/ http://www.infosecurity-us.com/view/3050/watchguard-acquires-borderware-in-private-transaction/ Seattle-based WatchGuard Technologies - the unified threat management (USM) security vendor - has announced plans to buy privately-held BorderWare Technology, which employs around 90 staff, for an undisclosed sum. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3050/watchguard-acquires-borderware-in-private-transaction/ http://www.infosecurity-us.com/view/3052/mozilla-moves-swiftly-to-patch-ssl-loophole-in-firefox/ Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3052/mozilla-moves-swiftly-to-patch-ssl-loophole-in-firefox/ http://www.infosecurity-us.com/view/3053/twitter-quietly-checks-tweeted-urls-draws-criticism/ Twitter has quietly started checking URLs entered into tweets (user messages) on its microblogging service and immediately flown into a barrage of criticism about its checking methodology. Wed, 05 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3053/twitter-quietly-checks-tweeted-urls-draws-criticism/ http://www.infosecurity-us.com/view/3028/arbor-networks-shows-how-iran-filters-and-blocks-internet-traffic/ Arbor Networks has published internet bandwidth usage figures from June and July that make fascinating reading if you ever wondered how less democratic governments such as Iran filters and blocks internet traffic for their citizens. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3028/arbor-networks-shows-how-iran-filters-and-blocks-internet-traffic/ http://www.infosecurity-us.com/view/3030/defcon-researchers-warn-software-updates-can-be-hijacked/ Researchers with Radware were busy over the weekend showing a Defcon audience how a classic man-in-the-middle attack could be engineered when notebook computers attempt to seek out updates for their software across public access WiFi networks. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3030/defcon-researchers-warn-software-updates-can-be-hijacked/ http://www.infosecurity-us.com/view/3031/zeus-botnet-traced-to-latvian-operation/ Researchers have been busy over the last few days tracing where the Zeus botnet is being controlled from, following investigations by the University of Alabama in the US, which tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the internet. Tue, 04 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/3031/zeus-botnet-traced-to-latvian-operation/ http://www.infosecurity-us.com/view/2966/businesses-cough-up-6m-for-unlicensed-software/ Businesses across Europe, the Middle East and Africa have paid out £6 million this year to settle disputes with the Business Software Alliance. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2966/businesses-cough-up-6m-for-unlicensed-software/ http://www.infosecurity-us.com/view/2976/weekly-brief-august-3-2009/ In this week's information security briefs: AVG flags up iTunes as malware; hackers score $219 000 from city; Microsoft's sandboxing criticised, and more... Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2976/weekly-brief-august-3-2009/ http://www.infosecurity-us.com/view/2983/apple-moves-swiftly-to-fix-iphone-security-flaws/ A potentially serious iPhone security flaw identified by researchers at the Black Hat security briefings in Las Vegas last week has been quickly patched by Apple Computer. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2983/apple-moves-swiftly-to-fix-iphone-security-flaws/ http://www.infosecurity-us.com/view/2985/us-credit-reporting-system-flawed-claims-information-security-researcher/ Clever hackers are exploiting a number of loopholes in US credit reporting systems to substantially improve their credit rating and so gain access to zero percent loans and low-cost credit cards, an information security researcher said over the weekend. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2985/us-credit-reporting-system-flawed-claims-information-security-researcher/ http://www.infosecurity-us.com/view/2987/programme-available-for-the-virtual-conference-on-information-security-2009/ The programme for Infosecurity Magazine’s Virtual Conference on Information Security 2009 is now available with an exciting line-up of speakers from the IT security industry. Mon, 03 Aug 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2987/programme-available-for-the-virtual-conference-on-information-security-2009/ http://www.infosecurity-us.com/view/2921/nasa-hacker-mckinnon-loses-extradition-appeal/ The UK hacker Gary McKinnon who became famous for hacking US military and NASA computers in 2001 and 2002 looking for evidence of UFOs, has lost his appeal against extradition to the USA. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2921/nasa-hacker-mckinnon-loses-extradition-appeal/ http://www.infosecurity-us.com/view/2946/black-hat-san-francisco-meters-hacked-for-free-parking/ At the Black Hat security conference in Las Vegas, researchers have revealed how the security of San Francisco's plans to become a showcase for the US on computerised parking has been compromised. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2946/black-hat-san-francisco-meters-hacked-for-free-parking/ http://www.infosecurity-us.com/view/2948/black-hat-researchers-reveal-more-flaws-in-secure-sockets-layer/ Researchers at the Black Hat security briefings in Las Vegas this week revealed a number of flaws that affect the secure sockets layer (SSL) system for secure internet web browsing. Fri, 31 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2948/black-hat-researchers-reveal-more-flaws-in-secure-sockets-layer/ http://www.infosecurity-us.com/view/2837/apple-claims-unlocking-iphones-could-knock-out-cell-sites/ Apple has reportedly caused a stir in copyright circles over claims that unlocking its iPhone handset from the partner network could cause the mobile to crash cellular base stations and even allow users to make free phone calls. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2837/apple-claims-unlocking-iphones-could-knock-out-cell-sites/ http://www.infosecurity-us.com/view/2864/black-hat-major-iphone-hack-to-be-revealed-today/ You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2864/black-hat-major-iphone-hack-to-be-revealed-today/ http://www.infosecurity-us.com/view/2867/black-hat-security-is-not-the-security-teams-problem-says-black-hat-keynote-speaker-douglas-merrill-/ This morning, 29th July 2009, at the Black Hat briefings in Las Vegas, Nevada, keynote speaker Douglas Merrill, told his audience that CISOs are getting information security wrong. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2867/black-hat-security-is-not-the-security-teams-problem-says-black-hat-keynote-speaker-douglas-merrill-/ http://www.infosecurity-us.com/view/2902/black-hat-information-security-trade-press-are-bound-to-google-/ At the BlackHat conference in Las Vegas, 29 July 2009, one conference session addressed the changing nature of the information security trade press. A panel of experienced journalists answered questions on the relationship between trade and mainstream media, the rise of Google news, and the financial challenges affecting the publishing industry. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2902/black-hat-information-security-trade-press-are-bound-to-google-/ http://www.infosecurity-us.com/view/2907/black-hat-legal-issues-come-free-with-cloud-computing/ The complications and concerns around cloud computing should not be underestimated, argued Alex Stamos, co-founder and partner of iSEC Partners, at the Black Hat conference in Las Vegas, 30 July 2009. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2907/black-hat-legal-issues-come-free-with-cloud-computing/ http://www.infosecurity-us.com/view/2908/black-hat-department-of-defense-call-for-three-cyberczars/ This morning, 30 July, at the Black Hat conference in Las Vegas, Robert Lentz, Senior Information Assurance Official for the Department of Defense, declared the need for two extra cyber-czar roles: one for identity, and one for information security training and education. Thu, 30 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2908/black-hat-department-of-defense-call-for-three-cyberczars/ http://www.infosecurity-us.com/view/2829/ibm-acquires-ounce-labs-boosts-application-security/ IBM has acquired another IT security development firm - Ounce Labs - to add to its ITsec research and development efforts. Wed, 29 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2829/ibm-acquires-ounce-labs-boosts-application-security/ http://www.infosecurity-us.com/view/2831/symantec-develops-pooled-highend-cyberthreat-analysis-service/ Symantec has joined the growing ranks of IT security vendors that are offering their pooled information on the latest ITsec threats as a value-added outsourced option for major corporates. Wed, 29 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2831/symantec-develops-pooled-highend-cyberthreat-analysis-service/ http://www.infosecurity-us.com/view/2817/forensics-links-fake-online-postcards-to-zeus-bot/ The Computer forensics department at the University of Alabama has tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the Internet. Tue, 28 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2817/forensics-links-fake-online-postcards-to-zeus-bot/ http://www.infosecurity-us.com/view/2737/weekly-brief-july-27-2009/ Information security: Fox News, Eugene Kaspersky reveals all, Marshal8e6's new hosted email service and more... Mon, 27 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2737/weekly-brief-july-27-2009/ http://www.infosecurity-us.com/view/2782/cloud-security-examined-in-thursday-webinar-/ Cloud computing, along with the growing number of web 2.0-enabled sites and services many of us now access on a regular basis, is changing the face of IT security. Mon, 27 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2782/cloud-security-examined-in-thursday-webinar-/ http://www.infosecurity-us.com/view/2728/free-white-paper-and-webinar-explain-how-to-source-access-assurance-technology-on-a-tight-budget/ Access assurance is fast becoming a hot topic in regulatory and best practice circles, for the simple reason the technology that drives it can save a company a significant fine for failing to comply with the latest data protection. Sat, 25 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2728/free-white-paper-and-webinar-explain-how-to-source-access-assurance-technology-on-a-tight-budget/ http://www.infosecurity-us.com/view/2698/novell-to-hop-securely-into-the-cloud-next-week/ Novell is about to join the growing list of companies developing its security-enabled products for the cloud. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2698/novell-to-hop-securely-into-the-cloud-next-week/ http://www.infosecurity-us.com/view/2702/vietnamese-cert-operation-in-trouble-for-tracking-hackers/ Reports on the Australasian newswires say that Vietnam Computer Emergency Response Team (CERT) has received an "official complaint" from its South Korean counterpart KrCERT, claiming the South Korean agency had never requested any help to investigate the attacks. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2702/vietnamese-cert-operation-in-trouble-for-tracking-hackers/ http://www.infosecurity-us.com/view/2703/privacy-rankings-linkedin-and-bebo-high-facebook-and-myspace-average-badoo-low/ Cambridge academics have revealed that social networks that promote their security controls are likely to deter users from joining, and as a result privacy guidelines are inaccessible. Fri, 24 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2703/privacy-rankings-linkedin-and-bebo-high-facebook-and-myspace-average-badoo-low/ http://www.infosecurity-us.com/view/2666/isaca-leader-calls-for-fundamental-changes-to-it-security/ John Pironti, a senior member of ISACA, the not-for-profit IT security association with 86 000 members worldwide, has called for sweeping changes in the way enterprises across the US deal with information security. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2666/isaca-leader-calls-for-fundamental-changes-to-it-security/ http://www.infosecurity-us.com/view/2667/tucows-review-shows-how-to-start-winxp-without-a-password/ If you ever wondered how to start Windows XP without a password and without going down to source code level, wonder no more, as Butterscotch's content producer Stacey Reed has posted an informative video tutorial showing how it's done. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2667/tucows-review-shows-how-to-start-winxp-without-a-password/ http://www.infosecurity-us.com/view/2669/secure-cloud-login-technology-to-be-unveiled-next-week/ California's TriCipher has announced plans to unveil its myOneLogin authentication and identification technology on day three of the Cloud SSO event in San Diego on July 29th. Thu, 23 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2669/secure-cloud-login-technology-to-be-unveiled-next-week/ http://www.infosecurity-us.com/view/2643/fed-to-invest-55-billion-in-cybersecurity-over-next-six-years/ A report on US government cybersecurity pending predicts that the US government will spend around $55 billion on cybersecurity issues over the next six years. Wed, 22 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2643/fed-to-invest-55-billion-in-cybersecurity-over-next-six-years/ http://www.infosecurity-us.com/view/2622/smartphone-security-has-privacy-problems-/ WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities. Tue, 21 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2622/smartphone-security-has-privacy-problems-/ http://www.infosecurity-us.com/view/2603/weekly-brief-july-20-2009/ Information security: Microsoft, South Korea, China, Twitter, Facebook in the news... Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2603/weekly-brief-july-20-2009/ http://www.infosecurity-us.com/view/2604/botnets-arrive-on-mobile-phones-first-worm-has-been-spotted/ A mobile phone worm called Sexy Space has been spotted by Trend Micro and is the first, the IT security vendor says, to spread itself by spamming text (SMS) messages. Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2604/botnets-arrive-on-mobile-phones-first-worm-has-been-spotted/ http://www.infosecurity-us.com/view/2609/one-in-six-spam-emails-from-usa/ The USA continued to be the top email spam country in the second quarter of 2009 making up 15.6% of global spam traffic, according to a report on the latest trends in spam from IT security and data protection firm Sophos. Mon, 20 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2609/one-in-six-spam-emails-from-usa/ http://www.infosecurity-us.com/view/2568/new-trojan-malware-variants-evade-major-antivirus-engines-claims-commtouch-/ Based on an analysis of two billion emails and internet transactions processed by its OEM anti-spam and anti-malware customers every day, CommTouch says that millions of email-borne malware such as Trojans and viruses bypassed several major anti-virus engines during the second quarter of 2009. Fri, 17 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2568/new-trojan-malware-variants-evade-major-antivirus-engines-claims-commtouch-/ http://www.infosecurity-us.com/view/2550/cybercriminals-adopt-business-strategies/ Online criminals are using state of the art business strategies to commit cybercrimes, says network equipment maker Cisco. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2550/cybercriminals-adopt-business-strategies/ http://www.infosecurity-us.com/view/2551/businesses-face-deluge-of-patches-from-microsoft-and-oracle/ IT security administrators will have to deal with more than 10 security patches from Oracle and nine from Microsoft this week. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2551/businesses-face-deluge-of-patches-from-microsoft-and-oracle/ http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure/ Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure/ http://www.infosecurity-us.com/view/2562/obama-administration-defends-bush-warrantless-wiretapping-program/ President Obama is maintaining the secrecy of a wiretapping program authorised by his predecessor, George W Bush, a Department of Justice lawyer told a San Francisco courtroom on Wednesday. Thu, 16 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2562/obama-administration-defends-bush-warrantless-wiretapping-program/ http://www.infosecurity-us.com/view/2536/firefox-reputation-takes-a-battering-on-the-security-front/ The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2536/firefox-reputation-takes-a-battering-on-the-security-front/ http://www.infosecurity-us.com/view/2537/iphone-may-be-weak-link-in-company-information-security-defences/ Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2537/iphone-may-be-weak-link-in-company-information-security-defences/ http://www.infosecurity-us.com/view/2544/swine-flu-influx-of-roaming-and-home-workers/ With the growing threat of swine flu, more and more employees are working from home, says Californian online security provider ScanSafe. Wed, 15 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2544/swine-flu-influx-of-roaming-and-home-workers/ http://www.infosecurity-us.com/view/2531/microsoft-warns-ie-users-of-another-activex-vulnerability/ Microsoft is warning Internet Explorer users of attacks that attempt to exploit an ActiveX vulnerability affecting MS Office and ISA Server. Tue, 14 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2531/microsoft-warns-ie-users-of-another-activex-vulnerability/ http://www.infosecurity-us.com/view/2496/google-chrome-os-no-viruses-malware-or-security-updates/ As Google announced the future launch of its Google Chrome operating system (OS) based on an open source Linux kernel, it also claimed that “users don’t have to deal with viruses, malware and security updates. It should just work”, but is that possible? Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2496/google-chrome-os-no-viruses-malware-or-security-updates/ http://www.infosecurity-us.com/view/2505/575-variants-of-koobface-detected-during-june-says-kaspersky-lab/ Researchers with Russian IT security vendor Kaspersky Lab say they detected 575 new variants of the Koobface worm during June. Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2505/575-variants-of-koobface-detected-during-june-says-kaspersky-lab/ http://www.infosecurity-us.com/view/2507/more-weaknesses-in-ecommerce-and-sslvpn-connections-revealed/ A report just published by Ben Chai - a director with Incoming Thought Limited and editor of the SecurityVibes portal - claims to show that a security flaw in the secure sockets layer (SSL) internet protocol has been used by criminals to circumvent supposed secure e-commerce website. Mon, 13 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2507/more-weaknesses-in-ecommerce-and-sslvpn-connections-revealed/ http://www.infosecurity-us.com/view/2495/net-hacks-and-hoaxes-more-sophisticated-than-ever-says-network-box/ Network Box, the managed security internet service provider, has published a free guide explaining - in plain English - a guide to spotting common hoaxes, hacks and other internet horrors. Fri, 10 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2495/net-hacks-and-hoaxes-more-sophisticated-than-ever-says-network-box/ http://www.infosecurity-us.com/view/2484/south-korea-and-us-sites-under-internet-assault/ South Korea - which has the largest number of DSL broadband connections per head of population in the world - is under a sustained internet attack Thu, 09 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2484/south-korea-and-us-sites-under-internet-assault/ http://www.infosecurity-us.com/view/2466/social-security-numbers-guessable-say-academics/ Two researchers from Carnegie Mellon University claim that it is possible to predict a person's social security number by using statistical analysis, throwing the security of a key personal identifier into doubt. Wed, 08 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2466/social-security-numbers-guessable-say-academics/ http://www.infosecurity-us.com/view/2448/waledec-botnet-sweeps-web-in-july-4-campaign/ The team behind the Waledec botnet mounted a new malware campaign over the July 4 weekend that has infected thousands of PCs. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2448/waledec-botnet-sweeps-web-in-july-4-campaign/ http://www.infosecurity-us.com/view/2450/internet-luring-law-to-include-sending-of-sexually-explicit-messages-sexting/ The state of Colorado has updated a law designed to protect children on the internet from sending of sexually explicit messages, known as 'sexting', to include cell phones too. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2450/internet-luring-law-to-include-sending-of-sexually-explicit-messages-sexting/ http://www.infosecurity-us.com/view/2453/gartner-expects-it-spending-to-fall-6-in-2009/ Worlwide IT spending could fall 6% to US$3.2 trillion in 2009, according to Connecticut-based IT research and advisory company Gartner. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2453/gartner-expects-it-spending-to-fall-6-in-2009/ http://www.infosecurity-us.com/view/2456/online-game-eve-sees-virtual-ebank-robbed-by-ceo/ The CEO of a virtual gaming bank within the space trading game EVE Online, has run off with 200bn of virtual credits trading them in for real world cash of £3115 (US$5100) through the black market. Tue, 07 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2456/online-game-eve-sees-virtual-ebank-robbed-by-ceo/ http://www.infosecurity-us.com/view/2438/quocirca-releases-encryption-value-analysis-report/ Quocirca, the business and IT research analysis company, has released a report looking at how encryption can add value to an organisation. Mon, 06 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2438/quocirca-releases-encryption-value-analysis-report/ http://www.infosecurity-us.com/view/2436/weekly-brief-july-6-2009/ Techniques, Tools, Concerns, Crimes, and Crashes Sun, 05 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2436/weekly-brief-july-6-2009/ http://www.infosecurity-us.com/view/2437/coldfusion-sites-under-attack/ An attack is sweeping sites using Adobe's ColdFusion scripting system, according to information received by the SANS Institute. Sun, 05 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2437/coldfusion-sites-under-attack/ http://www.infosecurity-us.com/view/2419/new-trojan-causes-problems-for-google-adsense-advertisers/ A nasty new trojan that triggers multiple click-throughs on Google AdSense - the pay-per-click sponsored web search service operated by Google - has been discovered by SecureWorks. Thu, 02 Jul 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2419/new-trojan-causes-problems-for-google-adsense-advertisers/ http://www.infosecurity-us.com/view/2359/phone-phreaker-sentenced/ An 18-year-old, legally blind hacker has been sentenced to 11 years in jail following a string of crimes revolving around phone phreaking. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2359/phone-phreaker-sentenced/ http://www.infosecurity-us.com/view/2360/jacksons-death-rocks-net/ Never one to miss a trick, the blackhat community capitalised on the death of Michael Jackson over the weekend by seeding the web with spam and malware designed to steal email addresses and join the troubled star's fans to botnets. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2360/jacksons-death-rocks-net/ http://www.infosecurity-us.com/view/2361/weekly-brief-june-30-2009/ Danny Bradbury explores some of the more interesting stories in the security field from the last week. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2361/weekly-brief-june-30-2009/ http://www.infosecurity-us.com/view/2362/java-delays-approval-of-oracles-sun-takeover/ The US Department of Justice (DoJ) wants more time to consider Oracle's $7.4bn Sun deal before giving its approval. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2362/java-delays-approval-of-oracles-sun-takeover/ http://www.infosecurity-us.com/view/2380/sanfords-mistress-my-hotmail-account-was-hacked/ The Argentinian woman at the centre of the Mark Sanford scandal has said that her Hotmail account was hacked. Tue, 30 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2380/sanfords-mistress-my-hotmail-account-was-hacked/ http://www.infosecurity-us.com/view/2311/us-cyberwarfare-unit-now-official/ The Pentagon has officially ratified the US cyber warfare unit first rumoured in April. US defense secretary Robert Gates issued a memo this week creating the unit, which will be known as USCYBERCOMM. Thu, 25 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2311/us-cyberwarfare-unit-now-official/ http://www.infosecurity-us.com/view/2295/facebook-plugs-hole-in-profile-security/ Facebook has plugged a major security hole that researchers say enabled any member of the site to view other users' personal information. Wed, 24 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2295/facebook-plugs-hole-in-profile-security/ http://www.infosecurity-us.com/view/2289/atm-malware-likely-to-spread/ The malware that has been infecting automated teller machines in eastern Europe could be about to spread to other places in the world, according to the company that uncovered the fraud. Experts at SpiderLab, the research arm of security firm Trustwave, say that there is "increased activity" around this particular strain of malware in other parts of the world. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2289/atm-malware-likely-to-spread/ http://www.infosecurity-us.com/view/2290/cisos-not-ready-to-deperimeterize-say-experts/ Chief information security officers are still ignoring the need for deperimeterization, according to a survey carried out by security firm Netwitness, and the MIS Training Institute. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2290/cisos-not-ready-to-deperimeterize-say-experts/ http://www.infosecurity-us.com/view/2291/researchers-build-browserbased-darknet/ Researchers have developed technology that enables users to participate in an anonymous, private communication session using nothing but an HTML 5-compliant web browser. Tue, 23 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2291/researchers-build-browserbased-darknet/ http://www.infosecurity-us.com/view/2261/weekly-brief-june-22-2009/ Danny Bradbury documents Tools, Twitter, Law, Hacked, Patched, and the Totally Whacked this week. Mon, 22 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2261/weekly-brief-june-22-2009/ http://www.infosecurity-us.com/view/2240/brad-pitt-more-dangerous-than-hugh-jackman-mcafee-rates-risky-search-terms-online/ Searching for ‘Brad Pitt’ is riskier than searching for ‘Hugh Jackman’ according to a McAfee study on the most dangerous search terms online. Fri, 19 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2240/brad-pitt-more-dangerous-than-hugh-jackman-mcafee-rates-risky-search-terms-online/ http://www.infosecurity-us.com/view/2231/goldencashworld-botnet-malware-and-hacker-data-exchange-portal-revealed/ Security researchers with Finjan have uncovered a highly sophisticated online botnet, malware and hacker exchange network for buying and selling access to infected PCs. Wed, 17 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2231/goldencashworld-botnet-malware-and-hacker-data-exchange-portal-revealed/ http://www.infosecurity-us.com/view/2196/lawmakers-seek-to-revamp-real-id/ Lawmakers in the US have introduced a bill that they hope will fix what they see as flaws in the controversial 2005 REAL ID act. The new bill introduces checks and balances to protect consumer privacy, according to congressional leaders and privacy watchdogs. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2196/lawmakers-seek-to-revamp-real-id/ http://www.infosecurity-us.com/view/2197/chinese-computer-protection-system-against-malware-insecure-say-researchers/ Researchers at the University of Michigan have criticized an alleged initiative by the Chinese government to protect the public's computers from malware, arguing that it creates significant vulnerabilities on users' machines. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2197/chinese-computer-protection-system-against-malware-insecure-say-researchers/ http://www.infosecurity-us.com/view/2203/learn-about-resilience-and-optimization-on-ibm-power-systems/ Vision Solution’s explores the data protection, recovery and optimization technologies and strategies for running AIX and IBM i (i5/OS) environments in its white paper State of Resilience & Optimization on IBM Power Systems. Tue, 16 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2203/learn-about-resilience-and-optimization-on-ibm-power-systems/ http://www.infosecurity-us.com/view/2176/weekly-brief-june-15-2009/ Information Security - Tools, Law, Techniques, Attacks, and Defenses Mon, 15 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2176/weekly-brief-june-15-2009/ http://www.infosecurity-us.com/view/2182/pbx-hacking-moves-into-the-professional-domain-as-arrests-stack-up-/ PBX hacking - the act of cracking into a company PBX and selling long distance/international telephone time to third parties at a discount - is alive and well, despite several years of being out of the news. Mon, 15 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2182/pbx-hacking-moves-into-the-professional-domain-as-arrests-stack-up-/ http://www.infosecurity-us.com/view/2121/apple-releases-safari-40-to-counter-security-flaws/ Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit Wed, 10 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2121/apple-releases-safari-40-to-counter-security-flaws/ http://www.infosecurity-us.com/view/2123/majority-break-information-security-policies-survey/ The majority of employees admit to serious non-compliant workplace behaviour when it comes to information security, according to a study from the Ponemon Institute and sponsored by Californian secure flash drive provider IronKey. Wed, 10 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2123/majority-break-information-security-policies-survey/ http://www.infosecurity-us.com/view/2096/learn-about-pdf-security/ LockLizard explores the pitfalls of PDF security in its white paper 10 Things You Really Wished You Had Known About PDF Security. Tue, 09 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2096/learn-about-pdf-security/ http://www.infosecurity-us.com/view/2050/indian-authorities-taking-no-chances-with-cybercafe-users/ The anonymity of cybercafe users in India is being severely curtailed, in a bid to stamp out illegal, fraudulent and terrorist usage of this popular method of gaining internet access. Mon, 08 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2050/indian-authorities-taking-no-chances-with-cybercafe-users/ http://www.infosecurity-us.com/view/2052/weekly-brief-june-8-2009/ Information security: Privacy, enforcement, attacks, and defenses Mon, 08 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2052/weekly-brief-june-8-2009/ http://www.infosecurity-us.com/view/2030/infosecurity-experts-hard-to-get-despite-economic-downturn/ Hiring managers are struggling to fill infosecurity positions due to a mismatch between salary expectations and skill levels, and current demand, information security education and certification organisation (ISC)2 has found it its latest jobs survey. Fri, 05 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2030/infosecurity-experts-hard-to-get-despite-economic-downturn/ http://www.infosecurity-us.com/view/2017/isc2-offers-live-online-cissp-review-seminar/ Florida-based information security education and certification provider (ISC)2 has introduced Live OnLine Official (ISC)2 CISSP CBK Review Seminar, said to be the first online certified information systems security professional (CISSP) learning courses with live instructions. Thu, 04 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2017/isc2-offers-live-online-cissp-review-seminar/ http://www.infosecurity-us.com/view/2009/prepare-for-end-of-office-2000-security-updates/ Users of Office 2000 should start preparing for Microsoft’s withdrawal of its security update service for Office 2000 from 14 July this year, warns California-based security software provider Fortify Software. Wed, 03 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/2009/prepare-for-end-of-office-2000-security-updates/ http://www.infosecurity-us.com/view/1964/obama-cyberczar-to-be-handpicked/ President Obama finally announced the results of Melissa Hathaway's 60-day cybersecurity review on Friday, and unveiled plans to hand pick a senior official responsible for cybersecurity policy. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1964/obama-cyberczar-to-be-handpicked/ http://www.infosecurity-us.com/view/1972/boobytrapped-directx-files-now-being-used-by-hackers/ Microsoft has warned about hackers starting to use DirectX-enabled files to give them remote access to users' PCs across the internet. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1972/boobytrapped-directx-files-now-being-used-by-hackers/ http://www.infosecurity-us.com/view/1984/weekly-brief-june-1-2009/ Information security: Tools, Techniques, Law, Attacks and Defenses Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1984/weekly-brief-june-1-2009/ http://www.infosecurity-us.com/view/1990/twitter-worm-steals-user-details/ A worm on Twitter is tricking users into giving up their user details at the same time as redirecting victims to a dating website where the aggregate number of views result in affiliate revenue. Mon, 01 Jun 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1990/twitter-worm-steals-user-details/ http://www.infosecurity-us.com/view/1938/kaspersky-researcher-criticizes-facebook-developer-policy-/ Malware attacks are becoming more targeted and more focused on social networks, according to a researcher at Kaspersky, who slammed Facebook for problems with its application certification process. Fri, 29 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1938/kaspersky-researcher-criticizes-facebook-developer-policy-/ http://www.infosecurity-us.com/view/1922/open-group-advises-on-risk-management-methods/ Independent consortium the Open Group is trying to resolve what it sees as confusion about risk management in the industry by publishing a guide to choosing a risk management methodology. Wed, 27 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1922/open-group-advises-on-risk-management-methods/ http://www.infosecurity-us.com/view/1880/weekly-brief-may-26-2009/ Information security attacks, defenses, vulnerabilities, and losses Tue, 26 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1880/weekly-brief-may-26-2009/ http://www.infosecurity-us.com/view/1856/antimalware-groups-align-themselves/ Anti-malware efforts took a significant step forward this week with the announcement of an initiative to try and bring legitimate software businesses together and lock out malware writers. Fri, 22 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1856/antimalware-groups-align-themselves/ http://www.infosecurity-us.com/view/1840/gao-slams-federal-agencies-for-poor-information-security/ The Government Accountability Office criticised Federal agencies this week for poorly implementing information security controls, arguing that most of them were deficient. Thu, 21 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1840/gao-slams-federal-agencies-for-poor-information-security/ http://www.infosecurity-us.com/view/1844/survey-shows-information-security-awareness-is-high-yet-compliance-is-low-/ SAI Global’s Benchmarking Survey 2008 finds that 95% of employees believe information security is important, but that there is a lack of knowledge and training surrounding how to identify and report incidents. Thu, 21 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1844/survey-shows-information-security-awareness-is-high-yet-compliance-is-low-/ http://www.infosecurity-us.com/view/1820/mcafee-acquires-solidcore-for-whitelisting-technology/ McAfee will acquire Solidcore Systems, a whitelisting specialist, in a US$33m deal which will allow McAfee to integrate Solidcore's technology into its blacklisting malware detection and prevention products, as well as to bolster its high-end corporate IT security offerings. Wed, 20 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1820/mcafee-acquires-solidcore-for-whitelisting-technology/ http://www.infosecurity-us.com/view/1833/gumblar-malware-attack-sweeps-web/ A modified attack that alters Google searches is taking the web by storm according to security researchers, who have identified more malware domains being used in the attack. Wed, 20 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1833/gumblar-malware-attack-sweeps-web/ http://www.infosecurity-us.com/view/1792/infosecurity-weekly-brief-may-18-2009/ Infections, Intrusions, Protections and Misdirections Mon, 18 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1792/infosecurity-weekly-brief-may-18-2009/ http://www.infosecurity-us.com/view/1788/unlimited-online-backup-from-fsecure/ An unlimited online backup solution, which works automatically in the background, has been launched by Finnish IT security service provider F-Secure. Fri, 15 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1788/unlimited-online-backup-from-fsecure/ http://www.infosecurity-us.com/view/1777/pentagon-security-cleared-worker-charged-with-cyber-espionage/ A US defense worker who had a Pentagon security clearance has been charged with providing classified information to Chinese officials. Thu, 14 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1777/pentagon-security-cleared-worker-charged-with-cyber-espionage/ http://www.infosecurity-us.com/view/1769/software-piracy-on-the-rise/ Worldwide software piracy is on the rise, according to a study by the Business Software Alliance and analyst firm IDC. Wed, 13 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1769/software-piracy-on-the-rise/ http://www.infosecurity-us.com/view/1767/forrester-questions-the-security-of-cloud-computing/ With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns. Tue, 12 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1767/forrester-questions-the-security-of-cloud-computing/ http://www.infosecurity-us.com/view/1768/estonia-now-firmly-on-the-fbi-cybercrime-map/ The importance of Estonia, one of the most Internet-connected and e-trading nations on earth, has ramped up a notch or two with the FBI, which has announced plans to station a cybercrime expert and his/her team in the country later this year. Tue, 12 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1768/estonia-now-firmly-on-the-fbi-cybercrime-map/ http://www.infosecurity-us.com/view/1746/governments-must-cooperate-on-cyber-security-report/ Governments around the world must work together to address the issue of cyber security, according to a report from Deloitte. Mon, 11 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1746/governments-must-cooperate-on-cyber-security-report/ http://www.infosecurity-us.com/view/1757/infosecurity-weekly-brief-may-12th-2009/ Danny Bradbury rounds up the most important news in the security space from the last week. Mon, 11 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1757/infosecurity-weekly-brief-may-12th-2009/ http://www.infosecurity-us.com/view/1731/heartland-takes-us126m-hit-for-breach/ Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1731/heartland-takes-us126m-hit-for-breach/ http://www.infosecurity-us.com/view/1738/bt-investigation-into-ebay-hard-drives-reveals-us-air-defence-launch-secrets-/ The latest annual BT investigation into the sale of second-hand hard drives on the internet has turned up trumps, with researchers buying a hard drive on the internet auction website eBay, containing the launch procedures for a US military air defence system. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1738/bt-investigation-into-ebay-hard-drives-reveals-us-air-defence-launch-secrets-/ http://www.infosecurity-us.com/view/1739/web-20-sites-prime-hacker-target-says-report/ Web 2.0-driven websites are now a premier target for hackers, amounting to 21% of all reported hacking incidents, according to an IT security report from the Secure Enterprise 2.0 Forum. Fri, 08 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1739/web-20-sites-prime-hacker-target-says-report/ http://www.infosecurity-us.com/view/1724/fake-search-engines-used-to-divert-users-to-malware-infected-websites/ Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security. Thu, 07 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1724/fake-search-engines-used-to-divert-users-to-malware-infected-websites/ http://www.infosecurity-us.com/view/1703/google-chrome-trumps-browser-pack-in-update-test/ Users of Google's Chrome browser are the most likely to be running the latest version of the software compared to other browsers, according to a study released this week. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1703/google-chrome-trumps-browser-pack-in-update-test/ http://www.infosecurity-us.com/view/1711/parabons-grid-technology-simulates-ddos-site-attacks/ Parabon Computation has launched a new service that simulates a distributed denial of service (DDoS) attack on a company Web site. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1711/parabons-grid-technology-simulates-ddos-site-attacks/ http://www.infosecurity-us.com/view/1713/global-security-challenge-competition-open-for-entries/ The fourth annual Global Security Challenge Competition where security entrepreneurs compete for up to US$500 000 in cash grants, is open for entries until 15 June 2009. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1713/global-security-challenge-competition-open-for-entries/ http://www.infosecurity-us.com/view/1716/rsa-splunks-sales-benefit-from-economic-downturn-/ Splunk, the vendor who calls itself “the google for data centres” are seeing an increase in sales due to the high crime that comes hand in hand with an economic downturn. Wed, 06 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1716/rsa-splunks-sales-benefit-from-economic-downturn-/ http://www.infosecurity-us.com/view/1691/palo-alto-networks-formally-launches-in-the-uk/ After several years of offering its products via a few specialist systems integrators in the UK, California's Palo Alto Networks has established a formal presence in the country. Tue, 05 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1691/palo-alto-networks-formally-launches-in-the-uk/ http://www.infosecurity-us.com/view/1698/conficker-and-facebook-twitter-attacks-dominate-q1-email-threats/ The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch. Tue, 05 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1698/conficker-and-facebook-twitter-attacks-dominate-q1-email-threats/ http://www.infosecurity-us.com/view/1679/infosecurity-europe-firms-get-access-to-military-grade-forensics/ It's not often that firms supplying specialist network forensics technology to US government agencies are allowed to supply their systems software to civilian companies, especially outside of the United States, but Utah-based Solera Networks has achieved this. Fri, 01 May 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1679/infosecurity-europe-firms-get-access-to-military-grade-forensics/ http://www.infosecurity-us.com/view/1670/fisma-inches-closer-to-reform/ Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns. Thu, 30 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1670/fisma-inches-closer-to-reform/ http://www.infosecurity-us.com/view/1596/adobe-reader-hit-by-more-zeroday-flaws/ Two more zero-day flaws have been found in Adobe Reader that could lead to users' machines being compromised. Wed, 29 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1596/adobe-reader-hit-by-more-zeroday-flaws/ http://www.infosecurity-us.com/view/1557/pentagon-readies-cyber-warfare-unit/ The Obama administration is setting up a new unit inside the Pentagon that will be responsible for offensive cyber warfare, according to reports in the Wall Street Journal - and the unit will be headed by the current director of the National Security Agency. Tue, 28 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1557/pentagon-readies-cyber-warfare-unit/ http://www.infosecurity-us.com/view/1593/infosecurity-europe-president-obamas-blackberry-revealed/ The guys on the Blackberry stand at the Infosecurity Europe show weren't willing to talk specifically about it, but it looks like the White House has taken delivery of a custom Blackberry smartphone for President Obama. Tue, 28 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1593/infosecurity-europe-president-obamas-blackberry-revealed/ http://www.infosecurity-us.com/view/1491/infosecurity-weekly-brief-april-27/ Last week, Infosecurity Magazine was at the RSA show in San Francisco. A variety of vendors launched new products. Mon, 27 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1491/infosecurity-weekly-brief-april-27/ http://www.infosecurity-us.com/view/1541/rsa-recession-will-hit-small-information-security-companies-hard-say-experts-/ Despite the need for security being exaggerated in an economic downturn, smaller IT security companies will suffer, says Dave Hansen, Corporate SVP &GM Security Business Unit at CA, speaking to Infosecurity at the RSA conference in San Francisco. Mon, 27 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1541/rsa-recession-will-hit-small-information-security-companies-hard-say-experts-/ http://www.infosecurity-us.com/view/1422/rsa-lumension-and-microsoft-ink-whitelisting-deal/ Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1422/rsa-lumension-and-microsoft-ink-whitelisting-deal/ http://www.infosecurity-us.com/view/1424/finjan-uncovers-one-of-worlds-largest-botnets/ Finjan has uncovered what appears to be one of the largest bot networks controlled by a single cybercrime gang, with 1.9 million infected zombie computers forming the swarm. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1424/finjan-uncovers-one-of-worlds-largest-botnets/ http://www.infosecurity-us.com/view/1436/rsa-symantec-ceo-enrique-salem-calls-for-automated-information-security-/ In his keynote at RSA in San Francisco, Symantec CEO Enrique Salem called for a significant shift in the way vendors and end-users approach information security. Change, said Salem, is needed to fight the current targeted threat landscape. Wed, 22 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1436/rsa-symantec-ceo-enrique-salem-calls-for-automated-information-security-/ http://www.infosecurity-us.com/view/1421/rsa-nsa-director-lieutenant-general-alexander-asks-rsa-conference-to-work-with-nsa-to-secure-nation-/ Director of NSA, Lieutenant General Keith B Alexander, congratulated the information security industry on its excellent work in his keynote address to RSA conference attendees in San Francisco on 21 April 2009. Tue, 21 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1421/rsa-nsa-director-lieutenant-general-alexander-asks-rsa-conference-to-work-with-nsa-to-secure-nation-/ http://www.infosecurity-us.com/view/1383/infosecurity-weekly-brief-april-20-2009/ Government, Twitter, Tools and the law. Mon, 20 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1383/infosecurity-weekly-brief-april-20-2009/ http://www.infosecurity-us.com/view/1403/email-authentication-needs-to-be-taken-seriously-ota/ Research from the Online Trust Alliance (OTA) claims to show that companies need to take email authentication a lot more seriously than they presently do, as well as implement the technology on much more widespread basis. Mon, 20 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1403/email-authentication-needs-to-be-taken-seriously-ota/ http://www.infosecurity-us.com/view/1331/skype-not-as-secure-as-you-might-think/ Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result. Wed, 15 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1331/skype-not-as-secure-as-you-might-think/ http://www.infosecurity-us.com/view/1334/symantec-report-observes-surge-in-malicious-code-for-2008/ Security provider, Symantec, found that malicious code activity continued to grow at a record pace throughout 2008, with the most prominent target being confidential information, according to the Symantec Internet Security Threat Report Volume XIV. Wed, 15 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1334/symantec-report-observes-surge-in-malicious-code-for-2008/ http://www.infosecurity-us.com/view/1295/infosecurity-weekly-brief-april-13-2009/ Powerpoint, Porn and Twitter Tue, 14 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1295/infosecurity-weekly-brief-april-13-2009/ http://www.infosecurity-us.com/view/1178/mccartney-site-serves-up-zeus-malware/ Paul McCartney's site was serving up the Zeus trojan for three days, according to UK security firm ScanSafe. The attack, in which paulmccartney.com was compromised with malicious Javascript, appears to have been tailored to coincide with interest in his New York reunion concert last weekend. Wed, 08 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1178/mccartney-site-serves-up-zeus-malware/ http://www.infosecurity-us.com/view/1251/infosecurity-gets-twittered-up/ Infosecurity magazine are now on Twitter. Please ‘follow’ us to receive our latest news, views and industry comments. Wed, 08 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1251/infosecurity-gets-twittered-up/ http://www.infosecurity-us.com/view/1008/infosecurity-the-week-in-brief/ Ghost in the machine The Information Warfare Monitor published a report on GhostNet, a cyber-espionage network that it discovered after conducting a security audit for the Dalai Lama's Tibetan Government in Exile. Almost 1300 machines were discovered in a micro-botnet controlled from servers mainly in Chinese IP blocks. The 30% of machines that it identified were of high importance to Chinese interests, it found. The Dalai Lama has condemned the whole affair, and the Chinese government is denying everything. Mon, 06 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1008/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/1047/sql-injection-attack-leads-to-command-execution/ SQL injection will take a new turn later this month at Black Hat Europe, when a security researcher shows how to take control of a database server using the technique. Fri, 03 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1047/sql-injection-attack-leads-to-command-execution/ http://www.infosecurity-us.com/view/1016/us-cybercrimes-soar-by-33-in-2008/ Cybercrimes in the United States hit record numbers last year, according to a report from the Internet Crime Complaint Centre (IC3), a partnership between the FBI and the National White Collar Crime Centre. Thu, 02 Apr 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1016/us-cybercrimes-soar-by-33-in-2008/ http://www.infosecurity-us.com/view/1267/week-in-brief-30032009/ Conflicker, Congress and Pink Floyd Mon, 30 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1267/week-in-brief-30032009/ http://www.infosecurity-us.com/view/1266/another-firefox-flaw-emerges/ Mozilla's Firefox browser has been hit by a zero-day bug that could enable attackers to execute arbitrary code. The bug, issued by security researcher Guido Landi, can corrupt the browser's memory using a maliciously-crafted file. Fri, 27 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1266/another-firefox-flaw-emerges/ http://www.infosecurity-us.com/view/1265/mac-os-x-attacked/ Anti-virus firm Sophos has identified a new infection vector for RSPlug, a Trojan horse targeting OS X. Graham Cluley, senior technology consultant for the company, has demonstrated an attack in which the malware is downloaded as part of a malicious high definition media player application. Thu, 26 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1265/mac-os-x-attacked/ http://www.infosecurity-us.com/view/1264/researcher-to-blow-lid-off-secure-retail-networks/ Next month, a security researcher will unveil a hack that he says could provide backdoor access into thousands of US networks. Rob Havelt, practice manager for the Spider Labs penetration testing laboratory within security firm Trustwave, will demonstrate how to hack into the frequency hopping spread spectrum (FHSS) networks that underpin everything from barcode scanning systems in retail through to some mobile IP phones. Wed, 25 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/1264/researcher-to-blow-lid-off-secure-retail-networks/ http://www.infosecurity-us.com/view/812/infosecurity-the-week-in-brief-/ Bugs, browsers, bureaucracy, backtracks and busts. Mon, 23 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/812/infosecurity-the-week-in-brief-/ http://www.infosecurity-us.com/view/761/grey-goose-2-ties-kremlin-more-closely-to-georgia-cyberattacks/ The follow-up to the Grey Goose cyberwar document has more closely linked Russia to the cyberwar against Georgia. The Kremlin's FSB tried to cloak its operations by mimicking the activities of loosely-connected criminal group the Russian Business Network, claims the explosive report, released today. Fri, 20 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/761/grey-goose-2-ties-kremlin-more-closely-to-georgia-cyberattacks/ http://www.infosecurity-us.com/view/781/worm-attacks-windows-rpc-flaw/ More worm activity has been spotted targeting a recently discovered Windows flaw. Fri, 20 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/781/worm-attacks-windows-rpc-flaw/ http://www.infosecurity-us.com/view/742/microsoft-to-launch-exploitability-analysis-tool/ Microsoft will announce an open source tool on Friday designed to help programmers filter out serious security flaws in their programs before they ship. Members of the company's Trustworthy Computing team, speaking at Vancouver-based security conference CanSecWest, will unveil !exploitable, a software tool that analyses crash data from programs and prioritizes key security flaws. Thu, 19 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/742/microsoft-to-launch-exploitability-analysis-tool/ http://www.infosecurity-us.com/view/710/indorse-launches-rights-management-system/ InDorse Technologies has launched a rights management system designed to discover and semi-automatically tag data with usage policies. Wed, 18 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/710/indorse-launches-rights-management-system/ http://www.infosecurity-us.com/view/685/antiphishing-group-in-infosharing-move/ The Anti-Phishing Working Group (APWG) is preparing a common cyber-crime reporting system that will include a hosted database and a universal crime reporting format. The non-profit group is hoping to make it easier for private and public sector groups to work together on tracking online criminals. Mon, 16 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/685/antiphishing-group-in-infosharing-move/ http://www.infosecurity-us.com/view/687/infosecurity-weekly-brief-march-16-2009/ Palin, patches and Mac hack. This week in brief. Mon, 16 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/687/infosecurity-weekly-brief-march-16-2009/ http://www.infosecurity-us.com/view/646/expert-calls-for-cyberspace-monroe-doctrine/ A mixture of private sector and congressional witnesses slammed the US for a lack of cohesion in its cyber security stance this week, calling for better leadership in the defense of the country's "cyber turf". Thu, 12 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/646/expert-calls-for-cyberspace-monroe-doctrine/ http://www.infosecurity-us.com/view/626/microsoft-preps-global-anticyber-crime-push/ Microsoft has teamed up with academia and law enforcers to create an initiative that it hopes will formalize cyber security training worldwide. Wed, 11 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/626/microsoft-preps-global-anticyber-crime-push/ http://www.infosecurity-us.com/view/557/the-week-in-brief/ Cyber intelligence There were big shakeups afoot in the US cyberintelligence community. Rod Beckström, last year's controversial pick for head of the secretive National Cybersecurity Center, resigned amid stormy allegations of bureacratic roadblocks. Mon, 09 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/557/the-week-in-brief/ http://www.infosecurity-us.com/view/556/mahalo-employee-nailed-for-botnet-crime/ An employee of the human-powered search engine Mahalo[http://www.mahalo.com/] was sentenced to four years in prison this week for operating a botnet. Fri, 06 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/556/mahalo-employee-nailed-for-botnet-crime/ http://www.infosecurity-us.com/view/549/conficker-concern-continues/ Conficker continued to garner attention from security vendors this month as it spread across the internet. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/549/conficker-concern-continues/ http://www.infosecurity-us.com/view/550/heartland-breach-generates-storm-of-lawsuits/ Embarrassment over the massive data breach suffered by Heartland Payment Systems has turned out to be only the start of the firm's problems. The company, which announced the potential compromise of an as-yet undisclosed number of card records, is now on the receiving end of lawsuits from at least eight banks and credit unions. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/550/heartland-breach-generates-storm-of-lawsuits/ http://www.infosecurity-us.com/view/551/phishing-sites-hacked-into-via-google/ Phishing sites are mainly legitimate web sites that are being hacked via 'evil' web searches, reveals a report by a trans-Atlantic team of researchers. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/551/phishing-sites-hacked-into-via-google/ http://www.infosecurity-us.com/view/553/ponemon-cost-of-breaches-rising/ The Ponemon Institute has published its annual survey analyzing the cost of data breaches, and has found them rising. Its report, 2008 Annual Study: The Cost of a Data Breach, analyzed input from 43 US firms and found that the cost of the average breach was up 2.5% from last year. It had risen even more sharply since 2006, climbing 11%. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/553/ponemon-cost-of-breaches-rising/ http://www.infosecurity-us.com/view/555/nypd-victim-of-data-theft-/ The New York Police Department's Pension Fund has admitted that the personal records of up to 80,000 police officers may have been compromised, following the theft of unencrypted data tapes from a disaster recovery facility. Thu, 05 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/555/nypd-victim-of-data-theft-/ http://www.infosecurity-us.com/view/548/damballa-updates-botnet-detection-/ Damballa has updated its botnet detection product with a host of new features, while slamming other anti-virus vendors for failing to spot large percentages of malware. Tue, 03 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/548/damballa-updates-botnet-detection-/ http://www.infosecurity-us.com/view/547/infosecurity-the-week-in-brief/ Arrests A Chinese official has reportedly been arrested for taking backhanders to help one local anti-virus company disrupt the business of another. Yu Bing, director of the internet monitoring department of Beijing’s Public Security Bureau, allegedly took 4.5m Yuan ($657,000) to frame executives at antivirus company Micropoint and stop its products reaching the market. The money was said to have come from antivirus firm Rising, according to reports. Mon, 02 Mar 2009 00:00:00 GMT http://www.infosecurity-us.com/view/547/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/542/update-dpp-has-insufficient-evidence-to-prosecute-mckinnon-in-uk/ Karen Todner, solicitor for NASA hacker Gary McKinnon has issued a statement disclosing that the Office of the Director of Public Prosecutions (DPP) “do not consider that they have sufficient evidence before them to prosecute Mr McKinnon in the United Kingdom.” Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/542/update-dpp-has-insufficient-evidence-to-prosecute-mckinnon-in-uk/ http://www.infosecurity-us.com/view/544/cansecwests-pwn2own-cracking-contest-goes-twintrack/ The three-day Pwn2Own cracking contest - which kicks off on March 18 at the CanSecWest security conference in Vancouver - is always a popular headliner, mainly because of its healthy reward for great system and software hacks. Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/544/cansecwests-pwn2own-cracking-contest-goes-twintrack/ http://www.infosecurity-us.com/view/546/id-theft-tops-consumer-complaint-list/ Identity theft continues to be the top consumer complaint in the US, according to the Federal Trade Commission. Fri, 27 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/546/id-theft-tops-consumer-complaint-list/ http://www.infosecurity-us.com/view/539/microsoft-admits-excel-zeroday-flaw/ Microsoft has warned customers about a zero-day flaw in Excel that could allow for remote code execution if specially-crafted files are opened in the spreadsheet program. Thu, 26 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/539/microsoft-admits-excel-zeroday-flaw/ http://www.infosecurity-us.com/view/538/infosecurity-the-week-in-brief/ Black Hat DC This week, Black Hat DC was on in Arlington, VA. Moxie Marlinspike announced a new attack against SSL that forces HTTPS traffic into HTTP to allow a man in the middle attack. Dan Kaminsky, who discovered the infamous DNS flaw last year and criticized SSL at the the time, reacts here. He also resolved at the conference to take two months off work to promote the adoption of DNSSEC - a more secure DNS standard that has not been widely implemented. Mon, 23 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/538/infosecurity-the-week-in-brief/ http://www.infosecurity-us.com/view/536/facebook-moves-to-save-face-on-tcs/ Social networking giant Facebook has back-tracked on a controversial decision to retain users' information, even when they close their accounts. Fri, 20 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/536/facebook-moves-to-save-face-on-tcs/ http://www.infosecurity-us.com/view/535/microsoft-conficker/ Microsoft's Conficker Cabal has been steadily registering domain names targeted by the Downadup/Conficker worm in a bid to choke off its update mechanism. Wed, 18 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/535/microsoft-conficker/ http://www.infosecurity-us.com/view/533/arrests-made-in-heartland-breach/ Timothy J. Johns, Jeremy A. Frazier and Tony Acreus, all in their early twenties, were arrested while using stolen credit card numbers to make purchases in Leon County, Tallahassee. Tue, 17 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/533/arrests-made-in-heartland-breach/ http://www.infosecurity-us.com/view/532/los-alamos-in-hot-water-over-computer-loss/ The Department of Energy has slammed Los Alamos National Laboratory (LANL) for lax cybersecurity following the revelation last week that 69 computers are missing from the nuclear laboratory. Mon, 16 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/532/los-alamos-in-hot-water-over-computer-loss/ http://www.infosecurity-us.com/view/531/obama-orders-cybersecurity-review/ President Obama has ordered a 60-day review of federal cybersecurity, appointing a former key executive in the Bush administration to lead the charge. Thu, 12 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/531/obama-orders-cybersecurity-review/ http://www.infosecurity-us.com/view/529/hackers-hit-the-road/ In a fresh case of social engineering, ever-resourceful hackers in the US have found a new way to direct unsuspecting users into downloading a virus, through fake parking tickets. Tue, 10 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/529/hackers-hit-the-road/ http://www.infosecurity-us.com/view/530/more-details-emerge-on-kaspersky-hack/ As more details of the Kaspersky web site hack came to light yesterday, the same hacking forum posted details of a similar SQL injection attack, this time on a Portugese reseller for anti-malware firm BitDefender. Tue, 10 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/530/more-details-emerge-on-kaspersky-hack/ http://www.infosecurity-us.com/view/521/mac-trojans-proliferate/ Malware writers must be celebrating the 25th anniversary of the Mac. Intego, which produces antivirus software for the OS X. platform, noticed two Trojan programs circulating in the past week on peer-to-peer sites, buried within pirated copies of high-value Mac programs. Wed, 04 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/521/mac-trojans-proliferate/ http://www.infosecurity-us.com/view/522/data-breach-costs-rising/ The average cost of data breaches are rising, according to a report from the Ponemon Institute, which says that lost business is the biggest expense for companies that have their data pilfered. Wed, 04 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/522/data-breach-costs-rising/ http://www.infosecurity-us.com/view/524/9m-lifted-in-rbs-worldpay-atm-heist/ The FBI is investigating a $9m large-scale ATM fraud using cards cloned from US card processor RBS Worldpay. Wed, 04 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/524/9m-lifted-in-rbs-worldpay-atm-heist/ http://www.infosecurity-us.com/view/525/kaspersky-site-hacked-over-weekend/ Anti-malware vendor Kaspersky's site was hacked over the weekend, using an SQL injection attack. While admitting that the site was vulnerable, Kaspersky is denying that the vulnerabiity was critical. The hacker nevertheless listed what he said was the full set of tables from the firm's MySQL database. Wed, 04 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/525/kaspersky-site-hacked-over-weekend/ http://www.infosecurity-us.com/view/520/google-falls-victim-to-human-error/ On Saturday, Google users were warned that all their search results were potentially harmful, due to a widespread result of human error. Tue, 03 Feb 2009 00:00:00 GMT http://www.infosecurity-us.com/view/520/google-falls-victim-to-human-error/ http://www.infosecurity-us.com/view/517/hackers-run-up-207-000-phone-bill-for-canadian-law-firm/ If you've had a high company phone bill recently, spare a thought for Martin & Hillyer, a law firm in Burlington, Ontario. Thu, 29 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/517/hackers-run-up-207-000-phone-bill-for-canadian-law-firm/ http://www.infosecurity-us.com/view/518/kyrgyzstan-goes-offline-russia-blamed/ The former Soviet state of Kyrgyzstan has been under cyber attack since January 18, it was revealed yesterday - and security experts believe that the Russian Government is indirectly responsible. Thu, 29 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/518/kyrgyzstan-goes-offline-russia-blamed/ http://www.infosecurity-us.com/view/519/monstercom-hit-by-new-breach/ Online recruitment website monster.com has suffered from another major data breach. Thu, 29 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/519/monstercom-hit-by-new-breach/ http://www.infosecurity-us.com/view/512/cyber-criminals-to-cash-in-on-credit-crunch/ Cyber-criminals are exploiting the economic downturn to scam users, according to the 2009 threat report from security firm McAfee. Mon, 26 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/512/cyber-criminals-to-cash-in-on-credit-crunch/ http://www.infosecurity-us.com/view/513/heartland-discovers-card-heist/ Payment processing company Heartland Payment Systems was red-faced last week after the disclosure of a data breach that took place in 2008. Mon, 26 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/513/heartland-discovers-card-heist/ http://www.infosecurity-us.com/view/515/warrantless-wiretapping-aok-says-us-court/ The FISA Court of Review (FISCR) has released an opinion concerning warrantless wiretapping by the US government. Mon, 26 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/515/warrantless-wiretapping-aok-says-us-court/ http://www.infosecurity-us.com/view/516/downadup-gathers-steam-amid-vendor-confusion/ As the Downadup worm continued its inexorable spread across the Internet last week, US-CERT issued an advisory claiming that Microsoft instructions for stopping one of its infection techniques were inadequate. Mon, 26 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/516/downadup-gathers-steam-amid-vendor-confusion/ http://www.infosecurity-us.com/view/511/update-mckinnon-wins-permission-for-judicial-review/ 'NASA hacker' Gary McKinnon has won permission from the High Court to apply for a judicial review against his extradition to the United States. Fri, 23 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/511/update-mckinnon-wins-permission-for-judicial-review/ http://www.infosecurity-us.com/view/510/update-lifeline-for-mckinnon/ According to his lawyer, Karen Todner, Gary McKinnon, who may be facing extradition after confessing to hacking into US military computers, was told yesterday that the UK High Court would delay his hearing until the director for public prosecutions had considered the case following McKinnon's diagnosis with Asperger's syndrome; a procedure which is expected to take four weeks. Wed, 21 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/510/update-lifeline-for-mckinnon/ http://www.infosecurity-us.com/view/502/extradition-looms-as-the-fires-of-hell-burn-for-gary-mckinnon/ At the time of writing, the NASA hacker Gary McKinnon, who reportedly perpetrated the biggest military hack on record, was awaiting a decision from the Crown Prosecution Service on whether a recent signed confession, along with his diagnosis with Asperger’s syndrome, would help him to avoid extradition to the US and a potential 70 year prison sentence. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/502/extradition-looms-as-the-fires-of-hell-burn-for-gary-mckinnon/ http://www.infosecurity-us.com/view/503/one-in-four-stalking-victims-targeted-online/ Approximately one quarter of stalking or harassment cases in the US include an element of cyberstalking, according to a report from the Bureau of Justice statistics this week. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/503/one-in-four-stalking-victims-targeted-online/ http://www.infosecurity-us.com/view/504/privacy-groups-sue-fbi-for-activist-raid/ The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California are suing the FBI over computer searches conducted at two activist organizations' offices. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/504/privacy-groups-sue-fbi-for-activist-raid/ http://www.infosecurity-us.com/view/506/safari-file-access-bug-discovered/ Security researcher Brian Mastenbrook claims to have discovered a flaw in the Safari web browser that makes it possible for a malicious website to read files on a user's hard drive without their permission. Users of the browser on both the Windows and Mac OS X operating systems are affected. The workaround, posted on his blog, suggests that the problem lies with the browser's RSS capabilities, although he adds that users of OS X 10.5 (Leopard) are affected by the problem whether or not they use the RSS feeds. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/506/safari-file-access-bug-discovered/ http://www.infosecurity-us.com/view/507/new-botnets-on-the-prowl/ Two new botnets have emerged in the past few weeks, and at least one shows signs of being an upgrade to a previous botnet that wreaked havoc in the wild. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/507/new-botnets-on-the-prowl/ http://www.infosecurity-us.com/view/508/organizations-counsel-new-president-on-privacy-issues/ President Obama has yet another set of technological recommendations to mull over following his inauguration today. The National Institute of Standards and Technology (NIST) published a draft set of recommendations for protecting personal information, while the Future of Privacy Forum (FPF) provided its own list of requirements for protecting consumer privacy. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/508/organizations-counsel-new-president-on-privacy-issues/ http://www.infosecurity-us.com/view/509/downadup-worm-goes-nuclear/ A network worm that began to spread late last year has turned into a epidemic. The Downadup worm, which we reported on last week, has infected around 3.5m PCs, according to F-Secure. Fri, 16 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/509/downadup-worm-goes-nuclear/ http://www.infosecurity-us.com/view/496/downadup-worm-continues-to-spread/ More evidence has appeared of the spread of a network work based on the RPC vulnerability that was found in Microsoft Windows in October. The network worm Downadup has failed to gain much traction on the open internet, according to anti-virus firm F-Secure, but is getting into corporate networks on a consistent basis. Mon, 12 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/496/downadup-worm-continues-to-spread/ http://www.infosecurity-us.com/view/497/doj-memo-gaffe-reveals-informant-ids/ The office of an attorney working at the US Department of Justice made the biggest email mistake of his life last week, sending out information revealing the names of 25 anonymous witnesses in a financial fraud investigation. Mon, 12 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/497/doj-memo-gaffe-reveals-informant-ids/ http://www.infosecurity-us.com/view/498/new-mac-tracking-iphone-smartcard-debut-at-macworld/ Apple's own announcements at the MacWorld show last week may have been relatively underwhelming, but several companies rolled out new security technologies at the event. A stolen computer tracker accompanied a two-factor authentication system for the iPhone. Mon, 12 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/498/new-mac-tracking-iphone-smartcard-debut-at-macworld/ http://www.infosecurity-us.com/view/500/hamas-israel-conflict-goes-cyber/ The ongoing battle between Israel and Hamas in the Gaza strip is creating a widening online cyber-conflict, according to reports last week. US Government web sites are the latest among hundreds that have reportedly been defaced by activists protesting the war. Mon, 12 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/500/hamas-israel-conflict-goes-cyber/ http://www.infosecurity-us.com/view/501/mckinnon-confesses-to-nasa-hacks/ Gary McKinnon, the notorious ‘NASA hacker’ has signed a confession relating to a charge under the Misuse of Computers Act in an attempt to remain in the UK. Mon, 12 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/501/mckinnon-confesses-to-nasa-hacks/ http://www.infosecurity-us.com/view/494/proof-of-concept-attack-further-discredits-md5-/ Researchers put the final nail in the coffin of the MD5 encryption algorithm this week after using 200 PS3 consoles to fake a real-world SSL certificate. Wed, 07 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/494/proof-of-concept-attack-further-discredits-md5-/ http://www.infosecurity-us.com/view/495/obamas-twitter-account-hacked-/ President-elect Obama was among 33 celebrities whose Twitter accounts were hacked this week. Attackers managed to compromise the accounts on the microblogging service by hacking into the company's support tools. Wed, 07 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/495/obamas-twitter-account-hacked-/ http://www.infosecurity-us.com/view/490/microsoft-patches-critical-internet-explorer-flaw/ Microsoft has posted an emergency security patch for Internet Explorer after a critical zero-day flaw was discovered in the browser. Users have been advised to download the patch via Windows Automated Updated. Mon, 05 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/490/microsoft-patches-critical-internet-explorer-flaw/ http://www.infosecurity-us.com/view/491/us-and-europe-agree-data-protection-principles-/ The US and Europe have agreed on a set of high-level principles designed to protect personal data gathered during law enforcement procedures. Mon, 05 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/491/us-and-europe-agree-data-protection-principles-/ http://www.infosecurity-us.com/view/492/drop-zones-hold-treasure-trove-of-stolen-goods/ Millions of dollars-worth of stolen financial information harvested from nearly 200,000 computers is likely to be just the tip of the iceberg, according to a report from researchers at the University of Mannheim, Germany. The information was detected by the security team as part of an automated data analysis project designed to determine the size of the underground economy. Mon, 05 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/492/drop-zones-hold-treasure-trove-of-stolen-goods/ http://www.infosecurity-us.com/view/493/iphone-spyware-surfaces-/ Retina-X Studios has released the first software designed to secretly spy on iPhone users. The iPhone version of the Mobile Spy software can log phone activity including calls and SMS mesages in stealth mode, without showing up in the device's process list. Mon, 05 Jan 2009 00:00:00 GMT http://www.infosecurity-us.com/view/493/iphone-spyware-surfaces-/ http://www.infosecurity-us.com/view/790/fbi-warns-of-vishing-attacks-using-voip-software-/ The FBI has identified a new technique used to conduct "vishing" attacks, where hackers exploit a known security vulnerability in Asterisk phone software. Fri, 12 Dec 2008 00:00:00 GMT http://www.infosecurity-us.com/view/790/fbi-warns-of-vishing-attacks-using-voip-software-/ http://www.infosecurity-us.com/view/794/ftc-pursues-alleged-scareware-firms-/ The Federal Trade Commission has filed a complaint against two companies that it says operate 'scareware' scams that have scammed users into buying their software. Fri, 12 Dec 2008 00:00:00 GMT http://www.infosecurity-us.com/view/794/ftc-pursues-alleged-scareware-firms-/ http://www.infosecurity-us.com/view/775/network-worms-are-back/ If you thought the age of mass infections via network worm was over, think again. A worm exploiting a recently-announced Windows flaw has infected at least half a million machines in just a couple of weeks, according to experts. Fri, 05 Dec 2008 00:00:00 GMT http://www.infosecurity-us.com/view/775/network-worms-are-back/ http://www.infosecurity-us.com/view/783/wpa-cracked/ A newly-discovered vulnerability in a common wireless network encryption standard is a timely warning to business to upgrade to the latest encryption version, say security experts. Fri, 05 Dec 2008 00:00:00 GMT http://www.infosecurity-us.com/view/783/wpa-cracked/ http://www.infosecurity-us.com/view/789/mcafee-calls-for-more-legal-measures-on-cybercrime/ ISPs, banks and software vendors must be legally persuaded to take a more prominent role in fighting cybercrime, warns a report from McAfee released Tuesday 9 December. The firm's Virtual Criminology Report calls for more law enforcement training and more liability for software vendors, along with legal incentives for ISPs as the 'front line' for anti-cybercrime measures. Fri, 05 Dec 2008 00:00:00 GMT http://www.infosecurity-us.com/view/789/mcafee-calls-for-more-legal-measures-on-cybercrime/ http://www.infosecurity-us.com/view/785/more-research-needed-to-understand-hacker-techniques-say-experts/ IT security defences are unable to cope with e-crime operations that are now at the heart of a professional and well organised underground economy. Fri, 28 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/785/more-research-needed-to-understand-hacker-techniques-say-experts/ http://www.infosecurity-us.com/view/786/congress-concerns-over-china-cyberwarefare-program/ A Congressional Panel of six Democrats and six Republicans has concluded that China has developed a highly sophisticated cyberwarfare program and is ramping up its capacity to penetrate US computer networks. Mon, 24 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/786/congress-concerns-over-china-cyberwarefare-program/ http://www.infosecurity-us.com/view/788/fsecure-adds-remote-locking-and-wiping-technology-to-mobile-phones/ F-Secure has added data protection technology to its mobile security software system to protect information held on stolen smart phones. Mon, 24 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/788/fsecure-adds-remote-locking-and-wiping-technology-to-mobile-phones/ http://www.infosecurity-us.com/view/802/icann-cans-estonian-registrars-credentials/ For a while it looked like the not-for-profit Internet registrar of registrars might waver in its plans to revoke the credentials of EstDomains, a domain name registrar with a reported reputation for dealing with spam generators and similar internet companies. Fri, 14 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/802/icann-cans-estonian-registrars-credentials/ http://www.infosecurity-us.com/view/796/spammers-launch-presidential-campaign/ A malicious spam campaign is exploiting the excitement surrounding Barrack Obama’s success in the presidential elections. Thu, 06 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/796/spammers-launch-presidential-campaign/ http://www.infosecurity-us.com/view/780/quocirca-report-quantifies-outsourcing-risk-for-the-first-time/ Business and IT research firm Quocirca has released a report which, for the first time, quantifies the risk that companies face when they outsource the various elements of their IT functions. Wed, 05 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/780/quocirca-report-quantifies-outsourcing-risk-for-the-first-time/ http://www.infosecurity-us.com/view/801/microsoft-predicts-it-security-threats-will-rise-in-h2-of-2008/ Microsoft has released the findings of the fifth volume of its Security Intelligence Report, which claims to provides an in-depth view of the threat landscape based on data derived from hundreds of millions of computers around the world for the first half of 2008. Wed, 05 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/801/microsoft-predicts-it-security-threats-will-rise-in-h2-of-2008/ http://www.infosecurity-us.com/view/798/russian-fake-antivirus-software-firm-rakes-in-5-million/ A Russian firm at the heart of fake anti-virus software, which allegedly generates false virus and malware alerts when the package is loaded, has boasted of making $5 million a year. Mon, 03 Nov 2008 00:00:00 GMT http://www.infosecurity-us.com/view/798/russian-fake-antivirus-software-firm-rakes-in-5-million/ http://www.infosecurity-us.com/view/776/airline-eticket-scam-infects-tens-of-thousands-of-users/ As the holiday season approaches, millions of Americans are making their travel preparations, so it's hardly surprising that a large number have `clicked through' on an email that purports to be an airline e-ticket and boarding pass. Fri, 24 Oct 2008 00:00:00 GMT http://www.infosecurity-us.com/view/776/airline-eticket-scam-infects-tens-of-thousands-of-users/ http://www.infosecurity-us.com/view/779/airline-eticket-scam-infects-tens-of-thousands-of-users/ As the holiday season approaches, millions of Americans are making their travel preparations, so it's hardly surprising that a large number have `clicked through' on an email that purports to be an airline e-ticket and boarding pass. Fri, 24 Oct 2008 00:00:00 GMT http://www.infosecurity-us.com/view/779/airline-eticket-scam-infects-tens-of-thousands-of-users/ http://www.infosecurity-us.com/view/797/texas-national-guard-web-site-hacked-used-to-launch-malware-attacks/ Officials with the Texas National Guard took their Web site offline overnight on Thursday, after it became clear the site had been hacked and was being used to offer fake (and possibly infected) IT security software, as well as planting rootkits on unsuspecting visitor's PCs. Mon, 22 Sep 2008 00:00:00 GMT http://www.infosecurity-us.com/view/797/texas-national-guard-web-site-hacked-used-to-launch-malware-attacks/ http://www.infosecurity-us.com/view/1228/german-firm-develops-worlds-first-trojanproof-password-system/ Global IP Communications claims to have developed the world's first Trojan-proof password dialog system for Windows PCs. Wed, 17 Sep 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1228/german-firm-develops-worlds-first-trojanproof-password-system/ http://www.infosecurity-us.com/view/1233/countrywide-home-loans-loses-data-on-two-million/ A rogue employee has been blamed for one of the largest data thefts in the United States in recent times, affecting as many as two million- plus customers of Countrywide home loans. Fri, 12 Sep 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1233/countrywide-home-loans-loses-data-on-two-million/ http://www.infosecurity-us.com/view/1223/breakthrough-security-firefox-plugin-stops-maninthemiddle-attacks/ Researchers at Carnegie Mellon University have released a security plug-in for Firefox 3 that can detect – and block – access to a Web site that has problems with its security certificate. Fri, 05 Sep 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1223/breakthrough-security-firefox-plugin-stops-maninthemiddle-attacks/ http://www.infosecurity-us.com/view/793/satan-is-on-my-friends-list/ ID theft via social networking sites is all media hype according to Shawn Moyer and Nathan Hamiel. In their session on social networking at Black Hat, Las Vegas, the duo insisted that ID theft via social networking sites is not a problem. Mon, 18 Aug 2008 00:00:00 GMT http://www.infosecurity-us.com/view/793/satan-is-on-my-friends-list/ http://www.infosecurity-us.com/view/782/cyberattack-in-georgia/ While war was breaking out over South Ossetia on 8 August, Georgia’s Government website fell victim to cyber-attack. Fri, 15 Aug 2008 00:00:00 GMT http://www.infosecurity-us.com/view/782/cyberattack-in-georgia/ http://www.infosecurity-us.com/view/787/microsoft-to-give-partners-early-info-on-security/ Microsoft has introduced new security-related programs that share early information with partners to help them protect customers quickly and effectively. Fri, 08 Aug 2008 00:00:00 GMT http://www.infosecurity-us.com/view/787/microsoft-to-give-partners-early-info-on-security/ http://www.infosecurity-us.com/view/1239/excountrywide-employee-arrested-over-massive-info-theft/ The FBI has arrested a former Countrywide Financial Corp. employee and another man in an alleged scheme to steal and sell the sensitive personal information, including Social Security numbers, of as many as two million mortgage applicants, the Los Angeles Times has reported. Mon, 04 Aug 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1239/excountrywide-employee-arrested-over-massive-info-theft/ http://www.infosecurity-us.com/view/1238/spam-kings-one-jailed-one-escapes-and-kills-family/ This week the media spotlight was turned towards “spam kings.” One was sent to jail while another escaped from his minimum security prison before killing his family and himself. Fri, 25 Jul 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1238/spam-kings-one-jailed-one-escapes-and-kills-family/ http://www.infosecurity-us.com/view/792/angry-employee-disables-san-francisco-network/ A disgruntled San Francisco computer engineer is still in jail five days after blocking access to the city’s system to everyone except himself. On Thursday he pleaded not guilty today to four counts of computer tampering and remains behind bars on $5 million bail. Fri, 18 Jul 2008 00:00:00 GMT http://www.infosecurity-us.com/view/792/angry-employee-disables-san-francisco-network/ http://www.infosecurity-us.com/view/1242/computerworld-casts-doubt-on-lost-laptops-study/ A study regarding lost and stolen laptops at US airports, which must have sent shivers down the spines of computer security executives, has been put into doubt by news magazine, Computerworld. Fri, 11 Jul 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1242/computerworld-casts-doubt-on-lost-laptops-study/ http://www.infosecurity-us.com/view/1237/big-five-it-vendors-announce-focus-on-security/ Five of the world’s leading IT vendors have announced the creation of the Industry Consortium for Advancement of Security on the Internet (ICASI). Fri, 04 Jul 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1237/big-five-it-vendors-announce-focus-on-security/ http://www.infosecurity-us.com/view/1241/new-efforts-to-battle-botnetdriven-spam/ Network operators and ISPs from around the world are working together to address issues that will help block botnet-induced spam. Fri, 27 Jun 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1241/new-efforts-to-battle-botnetdriven-spam/ http://www.infosecurity-us.com/view/784/plenty-to-worry-growing-infosec-profession/ An in-depth look at the results of the 2008 version of the annual ISC2 Global Information Security Workforce Study reveals the growth both in size and influence of the profession. It reveals also what is worrying security professionals … and the answer to that is plenty. Tue, 24 Jun 2008 00:00:00 GMT http://www.infosecurity-us.com/view/784/plenty-to-worry-growing-infosec-profession/ http://www.infosecurity-us.com/view/1243/spearphishing-attacks-attain-record-levels/ Targeted social engineering attacks, also referred to as spear phishing, are on the rise. Fri, 13 Jun 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1243/spearphishing-attacks-attain-record-levels/ http://www.infosecurity-us.com/view/1235/credit-agency-gives-free-monitoring-to-millions/ As part of a preliminary settlement of a $10 billion class action suit, millions of US consumers will soon be eligible for free credit monitoring. Fri, 06 Jun 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1235/credit-agency-gives-free-monitoring-to-millions/ http://www.infosecurity-us.com/view/1226/us-government-receives-grade-c-in-it-security/ The US federal government improved slightly in its ability to secure its computer systems and networks, from a C- to C. Fri, 30 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1226/us-government-receives-grade-c-in-it-security/ http://www.infosecurity-us.com/view/1230/insider-threats-keeping-it-directors-awake-at-night/ The leaking of sensitive information through the email system was ranked far ahead of the threat from external hackers, according to a new study.c Fri, 30 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1230/insider-threats-keeping-it-directors-awake-at-night/ http://www.infosecurity-us.com/view/1234/mobile-devices-raise-security-concerns/ As mobile devices like the iPhone and BlackBerry become increasingly popular among end users, enterprises are worried about ensuring the security of their data. Fri, 30 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1234/mobile-devices-raise-security-concerns/ http://www.infosecurity-us.com/view/1236/computer-crime-needs-management-and-education/ A US university researcher has devised an antifraud strategy for business, indicating that reports of computer fraud only represent a tip of a potentially large iceberg. Fri, 30 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1236/computer-crime-needs-management-and-education/ http://www.infosecurity-us.com/view/1231/largest-us-power-company-vulnerable-to-hacking/ The US Government Accountability Office (GAO) warned the nation’s largest public power company is vulnerable to computer hackers and terrorists ready to disrupt America’s power grid. Thu, 29 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1231/largest-us-power-company-vulnerable-to-hacking/ http://www.infosecurity-us.com/view/220/government-meets-with-cynicism-after-revealing-plans-for-giant-database/ The government faces sceptisicm after revealing plans to implement a huge database storing citizens’ phone and web records. Fri, 23 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/220/government-meets-with-cynicism-after-revealing-plans-for-giant-database/ http://www.infosecurity-us.com/view/1186/social-network-for-hackers-launched/ A computer security consultancy has set up a social network for hackers, called House of Hackers. Mon, 19 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1186/social-network-for-hackers-launched/ http://www.infosecurity-us.com/view/1216/fbi-probes-counterfeit-network-hardware/ The FBI have revealed that the US government has purchased counterfeit networking equipment that could jeopardize the security of its military and other government systems. Mon, 19 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1216/fbi-probes-counterfeit-network-hardware/ http://www.infosecurity-us.com/view/1215/hackers-indicted-for-stealing-more-than-5-000-account-numbers-at-dave-busters/ A US federal grand jury has indicted three alleged hackers charged with stealing credit and debit card numbers from a national restaurant chain, Dave & Buster’s. Fri, 16 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1215/hackers-indicted-for-stealing-more-than-5-000-account-numbers-at-dave-busters/ http://www.infosecurity-us.com/view/1201/senators-want-answers-on-president-bushs-secret-cyber-security-initiative/ Two influential US senators are demanding more information about the so-far, ultra-secret Comprehensive National Cybersecurity Initiative (CNCI), which is being put in place to protect the nation’s infrastructure against cyber terrorists and criminals. Fri, 09 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1201/senators-want-answers-on-president-bushs-secret-cyber-security-initiative/ http://www.infosecurity-us.com/view/1218/facebook-applications-exposed-as-security-risk/ Speculation on the security of social networking has increased amid reports that applications on Facebook are capable of collecting personal information. Thu, 01 May 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1218/facebook-applications-exposed-as-security-risk/ http://www.infosecurity-us.com/view/1192/show-floor-security-software-is-snake-oil/ BT’s security expert Bruce Schneier was scathing about lots of security software calling it “snake oil” in an interview this week. Thu, 24 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1192/show-floor-security-software-is-snake-oil/ http://www.infosecurity-us.com/view/1222/jericho-forum-unveils-new-security-framework-for-online-usage/ The Jericho Forum has unveiled a new security framework for interactive business Internet users. Wed, 23 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1222/jericho-forum-unveils-new-security-framework-for-online-usage/ http://www.infosecurity-us.com/view/1224/customers-clamoring-for-selfencrypting-hard-drives/ Seagate Technology has debuted a new breed of self-encrypting hard drives for mission-critical servers and storage arrays. Wed, 16 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1224/customers-clamoring-for-selfencrypting-hard-drives/ http://www.infosecurity-us.com/view/1227/security-officer-should-have-more-strategic-role/ When it comes to defining what a Chief Security Officer does in an enterprise think less of a corporate cop and more of a business enabler. That was the message at the RSA Conference from Dave Hansen, former CIO at CA and now a senior vice president and general manager of the company’s Security Management business. Wed, 16 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1227/security-officer-should-have-more-strategic-role/ http://www.infosecurity-us.com/view/1219/it-lobbying-groups-merge/ Building a powerhouse cyber security public advocacy group, two leading technology lobbying groups, the Information technology Association of America (ITAA) and the Cyber Security Industry Alliance (CSIA), announced their intent to merge. Mon, 14 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1219/it-lobbying-groups-merge/ http://www.infosecurity-us.com/view/1225/microsoft-joins-mit-kerberos-consortium/ Microsoft has joined the MIT Kerberos Consortium as a founding sponsor, joining Sun Microsystems, Google and Apple on the consortium’s executive board. Fri, 04 Apr 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1225/microsoft-joins-mit-kerberos-consortium/ http://www.infosecurity-us.com/view/1188/us-lawmakers-upset-at-breach-news-delay/ US lawmakers are asking why a stolen laptop, which had medical test results for 2,500 patients in a National Institute of Health study, was not encrypted. Wed, 26 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1188/us-lawmakers-upset-at-breach-news-delay/ http://www.infosecurity-us.com/view/1208/secure-computing-delivers-new-generation-of-email-security-appliances-/ Secure Computing has announced a new version of its on-premise email security product, Secure Mail (formerly known as IronMail). This new version is capable of processing more than 7 million unique messages per day on a single appliance, resulting in a price performance improvement of up to 700 percent. Wed, 26 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1208/secure-computing-delivers-new-generation-of-email-security-appliances-/ http://www.infosecurity-us.com/view/1209/tech-entrepreneur-takes-on-cybersecurity-reins/ The Bush Administration has tapped Silicon Valley entrepreneur Rod Beckstrom as the first Director of the National Security Center (NCSC), which was created in January. Tue, 25 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1209/tech-entrepreneur-takes-on-cybersecurity-reins/ http://www.infosecurity-us.com/view/1207/sun-and-nsa-to-beef-up-opensolaris-security/ The US National Security Agency (NSA) and Sun Microsystems have agreed to jointly work within the OpenSolaris community to develop new security mechanisms for the operating system. Thu, 20 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1207/sun-and-nsa-to-beef-up-opensolaris-security/ http://www.infosecurity-us.com/view/1211/two-us-companies-own-up-to-breaches/ On a regular basis, companies are having to own up to data breaches. HealthNow New York and MTV Networks are just the latest two making security gaffes. Fri, 14 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1211/two-us-companies-own-up-to-breaches/ http://www.infosecurity-us.com/view/1245/two-us-companies-own-up-to-breaches/ On a regular basis, companies are having to own up to data breaches. HealthNow New York and MTV Networks are just the latest two making security gaffes. Fri, 14 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1245/two-us-companies-own-up-to-breaches/ http://www.infosecurity-us.com/view/1206/cyber-security-lacking-at-airports-/ Fourteen airports in the US, Canada and Asia, are using open or poorly secured wireless networks, according to a study by Gartner Mobile and wireless provider AirTight Networks. Fri, 07 Mar 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1206/cyber-security-lacking-at-airports-/ http://www.infosecurity-us.com/view/1202/federal-agencies-need-to-bolster-information-security/ Despite some progress, many US federal agencies continue to experience significant information security control deficiencies, according to a new report. Fri, 29 Feb 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1202/federal-agencies-need-to-bolster-information-security/ http://www.infosecurity-us.com/view/1210/malware-protection-before-infection/ A US Department of Homeland Security-funded research program will help deliver Endeavor Security’s new method of targeting botnet and malware attacks before hosts are infected. Fri, 22 Feb 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1210/malware-protection-before-infection/ http://www.infosecurity-us.com/view/1205/fewer-victims-of-identity-fraud-suffer-greater-losses/ Identity theft and fraud in the US fell by 12% in 2007 as it fraudsters apparently relied on offline channels for their attacks. Thu, 14 Feb 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1205/fewer-victims-of-identity-fraud-suffer-greater-losses/ http://www.infosecurity-us.com/view/1204/getting-real-over-real-id/ With a key deadline rapidly approaching, will there be rapprochement between the Federal Government and a group of individual states over the implementation of the Real ID Act? Fri, 08 Feb 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1204/getting-real-over-real-id/ http://www.infosecurity-us.com/view/1199/choicepoint-settles-class-action-suit-for-10m/ Data broker ChoicePoint has agreed to pay $10 million to settle a class-action lawsuit brought against it over the three-year old data breach which exposed 163 000 personal information records. Fri, 01 Feb 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1199/choicepoint-settles-class-action-suit-for-10m/ http://www.infosecurity-us.com/view/1194/cia-claims-hackers-attack-global-power-grid/ The US Central Intelligence Agency (CIA) says criminals hacked into the computer systems of utilities, cutting the power to several international cities. Fri, 25 Jan 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1194/cia-claims-hackers-attack-global-power-grid/ http://www.infosecurity-us.com/view/1200/many-oracle-enterprises-ignore-its-patches-says-study/ Most database administrators do not apply the Critical Patch Updates (CPUs) that Oracle issues on a quarterly basis, a new study finds. Fri, 18 Jan 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1200/many-oracle-enterprises-ignore-its-patches-says-study/ http://www.infosecurity-us.com/view/1196/faa-plays-down-boeing-787-security-concerns-/ A Federal Aviation Administration (FAA) document warns that Boeing’s new 787 passenger jet flight control systems may result in security vulnerabilities as it connects the passenger network with the flight-safety, control and navigation network. Thu, 10 Jan 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1196/faa-plays-down-boeing-787-security-concerns-/ http://www.infosecurity-us.com/view/1198/tv-presenter-wrong-after-bank-account-scam/ The star of the popular BBC America show Top Gear has had his bank account hacked after publicly revealing his details in a newspaper article. Tue, 08 Jan 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1198/tv-presenter-wrong-after-bank-account-scam/ http://www.infosecurity-us.com/view/1214/better-job-prospects-for-infosecurity-staff-says-sans/ Infosecurity professionals will see improved job opportunities in 2008, according to the SANS Institute. The US-based organisation believes that as senior executives in government realise that their systems have already been compromised, and that they do not control those systems, they will react by creating new jobs. Wed, 02 Jan 2008 00:00:00 GMT http://www.infosecurity-us.com/view/1214/better-job-prospects-for-infosecurity-staff-says-sans/ http://www.infosecurity-us.com/view/1213/sans-crooks-turn-fire-on-users-and-custom-software/ Cyber criminals have shifted their aim from flaws in commonly-used software to problems with custom-built applications, and are also targeting easily-misled users, according to the SANS Institute’s revised top 20 internet security risks. Fri, 07 Dec 2007 00:00:00 GMT http://www.infosecurity-us.com/view/1213/sans-crooks-turn-fire-on-users-and-custom-software/ http://www.infosecurity-us.com/view/1212/uk-government-loses-data-on-25m-britons/ The UK government has lost personal data on every child in the country, as well as national insurance numbers and bank account details of parents and carers claiming child benefit, on two password-protected CDs sent through an internal mail service. Tue, 20 Nov 2007 00:00:00 GMT http://www.infosecurity-us.com/view/1212/uk-government-loses-data-on-25m-britons/