Friday, April 12, 2013
Avere unveils hybrid storage appliance
Avere Systems announced the Avere FXT 3800. This hybrid Edge filer contains both Flash/SSD media and Serial Attached SCSI hard drives (SAS HDD) and delivers significant performance gains in benchmark ...
SugarCRM unveils fast private cloud
SugarCRM announced Sugar Private Cloud, a flexible deployment option that gives companies a dedicated, managed private instance of SugarCRM?s Customer Relationship Management (CRM) applications in the...
Hijacking airplanes with an Android phone
An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crow...
Entrust updates IdentityGuard Mobile Credential
Entrust announced updates to its mobile smart credential. In addition to offering a multi-purpose digital identity for secure physical, logical and cloud access, the Entrust IdentityGuard Mobile Smart...
ZeroAccess Bitcoin botnet shows no signs of slowing
FortiGuard Labs observed that the Bitcoin mining botnet, ZeroAccess, was the number one threat last quarter. Their report also reveals new analysis of the South Korea cyberattacks and two new Android ...
You've been hacked, now what?
Given the increased frequency and complexity of cyber attacks on business networks of all sizes, the odds of experiencing a breach is almost guaranteed if the right security infrastructure isn?t in pl...
Real-time detection and response to unauthorized access
Organizations today face an ever-increasing number of security threats from internal privileged users and external attackers, including APTs. SIEMs are only part of the solution available to Securi...
Rackspace launches Mobile Cloud Stacks
Rackspace released its new mobile cloud stacks for developers. These stacks are purpose built to help developers design, build, test, deploy and scale mobile apps in the hybrid cloud. The cloud s...
Controlling the physical world with BacNET attack framework
The integration of computer technology to monitor the inner works of large office buildings, factories and plants has been evolving for years. These types of systems are often referred to as Building ...
Secure Microsoft Office collaboration via any device
WatchDox Apps for WatchDox Enterprise and Enterprise ES is the first offering to grant enterprise users secure Microsoft Office collaboration capabilities via any desktop, laptop or mobile device, inc...
Thursday, April 11, 2013
Review: Instant Penetration Testing: Setting Up a Test Lab How-to
Author: Vyacheslav Fadyushin Pages: 88 Publisher: Packt Publishing ISBN: 1849694125 Introduction If you want to start practicing penetration testing, you will be needing a test lab. This ...
A call to arms for infosec professionals
An old saying says ?nature abhors a vacuum,? meaning that in the absence of something nature will find a way of filling that gap. We are currently witnessing the same phenomenon in the information sec...
Solera Networks offers visibility into potential security breaches
Solera Networks unveiled the DeepSee BlackBox Recorder, which continuously and silently captures all network traffic - including packets, flows, files and applications. In the event of a security b...
Beyond BYOD: Companies need to change
Organizations seeking to maximize the economic and productivity benefits made possible by mobile technologies must look beyond simply which devices are used and re-examine business processes and workf...
Risks to retailers through point of sale systems
McAfee released a report on the growing risks the industry is facing with both legacy and newer point of sale systems (POS). The report discusses how the retailing industry?s reliance on third parties...
Global technology supply chain security standard released
The Open Group published of the Open Trusted Technology Provider Standard (O-TTPS), the first complete standard published by The Open Group Trusted Technology Forum (OTTF) and which will benefit globa...
Use your iPhone for biometric scanning
AOptix unveiled AOptix Stratus, the first comprehensive mobile identity solution ?Made for iPhone? delivering iris, fingerprint, voice, and face recognition in a truly integrated solution. The fi...
UK to host global cybersecurity centre
Foreign Secretary, William Hague, has announced plans to open the Global Centre for Cyber Security and Capacity Building at the University of Oxford ? something that he refers to as ?a beacon of exper...
Malicious HP scan notifications target employees
Users are once again being targeted with fake notifications about a scanned document, but instead of attaching a malicious file to the email, malware peddlers have opted for including a link to a site...
LANDesk Acquires VMware Protect product family
LANDesk Software has acquired VMware's Protect product family of IT management solutions, which VMware acquired through its purchase of Shavlik Technologies in 2011. The addition of what LANDesk is...
How simulated attacks improve security awareness training
Wombat released a new report that discusses how simulated phishing attacks can be an effective security awareness and training tactic to help companies educate employees how to avoid growing cyber sec...
Malware analysis for Virtual Desktop Infrastructures
HBGary unveiled Active Defense 1.3 to provide live, runtime memory analysis of concurrent Guest OS sessions with minimal impact on the shared physical resources of the underlying server. With HBG...
Microsoft patches 13 vulnerabilities
April has turned out to be a rather slow month for Patch Tuesday. There are nine bulletins addressing a total of 13 vulnerabilities, but only two of the bulletins are rated ?critical,? a category that...
Wednesday, April 10, 2013
Twitter wisdom: April 9, 2013
Here's food for thought from people you should be following on Twitter. Actually it strikes me dentistry and infosec are similar. We both breach prevention better than the cure but often are ignore...
New HP server for social, cloud and big data
HP unveiled the HP Moonshot system, delivering new infrastructure economics by using up to 89 percent less energy, 80 percent less space and costing 77 percent less, compared to traditional servers. ...
"Your private naked photos online" emails lead to total computer compromise
Malware peddlers continue to use the old "your naked photos online" lure to trick users into following malicious links or downloading malicious attachments, warns Total Defense's Alex Polischuk. ...
The cloud: Storms on the horizon
At its heart, the cloud is really just shorthand for shared resources. The cloud is regularly touted as the answer to all of your IT woes. But, beyond the marketing pitches and the oft-discussed techn...
Cutwail botnet now spreads Android malware
Successful malware peddlers are always thinking up new ways of delivering malware to unsuspecting users. In the past Android malware was mostly served on third-party online marketplaces, but accor...
Bitdefender launches Antivirus Free for Android
Bitdefender has launched Antivirus Free for Android, which offers smartphone owners a free, fast and powerful antivirus solution that taps the latest in-the-cloud scanning technology and prevents batt...
The rise of everyday hackers
Veracode released its annual State of Software Security Report, which includes research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddresse...
Anonymous and affiliates attack Israeli websites
As announced, hacker groups affiliated with Anonymous have joined in the attacks on Israeli web properties. By launching "Operation Israel", the hacktivist collective called on hacker groups and i...
Spear-phishing emails targeting energy companies
Information over-sharing can lead to cleverly executed and dangerous spear-phishing campaigns, warns the US Department of Homeland Security and the ICS-CERT. According to an account in the latest...
New Splunk App for Windows
Splunk announced Splunk App for Windows 5.0 , which delivers enterprise-class monitoring for Microsoft Windows Server. It enables users to monitor their end-to-end infrastructure to prevent outages an...
We're losing the battle against state sponsored attacks
In my daily interaction with Government bodies, Police and other public sector authorities, we are seeing a huge rise in attacks which are state sponsored and targeted at the Critical National Infrast...
WordPress.com adds 2-factor authentication option
WordPress users can finally secure their account(s) with two step authentication. The optional feature has been rolled out on Friday and is accessible to all users. To set it up, users must access...
Tuesday, April 9, 2013
Bitcoin-mining Trojan lurking on Skype
Bitcoin-mining malware is nothing new, but with the success of Bitcoin and the renewed interest it is receiving lately, cyber crooks are again concentrating their efforts to harness the power of rando...
Generalized single packet authorization for cloud computing environments
Cloud computing environments such as those provided by Amazon and Google can be your passport to powerful computing resources without having to worry about typical provisioning and hardware issues, bu...
Event: World Congress on Internet Security 2013
The World Congress on Internet Security (WorldCIS-2013) is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and computer netwo...
Week in review: Carberp Trojan developers arrested, thousands of compromised Apache servers directing users to malware
Here's an overview of some of last week's most interesting news, videos, reviews and articles: Hackers attacking US banks are well-funded, expert says The Cyber fighters of Izz Ad-Din Al Qassam ...
Flashback malware author unmasked?
An estimated 38,000 users is still infected with the Flashback Trojan, the first malware targeting Mac users that didn't have to get their permission to be downloaded, which resulted in a 600K strong ...
Microsoft to release 9 advisories on Tuesday
April 2013 advance notice is out and it forecasts an interesting patching session for Microsoft administrators. There are 9 advisories affecting 16 distinct platforms in 5 categories of Microsoft pro...
Thousands of compromised Apache servers direct users to malware
What do the recent compromises of a number of LA Times websites and the blog of hard disk drive manufacturer Seagate have in common? According to several security researchers, all these sites are h...
Route1 releases MobiKEY for iPad
Route1 released MobiKEY technology for the iPad. MobiKEY is a complete desktop, secure remote access technology that integrates multi-factor authentication and identity management in a mobile computin...
Review: Lookout for iPhone
One of the recent issues of Forbes magazine featured a three-page story on Lookout Inc., the company that, according to the article, has been able to trounce multibillion-dollar security giants like M...
The War Z taken offline following forum, database hack
Players of The War Z, a first-person zombie survival game, have been notified of a breach of the developer's (Hammerpoint Interactive) forum and game databases and the theft of user data contained in ...
DIY: Using trust to secure embedded projects
This talk from Shmoocon 2013 provides a DIY guide to using Trusted Computing on embedded devices. The authors introduce a low-cost schematic using Atmel's CryptoModule (AT97SC3204T) and CryptoAuthe...
Malware attacks occur every three minutes
Malware activity has become so pervasive that organizations experience a malicious email file attachment or Web link as well as malware communication that evades legacy defenses up to once every three...
Tips for avoiding tax scams
As the April 15 deadline for tax filing draws near, the Center for Internet Security (CIS) helps users recognize tax-related scams and better defend against them. Findings show that identity theft ...
Monday, April 8, 2013
Dataguise enhances DG for Hadoop with selective encryption
Dataguise announced DG for Hadoop 4.3, which provides both masking and selective encryption for sensitive data in major Hadoop distributions. The new version also delivers expanded capabilities, inclu...
Defending the Internet at scale
A decade ago, engineers tackled the C10K scalability problems that prevented servers from handling more than 10,000 concurrent connections. This problem was solved by fixing OS kernels and moving from...
Destroy solid state storage and optical media
Data Security unveiled their SSMD-2mm Destruction Device which disintegrates solid state and optical media to particles 2mm in size or smaller. NSA has evaluated the SSMD-2mm Destruction Device and fo...
Wide variety of malware lurking in Skype messages
A new malware-spreading campaign is targeting Skype users, warns Dancho Danchev. The attack is mounted via malware-infected users whose compromised Skype account is set to send out messages to thei...
The security risks of using Wi-Fi on the Tube
The arrival of widespread public Wi-Fi access across London Underground has been broadly welcomed by the general public, particularly those with smartphones and tablets who want to maintain internet a...
US companies in China worried about data theft
The results of a survey conducted by the American Chamber of Commerce in China which polled 325 respondents currently doing business throughout the republic has shown that a quarter of them have exper...
Tips for securely using free Tube Wi-Fi
GFI Software warned of potential data and device security concerns posed by using London?s public Wi-Fi service, installed across large parts of the London Underground Tube network. Here are key ...
iMessage encryption stumps US federal agents
A recent investigation conducted by US Drug Enforcement Administration agents has been temporarily derailed after they failed to decrypt messages the targets exchanged via Apple's iMessage system. ...
Hackers attacking US banks are well-funded, expert says
The Cyber fighters of Izz Ad-Din Al Qassam hacker group - also known as Qassam Cyber Fighters - are at it again. For the third time in the last half year or so, they have mounted DDoS attacks agai...
Carberp Trojan developers arrested in Ukraine
The mastermind behind the Carberp Trojan and the developers that helped created it have apparently been arrested in Ukraine in a joint action by the Security Service of Ukraine (SBU) and the Russian F...
Fake "PayPal account deleted" emails doing rounds
A new email spam campaign targeting PayPal users is under way. The email subject line says the email contains an unread message from PayPal, but the email address from which it is supposedly sent i...
Sunday, April 7, 2013
My very own personal privacy training
I remember a time - and it wasn't even that long ago - when the government, companies and organizations weren't this hell-bent on collecting citizen, customer and user data. It's not that they didn't ...
Banking Trojan disguised as innocuous Word and WinHelp files
Part of the job of a malware author is to constantly think up new ways of outsmarting researchers and bypassing automatic detection methods used by antivirus and other security software. These techniq...
Firefox enhances private browsing
Mozilla released Firefox 20 that fixes several security and stability issues. Included in the update are eleven critical security updates. Firefox includes a new enhancement to private browsing t...
Two Japanese web portals hacked, user financial info compromised
Personal and financial information belonging to users of two big Japanese web portals has been compromised earlier these week, Computerworld reports. On Tuesday evening, Yahoo Japan (owned by Sof...
Ciphertex releases 24TB portable, secure NAS server
The new 24TB portable, highly secure NAS server from Ciphertex is meant for backup, disaster recovery and business continuity, file sharing and virtualization. ?The Ciphertex CX-6K-AV is a compac...
F-Secure rebuilds free Online Scanner
F-Secure?s free Online Scanner tool has been completely rebuilt to be faster, lighter and more powerful than before, and now even cleans up advanced rootkits, the most difficult-to-remove malware. ...
10 best practices for securing data in Hadoop
Dataguise released ten security best practices for organizations considering or implementing Hadoop. By following these procedures to manage privacy risk, data management and security, professionals c...
Security professionals don't have secure mobile habits
Security professionals have embraced BYOD and they?re taking ?anytime, anywhere? access to some pretty interesting locations according a new survey by Ping Identity. Most also admit to employing poor ...
Aggressive Android adware and malware on the rise
With adware gleaning more user data from people devices than they would normally need too and developers bundle more than one adware framework into their apps, user privacy is increasingly taking a ba...
Blocking zero-day application exploits: A new approach for APT prevention
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. The recently discovered advanced persistent threat (APT) malware, Trojan.
Subscribe to:
Posts (Atom)