News of Green, Mobile, IT and Data Centre Technology - at eWEEK Europe UK
Attacks + Security
Security Risks In 2010: Pirates, Malicious Networkers And Cloud Criminals
[...] I expect that the continued interest in these services, combined with outages, targeted attacks and leaks will keep the balance of internal security vs. hosting data in the cloud to continue to be an area that will vex CISOs in the year to come& they will be under targeted attack, both directly via security vulnerabilities and attempted intrusions and indirectly through credential theft and phishing attacks, he said. [...] I expect next year, a rise in attacks on health care organisations will occur for similar reasons, continued attacks on retailers big and small, tax authorities, school systems - anywhere where lots of records are kept by organisations that haven't traditionally had best practice security in place, he added. [...] up for direct access to credit bureaus, and taking advantage of the down market to involve insiders, he said. Also, less obvious targets of data theft will be more common - smaller businesses will be under attack & A nasty example of this trend starting this year was the rise in attacks on the higher education market - since these organisations often struggle with IT security due to their open network access policies, but at the same time have hundreds of thousands of student records with confidential data. [...]
Apple Plugs Security Holes in QuickTime
[...] Apple updates QuickTime, fixing a number of remote code execution flaws. One security researcher expects malware writers to launch exploits via drive-by attacks. [...] QuickTime is no stranger to malware authors. Andrew Storms, director of security for nCircle, expects malware targeting these flaws to surface as drive-by attacks. [...] A new version of QuickTime plugs security holes that leave users open to remote code execution attacks by hackers. [...]
From IE 8 to Google Chrome, Keep an Eye on Clickjacking
[...] NoScript has powerful security features that can prevent clickjacking as well as many other Web-based attacks, which also allows users to tune their own level of desired security, he added. For Internet Explorer, Opera, Google Chrome, etc., they should embed similar features and functionality in their products. . [...] We've discussed these publicly with other browser makers and the broader Web security community to ensure that we are helping them prevent the attacks they're concerned about, and to benefit from their experience, Nightingale said. Changing the way we do security on the Internet needs to be a group effort, and we'd welcome the participation of the IE team in that work. . [...] Johnathan Nightingale, a security researcher for Mozilla, said Mozilla's efforts around preventing clickjacking have been more focused on comprehensive solutions like its Content Security Policy proposal and implementing the Origin header to thwart cross-site request forgery attacks. [...]
Conservatives Pledge Investment In Cyber Security
[...] The news follows a recent spate of high-profile security issues, ranging from attempts to hack into the Gmail accounts of Chinese human rights activists which some security experts have blamed on a zero-day flaw in Internet Explorer to attacks by the Iranian Cyber Army on Twitter, and the placing of anti-Semitic messages on The Jewish Chronicle's website. [...] The Conservative party has published a green paper outlining its strategy to tackle cyber attacks, as part of a wider move to improve national security. [...] The Tories have outlined plans to defend the UK against cyber attacks, and promised to improve national security, if the party is elected to government at the next election. These plans include setting up a Cyber Threat and Assessment Centre (CTAC), which would act as the single reporting point for all cyber-related incidents. [...]
Recession: Why It Means Disaster For IT Security
[...] In the meantime, many analysts predicted that security spending would hold even or even slightly increase even as larger IT budgets faltered. This seemed to make a little sense, since, if you believe those same experts, security spending has been growing at a pretty commensurate rate to the rising tide of electronic attacks for at least a good few years. [...] In a new survey issued by experts at consulting giant Deloitte, respondents indicated that not only do they still feel increasingly threatened by cyber-attacks, but that they are now also being forced to cut their security budgets based on outside economic forces. [...] Over a year ago, some security research shops began highlighting the rise of a certain set of attacks that they said were being driven by the downturn in the worldwide economy. [...]
High Price Of Enterprise Cyber Attacks Revealed
[...] Symantec's 2010 State of Enterprise Security study showed that the frequency of attacks against enterprises is rising, with 29 percent of enterprises reporting increased attacks in the last 12 months. Furthermore, 75 percent of organisations admitted they have experienced cyber attacks in the past 12 months. [...] The heavy price of cyber attacks and the corporate security measures to tackle them has been revealed, after a Symantec study found that cyber attacks are costing enterprises around $2 million (£1.3m) per year. [...] And the Symantec survey also revealed the high cost associated with providing corporate security measures, with enterprises reporting they were spending an average of $2 million (£1.3m) annually to combat cyber attacks. [...]
Hackers Exploit Fallout From Twitter DDOS Attack
[...] It's not surprising that political motivation is mentioned where major DDoS attacks are concerned, as many services now play key roles in politically charged events, said Chris Boyd, director of research at FaceTime Security Labs. However, it's important not to get carried away with The Reds under the bed way of thinking - recent attacks on key USwebsites were blamed on everyone from Chinato North Korea, with no smoking bullet evidence that these attacks were ever officially sanctioned. [...] Between this incident and the recent DDOS attacks targeting both public and commercial Web sites in the U.S.and South Korea, Web administrators are advised to take precautions to secure their own sites, said John Harrison, Group Product Manager at Symantec Security Response. [...] When under attack there are a variety of mitigation techniques, most are specific to the type of DDoS attack, he said. Use technologies, including firewalls and routers to block or redirect IP addresses and types of traffic. Involve others, the ISP and perhaps the ISPs of attacking clients. [...]
FBI Director’s Wife Imposes Online Banking Ban
[...] Knowing how global, complex and spread out phishing attacks can be it is great to see progress in shutting down and arresting people behind these acts, he said. The more law enforcement and security companies make it so these attacks are less successful the more these criminals may consider not doing attacks moving forward. [...] Phishing attacks continue to gain in sophistication, said John Harrison, group product manager in Symantec Security Technology and Response, in comments to eWEEK. It used to be they were obvious to spot with grammar errors or incorrect graphics. Today with the automated phishing toolkits pulling content and images directly from the real Web sites, phishing attacks can be very difficult for a trained eye to see. [...] In its October 'State of Phishing' report (PDF), Symantec found five percent decrease in phishing attacks in September as compared to August. Still, Harrison advised users to be wary, and noted that having law enforcement shut down cyber-crime rings is often easier said than done. [...]
American University Exposed In Data Breach
[...] And earlier this week, security vendor Symantec published a study that revealed that cyber attacks are costing enterprises around $2 million (£1.3m) per year. The study also revealed attacks are on the increase, with 75 percent of organisations admitting they have experienced cyber attacks in the past 12 months. [...] According to eSecurity Planet, the hacker managed to infiltrate the server and gained access to student grades as well as Social Security numbers. [...] An American University in the state of Georgia has suffered a serious data breach that exposed the social security numbers of up to 170,000 students and staff. [...]
New Technologies vs Business Security
[...] If you allow your employees to advertise their place of employment on Facebook, you're opening yourself up to potential attacks, said Adriel Desautels, a senior partner and co-founder at security consulting specialist Netragard. An application like Facebook enables potential criminals who want to get into your business to use your employees to do so via social engineering. [...] At a panel held at the SOURCEBoston Conference on 11 March, leaders from the security and business communities recognised the challenges facing organisations in giving their workers all the tools that they seek to communicate and take advantage of emerging applications such as social networking, while at the same time protecting their IT operations from all the potential attacks lurking on today's computing landscape. [...] Forbidding workers from naming their employer on places like Facebook and MySpace is one step companies should take to lower their risk to targeted attacks, but those organisations who seek a maximum level of security should also try to keep as many productivity applications as possible under their own control, using internal messaging systems versus commercial tools, the consultant said. [...]
- • eWeekEurope
- • Products
- • News
- • Comment
- • Interviews
- • Knowledge Centre
- • Resource Centre