SecurityWeek RSS Feed

Newly-Discovered "Flame" Cyber-Weapon On Par With Stuxnet, Duqu

Brian Prince — Mon, 28 May 2012 19:25:04 +0000

"Flame" a Highly Sophisticated and Discreet Cyber Weapon Has Been Discovered Targeting the Middle East

A new cyber threat some say rivals Stuxnet and Duqu in complexity has been discovered on systems in the Middle East.

NASA Denies Recent Iranian Hacker Claims

Mike Lennon — Sun, 27 May 2012 20:42:03 +0000

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

Serco Quietly Announces Server Hack Affected Federal Retirement Plan

Steve Ragan — Fri, 25 May 2012 21:25:38 +0000

Serco Says Server Intrusion via "Sophisicated Cyber Attack" Affected Federal Retirement Plan

FBI Warns of Hacktivist DDoS Attacks in “Operation New Son”

Steve Ragan — Fri, 25 May 2012 18:29:13 +0000

FBI Sends Warning to InfraGard Members of Possible Memorial Day Attacks

On Thursday, the FBI issued an alert to InfraGard members, warning them about an alleged plot to launch a series of DDoS attacks against high profile corporations. The campaign, titled OpNewSon (Operation NewSon), was initially proposed in April by a group of Anonymous supporters using the name TheWikiBoat.

A Peek at Online and Mobile Privacy

Jon-Louis Heimerl — Fri, 25 May 2012 14:01:48 +0000

While it’s commonplace to share information online and via social media, we all want our information safe, and we want control over what we share. Unfortunately, control is becoming harder to establish and maintain.

As much as I am a technogeek, I am also security and privacy paranoid. Social media exposes us. Technology itself exposes us. My biggest privacy worries are currently around social media, and the mobile use of private information supported by smartphones.

Facebook

Researchers Detail Approach to Address Fraudulent Digital Certificates

Brian Prince — Fri, 25 May 2012 12:47:01 +0000

Researchers have submitted a draft proposal to Internet Engineering Taskforce about a way to catch forged SSL certificates and address challenges to the level of trust in certificate authorities.

Two researchers have proposed an extension to TLS (transport layer security) as a solution to some of the security challenges facing the SSL certificate ecosystem.

New Jersey Mayor and Son Charged In Hacking Incident

Mike Lennon — Fri, 25 May 2012 11:49:55 +0000

Felix Rogue and His Son Were Arrested for Hacking and Disabling a Website That Criticized the West New York Mayor

Nominum Launches New Security Offering for Mobile Operators

Steve Ragan — Thu, 24 May 2012 20:37:48 +0000

Nominum, a vendor that focuses on DNS and security solutions for enterprises and service providers, announced a new addition to its Nominum Mobile Suite on Wednesday, the Mobile Network and User Security solution.

According to the company, the goal of the newest addition is to reduce latency and network failure, and protect mobile networks from increasing attacks.

Yahoo Axis Chrome Extension Leaked Private Key Information

Brian Prince — Thu, 24 May 2012 17:28:20 +0000

Yahoo has since released an updated extension to address the issue, which was discovered by a security researcher shortly after Yahoo announced Axis.

When Yahoo released its new Axis extension for Google's Chrome browser Wednesday, the company accidentally disclosed a private signing key that could be abused by an attacker.

Vishing Scam Targeting Verizon Wireless Customers

Mike Lennon — Thu, 24 May 2012 17:13:41 +0000

Verizon Wireless appears to be the latest victim of a vishing attack, with a well-crafted scam targeting its customers and looking to capture sensitive customer information.

Protegrity Launches Vaultless Tokenization for Payments Industry

SecurityWeek News — Thu, 24 May 2012 13:24:56 +0000

Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.

That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.

General Dynamics and Samsung Team On Smartphones with Defense-grade Security

SecurityWeek News — Wed, 23 May 2012 20:18:39 +0000

Companies Join Forces to Deliver Android-based Commercial Smartphones and Tablets with Defense-grade Security

NSA’s New Program Preps Students to Fight Cyber Attacks

SecurityWeek News — Wed, 23 May 2012 19:39:51 +0000

The National Centers of Academic Excellence in Cyber Operations Program, an initiative of the National Security Agency, aims to increase the amount of professionals with expertise in this area.

The program is designed to identify institutions that offer a deeply technical, interdisciplinary curriculum centered on fields such as computer science, computer engineering, and electrical engineering. In addition, it supports the government's work to better protect cyberspace.

New NYU-Poly Master's Degree Track Breeds Cyber Security Execs

SecurityWeek News — Wed, 23 May 2012 19:34:22 +0000

Polytechnic Institute of New York University (NYU-Poly) is introducing a management track to its master’s degree in cyber security. The first classes begin this summer.

"We created the management track in response to calls from industry for highly qualified executives with strong technical knowledge," said NYU-Poly Computer Science and Engineering Professor Nasir Memon."It will prepare graduates to manage a team of cyber-security personnel as well as a command of the business acumen to secure information in line with company objectives."

Intel Releases Cloud-based Single Sign-On Service

Steve Ragan — Wed, 23 May 2012 18:48:16 +0000

Intel has released a single sign-on application that will enable enterprises to use Salesforce.com credentials on all of the Force.com applications, in addition to scores of others across the Web. More over, Intel’s Cloud SSO service offers two-factor authentication options and has detailed reporting implemented from the start.

ICSA Labs Launches Mobile Device VPN Testing Program

SecurityWeek News — Wed, 23 May 2012 14:54:46 +0000

ICSA Labs this week launched a testing program designed to help determine whether smartphones and tables meet the latest security standards for connecting with Virtual Private Networks (VPNs).

Generically named “Mobile Device VPN Security”, the new program is available immediately for wireless carriers and mobile device manufacturers. According to ICSA Labs, Verizon Wireless is the program's first customer—not surprising since ICSA Labs is a division of Verizon.

Webinar: "How Security Can Work Better with Development"

SecurityWeek News — Wed, 23 May 2012 13:56:05 +0000

Last Chance to Register For: The Great Security Divide - How Security Can Work Better With Development

Configuration Mistakes Make for Costly Security Gaps

Brian Prince — Wed, 23 May 2012 12:46:25 +0000

Revelations about a recent breach of confidential data in Utah highlights how configuration errors can end up being costly.

A recent data breach that exposed personal information for nearly 800,000 people in Utah also exposed how lethal configuration mistakes and policy failures can be in the world of security.

Nmap 6 Now Available With Enhancements, New Functions

Steve Ragan — Wed, 23 May 2012 11:57:17 +0000

For those purists within the auditing and network exploration community, there is good news this week – Nmap version 6.0 has been released to the public. Nmap is the standard for security audits and exploration, and the latest version has some useful improvements.

Version 6 includes improvements to the Nmap Scripting Engine (NSE), which includes a bump in script count. Nmap 5 included a script count of 59, where version 6 has grown to 348, and each one has been documented and categorized.

Researcher Maps the Android Malware Gnome

Steve Ragan — Wed, 23 May 2012 11:40:03 +0000

The popularity of the Android platform, combined with the openness that it represents, has created model that allows developers of all shapes and sizes to create unique works. Yet, this same openness has allowed criminals to create works with malicious intent. Thus, a North Carolina State University researcher has sat out to map the Android Malware Gnome in an effort to spread information and combat the malicious side of Android development.

Google to Notify Users of DNSChanger Infections

Steve Ragan — Wed, 23 May 2012 11:28:42 +0000

Building on their previous initiative to warn users who display symptoms of infections, Google said on Tuesday that they would start notifying users who are impacted by DNSChanger malware.

Startup NetAuthority Launches With Device Authentication Focus

Brian Prince — Tue, 22 May 2012 22:15:05 +0000

Startup Launches With Goal of Transforming Device Authentication

Device authentication startup NetAuthority is pulling the covers off its technology today and unveiling a beta version of its authentication technology.

SAP Expands Cloud Offerings With Acquisition of Ariba

Mike Lennon — Tue, 22 May 2012 19:16:11 +0000

SAP Acquires Ariba for $4.3 Billion

SAP AG (NYSE: SAP) today said it would acquire cloud-based business commerce solutions provider, Ariba, Inc. for approximately $4.3 billion.

The German software giant said that its subsidiary, SAP America, Inc., has entered into an agreement to acquire Ariba for $45.00 per share.

Report: Roughly One-in-Ten Devices Connecting to Corporate Networks May Be Infected

Brian Prince — Tue, 22 May 2012 16:11:16 +0000

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents paints a bleak picture of security.

A Problem Worth Having? Multilingual Single Character Top-level Domains

Ram Mohan — Tue, 22 May 2012 13:37:13 +0000

Although security and networking professionals aren’t officially fortune tellers, being able to predict issues -- and then alleviating them before they happen -- is a large part of the job. One particular issue is the ongoing confusion that users have in understanding the Internet’s Domain Name System (DNS) and its translation of Internet Protocol address numbers into easy-to-remember names. For example, IP address “173.203.107.14” is better known and more easily remembered as SecurityWeek.com.

NCC Group Launches DDoS Attack Simulation Service

Mike Lennon — Tue, 22 May 2012 13:17:52 +0000

UK-based IT solutions firm, NCC Group, today anounced a new service that lets organizations simulate the world’s most common form of cyber attack – DDoS attacks.

The new “DDoS Assured” service helps companies understand how their IT security systems hold up to DDoS attacks, through an offering that emulates a DDoS attack in a secure, controlled environment.

In addition to offering the simulation service, the NCC Group provides security recommendations to clients based on the attack simulation results.

Banking Trojan Bypasses Mobile Security with Sophisticated Attack

Steve Ragan — Tue, 22 May 2012 12:25:36 +0000

Sophisticated, Multi-faceted Attack Uses an Man in the Browser Attack to Bypass Transaction Authorization Measures

Researchers at Trusteer have recently observed a new strategy being deployed by the Tatanga Trojan, which uses multiple attack methods in a single scheme. The attack mixes traditional social engineering with browser hijacking in an attempt to fool the victim into legitimately approving wire transfers.

Survey Looks to Find What IT Security Wants From Big Data

Mike Lennon — Tue, 22 May 2012 11:49:58 +0000

In an effort to gauge how IT Security professionals are thinking about “Big Data”, Varonis Systems surveyed attendees at the recent Infosecurity Europe 2012 conference on the topic.

According to the company, over 180 attendees at the London conference responded, answering questions about whether they thought the definition of big data itself was clear, whether it is or will be a priority for their organizations, and how they could see their organization taking advantage of it.

Anonymous Hacks U.S. Bureau of Justice Statistics Server

Steve Ragan — Tue, 22 May 2012 11:08:25 +0000

In an effort to spread information, associates of Anonymous targeted the U.S. Bureau of Justice Statistics’ website on Monday, compromising nearly 2GB of data before the server was taken offline.

The 1.7GBs worth of stolen data was compressed into a single file and uploaded to Pirate Bay. The Torrent’s information page explains that Anonymous is releasing the data in order to “spread information, to allow the people to be heard and to know the corruption in their government.”

U.S. Nuclear Regulatory Commission Chairman Resigns

Steve Ragan — Tue, 22 May 2012 11:05:34 +0000

N.R.C. Chairman Gregory Jaczko Resigns After Being Criticized by Peers

Gregory Jaczko, the Chairman of the U.S. Nuclear Regulatory Commission (NRC), said on Monday that he would be resigning from his post, but remain in his position until the administration approves his successor. News of his resignation comes after nearly eight years with the agency.