• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Hacker attacks targeting healthcare organizations doubled in the 4th Quarter of 2009

SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported  that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009.

Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

In the Fall of 2009, SecureWorks and the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware, according to King. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim’s browser (including passwords), launch Distributed Denial of Service attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

SQL Injection attacks target vulnerabilities in organizations’ web applications. “We also saw a resurgence of SQL Injection attacks beginning in October,” continued King. “They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data,” said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.

Factors Contributing to Healthcare Attacks
1. Valuable Data Stores – Healthcare organizations often store valuable data such as a patient’s Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.
2. Large Attack Landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

“In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” said Jon Ramsey, CTO for SecureWorks.

SecureWorks has outlined a set of information security guidelines to assist the healthcare industry in protecting their patient data from cyber attacks and other data breaches. Adopting these security measures will also assist organizations in demonstrating their adherence to the HIPAA regulations and the requirements outlined in the new Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act has extended the HIPAA regulations to apply not only to healthcare providers, insurers and healthcare clearinghouses, but also to business associates that are handling personal information about patient health, as well as other protected information, including name, social security number, address and insurance account numbers. These associates must adhere to the Security Safeguards Rules outlined by HIPAA. The HITECH Act has also added a data-breach notification requirement and increased penalties for violation of the HIPAA rules.

SecureWorks’ Recommended Information Security Guidelines for the Healthcare Industry

Security Risk Assessments – Performing regular security risk assessments will give your organization a much better understanding of the actual risks posed to your Protected Health Information (PHI) and Personally Identifiable Information (PII). This process will also look at the controls you have in place compared with regulatory requirements, and help you determine if there are any gaps. It will also give you an opportunity to compare your security posture with others in the industry. Recommendations made as a part of this process can be integrated into your overall information security program, keeping your security safeguards current, as well as helping your organization show diligence and a commitment to compliance.
Intrusion Prevention and Detection Services (IPS/IDS) – The implementation of IDS and IPS enables you to detect and block attempts by cyber criminals to access data on your servers and your network. Proactive alerting mechanisms and monitoring services can notify you of attempted cyber attacks and allow you to respond in real-time as a component of your Information Security Program. It is much less costly, both from a monetary and reputational perspective, to prevent a cyber breach then to be faced with notifying affected individuals and the Department of Health and Human Services (HHS), as required by the HITECH Act.
Data Loss Prevention (DLP) - A DLP solution can help monitor your network traffic for possible leakage of PII such as social security numbers and PHI, such as Health Level 7 (HL7) codes (medical standards/procedures codes), etc.
Log Monitoring – Log Monitoring centralizes and correlates audit logs from your applications and systems to allow you to identify improper access to sensitive patient data from internal or external sources. Proactive monitoring or regular reviews of logs is a key step in ensuring that your patient data is secure, as well as in meeting the short time-window required by the HITECH Act for notification of a breach.
Web Application Security Testing and Web Application Firewalls – Web applications are becoming more common in healthcare environments. Due to their increasing role in the IT business environment and prevalence of security flaws, web applications are a frequent target of Internet hackers. Healthcare organizations and business associates should perform web application security testing regularly and when
significant changes are made to the web applications in order to protect against current security threats. Also, the implementation of a web application firewall can help protect against emerging attacks being launched from cyber criminals.
Encryption – Implementing strong encryption policies and technologies on mobile devices, laptops, portable storage and backup tapes is key to reducing your risks with regards to improper data disclosure.

SecureWorks currently protects 82 healthcare clients in the US. Attack statistics provided are from a 12-month study of 38 clients using SecureWorks’ Managed Intrusion Detection and Prevention service (IDS/IPS) at the edge of their network, giving SecureWorks visibility into all attempted network attacks while blocking them. In addition to healthcare organizations, SecureWorks protects banks, utilities, retailers, technology providers and government organizations. For more information on IT security solutions for healthcare organizations, please visit http://www.secureworks.com/compliance/industries/healthcare.

IBM unveils new resources to help software partners gain skills and generate leads

More than two-thirds of IBM Software partners expect improved profitability from its new skills initiative according to a global survey of 400 partners, IBM said today. The initiative includes new sales and technical resources for IBM Software partners to help jump-start new business opportunities.

For the first time, IBM will:
– pass new midmarket sales leads valued below $50,000 (USD/EU) to authorized IBM Software partners;
– deliver new cloud computing architecture certification for partners, including education on cloud business models;
– provide direct access to more than 130 industry training sessions online and in local markets worldwide.

Businesses today are adopting technology to become more efficient and transform their organization based on specific industry requirements. IBM is delivering this initiative to help partners build the right skills needed for 21st century transformation projects. Given these requirements, under the IBM Software Value Plus skills initiative, partners can choose which products across the IBM software portfolio to become certified and authorized to sell based on their business model and industries served such as healthcare, banking and financial markets, retail, government, telecommunications, chemical and petroleum and energy and utilities among others.

According to a new Global Business Partner Profitability Survey conducted by Ronin Corporation and commissioned by IBM, 60 percent of IBM Software partners said they expect to increase profitability in 2010 and beyond by participating in Software Value Plus. The same percentage of IBM’s top-tier Software partners said they see more revenue in the form of hardware, software, and services when selling IBM software as compared to revenue generated by other vendors’ top- tier partners. From a growth perspective, 50 percent of IBM’s top-tier Software partners report that cloud computing will be a leading driver of profitability over the next two years, and the same percentage of all IBM Software partners rank consulting services as their top cloud opportunity.

In response to these survey results, IBM is delivering new resources as part of its skills initiative including:

Automatic Lead Passing — For the first time, authorized IBM Software partners can automatically receive new midmarket sales leads through IBM’s Global Business Partner Portal valued at $50,000 (USD/EU) or below. IBM will track incoming sales leads, evaluate the skills and capabilities as required by the client, and notify qualified and authorized IBM Software partners through the portal in markets where skilled partners are available.
Cloud Architecture Certifications — Authorized IBM Software partners can now learn to design public and private cloud computing solutions based on the same IBM software products they are authorized to sell.  As part of the new certification, authorized partners can take advantage of a new cloud business adoption guide that shows how to structure deals based on proven IBM business models. Additionally, IBM will launch new cloud camps for software partners through IBM Innovation Centers and other IBM locations.
IBM Technology and Solutions Training for Software Partners – For the first time, authorized IBM Software partners have an opportunity to train side-by-side with IBM Software Sales teams to learn key topics such as Industry Trends and Directions, IBM Software Industry Strategy, IBM Brand and Cross Brand Solutions and IBM Industry Frameworks. More than 130 industry sessions will be available in 2010 to authorized IBM Software partners around the world through IBM Innovation Centers or online using Virtual Industry Summits.

“Our partners are constantly looking for new ways to demonstrate business value to clients and differentiate themselves from the competition,” said Philip Gallagher, Global President, Avnet Technology Solutions, an IBM value-added distributor. “IBM’s strategy to boost access to sales, marketing and technical skills with initiatives like Software Value Plus can help partners better meet client requirements and improve their profit margins.”

Today’s news comes at a time when IBM is expanding its commitment to increase marketing investments for all IBM Business Partners serving mid-sized companies including a new cross-IBM solutions development team to create a suite of integrated, cross-IBM solution building blocks around areas such as data protection, business analytics and dynamic infrastructure; a $130 million (USD) investment in marketing and demand generation programs including a significant expansion in co-marketing programs to help partners design their own lead generation campaigns; and increased support of local partners through Territory Business Partner Representatives to drive opportunities, develop solutions, maximize co-marketing activities and focus on client satisfaction.

“Clients recognize the value in working with skilled partners to architect and implement solutions that can transform their business,” said Nicolas Jabbour, CEO, Prolifics, an IBM Premier Business Partner. “Our primary goal is to help clients succeed, and many have already switched to Prolifics because of the business and technical skills we bring to the table. IBM’s focus on providing new and relevant skills to software partners complements our core competencies as a systems integrator, and we are now tapping these resources to grow our bottom line.”

The new resources announced today are provided through the IBM Software Value Plus skills initiative that helps software partners build technical, marketing and sales skills on IBM’s software portfolio and key growth opportunities such as business analytics, collaboration and industry transformation. IBM will continue to expand Software Value Plus with additional demand generation, co-marketing and technical skills resources for software partners throughout 2010.

“Business Partners are key to IBM’s success in the marketplace, and we continue to invest in new resources that help ensure their success,” said Sandy Carter, vice president, IBM Software Group Business Partners. “With this new initiative, we are now providing our partners with the same training and resources we provide our IBM sales team. That is why our partners see us as providing the best opportunity and rewards for those who invest in our software portfolio to better serve clients, tap new markets, and sell into new industries.”

For more information on the IBM Software Value Plus initiative, visit: www.ibm.com/partnerworld/softwarevalueplus.

RSA Global Survey reveals confidence in social networking security shaken as online crime rises

More than 4,500 people divulge concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division

Two in three people reluctant to share on social networks

Three in ten people fall prey to phishing attacks; a six-fold increase in just two years

RSA, The Security Division of EMC, announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.

Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely(1) to interact or share information due to their growing security concerns.

Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 percent) people using social networking websites displayed concern(2) with the safety of their personal information online.

“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”

Consumers more aware of phishing threats, but new attack methods dupe six times as many in just two years

In a similar RSA survey in 2007, one in three (38 percent) consumers reported they were aware of the threat of a phishing attack – and this figure doubled in two years(3) where three in four (76 percent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in ten consumers (89 percent) reported concerns caused by the threat of phishing.

Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in twenty (5 percent) consumers cited they had fallen victim to a phishing scam – and this rate increased six-times in 2009 to represent three in ten (29 percent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing.”

The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported(4) the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.

An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 percent.

Consumers’ safety concerns translate to significant eagerness for better identity protection

Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks in which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.

The RSA survey revealed that consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.

Consumers agreed that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) websites. Nine in ten consumers are willing to use a stronger form of security if offered.

Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”

Survey Methodology
– Respondents totaled 4,539 consumers between the ages of 18 and 65
– Conducted in October 2009 by market research firm InfoSurv, Inc.
– Represented 22 countries across North America, South America, Europe and Asia Pacific
– All respondents actively use the Internet

Addendum
(1) “Less likely” = “somewhat less likely” + “much less likely”
(2) “Concerned” = “somewhat concerned” + “very concerned”
(3) The 2010 Global Online Consumer Security Survey was conducted in October 2009
(4) Source: RSA Monthly Online Fraud Report, November 2009

Source: EMC Corporation

IBM delivers Enterprise Secure Mail for Android, iPhone, Nokia Symbian smartphones

General Motors Goes Mobile with IBM Lotus Collaboration

IBM announced a major expansion of IBM Lotus collaboration software and delivery of enterprise secure mail for Android, the iPhone and Nokia Symbian smartphones.

“We believe IBM has taken a leadership position in providing the broadest mail and collaboration support for mobile devices,” said Kevin Cavanaugh, vice president, messaging and collaboration, IBM.

General Motors (GM) is playing an innovative role in extending mobile collaboration into the automotive industry. Recently, GM’s Chevrolet and OnStar unveiled the auto industry’s first smartphone application that will allow Chevrolet Volt owners 24/7 connectivity and control of vehicle functions and OnStar features remotely. OnStar’s Mobile Application will allow drivers to communicate with their Volt from devices such as the Apple iPhone. It uses a real-time data connection to perform tasks like setting the charge time and unlocking the doors.

“As we reinvent GM, we’re giving our employees the same agility that we give our cars,” said Kirk Gutmann, chief strategy and technology officer of General Motors. “We’re building a workforce that’s mobile, connected and equipped for anything, anytime, anywhere. We have thousands of people on iPhone and BlackBerry® devices tying into their Lotus collaboration tools while in motion, increasing their productivity. The capabilities of Lotus Notes Traveler bring IBM’s enterprise-grade messaging to the iPhone, Symbian and later, Android-based phones, a big plus for those who want one device for their personal and business lives. Downloading the Lotus Notes Traveler Companion app from the Apple App Store is great news, as is getting IBM social software on the BlackBerry.”

As the collaboration leader, IBM is the first to announce plans to expand its enterprise mobile messaging offering in a future release of Lotus Notes Traveler. This will include mail, calendar and contacts support for versions 2.0 and 2.1 of Google’s Android mobile operating system.

Lotus Notes Traveler is no-charge software that can be downloaded by Lotus Notes customers and provides two-way, over-the-air synchronization of information between Lotus Domino data and mobile devices.

In addition, IBM’s new application for the iPhone is called IBM Lotus Notes Traveler Companion, a plug-in to view encrypted mail on the iPhone. Available now in the App Store, the Lotus Notes Traveler Companion download allows Lotus Notes users who synchronize their mail, calendar, contacts and Domino mail via Lotus Notes Traveler to view encrypted mail such as confidential business and personal data on the iPhone. The application requires Lotus Notes Traveler 8.5.1 software.

IBM’s partnership with Nokia has led to a broad spectrum of collaboration capabilities on Nokia’s smartphones including IBM Lotus Notes Traveler, IBM Lotus Mobile Connect, IBM Lotus Sametime and IBM WebSphere Portal, as well as XPages-based applications built with IBM Domino Designer developer software. IBM’s Lotus Connections software also works with Nokia Symbian smartphones, enabling users to collaborate with social networks, update information and access shared files while on the go.

A future version of Lotus Sametime software for the Nokia Symbian smartphone devices is planned to offer users presence awareness and Lotus Sametime Unified Telephony click-to-call capabilities in the native address book on the device. This new Lotus Sametime functionality on Nokia devices is planned for commercial availability by the end of this year.

The Lotus Notes Traveler software also supports Windows Mobile devices.

More than half of the largest global 100 corporations use IBM’s flagship collaboration offerings, Lotus Notes and Domino. These clients include the top aerospace and defense organizations; the top nine automotive firms; the top eight banks; the top four makers of consumer products; the top seven electronics firms; the top eight insurance companies; the top seven pharmaceutical organizations; and the top nine telecommunications carriers.

The Lotus Notes Traveler Companion application is available from the App Store on iPhone or at www.itunes.com/appstore/. For more information for Nokia visit www.nokia.com.

Panda Cloud Antivirus now compatible with Windows 7

Panda Security’s industry acclaimed free antivirus service, Panda Cloud Antivirus, has received Microsoft’s ‘Compatible with Windows 7′ certification after passing the company’s quality checks for both 32-bit and 64-bit systems.

Since the launch of Panda Cloud Antivirus on November 10, 2009, millions of users have enjoyed the simplest, most effective and easy-to-use protection on the market.

Panda Cloud Antivirus is the world’s first free antivirus service that provides real-time protection against the newest and most dangerous viruses. This level of protection is made possible because Panda gathers malware information from its global community of users in the cloud to automatically process malware strains in minutes, versus hours or even days compared to other products. Panda’s approach combines local detection technologies with real-time cloud scanning to maximize protection while significantly minimizing the impact on PC performance.

Panda Cloud Antivirus has recently won the PCMag.com Editor’s Choice Award for Best Free Antivirus, as well as top honors in PCWorld’s comparative review of free antivirus software. Panda Cloud Antivirus is available for download free of charge at www.cloudantivirus.com.

Source: Panda Security

Next Page »

• Recent Posts

  • Top Web Scams of the Decade
  • 25 Percent of New Worms in 2010 Are Designed to Spread Through USB Devices
  • IBM Delivers New Software to Help Clients Adopt Smarter Security and Compliance Management
  • DEF CON Survey Reveals Vast Scale of Cloud Hacking
  • More Than 200 Websites Use ‘Justin Bieber’ as Bait to Distribute Malware, According to PandaLabs
  • Panda Security’s Flagship Internet Security 2010 Takes Top Spot in AV-Test Report
  • National High School Cyber Defense Competition Registering Teams for Fall
  • National Survey: Online Safety is a Personal Priority for Americans
  • SonicWALL Releases Mid-Year Assessment of Top Cybercrime Threats for 2010
  • Casper 6.0 Tech Edition Disk Backup and Upgrade Software
  • Open Source Community Paves Way for Developers to Improve Internet Access for the Aging, Disabled
  • SAP Releases New Version of SAP Business ByDesign
  • Apple Updates Safari 5
  • Apple Mac OS X Updated
  • Forget the Format: New Aimersoft Video Converter Family is Available Now

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software SIIA software Software News tech technology threats Trend Micro United States US USA Windows Windows 7