• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Hacker attacks targeting healthcare organizations doubled in the 4th Quarter of 2009

SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported  that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009.

Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

In the Fall of 2009, SecureWorks and the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware, according to King. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim’s browser (including passwords), launch Distributed Denial of Service attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

SQL Injection attacks target vulnerabilities in organizations’ web applications. “We also saw a resurgence of SQL Injection attacks beginning in October,” continued King. “They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data,” said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.

Factors Contributing to Healthcare Attacks
1. Valuable Data Stores – Healthcare organizations often store valuable data such as a patient’s Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.
2. Large Attack Landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

“In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” said Jon Ramsey, CTO for SecureWorks.

SecureWorks has outlined a set of information security guidelines to assist the healthcare industry in protecting their patient data from cyber attacks and other data breaches. Adopting these security measures will also assist organizations in demonstrating their adherence to the HIPAA regulations and the requirements outlined in the new Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act has extended the HIPAA regulations to apply not only to healthcare providers, insurers and healthcare clearinghouses, but also to business associates that are handling personal information about patient health, as well as other protected information, including name, social security number, address and insurance account numbers. These associates must adhere to the Security Safeguards Rules outlined by HIPAA. The HITECH Act has also added a data-breach notification requirement and increased penalties for violation of the HIPAA rules.

SecureWorks’ Recommended Information Security Guidelines for the Healthcare Industry

Security Risk Assessments – Performing regular security risk assessments will give your organization a much better understanding of the actual risks posed to your Protected Health Information (PHI) and Personally Identifiable Information (PII). This process will also look at the controls you have in place compared with regulatory requirements, and help you determine if there are any gaps. It will also give you an opportunity to compare your security posture with others in the industry. Recommendations made as a part of this process can be integrated into your overall information security program, keeping your security safeguards current, as well as helping your organization show diligence and a commitment to compliance.
Intrusion Prevention and Detection Services (IPS/IDS) – The implementation of IDS and IPS enables you to detect and block attempts by cyber criminals to access data on your servers and your network. Proactive alerting mechanisms and monitoring services can notify you of attempted cyber attacks and allow you to respond in real-time as a component of your Information Security Program. It is much less costly, both from a monetary and reputational perspective, to prevent a cyber breach then to be faced with notifying affected individuals and the Department of Health and Human Services (HHS), as required by the HITECH Act.
Data Loss Prevention (DLP) - A DLP solution can help monitor your network traffic for possible leakage of PII such as social security numbers and PHI, such as Health Level 7 (HL7) codes (medical standards/procedures codes), etc.
Log Monitoring – Log Monitoring centralizes and correlates audit logs from your applications and systems to allow you to identify improper access to sensitive patient data from internal or external sources. Proactive monitoring or regular reviews of logs is a key step in ensuring that your patient data is secure, as well as in meeting the short time-window required by the HITECH Act for notification of a breach.
Web Application Security Testing and Web Application Firewalls – Web applications are becoming more common in healthcare environments. Due to their increasing role in the IT business environment and prevalence of security flaws, web applications are a frequent target of Internet hackers. Healthcare organizations and business associates should perform web application security testing regularly and when
significant changes are made to the web applications in order to protect against current security threats. Also, the implementation of a web application firewall can help protect against emerging attacks being launched from cyber criminals.
Encryption – Implementing strong encryption policies and technologies on mobile devices, laptops, portable storage and backup tapes is key to reducing your risks with regards to improper data disclosure.

SecureWorks currently protects 82 healthcare clients in the US. Attack statistics provided are from a 12-month study of 38 clients using SecureWorks’ Managed Intrusion Detection and Prevention service (IDS/IPS) at the edge of their network, giving SecureWorks visibility into all attempted network attacks while blocking them. In addition to healthcare organizations, SecureWorks protects banks, utilities, retailers, technology providers and government organizations. For more information on IT security solutions for healthcare organizations, please visit http://www.secureworks.com/compliance/industries/healthcare.

IBM unveils new resources to help software partners gain skills and generate leads

More than two-thirds of IBM Software partners expect improved profitability from its new skills initiative according to a global survey of 400 partners, IBM said today. The initiative includes new sales and technical resources for IBM Software partners to help jump-start new business opportunities.

For the first time, IBM will:
– pass new midmarket sales leads valued below $50,000 (USD/EU) to authorized IBM Software partners;
– deliver new cloud computing architecture certification for partners, including education on cloud business models;
– provide direct access to more than 130 industry training sessions online and in local markets worldwide.

Businesses today are adopting technology to become more efficient and transform their organization based on specific industry requirements. IBM is delivering this initiative to help partners build the right skills needed for 21st century transformation projects. Given these requirements, under the IBM Software Value Plus skills initiative, partners can choose which products across the IBM software portfolio to become certified and authorized to sell based on their business model and industries served such as healthcare, banking and financial markets, retail, government, telecommunications, chemical and petroleum and energy and utilities among others.

According to a new Global Business Partner Profitability Survey conducted by Ronin Corporation and commissioned by IBM, 60 percent of IBM Software partners said they expect to increase profitability in 2010 and beyond by participating in Software Value Plus. The same percentage of IBM’s top-tier Software partners said they see more revenue in the form of hardware, software, and services when selling IBM software as compared to revenue generated by other vendors’ top- tier partners. From a growth perspective, 50 percent of IBM’s top-tier Software partners report that cloud computing will be a leading driver of profitability over the next two years, and the same percentage of all IBM Software partners rank consulting services as their top cloud opportunity.

In response to these survey results, IBM is delivering new resources as part of its skills initiative including:

Automatic Lead Passing — For the first time, authorized IBM Software partners can automatically receive new midmarket sales leads through IBM’s Global Business Partner Portal valued at $50,000 (USD/EU) or below. IBM will track incoming sales leads, evaluate the skills and capabilities as required by the client, and notify qualified and authorized IBM Software partners through the portal in markets where skilled partners are available.
Cloud Architecture Certifications — Authorized IBM Software partners can now learn to design public and private cloud computing solutions based on the same IBM software products they are authorized to sell.  As part of the new certification, authorized partners can take advantage of a new cloud business adoption guide that shows how to structure deals based on proven IBM business models. Additionally, IBM will launch new cloud camps for software partners through IBM Innovation Centers and other IBM locations.
IBM Technology and Solutions Training for Software Partners – For the first time, authorized IBM Software partners have an opportunity to train side-by-side with IBM Software Sales teams to learn key topics such as Industry Trends and Directions, IBM Software Industry Strategy, IBM Brand and Cross Brand Solutions and IBM Industry Frameworks. More than 130 industry sessions will be available in 2010 to authorized IBM Software partners around the world through IBM Innovation Centers or online using Virtual Industry Summits.

“Our partners are constantly looking for new ways to demonstrate business value to clients and differentiate themselves from the competition,” said Philip Gallagher, Global President, Avnet Technology Solutions, an IBM value-added distributor. “IBM’s strategy to boost access to sales, marketing and technical skills with initiatives like Software Value Plus can help partners better meet client requirements and improve their profit margins.”

Today’s news comes at a time when IBM is expanding its commitment to increase marketing investments for all IBM Business Partners serving mid-sized companies including a new cross-IBM solutions development team to create a suite of integrated, cross-IBM solution building blocks around areas such as data protection, business analytics and dynamic infrastructure; a $130 million (USD) investment in marketing and demand generation programs including a significant expansion in co-marketing programs to help partners design their own lead generation campaigns; and increased support of local partners through Territory Business Partner Representatives to drive opportunities, develop solutions, maximize co-marketing activities and focus on client satisfaction.

“Clients recognize the value in working with skilled partners to architect and implement solutions that can transform their business,” said Nicolas Jabbour, CEO, Prolifics, an IBM Premier Business Partner. “Our primary goal is to help clients succeed, and many have already switched to Prolifics because of the business and technical skills we bring to the table. IBM’s focus on providing new and relevant skills to software partners complements our core competencies as a systems integrator, and we are now tapping these resources to grow our bottom line.”

The new resources announced today are provided through the IBM Software Value Plus skills initiative that helps software partners build technical, marketing and sales skills on IBM’s software portfolio and key growth opportunities such as business analytics, collaboration and industry transformation. IBM will continue to expand Software Value Plus with additional demand generation, co-marketing and technical skills resources for software partners throughout 2010.

“Business Partners are key to IBM’s success in the marketplace, and we continue to invest in new resources that help ensure their success,” said Sandy Carter, vice president, IBM Software Group Business Partners. “With this new initiative, we are now providing our partners with the same training and resources we provide our IBM sales team. That is why our partners see us as providing the best opportunity and rewards for those who invest in our software portfolio to better serve clients, tap new markets, and sell into new industries.”

For more information on the IBM Software Value Plus initiative, visit: www.ibm.com/partnerworld/softwarevalueplus.

RSA Global Survey reveals confidence in social networking security shaken as online crime rises

More than 4,500 people divulge concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division

Two in three people reluctant to share on social networks

Three in ten people fall prey to phishing attacks; a six-fold increase in just two years

RSA, The Security Division of EMC, announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.

Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely(1) to interact or share information due to their growing security concerns.

Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 percent) people using social networking websites displayed concern(2) with the safety of their personal information online.

“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”

Consumers more aware of phishing threats, but new attack methods dupe six times as many in just two years

In a similar RSA survey in 2007, one in three (38 percent) consumers reported they were aware of the threat of a phishing attack – and this figure doubled in two years(3) where three in four (76 percent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in ten consumers (89 percent) reported concerns caused by the threat of phishing.

Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in twenty (5 percent) consumers cited they had fallen victim to a phishing scam – and this rate increased six-times in 2009 to represent three in ten (29 percent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing.”

The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported(4) the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.

An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 percent.

Consumers’ safety concerns translate to significant eagerness for better identity protection

Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks in which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.

The RSA survey revealed that consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.

Consumers agreed that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) websites. Nine in ten consumers are willing to use a stronger form of security if offered.

Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”

Survey Methodology
– Respondents totaled 4,539 consumers between the ages of 18 and 65
– Conducted in October 2009 by market research firm InfoSurv, Inc.
– Represented 22 countries across North America, South America, Europe and Asia Pacific
– All respondents actively use the Internet

Addendum
(1) “Less likely” = “somewhat less likely” + “much less likely”
(2) “Concerned” = “somewhat concerned” + “very concerned”
(3) The 2010 Global Online Consumer Security Survey was conducted in October 2009
(4) Source: RSA Monthly Online Fraud Report, November 2009

Source: EMC Corporation

IBM delivers Enterprise Secure Mail for Android, iPhone, Nokia Symbian smartphones

General Motors Goes Mobile with IBM Lotus Collaboration

IBM announced a major expansion of IBM Lotus collaboration software and delivery of enterprise secure mail for Android, the iPhone and Nokia Symbian smartphones.

“We believe IBM has taken a leadership position in providing the broadest mail and collaboration support for mobile devices,” said Kevin Cavanaugh, vice president, messaging and collaboration, IBM.

General Motors (GM) is playing an innovative role in extending mobile collaboration into the automotive industry. Recently, GM’s Chevrolet and OnStar unveiled the auto industry’s first smartphone application that will allow Chevrolet Volt owners 24/7 connectivity and control of vehicle functions and OnStar features remotely. OnStar’s Mobile Application will allow drivers to communicate with their Volt from devices such as the Apple iPhone. It uses a real-time data connection to perform tasks like setting the charge time and unlocking the doors.

“As we reinvent GM, we’re giving our employees the same agility that we give our cars,” said Kirk Gutmann, chief strategy and technology officer of General Motors. “We’re building a workforce that’s mobile, connected and equipped for anything, anytime, anywhere. We have thousands of people on iPhone and BlackBerry® devices tying into their Lotus collaboration tools while in motion, increasing their productivity. The capabilities of Lotus Notes Traveler bring IBM’s enterprise-grade messaging to the iPhone, Symbian and later, Android-based phones, a big plus for those who want one device for their personal and business lives. Downloading the Lotus Notes Traveler Companion app from the Apple App Store is great news, as is getting IBM social software on the BlackBerry.”

As the collaboration leader, IBM is the first to announce plans to expand its enterprise mobile messaging offering in a future release of Lotus Notes Traveler. This will include mail, calendar and contacts support for versions 2.0 and 2.1 of Google’s Android mobile operating system.

Lotus Notes Traveler is no-charge software that can be downloaded by Lotus Notes customers and provides two-way, over-the-air synchronization of information between Lotus Domino data and mobile devices.

In addition, IBM’s new application for the iPhone is called IBM Lotus Notes Traveler Companion, a plug-in to view encrypted mail on the iPhone. Available now in the App Store, the Lotus Notes Traveler Companion download allows Lotus Notes users who synchronize their mail, calendar, contacts and Domino mail via Lotus Notes Traveler to view encrypted mail such as confidential business and personal data on the iPhone. The application requires Lotus Notes Traveler 8.5.1 software.

IBM’s partnership with Nokia has led to a broad spectrum of collaboration capabilities on Nokia’s smartphones including IBM Lotus Notes Traveler, IBM Lotus Mobile Connect, IBM Lotus Sametime and IBM WebSphere Portal, as well as XPages-based applications built with IBM Domino Designer developer software. IBM’s Lotus Connections software also works with Nokia Symbian smartphones, enabling users to collaborate with social networks, update information and access shared files while on the go.

A future version of Lotus Sametime software for the Nokia Symbian smartphone devices is planned to offer users presence awareness and Lotus Sametime Unified Telephony click-to-call capabilities in the native address book on the device. This new Lotus Sametime functionality on Nokia devices is planned for commercial availability by the end of this year.

The Lotus Notes Traveler software also supports Windows Mobile devices.

More than half of the largest global 100 corporations use IBM’s flagship collaboration offerings, Lotus Notes and Domino. These clients include the top aerospace and defense organizations; the top nine automotive firms; the top eight banks; the top four makers of consumer products; the top seven electronics firms; the top eight insurance companies; the top seven pharmaceutical organizations; and the top nine telecommunications carriers.

The Lotus Notes Traveler Companion application is available from the App Store on iPhone or at www.itunes.com/appstore/. For more information for Nokia visit www.nokia.com.

Panda Cloud Antivirus now compatible with Windows 7

Panda Security’s industry acclaimed free antivirus service, Panda Cloud Antivirus, has received Microsoft’s ‘Compatible with Windows 7′ certification after passing the company’s quality checks for both 32-bit and 64-bit systems.

Since the launch of Panda Cloud Antivirus on November 10, 2009, millions of users have enjoyed the simplest, most effective and easy-to-use protection on the market.

Panda Cloud Antivirus is the world’s first free antivirus service that provides real-time protection against the newest and most dangerous viruses. This level of protection is made possible because Panda gathers malware information from its global community of users in the cloud to automatically process malware strains in minutes, versus hours or even days compared to other products. Panda’s approach combines local detection technologies with real-time cloud scanning to maximize protection while significantly minimizing the impact on PC performance.

Panda Cloud Antivirus has recently won the PCMag.com Editor’s Choice Award for Best Free Antivirus, as well as top honors in PCWorld’s comparative review of free antivirus software. Panda Cloud Antivirus is available for download free of charge at www.cloudantivirus.com.

Source: Panda Security

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Safe Eyes 6 adds new protections for children online, including industry-first ratings-based Internet TV content filter

Major Upgrade to Leading Family Internet Manager

InternetSafety.comannounced Safe Eyes® 6, a major upgrade to its award-winning family Internet management software that includes an industry-first Internet TV content filter enabling parents to restrict children’s access to inappropriate online TV shows and movies based on standard TV and movie ratings. Parents will be able to block children’s access to explicit music lyrics, enforce tamper-proof safe search on major search engines, receive daily or weekly reports on children’s online activities by email, and use a new easy setup wizard to quickly tailor settings to each child.

These new features will enhance Safe Eyes’ established tools for safeguarding and managing children’s Internet usage. The software also automatically blocks objectionable websites in a choice of 35 categories as well as by user-defined URLs and/or keywords to shield children from undesirable online content; provides instant messaging controls, email blocking and social network monitoring to protect against risky online communications; and allows parents to schedule Internet usage in order to manage the time that their family spends online.

Safe Eyes 6 adds:
– Internet TV filtering on Hulu, iTunes and major TV network websites including ABC, NBC, CBS and Fox, based on the ratings level that parents deem appropriate for their children. Parents can set the software to limit content by user to TV-G and G-rated, TV-PG and PG-rated, TV-14 and PG-13-rated, or TV-MA and R-rated TV shows and movies. No other family Internet manager has these filtering capabilities.

– Blocking the viewing or purchase of songs with explicit lyrics on iTunes by selecting the appropriate setting on the setup page.

– Stronger protection against objectionable search results, with the ability to enable safe search features on popular sites such as Google, Yahoo, Bing and YouTube from Safe Eyes and thereby prevent children from disabling the safe search setting.

– Easy-to-understand daily or weekly activity reports sent by email, offering an at-a-glance overview of each user’s top search terms, most visited websites, blocked websites and programs, personal information posted online, and time-of-day Web usage patterns.

– Easy setup wizard giving parents the option to copy settings from one child to another, utilize InternetSafety.com’s suggested settings based on age, or customize user settings for each activity (websites, videos, music, instant messaging, games, social networking and email) from dropdown menus.

“There is a major disconnect in managing children’s media activities today. You can have parental controls on a TV that prevent children from watching a show that you consider objectionable, but the child can watch the same show on the family computer. One of our primary goals in Safe Eyes 6 was to remedy that problem,” said InternetSafety CEO Forrest Collier. “At the same time, we have added other new protections, simplified setup, and equipped parents with more meaningful reports that keep them informed and aware of their family’s Internet activities.”

Safe Eyes 6 will be available for download at www.safeeyes.com later this month. A one-year $49.95 subscription will cover up to three PCs with the ability to customize settings for each child. An advance demo can be seen at the InternetSafety.com booth (#3128) in the Living in Digital Times area at the 2010 International CES conference in Las Vegas.

Source: InternetSafety.com

Greatest cyber risk driven by remote network access and embedded malicious code: Deloitte Poll

More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today. The executives were polled recently during the Deloitte webcast, “Combating Cyber-Threats from the Underground Economy: A View from the Front Lines.”

“Cyber attacks today are not only about identity theft, but about stealing information behind companies’ firewalls,” said Mark White, principal, Deloitte Consulting LLP and the webcast moderator. “An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited.”

Richard Baich, a principal in Deloitte & Touche LLP’s Security & Privacy practice and a webcast presenter, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts. “The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems, which routinely evade present-day security controls,” said Baich.

Baich also stated that cyber criminals are now able to target specific individuals within an organization, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organizations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.

“This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs,” said Baich. “Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems.”

“Data is more valuable than money. Once money is spent it is gone. Data can be reused and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said ‘because that is where the money is.’ Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games,” added Baich.

Other polling results included:
– Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
– 62.2 percent of respondents did not know how their organization understands what data is leaving the company’s network, though 14.1 percent did confirm that their organizations were using a data loss prevention solution.
– 41.4 percent reported that they did not know how their organizations found compromised devices inside of their network.
– More than a quarter (27.4 percent) indicated their organizations rely on some type of antivirus and intrusion detection system.

Peter Makohon, senior manager, Deloitte & Touche LLP and a webcast presenter, told participants that “cyber crime may already be in their neighborhoods” and cited the following issues facing executives:

– Current signature-based information security controls are not effective against sophisticated, cyber threats and exploits, which are evolving at a phenomenal rate.
– Companies lack the automated systems and skilled analysts to rapidly analyze, identify, contain, analyze, and remediate compromised devices.
– Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
– Organizations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.

To hear the webcast please visit: www.deloitte.com/us/dbriefs/futurete.

The polling responses came from more than 270 technology executives ranging from upper management to consultant across multiple industries responded to the polling questions during Deloitte’s webcast on December 3. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte.

Source: Deloitte

Panda Security publishes Virus Yearbook 2009

Most intriguing malware selected for use of social engineering and visible effects on PCs

PandaLabs, the anti-malware laboratory of Panda Security, has published its 2009 Virus Yearbook, examining the most intriguing malicious codes to emerge over the last 12 months.

Rather than spotlighting the most widespread viruses, or those that have caused the most infections, PandaLabs has selected those which stood out most for their use of social engineering or visible effects on users’ PCs. For this reason, some of the more well-known malicious codes (such as the Koobface virus) are absent from the list.

Here are the viruses PandaLabs believes deserve a mention:

– Biggest headache. Conficker.C was without a doubt the most obnoxious virus this year. It first appeared on December 31, 2008, and has spent the last year infecting companies and home users alike. The insidious and tenacious nature of this malicious code has earned it first place in Panda’s ranking.
– Harry Potter of viruses. Although there is no reference to the world’s most popular fictional wizard, the on-screen messages Samal.A displays are all about magic. When it infects a computer, users will see the message “Ah ah you didn’t say the magic word” (see photo) and the cursor then flickers, waiting for users to enter a word. The truth is it doesn’t matter what is entered, because after three attempts, the phrase “Samael has come. This the end” (see photo), will be displayed and the computer is restarted.
– V for Vendetta. While it’s still unclear who exactly the real target of this worm is, DirDel.A wreaks vengeance on infected users, progressively replacing folders in different directories with copies of itself. The worm is carried in a file called Vendetta.exe with a typical Windows folder icon (see photo).
– Plain nuisance. The Sinowal.VZR Trojan has infected thousands of computers under the guise of plane tickets supposedly purchased by the user (see photo).
– All-action virus. Once infected with Whizz.A, computers will start emitting a series of beeps, the mouse pointer moves uncontrollably around the screen, and the CD/DVD tray opens and closes, while the screen is ‘decorated’ with a row of bars (see photo).
– Snooper. Waledac.AX ensnares its victims by claiming to offer a free application for reading SMS messages on anyone’s cell phone. Waledac.AX is seemingly ideal for people who want to check up on their partners, explaining why so many users fell victim to this intelligent virus.
– Most affectionate. BckPatcher.C tops this category, as it changes the desktop wallpaper to an image reading “virus kiss 2009″ (see photo). What a charmer!
– Touch of the sniffles. PandaLabs couldn’t fail to mention a couple of the viruses, WinVNC.A and Sinowal.WRN, that used the widespread alarm surrounding swine flu to trick users and infect their systems.
– Incompetent newcomer. The Ransom.K Trojan encrypts documents on infected computers, and then asks for a $100 ransom to release them. However its creator, probably lacking in experience, included a programming error which allows users to release the files with a simple key combination.
– Most deceitful. This year, the winner in this category is FakeWindows.A, which infects users by passing itself off as a license activation process for Windows XP.
– Party animal. Banbra.GMH arrives in an email promising photos of Brazilian parties (with dancing girls included). Who could resist?

More information about these and other threats is available at www.pandasecurity.com.

• Recent Posts

  • Wordfast Pro 2.3 for Windows
  • Panda Security reports over 13 Million users affected by Mariposa Botnet
  • Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months
  • SonicWALL identifies growing threat of cybercriminals attacking new searches
  • Introducing the Fraud Prevention Suite to combat fraud in international eCommerce
  • Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement
  • SAP Business One 8.8 beckons new era of software for small businesses
  • Microsoft announces global launch of Windows MultiPoint Server 2010
  • SIIA announces finalists for 2010 CODiE Awards in Education categories
  • New Emotional Technology in KODAK Picture Kiosks creates opportunity to tap into trillions of images
  • Cybercriminals continue to show their love for Valentine’s Day
  • Tableau launches free software to make data social
  • Apple releases Aperture 3
  • Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
  • Top 10 Malware Threats for January

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software service software Software News tech technology threats Trend Micro United States US USA Windows Windows 7