Data Loss

Comment: We All Need to Keep Closer Tabs on Financial Data
Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats... More

Insiders increasingly linked to data breaches in the financial sector
Employees are increasingly responsible for data breaches at financial institutions, according to the US Computer Emergency Response Team (US-CERT).... More

FBI probes over 400 cases of corporate bank account cyberjacking
The FBI is currently investigating over 400 reported cases of corporate banking account takeovers in which cybercriminals have initiated unauthorized automated clearing house (ACH) and wire transfers from US-based organizations, an FBI official told a House panel this week. ... More

Hacker accesses 40,000 credit and debit cards processed by arcade vendor
Vacationland Vendors, a Wisconsin-based supplier of arcade equipment and vending machines, said credit and debits cards used in its card processing system over a two and a half year period may have been exposed. ... More

Data breach exposes personal data on 20,000 Stanford Hospital patients
A full 20,000 patients who visited the Stanford Hospital and Clinics’ emergency room had their personal information posted publicly online for a year, the hospital admitted last week.... More

This real-time network and application attack mitigation system cost-effectively protects the infrastructure against network & application downtime, vulnerability exploitation, malware spread, information theft, web service attacks and web defacement.

Application Security

Google plugs 32 flaws in Chrome 14, doles out $14,337 in bounties
Google has released stable channel version 14 of its Chrome browser, fixing 32 security flaws and paying out $14,337 in bug bounties in the process.... More

Oracle pushes out emergency patch for Apache denial-of-service flaw
Oracle has issued an out-of-band patch to plug a hole in its Apache web server product that could be exploited for denial-of-service (DoS) attacks. ... More

Small is beautiful when it comes to information security
Chief information officers naturally turn to large vendors for their information security needs in spite of the fact that smaller firms often are better at responding to the latest cyber threats, observed Ross Parsell, key account director for government and commercial with Thales e-Security. ... More

Adobe fixes 13 critical flaws in Reader, Acrobat
Adobe has patched 13 vulnerabilities in its latest quarterly security update, including critical flaws in Reader and Acrobat. ... More

FBI probes hack into NBC News Twitter account after Ground Zero attack hoax
The Federal Bureau of Investigation (FBI) is probing the hacking of the NBC News Twitter account.... More

Apple co-founder Steve Wozniak's Twitter account hacked
The second Steve behind Apple – Steve Wozniak – has reportedly had his Twitter account hacked, with a message going out late last week saying: "I made $781 today working a few hour from home check this out!"... More

Gatesian slip: Microsoft publishes Patch Tuesday bulletins early
Perhaps the most noteworthy aspect of Microsoft’s Patch Tuesday update is that the company published the five security bulletins early. ... More

Biometrics

Significant growth ahead for mobile biometric security market
Research just issued predicts a boom time lies ahead for the nascent mobile phone-based biometric security market.... More

Business Continuity and Disaster Recovery

Cyber attacks are becoming lethal, warns US cyber commander
Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command.... More

Compliance and Policy

Firms could face $20 million in fines for violating provisions of data breach bill
Sen. Richard Blumenthal (D-Conn.) has introduced data breach legislation that would impose penalties of up to $20 million per violation on companies.... More

Lessons from campus are fundamental to managing consumerization of IT
The consumerization of IT is one of the hottest trends of late, leaving many ITsec pros wondering how they can balance the demands of their users with the security of their enterprise networks. It appears that one successful model has been under our noses all along – lurking on college campuses. ... More

Encryption

Microsoft drags feet on fixing IE9 bug that disrupts anti-keylogging technology
Microsoft has been dragging its feet for six months on fixing a problem with Internet Explorer (IE) 9 that is preventing keystroke encryption technology made by StrikeForce Technologies from working, according to the company’s executive vice president of marketing, George Waller.... More

Identity and Access Management

Employers beware: Fix known flaws or risk retaliation
Companies should fix known access vulnerabilities in order to prevent disgruntled former employees from wreaking havoc on their systems, advises Adam Bosnian with Cyber-Ark Software.... More

Internet and Network Security

GFI researcher spots Bing and Yahoo adverts serving up malware
Despite security safeguards being installed by advertising aggregation firms over the last 12 months, it looks as though the old problem of third-party adverts serving up malware infections is back again, as a GFI Software security researcher claims that the Microsoft Bing and Yahoo search engines are now directing users to malicious content.... More

Firms concerned that high-speed networks will overwhelm security products
A full 84% Fortune 500 organizations surveyed have concerns about their incumbent network security vendors’ abilities to manage 10 gigabit per second (Gb/s) throughput environments, according to a survey commissioned by network monitoring firm Endace.... More

IT security should be about good management, not tech performance, says IDC
IT security in an increasingly complex threat environment needs to be more about management than technology performance, according to Eric Domage, program manager for IDC in Europe.... More

Small is beautiful when it comes to information security
Chief information officers naturally turn to large vendors for their information security needs in spite of the fact that smaller firms often are better at responding to the latest cyber threats, observed Ross Parsell, key account director for government and commercial with Thales e-Security. ... More

'Patch and pray' no longer the way, says INSA
The “patch and pray” system of cybersecurity is no longer sustainable in the current threat environment, judges a report prepared by the non-profit Intelligence and National Security Alliance (INSA).... More

GlobalSign web certificate authority back online after hacker breach
Belgian web certificate authority (CA) GlobalSign is back online after investigating claims by the hacker who breached the Dutch DigiNotar CA that its systems had also been breached.... More

Is Linux loose with security?
The Linux Foundation said that it discovered a security breach of its infrastructure, including LinuxFoundation.org, Linux.com, and their subdomains on Sept. 8.... More

IT Forensics

Rogue trader who cost UBS £1.3bn highlights failure to monitor unauthorized dealing
Another case of the unauthorized activity of a trader at an investment bank has highlighted the need for real-time monitoring and control in the investment banking sector.... More

Malware and Hardware Security

Hackers flip over Unicode trick
Hackers are flipping filenames to create apparently 'safe' file extensions that in fact contain malware, according to Czech security firm Avast Software.... More

More botnets using the same compromised devices, Damballa finds
The number of botnets running on compromised devices increased in the first half of 2011, despite the recent takedown of a number of high-profile botnets, according to Damballa’s first half 2011 Advanced Threat Report.... More

Reverse engineering specialist dissects the Morto worm
Tomer Bitton, a reverse engineering specialist with Imperva, has successfully dissected the operation of the Morto worm, a malware executable that is notable for being the only worm seen to date that exploits Microsoft's remote desktop protocol (RDP).... More

Public Sector

Energy Department lays down roadmap for energy delivery cybersecurity
The US Department of Energy (DOE) released a report on Thursday that provides a roadmap for public-private sector initiatives designed to improve cybersecurity for the nation's energy delivery system.... More

1.Future of SSL in doubt? Researcher Marlinspike unveils alternative to certificate authorities 

2. California updates data breach notification law

3.DDoS attacks increasingly target small and medium-size firms

Wireless and Mobile Security

Analyst spots major changes in Android DroidDream malware
It looks like the DroidDream malware – which infected hundreds of thousands of Android users earlier in the year – is back with a sting in the tail, as a Trend Micro threat analyst is reporting that a major recode has been spotted.... More

Mobile security demands comprehensive approach, IDC conference told
Securing mobile devices is one of the biggest challenges facing IT security professionals as cyber criminals turn their attention to this platform, according to James Lyne, director of technology strategy at security firm Sophos. ... More

ICSA Labs offers security tips to tackle rising smartphone/tablet threats
The rising ride of mobile security threats – driven by the increase in use of smartphones and tablets in the workplace – has been causing IT security managers a few headaches recently and Verizon's ICSA Labs operation has issued a number of tips for managers to help them develop appropriate security measures.... More

EU cybersecurity agency publishes report on app store security
ENISA has published a report on app store security that advocates a baseline set of five lines of defense against malware.... More

Virtually undetectable SpyEye malware spotted on the Android platform
It seems that the long reach of the increasingly popular SpyEye malware has now reached the Android platform, with in-browser security specialist Trusteer reporting that the trojan has been extended into the portable computing environment.... More

Mobile malware up 273% in first half of 2011
Malware for smartphones and tablets is up 273% in the first half of 2011, compared with the same period in 2010, a study from G Data has shown.... More

Industry News

Gartner: CISOs must use risk to show the value of security to business goals
Risk is key to enabling IT information security professionals to engage with the business and demonstrate business value to the board, according to Gartner. ... More

Events

Interop New York
Dates: 03 October 2011 until 07 October 2011
Location: New York, New York, USA
Website: http://www.interop.com/newyork/
More

RSA Europe 2011
Dates: 11 October 2011 until 13 October 2011
Location: London, UK
Website: http://www.rsaconference.com/index.htm
More

ISSA International Conference
Dates: 20 October 2011 until 21 October 2011
Location: Baltimore, Maryland, USA
Website: https://www.issa.org/conf/?p=105
More

ISACA Training Week
Dates: 24 October 2011 until 28 October 2011
Location: Baltimore, Maryland, USA
Website: http://www.isaca.org/Education/Upcoming-Events/Pages/Trainin...
More

For a full list of events and conferences, please visit
http://www.infosecurity-us.com/events/