Friday, December 22, 2006

Bots and rootkits among top 10 threats, said McAfee

The days of big virus outbreaks like MyDoom, Melissa and SQL Slammer are gone, said Joe Telafici, director of operations for McAfee's Avert Labs.

Telafici was speaking at the recent AVAR (Association of Antivirus Asia Researchers) conference, which was held in Auckland. Today's cyber criminals don’t want to draw attention to themselves as the main motivation for cyber crime now is money, not fame, he said.

Click here for the full story.

Thursday, December 21, 2006

Top tips on destroying data on your hard drives

Reformatting a drive or deleting its partition doesn't truly erase its files

Data thieves don't have to be programming wizards to get their hands on your personal information. They often find hard drives that contain financial and other sensitive data at flea markets, charity shops, the city dump and even on eBay. These tips will help you render an old drive's files unreadable.

Click here for the full story.

Tuesday, December 19, 2006

Risk Management's Bell Curve

IT security managers have two basic problems: getting their managers to understand the need for security resources; and figuring out how to prioritize and spend the resources they already have.

Both problems could potentially be solved if security people spent a little less time thinking like IT experts and a little more time thinking like insurance experts, according to new report from the London School of Economics and McAfee.

Click here for the full story.

Risk Management's New Bell Curve

IT security managers have two basic problems: getting their managers to understand the need for security resources; and figuring out how to prioritize and spend the resources they already have.

Both problems could potentially be solved if security people spent a little less time thinking like IT experts and a little more time thinking like insurance experts, according to new report from the London School of Economics and McAfee.

Click here for the full story.

Monday, December 18, 2006

Email security techniques we wish would work, but just don't

At the height of its hype cycle, XML was supposed to solve the "interoperability problem," but in the end, only had a marginal level of success that was better than any other file format. In much the same way, many legacy spam detection techniques promised to rid us of much or all spam. Instead, they fell short of their promise and, in many cases, just did not work.

Click here for the full story.

Friday, December 15, 2006

Boeing laptop with data on 382,000 employees stolen

And in Dallas, the University of Texas reported a network intrusion

A laptop containing the personal information on 382,000 current and retired workers of Chicago-based Boeing Co. was stolen from an employee's car earlier this month, according to Boeing spokesman Tim Neale. He declined to say exactly where the laptop was stolen.

The information included employees' Social Security numbers, home addresses, telephone numbers and birth dates, as well as salary information, Neale said. Although the laptop was turned off and was password protected, Neale said the data on it was not encrypted.

Click here for the full story.

Thursday, December 14, 2006

Report: Phish Jump

As if you didn't already know that phishing is growing, the Anti-Phishing Working Group's latest numbers hammer it home even harder, showing a 50 percent increase in phishing sites from September to October.

The APWG's latest report shows 37,444 unique phishing sites were detected in October, versus 24,565 in September. The APWG attributed much of this jump to phishing campaigns using URLs with multiple subdomains in an attempt to evade spam filters and antiphishing filters in browsers, which use blacklists of known phishing sites.

Click here for the full story.

Tuesday, December 12, 2006

Worms Get Smarter

The recent wave of Web worms on MySpace and other social networking sites represent a new generation of more sophisticated worms -- ones that employ the pervasive cross-site scripting (XSS) flaws found on many Websites.

Early worms were more for wreaking havoc and proof-of-concept purposes (think Code Red and Melissa), but the new worms discovered earlier this month on MySpace are more about stealing data. Example: the XSS exploit that spreads as a worm and tries to force spyware onto a user's machine for nefarious purposes. That attack is a QuickTime movie that is "backdoored" with an XSS exploit, which changes a user's profile to include links to a porn site that hosts spyware. Once a user goes to that site, he or she is infected with the spyware.

Click here for the full story.

Friday, December 08, 2006

2006: The year in security

Though Internet-crippling virus attacks now seem to be a thing of the past, PC users didn't feel a lot more secure in 2006. That's because online attacks have become more sneaky and professional, as a new breed of financially motivated cyber criminals has emerged as enemy number one. Microsoft Corp. patched more bugs than ever and whole new classes of flaws were discovered in kernel-level drivers, office suites and on widely used Web sites. Vendors' chatter about security is at an all-time high, but the bad guys are still finding lots of places to attack.

And, oh yes, spam is back.

Following are five of the top computer security stories in 2006.

Click here for the full story.

Thursday, December 07, 2006

Disney protected with home-grown security, compliance software

Company's Keystone Web services provide centralized identity management, access control

The Walt Disney Co. is locking down its applications with cutting edge identity management innovations developed in-house that are helping the entertainment giant meet its security, compliance, and auditing goals.

Click here for the full story.

Wednesday, December 06, 2006

IBM Buys Into Security Compliance

IBM did its holiday shopping a little early this year, picking up security information management and compliance tool vendor Consul today for an undisclosed sum.

Consul, a 20-year-old company originally founded to do mainframe data and usage auditing, is one of several smaller security vendors that makes tools for collecting information about user access and activity across an enterprise. Such data is critical in the effort to meet security requirements outlined in a variety of government and industry policies and regulations, including Sarbanes-Oxley and HIPAA.

Click here for the full story.

Tuesday, December 05, 2006

Compliance Keys: Money, Monitoring

When it comes to regulatory compliance, companies that spend the most on IT security, and are the most vigilant about their compliance efforts, are the most successful.

That's the result of a study published earlier today by the IT Policy Compliance Group, a collection of compliance experts formed last year to study best practices in regulatory compliance.

Click here for the full story.

Monday, December 04, 2006

Research group finds high level of IT deficiencies

IT vulnerabilities such as inadequate documentation and poor PC access controls put enterprises at risk of being noncompliant with regulatory mandates and prone to security events -- and most companies have at least a few such deficiencies present in their enivornments, according to research to be released Monday.

Click here for the full story.

Friday, December 01, 2006

New Threats Loom for 2007

Attackers are preparing a new array of exploits and vulnerabilities for next year, security researchers say.

McAfee Avert Labs, the research arm of the popular antivirus vendor, yesterday unveiled its predictions for 2007, based on its analysis of more than 217,000 threats collected to date.

At its current rate of growth, the threat base will grow to 300,000 by the end of next year, the company says. "It is clear that malware is being released by professional and organized criminals," the company said in a statement.

Click here for the full story.

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.