Articles tagged with: security-tips
VMware Breached, More Hypervisor Source Code To Come
Is your hypervisor safe?
Hypervisors–such as VMware ESXi and Xen–provide the platform on which virtualized guest operating systems run, and are therefore a core component of any business’s virtual infrastructure. But they’re also a potential security weak point. A 2010 study from IBM, notably, found that 35% of all vulnerabilities in a virtualized environment could be traced to the hypervisor.
Those vulnerabilities are cause for concern …
Healthcare’s Checklist Security Mentality Failing, Report Says
(click image for larger view and for slideshow)
Most hospitals–89%–conduct regular risk analysis. However, few ever take actual steps to improve patient data security. With that in mind, healthcare delivery organizations must change their data security strategy from that of a monitoring and reactive stance and adopt proactive measures to mitigate threats, concludes a report commissioned by Kroll Advisory Solutions.
2012 HIMSS Analytics Report: Security …
Why Security Teams Need To Play More Offense
(click image for larger view and for slideshow)
The recipe for a cyber-attack is straightforward: Attackers gather intelligence on the target’s systems, research vulnerabilities, exploit those weaknesses, gain control of the systems, and conduct post-exploitation operations.
Yet for the first three parts of attackers’ operations, most defenders do nothing. Only after attackers act on a corporate network–the fourth step–does a victim’s security team becomes aware …
Anonymous Hackers’ New Best Friend: Automation
(click image for larger view and for slideshow)
How did an Austrian teenager who’s confessed to hacking nearly 260 websites in a three-month period do it? Simple: By using state-of-the-art, highly automated tools designed for testing vulnerabilities, or, in the hands of an attacker, taking advantage of them.
“What makes the Austrian incident interesting is the speed and effectiveness of the hacks,” said Rob Rachwald, …
Mac Security After Flashback: 5 Key Points
Are Macs being more actively attacked?
In the wake of the Flashback malware outbreak that successfully infected over 600,000 Macs, security watchers have declared that cyber-crime rings and nation states have begun to more actively target Macs.
“Recently, malware that targets Mac computers, such as OSX.Flashback and OSX.Sabpab, are increasing,” read a blog post from Symantec. “This recent increase provides evidence that malware authors now consider Mac …
Compliance Policy Development: Do’s And Don’ts
Currently we allow the following HTML tags in comments:
Single tags
These tags can be used alone and don’t need an ending tag.
br Defines a single line break
hr Defines a horizontal line
Matching tags
These require an ending tag – e.g. iitalic text/i
a Defines an anchor
b Defines bold text
big Defines big text
blockquote Defines a long quotation
caption Defines a table caption
cite Defines a citation
code Defines computer code …
Federal Cyber Overhaul Cost: $710 Million Through 2017
(click for larger image and for full slideshow)
The House of Representatives bill to overhaul the federal government’s cybersecurity regulations, which is slated for a floor vote this week, would cost $710 million through 2017 to implement, the Congressional Budget Office reported Friday.
The Federal Information Security Amendments Act of 2012, one of four cybersecurity bills on the docket in the House this week, would overhaul the …
DNS Changer: FBI Updates Net Access Shutoff Plans
In a little more than two months, the FBI plans to pull the plug on DNS servers that are currently providing PCs infected with the DNS Changer malware with the ability to translate domain names into IP addresses.
Accordingly, the FBI has launched a public appeal, urging consumers and businesses to scan their machines–including some routers–for signs of infection.
How prevalent is DNS Changer? Rod Rasmussen, a …
Obama Authorizes Sanctions Over Iran, Syria Internet Crackdowns
(click image for larger view and for slideshow)
In an effort to prevent human rights abuses in Iran and Syria, President Obama issued an executive order Monday authorizing sanctions against those countries and companies that help them acquire and use technology to track down dissidents online or on communications networks.
“These technologies should be in place to empower citizens, not repress them,” Obama said in …
Online Calendar Mistakes Cost Doctors Group $100,000
(click image for larger view and for slideshow)
Phoenix Cardiac Surgery has agreed to pay the U.S. Department of Health and Human Services (HHS) $100,000 for posting patient information on the Internet without adhering to federal privacy and security safeguards for personal health information.
The settlement with the Arizona physician practice follows an investigation by the HHS Office for Civil Rights (OCR) into potential …
Anonymous Drives Security Fears, But Not Spending
(click image for larger view and for slideshow)
Who are the groups voted most likely to lob cyber attacks at companies over the next six months? That would be the hacktivist set, including Anonymous, LulzSec Reborn, and their ilk.
So said 61% of 1,900 IT and information security personnel recently surveyed by endpoint security firm Bit9. Interestingly, however, the survey also found that actual …
Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats
Currently we allow the following HTML tags in comments:
Single tags
These tags can be used alone and don’t need an ending tag.
br Defines a single line break
hr Defines a horizontal line
Matching tags
These require an ending tag – e.g. iitalic text/i
a Defines an anchor
b Defines bold text
big Defines big text
blockquote Defines a long quotation
caption Defines a table caption
cite Defines a citation
code Defines computer code …
Many Identity Theft Protection Services Promise The Impossible
Identity theft protection service subscribers: Beware trial offers, as well as refund and cancellation policies, and always seek specifics about the exact type of assistance that will be provided.
Those warnings come from a new report into identity theft services. Released by the Consumer Federation of America (CFA), which counts 280 national, state, and local consumer rights groups as members, the 48-page study analyzes the practices …
TSA Tests Identity Verification System
(click image for larger view and for slideshow)
The Transportation Security Administration (TSA) has begun testing a new system that verifies an air traveler’s identity by matching photo IDs to boarding passes and ensures that boarding passes are authentic.
The Credential Authentication Technology/Boarding Pass Scanning System (CAT/BPSS) is being tested at Washington’s Dulles International Airport, and the pilot program will be expanded to Houston’s George …
FBI Seizes Anonymizing Email Service Server
Did an FBI server seizure go too far? FBI agents investigating a University of Pittsburgh bomb threat Thursday seized a server, apparently because it was being used to host an anonymous remailer service that had been used to send bomb threats. But the takedown, which was backed by a search warrant, has drawn condemnation from activist groups, who have characterized the seizure as an “attack …
Apple Mac Attack Began With Infected WordPress Sites
The massive Flashback botnet of Mac machines originated from hacked and malware-rigged WordPress blog sites, researchers revealed Thursday.
There were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States, said Vicente Diaz, senior security analyst for Kaspersky Lab, in a briefing.
Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code …
Anonymous Hacker Girlfriend Pictures Revealed Much, Police Say
(click image for larger view and for slideshow)
What was the clue that led investigators to one Anonymous suspect? A provocative picture of his girlfriend.
When the hacktivist group “CabinCr3w” boasted of hacking into multiple government websites on Twitter and PasteHTML.com, they linked to a number of images of a bikini-clad woman holding written taunts. But what the hackers apparently failed to realize was that …
Two Mac Trojans: Apple Patching Fast Enough?
Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback.
“This Java security update removes the most common variants of the Flashback malware,” according to a support document released by Apple, which recommends that all Java users install the update for Mac OS X 10.6 and 10.7. (Apple has yet to release a related security fix for any previous …
Feds Bust ‘Farmer’s Market’ For Online Drugs
International law enforcement agencies Monday arrested eight people for allegedly operating an online marketplace for illegal narcotics. According to authorities, the online bazaar known as “The Farmer’s Market” had sold a range of substances–including liquid LSD, MDMA (ecstasy), fentanyl, mescaline, ketamine, and “high-end marijuana”–to at least 3,000 customers in all 50 states, as well as 34 countries.
A 66-page federal indictment, unsealed Monday, alleged that the …
CISPA Bill: 5 Main Privacy Worries
Does the Cyber Intelligence Sharing and Protection Act (CISPA) threaten people’s privacy in unacceptable ways?
That’s one criticism being leveled at CISPA, the House cybersecurity bill introduced by Rep. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) in November, 2011. Many privacy watchers, notably, have said that the 11-page bill, which focuses on government monitoring, suffers a similar problem to the Stop Online Piracy Act (SOPA), which …
Anonymous Hackers Not Smart On Anonymity, Feds Say
(click image for larger view and for slideshow)
The FBI announced Monday that it arrested John Anthony Borell III, 21, on charges of participating in two January 2012 Anonymous attacks against police websites in Utah.
Borell was arrested in Ohio on March 20, 2012, and indicted by a federal grand jury on April 4, 2012, on two counts of computer intrusion involving SQL injection attacks. …
Flashback Malware Eradication Campaign Slower Than Expected
The campaign to eliminate the Flashback malware from Apple OS X devices has seen the number of infected machines decline from more than 600,000 at the peak of the infection. By Monday, Symantec reported that just 140,000 active infections were detected, and on Tuesday fewer than 99,000.
“The statistics from our sinkhole are showing declining numbers on a daily basis. However, we had originally believed that …
Mac Trojan Fallout: Apple Security Glory Days Gone?
Has the Mac’s relative immunity to malware finally ended?
Alan Paller, director of research for the SANS Institute, wrote in the group’s information security newsletter Tuesday that it was time “to memorialize Apple’s arrival as a prime target of cybercrime, following its recent ascent into a trusted platform for enterprise computing.”
As Paller notes, Macs now have business cred, due in no small part to Apple hitting …
FBI Former Cybercrime Chief: Same Hunt, New Startup
The toughest part about fighting cybercrime is actually catching the people behind the botnet, financial fraud, or cyberespionage. Just ask the former executive assistant director of the FBI’s Criminal, Cyber, Response, and Services branch, Shawn Henry, who late last month retired from the bureau after 24 years, and announced Thursday that he has joined startup CrowdStrike to continue the fight from the private sector.
Henry, the …
Anonymous Builds New Haven For Stolen Data
(click image for larger view and for slideshow)
Anonymous, together with a group known as the Peoples Liberation Front, Tuesday announced the immediate availability a new website for hacktivists to dump their stolen (“doxed”) data.
Dubbed AnonPaste, the website has been created as an alternative to Pastebin and other websites that allow people to anonymously upload large amounts of text, the two groups said …
Is CISPA Worth Saving?
Does the Cyber Intelligence Sharing and Protection Act (CISPA) have any chance of passing into law?
The cybersecurity bill has come under sustained assault by civil liberties groups, who have criticized it for using overly broad language, including the definition of what constitutes a “cyber attack” and which types of data can be shared. They worry that it could result in information sharing programs that compromise …
