Wednesday, September 30, 2009

XSS Worm on Reddit.com

Reddit (reddit.com) is a social news website, and it's much better than Digg or Slashdot.

However, it got hit  by a XSS worm that was spreading via comments on the site.

Read more about this at: http://www.securityfocus.com/blogs/2318

Effectively Protecting Your Customers' Data

Contact center staff are on the data security front lines. Properly trained they can thwart intrusion. Unfortunately contact centers too frequently have environments that foster data loss and theft. Employees are typically low-paid and have minimal or no benefits, are often poorly supervised, rushed to meet metrics, and face enormous stress.

Today's organizations depend and thrive on data for marketing, customer service and staff management, and like anything that is valuable, criminals have been seeking it to commit ID theft, blackmail or other crimes. 

The 2009 Identity Fraud Survey Report by Javelin Strategy and Research reports that the number of identity fraud victims has increased 22 percent to 9.9 million adults in the U.S., while the total annual fraud amount increased by seven percent to $48 billion over the past year. The reasons include profitability, safety and simplicity, explains Greg Young, research vice president, Gartner.

Read more about this article at: http://www.enterprise-security-today.com/story.xhtml?story_id=131004IMXRIW

Microsoft Security Essentials Available for Download

Microsoft has released its Security Essentials antivirus software as a free download to protect against malware, viruses and spyware. Microsoft said its goal is to remove cost barriers that leave PCs unprotected. The free Microsoft Security Essentials could result in wiping out software from competitors, including Arbor Networks, Symantec and McAfee.
After introducing its antivirus software to 75,000 beta testers in June as Microsoft Security Essentials Beta, Microsoft has made its Security Essentials antivirus software available as a free download.
Click on the below link to download MS Secuirty Essential :>

Tuesday, September 22, 2009

Security challenges with cloud computing services

If you entrust a cloud provider with your data, how is encryption handled, if at all? What about user authentication? What about data breach liability? 

Those were some of the issues raised during a panel discussion on the security challenges with cloud computing services at last week's Bay Area SecureWorld in Santa Clara, Calif. "We're not saying the cloud is bad. There is a lot of good there, but we want to bring the challenges to your attention," said panelist Tim Mather, a security advisor and a founding member of the Cloud Security Alliance (CSA). 

One of the major cloud security issues is encryption, he said. If data is processed in the cloud it needs to be decrypted, while some providers don't even offer encryption. And if encryption is used, key management becomes a big issue, he said: "Who manages the keys"?
Read more at:

Thursday, September 17, 2009

Brute force attacks target Yahoo email accounts

Attackers, willing to do anything to hijack webmail accounts to boost their spam campaigns, are bypassing the traditional Web login interface page to seek out a backdoor into accounts. 

Those attackers have targeted Yahoo and are successfully cracking account passwords by focusing automated password cracking scripts on a Yahoo Web services-based authentication application thought to be used by Internet service providers (ISPs) and third-party Web applications.
That was the finding of the Web Application Security Consortium Distributed Open Proxy Honeypot project, maintained by researchers at Breach Security Inc. The honeypot is tracking an extensive series of brute force attacks successfully targeting account credentials of Yahoo email users.
Read more about this at:-

Tuesday, September 15, 2009

Microsoft Telnet Vulnerable to Remote Code Execution

The vulnerability reported for Microsoft Telnet could allow an attacker to obtain credentials and then use them to log back into affected systems.The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Click on the below link for more information:-

Monday, September 14, 2009

The legal risks of uncontrolled IM use

Instant Messaging (or "IM") is one of the newest forms of electronic communication and it is rapidly gaining ground as a form of mainstream business communication. Your organisation may have embraced IM wholeheartedly, perhaps installing enterprise versions of IM and opening up its gateways to business associates using public IM networks. While many businesses are aware of the possible benefits of IM, such as its ability to promote real-time communication amongst work colleagues and customers, most organisations have been slow to assess the likely impact of IM on their corporate risk profile, and therefore have no agreed policy on its use.
Click on the below link to download the white paper:-

Tuesday, September 8, 2009

World War 3.0: 10 Critical Trends for Cybersecurity

The Internet, private networks, VPNs, and a host of other technologies are quickly weaving the planet into a single, massively complex "infosphere." These connections cannot be severed without overwhelming damage to companies and even economies. Yet, they represent unprecedented vulnerabilities to espionage and covert attack.

These are the 10 Critical Trends for Cyberwar published on Enterprise security today website.

  • Technology Increasingly Dominates Both the Economy and Societ
  • Advanced Communications Technologies Are Changing the Way We Work and Live
  • The Global Economy Is Growing More Integrated
  • Research and Development Play a Growing Role in the World Economy
  • The Pace of Technological Change Accelerates with Each New Generation of Discoveries and Applications
  •  The United States Is Ceding Its Scientific and Technical Leadership to Other Countries
  • Technology Is Creating a Knowledge-Dependent Global Society
  • Militant Islam Continues to Spread and Gain Power
  •  International Exposure Includes A Growing Risk of Terrorist Attack
  • The World's Population Will Grow To 9.2 Billion by 2050

To Read more about this in detail click on the below link:-

http://www.enterprise-security-today.com/story.xhtml?story_id=013000G50S4W&page=2

The Standard of Good Practise.

The Standard of Good Practice for Information Security (the Standard) is the foremost authority on information security. It addresses information security from a business perspective, providing a practical basis for assessing an organisation’s information security arrangements.
   
The Standard represents part of the ISF's information risk management suite of products and is based on a wealth of material, in-depth research, and the extensive knowledge and practical experience of ISF Members worldwide.
   
The Standard is updated at least every two years in order to:
   
• respond to the needs of leading international organisations
• refine areas of best practice for information security
• reflect the most up-to-date thinking in information security
• remain aligned with other information security-related standards, such as ISO 27002 (17799), COBIT v4.1 and PCI/DSS
• include information on the latest ‘hot topics’.
 The Standard is aimed at major national and international organisations that recognise information security as a key business issue. However, the Standard will also be of real, practical use to any type of organisation, such as a small- to medium-sized enterprise.
Before downloading the standard I request you to go through the ISFsecuitystandard website to get the Practical suggestions for using the Standard.
To download the standard click on the below link:-