Archive for the Category ◊ IT Security ◊

Banks turn to smartphone tech to fight online fraud
Wednesday, February 19th, 2014 | Author:

Network World – To ward off cyber-crooks trying to break into customers’ accounts, banks are expanding their security efforts beyond desktops and onto iPhones and other mobile devices.

Take HSBC Bank USA, for instance, which this week announced it’s handing out free two-factor authentication tokens in the next few months for customers to use in their personal Internet banking. These digital and physical security tokens from Vasco Data Security can generate unique one-time passwords each time a customer logs in. And another financial institution, U.S. Bank, this week said it’s testing how voice biometrics in a mobile banking app for smartphones can let customers authenticate via their own voice for access to their payment-card accounts rather than having to type passwords.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment
Measuring the effectiveness of your security awareness program
Wednesday, February 19th, 2014 | Author:

CSO – As Yogi Berra put it, “If you don’t know where you’re going, you’ll end up someplace else.” Do you know where you’re going with respect to your privacy and security awareness programs? How will you know when–or if–you get there?

[How to use Syrian Electronic Army attacks to improve security awareness]

“But wait just a minute,” you object. “Everyone knows that security is a process, not a destination. Is there really any such thing as arriving?” Well, of course there is. Just because a process is dynamic doesn’t mean it’s left without any measurable aspects. Besides, if any process is to be improved, it must also be measured.

There are many benefits an organization will enjoy when it makes those improvements, not the least of which is the budget justification for creating a security awareness program that help will boost security effectiveness overall. Martin Sadler, Director of Security at HP Labs, summed them up thusly: “Organizations that have achieved a high level of security effectiveness are better able to identify major data breaches, secure confidential information, limit physical access to data storage devices, and achieve compliance with legal and self-regulatory frameworks. They are also in a better position to attract and retain high-quality security personnel and enforce corporate policies.”

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

Network World – Every week it seems we hear about some advanced persistent threat (APT) that infiltrated a corporate network and slinked off with financial data or intellectual property. With so many similar stories in the news – and many more that we never hear about publicly – it makes you wonder about the ability of hackers to get into industrial control networks.

What would happen if an attacker could get to the point of being able to manipulate the industrial controls of a nuclear power plant, or a municipal water system, or a sprawling petrochemical plant? It was bad enough that Target and other merchants had tens of millions of cardholder records stolen, but at least nobody died from those incidents. But if an attacker could jack up the temperature gauges of a petrochemical hydrocracker unit, there could be massive casualties from the resulting explosions and fires.

In 2013 Trend Micro reported an experiment the company conducted where it deployed a dozen honey pots around the world that were designed to look like the ICS (industrial control system) networks of municipal water utilities. Between March and June, the honey pots attracted 74 intentional attacks, including at least 10 where the attackers were able to take over the control system.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment
Worm ‘TheMoon’ infects Linksys routers
Wednesday, February 19th, 2014 | Author:

IDG News Service – A self-replicating program is infecting Linksys routers by exploiting an authentication bypass vulnerability in various models from the vendor’s E-Series product line.

+Also on Network World: Eye-Popping Presidents’ Day Tech Deals +

Researchers from SANS Institute’s Internet Storm Center (ISC) issued an alert Wednesday about incidents where Linksys E1000 and E1200 routers had been compromised and were scanning other IP (Internet Protocol) address ranges on ports 80 and 8080. On Thursday the ISC researchers reported that they managed to capture the malware responsible for the scanning activity in one of their honeypots — systems intentionally left exposed to be attacked.

The attacks seems to be the result of a worm — a self-replicating program — that compromises Linksys routers and then uses those routers to scan for other vulnerable devices.

 

 

READ MORE …

Category: IT Security  | Leave a Comment
VMware jumps into mobile, but lacks network control
Wednesday, February 19th, 2014 | Author:

Last month, VMware made a big splash in the Enterprise Mobile Management (EMM) market by plunking down over $1.5 billion for AirWatch. EMM, formerly known as mobile device management (MDM), has been one of the hottest market segments in tech, primarily due to the seemingly unstoppable force know as BYOD. This acquisition comes a little over a year after Citrix purchased Zenprise to complement its mobile offering. IBM also acquired FiberLink in late 2013, signaling the market for EMM is finally going through some long-awaited and badly needed consolidation given the vendors’ mad rush into it.

The AirWatch acquisition makes a tremendous amount of sense for VMware, as the company has been trying to strengthen its position in both the end-user computing market and the mobility space. AirWatch will roll up to Sanjay Poonen, an executive whom VMware hired to run the end-user computing space. VMware had hired Poonen away from SAP, where he led that company’s mobility strategy. VMware is the de facto standard today in server virtualization and is looking to parlay that position into success in mobile computing.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

Security experts at AppRiver detected a traffic spam spike linked to a new malware Campaign Targeting customers of Bank of America.

Bank of America is being targeted by a new malicious campaign, cybercriminals are spreading a stealthy malicious financial malware to hit the clients of the financial institution.

Security experts at AppRiver recently detected and blocked a set of virus campaigns that use new and novel tactics designed specifically to beat filtering engines. A common factor of the wave of attacks based on these set of malware is the enormous volumes of traffic being sent to data centers. Analysts at AppRiver revealed that the overall volume of traffic was three times than normal .

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

News of data breaches at Target (TGT), Nieman Marcus and Michael’s has increased public awareness of the deplorable state of data security in American companies. Eddie Schwartz, a vice president at Verizon Enterprise Solutions, said of the Target breach, “Retailers have to assume that they are constantly being targeted and actually constantly being penetrated.” IDC Retail Insights, a research firm for the IT industry, estimates that spending on e-security in the U.S. will rise to $720.3 million in 2014, an increase of 5.7%.

READ MORE …

Category: IT Security  | Leave a Comment
Cloud Spending to Balloon to $235B by 2017
Monday, February 17th, 2014 | Author:

Companies like IBM (IBM) and Microsoft (MSFT) have already spent billions transitioning their services to the cloud, and a new report shows they have no intention of stopping anytime soon.

In fact, enterprise spending on the cloud is expected to triple over the next three years to an estimated $235.1 billion by 2017, according to a new report from IHS (IHS).  This year, spending is forecast to jump 20% over 2013 levels to $174.2 billion.

In an increasingly mobile world, the cloud has become a critical strategy for businesses across all industries, enabling consumers to access vast amounts of data and media such as music from their smartphones and tablets.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment
6 tips for smartphone privacy and security
Thursday, February 13th, 2014 | Author:

CSO – In the digital world, things are getting worse rather than improving with regard to the populist quest for personal privacy and security. Our smartphones track wherever we go, what we say, who we say it to, our likes and dislikes, and when we are playing games instead of working. Our computers track and record the same types of information day in and day out.

[iOS vs. Android: Which is more secure?]

These are the types of information marketers, insurance companies and employers would love to know before engaging with us, which means the information has great value. This should be troubling to all who read it. You may not be capable locating this often buried information on your own device, but rest assured trained specialists certainly can.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment
Ramping up for RSA Conference 2014
Thursday, February 13th, 2014 | Author:

While I won’t be personally attending the annual RSA Conference in San Francisco Feb. 24-28, Network World and its sister publications will have several reporters and editors on hand to bring the news to you.

Meanwhile, I’ve kickstarted a Storify blog here to capture coverage from our publications as well as from others and various social media networks. I’ll be updating the collection between now and the end of February.

As of early February, most of the stories were about various speakers pulling out to boycott RSA’s possible role in the government snooping scandal and about a competing conference called TrustyCon. As the show draws closer, we’ll expect to hear about new products and services, interesting talks at the show, and whatever sorts of crazy antics attendees are up to.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment