Oct 24 2011

New Stuxnet-Like Worm Discovered

Category: MalwareDISC @ 12:42 pm

By Jeff James : Twitter at @jeffjames3
In June 2010, security experts, analysts, and software providers were warning IT managers about Stuxnet, a new computer worm that was spreading rapidly over the internet. Stuxnet was distributed by Windows machines, and the intent of the worm wasn’t immediately clear. After a few months it was revealed that the vast majority of Stuxnet infections were in Iran, and Stuxnet seemed to have been specifically targeting the Siemens industrial control equipment used in the Iranian nuclear program.

German security expert Ralph Langner was interviewed by NPR reporter Tom Gjelten earlier this year about Stuxnet, and Gjelten reported that Langner told him that the worm was so complex and sophisticated that it was “almost alien in design” and believed that only the United States had the resources required to create Stuxnet and orchestrate the attack. As more details emerged, it became clear that Stuxnet was likely developed by either Israeli or American intelligence agencies in an attempt to impede Iran’s nuclear program.

Both Israeli and American security officials have sidestepped questions about their involvement, but Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, stated at a December 2010 conference on Iran that “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them.” [Source: NPR’s Need to Know]

Now security researchers from Symantec have revealed that they’ve discovered a new Stuxnet-like worm called W32.Duqu that shares much of the same code with Stuxnet. Symantec’s Security Research blog posted details about Duqu yesterday:

“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
According to Symantec, Duqu also functions as a keylogger designed to “capture information such as keystrokes and system information” but lacks the specific code related to “industrial control systems, exploits, or self-replication.” Symantec’s research team believes that Duqu is collecting information for a possible future attack, and seem to point the finger at the original creators of Stuxnet, since the creators of Duqu seem to have direct access to Stuxnet source code:

The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
The arrival of Stuxnet signaled that cyberattacks have entered a new phase, with nation states and professional, highly-skilled programmers helping elevate cyberwarfare to a new, more sophisticated (and dangerous) level. Microsoft Technical Fellow Mark Russinovich offers up a fictional account of what can happen when terrorist groups turn to cyberwarfare in his novel Zero Day, and it’s a chilling preview of what the future of warfare could look like.

While many fingers are pointing at U.S. and Israeli intelligence service for creating Stuxnet – and possibly Duqu — what happens when a hostile nation or well-organized terrorists develop the same level of cyberwarfare capability? Questions like these are undoubtedly keeping IT security professionals and experts at government security agencies awake at night.

For more technical information on the Duqu worm, see Symantec’s W32.Duqu: The Precursor to the Next Stuxnet whitepaper [PDF] and a Symantec post that provides additional Duqu technical details.

The New Face of War: How War Will Be Fought in the 21st Century

Has Israel Begun A Cyber War On Iran With The Stuxnet ‘Missile’?: An article from: APS Diplomat News Service

Oct 23 2011

Palo Alto Networks takes Firewalls to next Level

Category: Network security,next generation firewallDISC @ 8:50 pm

Ashlee Vance, Bloomberg Businessweek
For the past 15 years or so, security pros have relied on the trusty firewall and other hardware to keep bad guys from running amok on corporate networks. For the most part, this has meant blocking tainted e-mails and keeping workers away from harmful websites.

The latest wave of Web services, like Skype and Google Docs, has introduced fresh problems. They can transfer files, store data and allow remote computer access in ways that can’t be easily patrolled by the standard sentinels.

Nir Zuk has another option. He’s a veteran of the traditional firewall and security industry who struck out on his own six years ago to create a product for today’s Web. The company he founded, Palo Alto Networks, sells a next-generation firewall that makes modern Web services safe for the workplace and gives companies precise control over how their employees can use them.

“Our customers don’t want to block Facebook,” Zuk said. “They want to use it, but they also want some control.”

As interest in Web-based software has surged, so too have Palo Alto Networks’ sales. The company has hopped from office to bigger office since its birth at Zuk’s Palo Alto house in 2005. This year, the company moved into a giant headquarters in Santa Clara.

A year ago, Palo Alto Networks had 1,000 customers; today it has 4,500, including Qualcomm, the city of Seattle, and eBay. Sales will exceed $200 million this year, according to Zuk, who adds that the company is gearing up for an initial public offering.

Zuk says Palo Alto Networks owes much of its success to modern computing habits, which require more sophistication than what’s provided by traditional security products. Older firewalls are designed to monitor one-way traffic. E-mails and data from websites pour in, and the security products look for suspicious patterns. Yet threats can snake their way through a network in various ways: A worker might go to Facebook, click on a nefarious link, and download a virus. Soon enough, he’s using software from enterprise cloud computing company Salesforce.com to upload those infected sales data files and send them to colleagues.

“Most security groups used to focus on blocking apps like Skype or GoToMyPC but now are often required to allow them to be used,” says John Pescatore, an analyst at the research firm Gartner. “That’s why firewalls needed to evolve.”

Palo Alto Networks gives each Web service its own signature. This means that Palo Alto’s systems know when employees are using Skype or Salesforce.com, and have a general idea of what they’re doing there. Customers can set policies for how an application is used so that, for example, all employees can view Google Docs files, but only some can actually create them.

Keeping track of all the traffic flowing through a corporate network requires a lot of computing horsepower, and part of Palo Alto Networks’ secret sauce is a homegrown chip that chews through data quickly. A Palo Alto Networks system can even peer into encrypted traffic: It’s fast enough to decrypt packets of information, check whether they’re safe, and then pass them on to the employee who requested them, all without much lag.

Norm Fjeldheim, the chief information officer at chipmaker Qualcomm, says the Palo Alto Networks systems he bought replaced not just firewalls but also things such as intrusion detection hardware and other types of security systems. “They are doing the work that was done by multiple things in the past,” Fjeldheim said. “They watch over everything.”

To date, Palo Alto Networks has raised a total of $65 million. In August, Palo Alto Networks lured Mark McLaughlin from his role as CEO of VeriSign to run the young company and prepare it for an IPO.

Venture capital firm Sequoia Capital is one investor.

Said partner Jim Goetz: “I don’t think we’ve ever seen an enterprise technology company grow as quickly.”

Download the e-book now!
Download a Free copy of “Next-Generation Firewalls for Dummies” ebook to find out why traditional firewalls can’t protect your network | Checkout the sample chapter online

PALO ALTO NETWORKS RECOGNIZED FOR ENTERPRISE FIREMALLS.: An article from: Computer Security Update

Oct 21 2011

Britain Would Strike First in Cyberwar, Government Says

Category: cyber securityDISC @ 8:32 am

UK Foreign Secretary Hague: Britain willing to strike 1st to defend itself against a cyberattack from enemy state

@FoxNews
LONDON – Britain is prepared to strike first to defend itself against a cyber attack from an enemy state, Foreign Secretary William Hague said Tuesday.

His warning was the first clear signal that the UK has developed new weapons for the online battlefield.

Hague told The Sun that the globe was in the grip of a new and financially-crippling “arms race in cyberspace.”

He said he could not guarantee that Britain would be able to repel a major cyber assault on the nation’s essential infrastructure — including water works, power plants and the air traffic control system.

But he said, “We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place.”

Hague gave no clues on the makeup of Britain’s new electronic arsenal, saying, “The rest of the world will have to guess.”

The British government is pouring an extra £650 million ($1 billion) into developing deterrents to hostile viruses, which are being produced almost constantly.

“We are trying to prevent an arms race in cyber space,” Hague said. “Given that the Internet changes every day, and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous.”

He added, “There is no 100 percent defense against this, just as there isn’t against any other form of attack. We have to defend critical national infrastructure. We have to defend national security. We have to defend our entire commercial and economic system.”

Hague spoke ahead of a cyberspace conference. Senior officials from more than 60 nations and bosses of online giants will meet in London next month to discuss the cyber menace and draw up an “international rule book” on how best to fight it.

Oct 20 2011

Finding And Securing Sensitive Data In The Enterprise

Category: data securityDISC @ 9:40 am

By Robert Lemos @ DarkReading.com

Your organization’s most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn’t leak out

When Michael Belloise joined human resources outsourcing firm TriNet four years ago as the IT manager, the amount of sensitive data held by the company put him on edge.

TriNet handles payroll and benefits for its customers. As such, its systems store Social Security numbers, birth dates, employee ID numbers, and addresses for 100,000 workers at other companies. That data isn’t necessarily subject to the kind of detailed privacy and security rules covering financial transactions or healthcare information, but it’s highly sensitive nonetheless.

Belloise brought in data loss prevention vender Vontu (now part of Symantec) to install a data discovery appliance that finds and monitors all data leaving the company’s network. The results, says Belloise, were shocking.

“I dare not drop any numbers about what we saw, but it was egregious,” he says.

TriNet had secure ways of transmitting and storing data, but its employees were using alternative, less-secure methods, including unencrypted portable media, drop boxes, and attachments to email sent from personal accounts. In most cases, they were skirting the rules in order to serve customers faster, but some of the activity looked questionable and possibly malicious. The security violations didn’t result in any data breaches, but the results were eye opening, Belloise says.

“It was to the point where you couldn’t put your head in the sand anymore, because it was that shocking,” he says.

Belloise called a meeting of C-level execs and embarked on a mission to secure the company’s data. TriNet first studied its data to gauge the risk it faced. Then it altered processes and educated employees to minimize misuse of data, and also installed a DLP system to monitor compliance.

TriNet’s experience isn’t all that unusual. Sensitive data has a habit of spreading throughout companies and ending up in places it shouldn’t be–places it’s more likely to be stolen or accidentally leaked. Lost, stolen, and inappropriately disposed-of laptops have accounted for the greatest number of breach incidents in most of the last five years, according to The Leaking Vault 2011, the Digital Forensics Association’s comprehensive report. But much of the information that’s on those laptops shouldn’t have been there to begin with.

Read more on Finding and Securing Sensitive Data >>>

Related topics to Secure the Enterprise Data

Data Protection for Virtual Data Centers

The Data Asset: How Smart Companies Govern Their Data for Business Success

Privacy and Big Data

Oct 16 2011

iPhone 4 hackers open password marketplace

Category: Smart PhoneDISC @ 10:09 pm

A huge source of personal data in the palm of your hand – that’s what a smartphone has become nowadays. But all the private information kept on your hi-tech device can easily become public knowledge.
Privacy For Sale: iPhone 4 hackers open password marketplace

Smartphone security: here’s how to start securing smartphones and the data they’re accessing.(Security): An article from: Mobile Business Advisor

Oct 15 2011

How IPSEC Stops the Three Most Common Attacks Against Your Network

Category: Network securityDISC @ 2:05 pm

Oct 11 2011

California governor allows warrantless search of cell phones

Category: Smart PhoneDISC @ 9:12 pm
Cell phone Sagem my202X ubt

Image via Wikipedia

Here’s another reason to password-protect your mobile phone: California’s governor just recently vetoed a bill that requires a court-ordered warrant in order to search mobile phones upon arrest. This means that if you get arrested in the state of California, the arresting officer can search your smartphone — which gives him access to emails, call logs, texts, location data, banking apps, and more — without needing a warrant.

To Read More on the CNN article….

Tags: Arrest, california, California Supreme Court, CNN, Jerry Brown, Mark Leno, mobile phone, Search warrant

Oct 11 2011

How to configure your Linksys router for maximum security

Category: Network securityDISC @ 10:59 am

Oct 05 2011

Information Security: Everything you need to know

Category: ISO 27kDISC @ 12:36 pm

To understand more about securing and protecting information assets and implementing ISO 27001 (Information Security Management System) then we recommend IT Governance: A Manager’s Guide to Data Security and ISO 27001 / ISO 27002, Fourth Edition. This book contains everything you need to know about information security and data protection, as it covers viruses, hackers, online fraud, privacy regulations, computer misuse and investigatory powers.

Read more >>

Oct 04 2011

New California Data Breach Notification Law

Category: Security and privacy LawDISC @ 8:52 pm

Information Security Law: The Emerging Standard for Corporate Compliance

At the beginning of September, there was an addition to the Data Breach Notification laws of California. S.B. 24 was signed into law and will take effect the first day of 2012. This law will require specific actions be taken in the event of a data breach. Those actions include a standardized notification process and a notification sent to the Attorney General of California (if the breach affects 500 or more California residents.)

Why is this relevant to you or yours customers? If you encrypt your customer’s personal information, you do not have to make the appropriate notifications, because you have safe guarded your customers’ data. This keeps you out of the press, out of lawsuits and helps you handle your customers’ data responsibly.

You can read more about this legislation here:

Oct 03 2011

CYBERCONFLICT

Category: cyber securityDISC @ 10:08 pm

Our assessment is that cyberattacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.

to read more on The Pentagon’s cyberstrategy, one year later

Cyber-Conflict and Global Politics

Cyberpower and National Security (National Defense University)

Sep 28 2011

Department of Homeland Security Releases Cyber Security Evaluation Tool (CSET)

Category: cyber securityDISC @ 3:27 pm


Homeland Security: A Complete Guide to Understanding, Preventing, and Surviving Terrorism

The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. The tool is available for download, and the program also offers training and support at no cost to organizations engaged in administering networks that control facilities identified as being crucial to both the nation’s economy and national security.

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.

Key Benefits

•CSET contributes to an organization’s risk management and decision-making process
•Raises awareness and facilitates discussion on cybersecurity within the organization
•Highlights vulnerabilities in the organization’s systems and provides recommendations on ways to address the vulnerability
•Identifies areas of strength and best practices being followed in the organization
•Provides a method to systematically compare and monitor improvement in the cyber systems
•Provides a common industry-wide tool for assessing cyber systems

Download CSET
[Source]

Sep 23 2011

IT GOVERNANCE PRAISES ISO27001 BUT WARNS AGAINST COMPLACENCY

Category: ISO 27kDISC @ 9:31 pm

Geneva, Switzerland, September 2011 – Alan Calder, Chief Executive of IT Governance (ITG), the one-stop shop for information security expertise, is today advising organisations globally to embrace the ISO27001 security management standard, yet warning nobody should be complacent.

Speaking at the United Nations’ Information Security Special Interest Group’s symposium in Geneva, Calder said: “ISO27001 is international best practice for any organisation seeking a structured framework to address cyber risks. ISO27001 has many strengths, including helping organisations secure the right balance of data availability, integrity and confidentiality. A further benefit of ISO27001 is the flexibility to integrate with other management standards. This point is vital – effective cybersecurity depends on establishing a comprehensive and interconnected defence strategy.

“Every organisation should remember, however, that ISO27001 certification does not equate with invincible security. ISO27001, effectively deployed, improves an organisation’s information security and resilience, but new threats are constantly evolving. Defences, therefore, need to evolve, too. There is no room for complacency. ISO27001 rightly expects you to continually reassess your business, risk and compliance environment in line with ‘real-world’ developments.

“There is never a time for complacency in information security. The need to keep strategies under constant review has never been greater. The revolutionary wonders of ‘Web 2.0’ can rapidly turn into ‘Threat 2.0’. The speed and degree of change in the modern business, compliance and security worlds is unprecedented, from new standards and threats to new technologies, such as Google+ and Android telephones. Any technological advance brings new security risks, as hackers immediately start finding ways to burrow in and exploit vulnerabilities. Everyone must be prepared.”

Sep 23 2011

Copy Machines, a Security Risk

Category: Identity TheftDISC @ 8:22 pm

Think you know how to keep your information safe? Think again.

Sep 12 2011

Mobile Malware

Category: Malware,Smart PhoneDISC @ 8:07 pm

Lookout Mobile Security

By Mandira Srivastava

Do you think it is safe to access sensitive data on mobile phone? Do you know that malware can steal valuable information from your phone? As smartphone sales are growing, the development of mobile malware, viruses that penetrate the security system of mobile devices, also increases.

Mobile malware has been around for many years, it has been a problem for computers for a long time and now because of the evolution of the smart phone it has started to hit mobile handsets. Because the smart phones are becoming increasingly more sophisticated and their operating systems are becoming more similar to a computer, it is now possible for them to be infected with malware and it is important for all business owners to be aware of this.

Just like computer malware, mobile malware is installed on your smartphone and will attempt to steal information and data stored on your phone. The information that can be stolen includes documents, passwords, email login details and even credit card details just like on a PC. Mobile malware has increased rapidly during the last year and there is more and more stealth malware appearing. Stealth malware is when the malware is running in the background on the phone without the user being aware of it.

With wireless payment systems and mobile shopping apps becoming more popular it is also possible that the malware will be able to intercept credit card details. Also, text messaging that is sometimes used to send banking codes could be used by the criminals to get sensitive information. If you are considering using a mobile payment system for your business, make sure it is tested and secure.

Malware has been found on all of the current phones and operating systems, including the iPhone and the Android phones.

One of the main ways that the malware can access your phone is through the Wi-Fi networks and Bluetooth. Because the smartphone can easily be connected to wireless networks this can make it easier to download the malware. You can avoid this happening to your phone by only using secure and trusted Wi-Fi networks and by only accepting Bluetooth connections from people whom you know and keeping the Bluetooth switched off when you aren’t using it.

Email has always been a popular target for the hackers and with text messaging being so popular, they have also used this to spread the malware as well as phishing scams to try to steal your identity. It is a good idea to apply the same precautions you use before opening a strange email before opening a suspicious text.

Mobile security is becoming more and more important especially for businesses and it is a good idea to implement some security measures in order to avoid the malware spreading. You can, for example, always use a password for your phone so no one else can use it if it is stolen and only download apps from official sites and not third parties.

Sep 05 2011

Risk Assessment Critical for the Security of Information Assets

Category: ISO 27k,Risk AssessmentDISC @ 10:05 pm

Information Security Risk Management for ISO27001 / ISO27002

Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives.

September 01, 2011 /24-7PressRelease/ — Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives. As a result, IT security has come to the forefront and the ISO 27001 information security standard has been embraced by numerous organisations worldwide as a best practice approach for implementing Information Security Management System (ISMS).

Risk assessment plays an important role in managing ISO 27001 controls. This is the part with which many project managers struggle when implementing an ISMS. Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment in relation to identified risks and specific information assets. Therefore it is imperative that a thorough risk assessment is being undertaken and no risk is left unexplored. Risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.

IT Governance Ltd, the global leader in information security products and services, has developed a risk assessment tool, vsRisk, that automates and accelerates the risk assessment process. It enables project managers to monitor the day-to-day execution and management of the controls as well as generating reports for audit purposes.

Uniquely, vsRisk (www.itgovernance.co.uk/products/744) can assess the confidentiality, integrity and availability for each of the business, legal and contractual aspects of information assets, as required by the ISO 27001 standard. The tool can serve as a day-to-day operational tool, showing at a glance where an organisation stands in its progress towards ISO 27001 compliance. A free trial version can be requested here www.itgovernance.co.uk/iso27001-risk-assessment.aspx

Alan Calder, CEO of IT Governance, comments, “vsRisk reduces the time and cost of undertaking an ISO 27001-compliant risk assessment. It simplifies each step of an ISO 27001 risk assessment, allowing compliance project managers to capture their information security policy and objectives, plus the scope of their information security management system, and undertake a rapid appraisal of all key areas, including groups, assets and owners. ”

vsRisk (www.itgovernance.co.uk/products/744) offers an in-built audit trail, comparative history, comprehensive reporting and gap analysis that radically reduces the manual record keeping traditionally associated with risk assessments. The tool minimises the need for specialist knowledge and significantly undercuts the cost of generalist risk management tools, thus, making ISO27001 compliance achievable for a far wider range of organisations and professionals.

As well as supporting ISO/IEC 27001:2005 and ISO/IEC 27002, vsRisk v1.5 complies with BS7799-3:2006, ISO/IEC 27005, NIST SP 800-30 and the UK’s Risk Assessment Standard.

vsRisk is produced by Vigilant Software, the specialist software subsidiary of IT Governance and can be purchased online from www.itgovernance.co.uk/products/744.

Sep 01 2011

Information Security eBooks Download

Category: Information SecurityDISC @ 12:14 pm

information security eBooks download sites

Studiesinn InfoSec eBook

Information-Security eBookee

Strategic-Information-Security

The-New-School-of-Information-Security

Insider’s Guide to Security Clearances

Information Threats

Information Security Risk Analysis by Thomas R. Peltier

Information Security Risk Analysis, 2 Ed. by Thomas R. Peltier

Information Security Risk Analysis By Tom Peltier shows you how to use cost-effective risk analysis techniques to identify and quantify the threats–both accidental and purposeful–that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:

Evaluate tangible and intangible risks

Use the qualitative risk analysis process

Identify elements that make up a strong Business Impact Analysis

Conduct risk analysis with confidence

Aug 27 2011

12 Steps to IT Security

Category: Security AwarenessDISC @ 9:35 pm

This video outlines 12 steps to take to protect your business from the threat of e-Crime.

Aug 20 2011

ISO27002 Implementation Intro.m4v

Category: ISO 27kDISC @ 10:25 pm

Making the Implementation of ISO27001 easier for you to do within your organisation. This video is your introduction.

Aug 19 2011

If you See Something Say Something – DHS

Category: CybercrimeDISC @ 10:40 pm

“Dept Of Homeland Security Attempt To Induce A Permanent State Of Fear & Paranoia!”
DHS encourages floks in public to spy on others for the sake of security?
http://www.youtube.com/watch?v=gjeMCCQlCPA

« Previous PageNext Page »