Enclave Security "A Leader in Data Protection Services"

• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Recent Posts

• Flash Player as a spy system: CyberSecurity Highlights September 8th
• Hotmail suffers hours-long outage on Thursday: CyberSecurity Highlights Sept 7th
• Malware hosted on Google Code project site: Cyber Security Highlights September 3rd
• BadB now charged in RBS WorldPay ATM case: Cyber Security Highlights Sept 2, 2010
• HP holds Navy network Hostage for $3.3 billion: Cyber Security Highlights

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• CISA
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• Health Information Technology
• Information Security Awareness
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sharpen the Saw
• Social Engineering
• Tools
• Training
• Web 2.0
• Writing Secure Code

Attend an Event

Enclave on Twitter

« IT Security Highlights March 4th 2010 | Main | IT Security Highlights March 8 2010 »

IT Security Highlights March 5 2010

By Kelli Tarala | March 8, 2010

Pennsylvania’s CISO Witnesses Hack like no Other
Pennsylvania’s chief information security officer has seen some strange attempts to hack the commonwealth’s IT systems, but none like the one he witnessed last weekend. At a  RSA Conference panel on state cybersecurity on Wednesday:, he explained, “We saw thousands of hits on our Department of Transportation driver license exam scheduling site coming out of Russia, the same thing over and over, scheduling driver license exams. It was encrypted traffic, and we were trying to figure out what the heck is going on.”

Full Story:
http://blogs.bankinfosecurity.com/posts.php?postID=469

Hacking human gullibility with social penetration
Security penetration testers rely plenty on technical attacks that exploit weaknesses in websites and servers, but social penetration techniques are more reliable and easier to use in identifying chinks in fortresses.  That’s true even for organizations that place a high premium on security and train their employees to resist the most common attempts to trick them into letting down their guard, according to the principals of Mad Security.

Full Story:
http://www.theregister.co.uk/2010/03/04/social_penetration/

Wi-Fi could lead thieves right to your laptop
Stuffing a company laptop into the car trunk or even a locker, without turning off its Wi-Fi radio, can be an open invitation to thieves, according to Credant Technologies. Thieves with increasingly sophisticated, directional Wi-Fi detectors can home in on the laptop’s radio, tracking it down even when the PC is hidden away. 

Full Story:
http://www.pcworld.com/article/190674/wifi_could_lead_thieves_right_to_your_laptop.html

Database security lacking at financial services firms
Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data according to a new study from the Ponemon Institute. The report identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust. “One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” the head of the Ponemon Institute, said in a statement.

Full Story:
http://www.esecurityplanet.com/trends/article.php/3868381/Database-Security-Lacking-at-Financial-Services-Firms.htm

RSA 2010 Highlights: Hackers using legitimate cloud services for Dark Ends
Cyber criminal groups are using legitimate cloud offerings such as Amazon Web Services to facilitate malware creation and password cracking, delegates at RSA 2010 were told. The Russian Business Network (RBN), one of the most powerful and extensive malware and hacking organizations, has been buying time on Amazon’s EC2 platform to build malware and attack passwords, according to the founder of security consultancy InGuardians. The RBN, based in northern Russia, is one of the biggest and most professional hacking groups in the world. The organization started in the pornography business, but quickly moved to crime and now offers malware-as-a-service and hosting services, and provides credit card data and false identities. Other security professionals have confirmed the use of mainstream cloud services by the hacking and malware community.

Full Story:
http://www.v3.co.uk/v3/news/2258919/rsa-2010-hackers-legitimate

Source code management a weak spot in Aurora attacks
Companies should take extra steps to secure their source code from the type of targeted attacks that hit Google, Adobe, Intel and others over the past few months, according to security vendor McAfee. “We saw targeted attacks against software configuration management products,” said McAfee’s chief technology officer (CTO.) In many of the attacks company engineers and technical staff were targeted with malicious software. And in some cases, source code management systems were accessed and code was downloaded outside of company firewalls, the CTO said.

Full Story:
http://www.computerworld.com/s/article/9165718/

 Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_030510.pdf

Topics: DHS Infrastructure Reports |

Comments are closed.