This page contains a Flash digital edition of a book.
N E W S N O T E S

&

Cisco Canada has donated a network se- curity laboratory to Concordia University’s Faculty of Engineering and Computer Sci- ence. The lab will be used to verify and validate the Montreal-based university’s research on network security issues, such as botnet detection and prevention, net- work security metrics, distributed denial of service attacks and malware analysis.

A proposal for a treaty on global cyber- crime was rejected in April by the United Nations, after Russia, China and a number of developing countries could not reach agreement Canada,

with the United States,

the U.K. and the European Union. The proposal was discussed at the 12th Pentennial U.N. Crime Congress in Salvador, Brazil.

The administrators of the Payment Card

Industry Data Security Standard (PCI DSS)

have launched Internal Security Asses- sors, a new program to help companies conduct self-assessments to gauge whether or not they are in compliance with the standard. The PCI Security Standards Council — set up by Visa, MasterCard, American Express and other credit card companies — will train and certify IT se- curity staff to conduct PCI compliance as- sessments on behalf of their companies.

Fake anti-virus messages (e.g., false pop- up warnings designed to scare money out of computer users) represents 15 per cent of all malware that Google detects on web sites, according to a 13-month analysis the company conducted between January 2009 and February 2010.

A joint survey conducted by Symantec and the Ponemon Institute has revealed that most organizations lack the procedures, policies and tools to ensure that sensitive information they put in the cloud remains secure. Despite security concerns and the expected growth in cloud computing, only 27 per cent of respondents said their or- ganizations have procedures for approving cloud applications that use sensitive or confidential information.

Fortinet’sMarch 2010 Threatscape Report shows the domination of ransomware threats with nine of the detections in the

6 SECURITY MATTERS • MAY/JUNE 2010

malware top 10 list resulting in either scareware or ransomware infecting the victim’s PC. The primary drivers behind these threats are Bredolab and Pushdo, two of the most notorious botnet “loaders.”

Commtouch’s Q1 2010 Internet Threats Trend Report shows between five to 10 per cent of all spam appears to originate from Gmail accounts. According to the report, Gmail’s message style, as well as those of PayPal and Facebook, is frequently used by spammers and phishers as standard templates to prompt action by targets of spam or phishing.

More than 70 per cent of corporations can view their employees’ use of social media, according to a recent survey from nCircle. The online survey of 257 security profes- sionals was conducted between Feb. 4 and March 12, and covered a range of se- curity topics in addition to social media, in- cluding smartphones, health care and cloud computing. Some key findings in- clude: 59 per cent of surveyed companies maintain a social media policy; 39 per cent of respondents’ organizations ban so- cial media use; and 46 per cent of re- spondents were unsure if their employees comply with social media policy, despite the majority having visibility into social media use.

The eighth volume of the Microsoft

Security Intelligence Report (SIRv8) shows

that

enterprise networks continue to

be susceptible to worms while home users are more exposed to malware and socially engineered threats. “SIRv8 provides com- pelling evidence that cyber criminals are becoming more sophisticated and pack- aging online threats to create, update and maintain exploits kits that are sold on to others to deploy,” says Mohammad Akif, Microsoft Canada’s national security and privacy lead. “Malware creators are con- tinually improving their ‘products’ by re- placing poorly performing exploits with new ones.”

In a poll of more than 1,000 young adults between the ages of 18-24 regarding their online behaviour and security precautions,

RSA, The Security Division of EMC, found

that more than seven out of 10 admit that

they are not always as careful as they should be when posting and accessing in- formation online. The research also re- veals that young adults regularly make risky choices when engaging in activities, such as file sharing and social networking. This can lead to long-lasting negative con- sequences and result in damage to an in- dividual’s reputation both online and off.

The Bank of China has selected Nitro Security’s NitroView integrated SIEM and log management solution to enhance the security and compliance efforts of its New York operations.

Astaro, a provider of unified threat man- agement systems, has published an

eBook entitled The Dark Side of Cloud

Computing. The free eBook outlines where botnets come from, how they work and how they’ve created an underground economy for cybercriminals. It also exam- ines the relationship between botnets and cloud computing, as well as discusses the economic motivation behind the creation of botnets.

David Kernall, a 22-year-old man accused of hacking into the Yahoo e-mail account of U.S. political celebrity Sarah Palin, has been found guilty of unlawful computer ac- cess and obstruction of justice. He was ac- quitted of the charge of wire fraud and a mistrial was declared the charge of iden- tity theft. While attending the University of Tennessee two years ago, the economic student hacked his way past security ques- tions to access Palin’s personal e-mail ac- count. Kernell gained access by providing Palin’s birth date and ZIP code to Yahoo’s password retrieval system.

In 2009, the average cost (globally) of a data-loss incident was $3.43 million US, or $142 per compromised record, ac- cording to a recent study by the Ponemon Institute. The average cost for U.S. organ- izations was $6.75 million or $204. Lost business was the greatest contributor to costs associated with breach incidents, accounting for 44 per cent of costs, while other costs included activities to detect and investigate the breach, to notify vic- tims, and to provide credit monitoring services. Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42
Produced with Yudu - www.yudu.com