Inside the Briefcase
It is difficult to identify corporate victims of cybercrimes. Companies are afraid that going public would damage their reputations, sink stock prices or spark lawsuits. Sen. Jay Rockefeller, D-W.Va., is adding a provision to cybersecurity legislation that would strengthen the reporting requirement.
Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks. Data center operators, network administrators, and other data center professionals need to comprehend the basics of security in order to safely deploy and manage networks today. This paper covers the fundamentals of secure networking systems, including firewalls, network topology and secure protocols. Best practices are also given that introduce the reader to some of the more critical aspects of securing a network.
What if a site you are visiting — a Mom-and-Pop e-commerce site, for example — doesn’t use SSL and you still want to protect yourself from eavesdroppers? Use a Virtual Private Network. VPNs create a tunnel through the Internet from your location to the destination location, and everything in the tunnel is encrypted.
Google said that between 12 and 14 million search queries per day return warnings that at least one of the results listed in the Google search results were compromised.
PLEASANTON, Calif. – June 21, 2012 — ManageEngine, the real-time IT management company, today announced its upcoming webinar, ‘Securing and Monitoring BYOD Networks Using NetFlow,’ which highlights ManageEngine NetFlow Analyzer, known for its flow-based traffic analytics tool. The BYOD movement, due to its supposedly high cost savings to the organization and flexibility to the employee, has become the trending technology of the year. It has also brought to the enterprise a tremendous increase in the number of personal devices with no established device management policies and an associated rise of unverified applications and data. The onus is now on the network administrator to ensure that the enterprise network performance does not take a hit.
PLEASANTON, Calif. — June 19, 2012 — ManageEngine, the real-time IT management company, today announced that it is listed as an “Innovator” in the Info-Tech Research Group “Vendor Landscape: Systems Management” report. In the report, several ManageEngine products are highlighted as key contributors to its Innovator ranking, including the company’s integrated IT management solution, IT360; its performance monitoring software package, Applications Manager; its server and desktop management software, Desktop Central; and its flagship network monitoring software, OpManager. The full-service IT analyst firm also gives the Value Award to ManageEngine for its comprehensive, affordable solution.
In the wake of the LinkedIn breach, which exposed 6.5 million passwords, the ongoing use of passwords is opening online users and organizations to security risks and breaches.
IBM (NYSE: IBM) today announced that Hana SK Card, one of South Korea’s credit card companies, has engaged IBM to develop and implement a sophisticated security system to help ensure protection of sensitive data, including customer personal information.
Facebook has had a tendency to be somewhat cavalier about its customers’ privacy, said tech analyst Charles King. “It would be wise for both users of the its services and regulatory agencies overseeing the company’s activities to keep a close eye on its plans for Face.com. Investors should also be wary, given how a major privacy debacle might impact the value of Facebook shares.”
Improving the ability of law enforcement agencies to catch cybercriminals should be a priority when governments decide how their cybersecurity budgets get spent.
Google’s consumer privacy policies may make some users squirm, but those policies could be downright unacceptable if applied to government workers who use Google services thanks to the company’s contracts with public institutions. However, it appears those consumer policies are being applied to government contracts, according to a privacy watchdog group.
The dangers of using consumer cloud storage systems became clearer when a hacker claimed that he accessed presidential candidate Mitt Romney’s Dropbox storage and email accounts using an easily cracked password.
Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.
Hospitals are notoriously known for having a multitude of policies, so we take it in stride when we know we need to create another one for social media.
Just in the last post, we were discussing how even some of the world’s mightiest enterprises were falling prey to hackers. Now comes the bad news about the security breach in LinkedIn! Reports claim that over 6.46 million hashed passwords stolen from LinkedIn have been published on a Russian forum. In a blog post, LinkedIn has confirmed the security breach, but remains silent on the magnitude: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation”, says the post.
As per Lenovo’s announcement, it is recalling 188,000 think centers that fall under M70z and M90z model numbers. Lenovo has determined that due to a failure of the power supply in the affected all-in-one PCs, the system can overheat and pose a fire hazard. For enterprises, this is an imperative issue because it can affect the company’s critical resources. Hence, it is advisable to replace the affected systems at the earliest.
AMD is teaming up with ARM to use the latter’s TrustZone technology in its products. TrustZone is a system-wide approach to security that’s integrated into the ARM Cortex-A processor family. A consistent hardware-based security architecture and implementation can decrease software development costs and ultimately provide more robust security, said AMD’s Mike Wolfe.
Actifio launched PAS 5.0, a major platform upgrade that extends the company’s ability to recover any application instantly for up to 90 percent less total cost of ownership (TCO) — to large scale enterprises and cloud service providers.
Assume that your employees value convenience more than security. If a security policy is overly cumbersome, employees will find a way around it. Don’t underestimate the ingenuity of employees looking to circumvent procedures that slow them down. So, make the easy path the safe path. If you try to control too much, the initial problem slips through fingers and creates a much bigger problem.
Google has warned some Gmail users about what it suspects are state-sponsored cyberattacks directed at their accounts. Affected users will see warning messages and will be encouraged to change their log-in info an update their computers. Google hasn’t identified any specific country or government as responsible for the attacks.
The latest version of Mozilla Firefox features revamped home page and tab screens that offer more options to users. In addition, the company has tuned up the browser’s speed and amped up its security. “I think that the three main browsers now are all moving towards the same place — minimal UI, very fast JavaScript, quick updating and full support of Web standards,” said Kaply Consultant’s Mike Kaply.
The Flame malware that’s been creeping through computer systems in the Middle East used Microsoft digital certificates to launch attacks. Redmond has issued a security advisory and shut down the affected certs. Microsoft found that certificates issued by its Terminal Services licensing certification authority could be used to sign code without accessing the company’s internal public key infrastructure.
Choosing the right security solution is critical to the success of an online business. Look for trust-based security solutions that deliver protection and consumer peace-of-mind through cutting edge technology and integration with complementary third-party solutions.
In this must read white paper, “Choosing a Cloud Hosting Provider with Confidence: VeriSign SSL Certificates Provide a Secure Bridge to Trusted Cloud Hosting Providers”, you will learn about cloud computing, the new opportunities, the new security challenges and how to ensure your data is safe.
This paper discusses the importance of file integrity monitoring (FIM), which facilitates the detection of malware as well as insider threats in identifying data breaches. It also discussed file integrity monitoring as a critical component of Payment Card Industry Data Security Standard (PCI DSS) compliance, and shows how NetIQ addresses both security and compliance challenges through the NET IQ Change Guardian family of products.
A strain of malware dubbed “Flame” has been spotted on computer systems in the Middle East, and threat researcher Kaspersky says it’s one of the most sophisticated threats it’s ever seen. Flame is designed to slurp up data and send it to command and control centers. However, it’s unclear who made it, how far it’s spread, and even just how sophisticated a threat it really is.
A new plan from the White House calls for a consumer online privacy bill of rights, tasking the U.S. Department of Commerce with gathering input from consumer advocates, businesses and technical experts. Privacy advocates are cautiously optimistic, though they see many ways in which companies that derive profit from the personal info of users could water down the plan’s ultimate implementation.
As a part of a larger, more comprehensive, well-analyzed and thought-through security posture, isolation is a perfectly legitimate control. Concern comes into play, though, in situations in which organizations employ network isolation as the primary or sole control. Without testing, it’s hard to know if the isolation is working as it should, and it may not be working as well as you think.
TIBCO Software Inc. (NASDAQ: TIBX) today announced results from a survey of IT professionals it sponsored titled “Sorting Through the Noise: SANS Eighth Annual 2012 Log and Event Management Survey.” The survey reveals that one of the most important and challenging issues that organizations deal with is separating normal log data from actionable events in order to detect, track and prevent suspicious behavior.
Increase your Web site’s potential with a trust mark. Learn how to increase transactions on your site and decrease shopping cart abandonment when you read this white paper. Download this paper and you will learn just how beneficial trust marks are to online businesses.
