Here’s an interesting idea: a security startup has proposed a new top level domain that would be called .secure, and would require web sites using it to live up to a higher standard of security. The advantage for web users would be that you could visit such sites with confidence, without having to worry about security issues. Would it work? Exactly how would it work? Would attackers see it as a special challenge and target the domain’s sites? There are plenty of questions, but Artemis Internet, the company that came up with the idea, at least should get points for thinking outside the box.
http://news.cnet.com/8301-1009_3-57433108-83/start...3-0-20
Google’s Chrome web browser has become popular in many organizations, and it’s known for its sandbox security, but that doesn’t mean it’s invulnerable to security issues. If you have users who use Chrome, be sure their computers all get upgraded to the latest release, v19, which contains fixes for 20 vulnerabilities, 8 of which are of high severity. The new version is available for Windows, Mac, Linux and Chrome Frame. Read more here:
http://www.informationweek.com/news/security/vulne...000485
There’s good news for organizations that use PhotoShop, Illustrator and other Creative Suite 5.x products from Adobe. The company had said that customers would have to upgrade to CS6 in order to get security fixes, but a post to their blog indicates that’s no longer the case; the company is working on patches for vulnerabilities in the CS5 suite.
http://news.cnet.com/8301-1009_3-57433231-83/adobe...3-0-20
A recent report from Incapsula indicates that more than half of the traffic to the average web site may be generated by bots – automated software constructs, rather than humans sitting at a computer. Some of the bots are malicious and some aren’t, but all result in increased overhead and wastage of bandwidth and power. And this is just for those “average” sites that get 50,000 to 100,000 hits per month. For smaller sites, the news is even worse: up to 83 percent bot traffic, with malicious bots accounting for almost half.
Read more about this problem here:
http://news.cnet.com/8301-1009_3-57433611-83/bots-...3-0-20
According to a survey done by HP at a recent InfoSecurity conference in London, European IT security pros have “significant” gaps in enterprise risk strategy, with only about 14 percent being very confident that their current solutions are giving them a complete and concise picture of their security and risk state. 44 percent said they can’t uncover and report vulnerabilities in custom applications, and only 60 percent are doing real-time monitoring of security events.
Find out more of the survey’s findings (all of which are troubling) here:
http://m.csoonline.com/article/706094/it-security-...tegies
The Advanced Persistent Threat (APT) is a type of attack that has been in the news a lot lately, but exactly what techniques do APT attackers use to infect systems? Trend Micro researchers report that one of the most common is the use of “booby-trapped” rich text (RTF) documents created with Microsoft Office software (Word). Many of the malicious documents that target a vulnerability in the code for parsing RTF files include RTF content that’s embedded in a .doc file, so just because the file doesn’t have the .rtf extension, that doesn’t mean it’s safe from this exploit.
Read more here:
http://m.cio.com/article/706123/APT_Attackers_Are_...ts_Say
Microsoft thinks so – and they have the statistics to back up that opinion. Once upon a time, there was a lot of distrust of cloud computing, especially among small businesses, but that seems to be changing. According to a study that was recently done by their Trustworthy Computing division, small and midsized businesses (defined as organizations with 100-250 PCs) that are using the cloud said they spend 32 percent less time managing security, and feel three to five times more confident about security than those that don’t.
http://www.informationweek.com/news/smb/security/2...000362
In a demonstration of how serious it can be when antivirus software goes awry, today an update from Avira for its antivirus software is wreaking havoc across the globe as it blocks some of Windows’ most important processes, such as explorer.exe, rundll32.exe and dllhost.exe. The program is falsely detecting these as viruses and killing them, which effectively cripples the OS. But that’s not all – other major programs (Opera, Google Talk, even Microsoft Office) are being blocked.
This only affects the paid editions of the software, including the business editions. Read more here:
http://www.zdnet.com/blog/security/avira-antivirus.../12129
It’s a good bet that malware will be with us always – but that doesn’t mean we’re powerless to do anything about it. Just as protecting your home from burglars is all about making it more difficult for them to get in and do their dirty deeds, malware protection is about making it harder for malicious code to infiltrate our systems. Malware is like human bad guys in that it prefers to attack the easy targets.
This free webinar that’s hosted by BlackHat and sponsored by IBM explains what malware needs in order to hide in your computers and what you can do to make it a hostile environment for malware. Check it out:
https://www2.gotomeeting.com/register/332978794
Why would attackers target your company’s file servers? Well, if bank robbers rob banks because “that’s where the money is,” it makes sense that data thieves hack into file servers because that’s where the data is. It’s especially important to make sure those servers are as secure as possible, but exactly what steps should you take to make that happen? This article from esecurityplanet.com serves as a handy checklist when you’re looking to harden those file servers and protect that precious data:
http://www.esecurityplanet.com/windows-security/to...r.html
