5 Hidden Benefits Of IT Compliance Programs. OCR Reorganizes Breach Data; Reports 21M Medical Records Exposed Since 2009. Slide Show: Memorable Moments From Black Hat 2012 - Darkreading. Researchers Hunt Sources Of Viruses, Memes. #OpTrapWire, Anonymous against surveillance systems. In this days I have written several times regarding surveillance systems and the huge business around it.
Private companies, government agencies and cyber units are all working to develop new tools to spy on wide audience. Ludlam's TrapWire questions go unanswered. The Australian Senate has voted against answering questions about the video-surveillance system known as TrapWire.
Greens Senator Scott Ludlam asked the Senate today to question the government on whether TrapWire is being used locally. Body scanners set for November roll-out. Help us crack Gauss' encryption: Kaspersky Labs. Kaspersky Lab is appealing to the public to help crack a code embedded in a piece of malware it believes is nation-state sponsored.
Called Gauss, it is the latest in a string of malware that has possible links to Flame, Duqu and Stuxnet. Kaspersky researchers, so far, believe it is an espionage toolkit, designed to steal browser passwords, banking details and other credentials, but what it is meant to do on the intended target's computer is hidden within encrypted code.
According to Kaspersky researchers, in order for the malware to deliver its payload to the intended victim only, the malware looks at certain aspects of the target's system configuration, including certain file or folder names present on the system. Another sad example of why IT, not government, is ultimately responsible for cybersecurity. My brain sometimes makes strange connections.
For example, when I learned that Republican senators are blaming Democratic senators for blaming Republican senators for not passing a cybersecurity bill, I somehow thought of Huey Lewis' 1984 hit, "I Want a New Drug". The song seems weirdly appropriate in a few different ways. Adobe patches critical Flash, Reader and Acrobat vulnerabilities. Adobe has patched critical vulnerabilities in its Flash Player, Reader and Acrobat software products that let attackers take control of Windows systems and execute malicious code.
Adobe published security updates for the critical vulnerabilities on Tuesday. The most severe vulnerability, CVE-2012-1535, affects Adobe Flash Player 11.3.300.270 for Windows, Macintosh and Linux, and its earlier versions. It allows attackers to remotely control a computer and is being exploited in the wild in "limited targeted attacks", Adobe said in a security advisory. The vulnerability is being distributed via malicious Microsoft Word documents and targets the ActiveX version of Flash Player for Internet Explorer on Windows systems. Android's Flash Player is dead - live with it.
And lo, it has come to pass.
Today's the day that Adobe delists Flash Player from the Google Play store. Microsoft fixes five critical security flaws on Patch Tuesday. Microsoft has released a bevy of software updates to its most popular products in order to protect against the nasties that float around on the Web.
All in all, 26 vulnerabilities will be patched with Microsoft's latest update. Five are rated critical meaning they should be applied immediately. The Redmond, WA. Security mindset must change with cloud. SINGAPORE--Companies need to move away from the mentality of having complete control over their IT infrastructure and securing different IT stacks in a piecemeal manner when they make the move toward cloud computing, industry executives urge.
Jim Reavis, co-founder and executive director of Cloud Security Alliance (CSA), said traditional IT security practices have always been black and white in that tech departments know they have complete control over the company's hardware and infrastructure. In knowing this, they can develop their own security regime or outsource it to a third-party provider completely, Reavis added during the CloudSec 2012 conference held here on Wednesday. With cloud computing though, IT security has become more "grey" as traditional practices no longer apply. Startup envisions CISO collective to share cyberattack information. Network World - A startup called SecurityStarfish intends to become the central point where chief information security officers (CISO) can discreetly share information about cyberattacks and obtain anonymized real-time information from others in order to deter cybercrime against their organizations.
This ambitious effort is being led by one of the most influential security professionals in the industry, Dave Cullinane, former CISO at eBay and a founding member and chairman of the Cloud Security Alliance, the group working on security best practices and standards related to cloud-based services. Citadel exploit goes after weakest link at airport: employees. The latest exploit of the Citadel Trojan is yet more evidence that enterprise perimeter security is only as strong as the weakest endpoint device of its employees.
Which is another way of saying, not very strong. Amit Klein, CTO of security vendor Trusteer announced in a blog post on Tuesday that the company had discovered a man-in-the-browser attack using the Citadel Trojan that had compromised the virtual private network (VPN) of a major international airport hub. Call for help on Gauss highlights new malware era. Kaspersky Lab is asking for help in unraveling the mysterious payload of Gauss, a task that security experts say would help enterprises determine whether they are potential targets of the highly sophisticated cyber-surveillance virus.