IT Security News 2008
| November 19 2008 Hot or not: Software update vulnerabilities The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too. There's been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vec...[more] | |||||
| November 19 2008 10 Questions to Ask an IT-Security Consultant Finding the right IT-security consultant is a little like searching for a good family doctor. You need to hire someone who is intelligent, insightful, understanding and a good communicator. To get to the truth and discover if the person you're interviewing really knows his or her stuff, you'll need...[more] | |||||
| November 19 2008 Computer virus quarantines London Hospital for second day IT staff at three major London hospitals have spent a second day struggling to restore IT systems following a major computer virus outbreak. Computer systems at the St Bartholomew's (Barts) the Royal London Hospital in Whitechapel and the London Chest Hospital in Bethnal Green were taken down on Tu...[more] | |||||
| November 19 2008 Ford builds in telematics to vans, pickups Car manufacturer Ford has signed a deal to build telematics systems into vehicles at the factory. According to the car maker, it's the first time the vehicle tech has been used on such a large scale....[more] | |||||
| November 19 2008 How much does spam cost you? Google will calculate How much is spam costing your company? Google unveiled a nifty little calculator Wednesday to help you add it up. It's part of a marketing campaign for Google Message Security, the online spam-filtering service based on the Postini technology Google acquired last year. "We know in these tougher econ...[more] | |||||
| November 19 2008 PCI to assess the assessors The Payment Card Industry Security Standards Council (PCI SSC) today announced a new programme designed to improve consistency among qualified security assessors tasked with determining the compliance status of organisations affected by PCI....[more] | |||||
| November 18 2008 Microsoft to offer free consumer security suite Microsoft on Tuesday said it is changing its strategy for offering PC antivirus software, with plans to discontinue its subscription-based consumer security suite and instead offer individuals free software to protect their PCs....[more] | |||||
| November 18 2008 Global firms ignoring web-based threats A quarter of companies experienced a web-based threat last year, but are still underestimating the risk from this vector, according to new research from security firm Webroot. The vendor's latest State of Internet Security report that found one in four respondents globally suffered an attack that ca...[more] | |||||
| November 18 2008 'No lost memory sticks' shocker for gov't dept While seemingly a week doesn't go past without another government data loss as a result of a mislaid memory stick, one government department has made a shocking revelation: it hasn't lost any for several years....[more] | |||||
| November 18 2008 Computer virus affects hospitals Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus. St Bartholomew's (Barts) in the City, the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green are affected....[more] | |||||
| November 17 2008 UK consumers worth £14k each to cyber criminals Each adult in the UK is worth about £14,500 to internet criminals according to the UK's online security guardians. The value of the average UK person's salary and credit card details to online fraudsters was revealed in the 2008 report by the secure computing initiative Get Safe Online (GSO), whose...[more] | |||||
| November 17 2008 Finjan offers free malware detection audit to halt Crimeware Trojan Finjan has announced it is offering qualified organisations a free malware detection audit to halt Crimeware Trojan’s and other malware attacks on enterprises. Finjan's free trial offer comes after security vendor RSA has estimated the Sinowal Trojan has taken the details of 270,000 online bank acco...[more] | |||||
| November 17 2008 Simple steps can help IT do more with less With the global economy lurching toward recession, everyone is being asked to do more with less, and cutbacks and layoffs are weighing heavily on people's minds. But cutting costs in IT does not necessarily mean laying staffers off, deferring projects or reducing support. There are simple steps ever...[more] | |||||
| November 17 2008 Spam drop could boost Trojan attacks The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo Corp. was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned....[more] | |||||
| November 17 2008 What has happened to storage security? It would be an overstatement to suggest that the state of storage security has declined in the past year, but it's fair to say that it's lost some momentum. While everyone on the planet is now aware of privacy concerns and specifically the widely publicized risk of off-site tape loss, only a relat...[more] | |||||
| November 17 2008 Obama 'could stop using e-mail' Barack Obama, who gave up smoking before running for office, now faces a break with another habit - e-mail. The US president-elect is likely to give it up, aides told the New York Times, because transparency laws would open his correspondence to public view....[more] | |||||
| November 17 2008 QuickStudy: Identity-based encryption Public-key cryptography offers very strong protection for electronic communications. Much of its strength comes from the use of paired keys, which are separate (but mathematically related) codes that encrypt and decrypt a message; one key is public and one is known only to the recipient....[more] | |||||
| November 17 2008 UK identities sold for £80 online Internet fraudsters sell complete financial identities for just £80, according to an online safety group. The details packaged and sold online include names, addresses, passport numbers and confidential financial data such as credit card numbers....[more] | |||||
| November 14 2008 Equifax offers online proof-of-age card Equifax on Thursday introduced its first information card, or 'I-card' — the Equifax Over-18 card. I-cards are designed to be the online equivalent of a driver's licence, passport or similar ID. The idea is customers would have an electronic wallet with various information cards that would allow the...[more] | |||||
| November 14 2008 Woman loses $400k in huge '419' fraud A woman in the US is reported to have lost $400,000 (£270,000) after falling under the spell of one of the most extraordinary Nigerian 419 scams ever uncovered....[more] | |||||
| November 14 2008 Microsoft to launch online SharePoint, Exchange on Monday Microsoft will release on Monday the first of several of its hosted business-productivity services. The company will launch Exchange Online and SharePoint Online at an event in San Francisco, according to an e-mail from its public relations firm. A spokeswoman from the agency confirmed that the serv...[more] | |||||
| November 14 2008 F-Secure touts cloud-based security The ideal approach, according to F-Secure chief technology officer Pirkka Palomäki, is to combine the best features of locally running systems with security services running in the cloud....[more] | |||||
| November 14 2008 Microsoft SharePoint security concerns surface Sensitive data at risk from Microsoft collaboration platform, according to research. Most business managers have little visibility into their Microsoft SharePoint environments, and believe that the collaboration tool could put them at risk of data theft, according to new research from enterprise pro...[more] | |||||
| November 13 2008 Web-based Office coming to Macs, iPhone A Microsoft blog reiterated this week that the web-based version of Office won't be tied to either Windows or Internet Explorer. In a blog posting on its Channel 10 site, a Microsoft blogger noted that, owing to support of Firefox and Safari, the forthcoming Office Web Applications will run on Linux...[more] | |||||
| November 13 2008 Mozilla fixes 11 new flaws in Firefox, six critical Mozilla Corp. on Wednesday patched 11 vulnerabilities in Firefox 3.0 -- and 12 bugs in the older Firefox 2.0 -- that could be used to compromise computers and steal information. Yesterday's update patched virtually the same number of vulnerabilities as the last security update seven weeks ago....[more] | |||||
| November 13 2008 Spam plummets as gang leaves net The closure of a web hosting firm that is believed to have had spam gangs as clients has led to a drastic reduction in junk mail. Two US internet service providers have pulled the plug on the firm McColo following an investigation by the Washington Post newspaper....[more] | |||||
| November 13 2008 ICANN to terminate notorious registrar's credentials after all After a brief delay, the non-profit group that oversees the internet's address system has decided to proceed with plans to revoke the credentials of EstDomains, a domain name registrar with a reputation for catering to cyber criminals....[more] | |||||
| November 12 2008 Cyber-Ark Signs Seven-Figure Deal with Top 10 Global Bank to Provide Privileged Identity Management Solution Cyber-Ark Software, the leading provider of Privileged Identity Management (PIM), Sensitive Information Management and Digital Vault solutions, today announced that one of the world’s largest and most influential global financial institutions has chosen Cyber-Ark’s Privileged Identity Management Sui...[more] | |||||
| November 12 2008 Industry welcomes Microsoft's latest patching Microsoft released one critical and one important patch for its November patch Tuesday. The MS08-069 critical bulletin patched the vulnerabilities in Microsoft XML Core Services. Microsoft claimed that the most severe vulnerability could allow remote code execution if a user viewed a specially craft...[more] | |||||
| November 12 2008 Net bombarded by heaviest ever attacks this year Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. IP networks were bombarded by Distributed Denial of Service (DDoS) attacks – attempts to make networks unreachable by flooding them with traffic – as intense as 40...[more] | |||||
| November 12 2008 Microsoft explains seven-year-old patch delay Microsoft Corp. late yesterday explained why it had been unable to patch a seven-year-old bug until recently, saying that it was only in the last year that it figured out how to fix the flaw without breaking most network-based applications....[more] | |||||
| November 12 2008 Security giants propose new testing standard Symantec, McAfee, F-Secure and Kaspersky are among the names that have pledged support for the project, which boasts more than 40 security vendors and media groups as part of the Anti-Malware Testing Standards Organisation....[more] | |||||
| November 11 2008 Cyberthieves mine online for corporate data nuggets An innocuous posting appeared on a Houston-based technology company's internal website on a recent Friday afternoon. A couple of workers saw it, and obeyed instructions to click on a Web link. The posting seemed trustworthy. It was on an employees-only message board. And the link referenced news abo...[more] | |||||
| November 11 2008 Flawed AVG antivirus update cripples Windows XP PCs A flawed signature update to AVG Technologies ' antivirus software over the weekend crippled some Windows XP PCs by mistakenly deleting a critical system file, the company has confirmed....[more] | |||||
| November 11 2008 Microsoft security patch was seven years in the making Some security patches take time -- seven-and-a-half years, in fact, if you count the time it's taken Microsoft to patch a security issue in its SMB (Server Message Block) service, fixed Tuesday. This software is used by Windows to share files and print documents over a network....[more] | |||||
| November 11 2008 Critical infrastructure often under cyberattack Computer systems that run the world's critical infrastructure are not as secure as they should be, according to a new survey. The survey, released yesterday, asked 199 management, network engineers and administrators in nine infrastructure industries about the state of cybersecurity in the U.S., Can...[more] | |||||
| November 11 2008 Visa sets PCI compliance deadlines for rest of world The largest merchants operating overseas will have less than two years to secure credit card transactions, Visa announced on Monday. Level-one retailers -- those processing more than six million Visa transactions per year -- must prove adherence to the Payment Card Industry Data Security Standard (P...[more] | |||||
| November 10 2008 Virtualization coming to mobile devices After targeting the market for virtualizing servers and clients, VMware has now set its sights on mobile phones, announcing Mobile Virtualization Platform (MVP) on Monday. The company will work closely with mobile phone vendors to embed its virtualization technology directly onto mobile phones, as a...[more] | |||||
| November 10 2008 Survey: One DNS server in 10 is 'trivially vulnerable' More than 10% of the Internet's DNS servers are still vulnerable to cache-poisoning attacks, according to a worldwide survey of public-facing Internet nameservers. That's despite it being several months since the vulnerabilities were disclosed and fixes made available, said DNS expert Cricket Liu, w...[more] | |||||
| November 10 2008 Visa trials PIN payment card to fight online fraud Visa cards with a built in one-time code generator are to be trialled by four European banks. The technology is designed to tackle the growing problem of online credit card fraud. MBNA, a Bank of America company in the UK, Corner Bank in Switzerland, Cal in Israel and IW Bank in Italy are to take pa...[more] | |||||
| November 10 2008 Study shows how spammers cash in Spammers are turning a profit despite only getting one response for every 12.5m e-mails they send, finds a study. By hijacking a working spam network, US researchers have uncovered some of the economics of being a junk mailer....[more] | |||||
| November 10 2008 Now that the election's over, holiday season spam begins Spammers have unsurprisingly launched their 2008 holiday season spam campaign using email to tout pharmaceutical products and casino spam with a Christmas angle. In its November State of Spam report released today Symantec found that spam levels averaged 76.4 percent of all messages scanned by Syman...[more] | |||||
| November 07 2008 Web helps Obama with transition Barack Obama is turning to the web as he prepares to become US president. Via a website called Change.gov, the Obama campaign plans to provide a guide to the transition process. The site also solicits suggestions from US citizens about their vision for America, and lets them apply for a post with th...[more] | |||||
| November 07 2008 IT illiteracy drags on UK economy The UK is losing millions of working hours a week due to a lack of basic IT literacy, according to a report published on Friday by City & Guilds, the UK's principal body for work-related accreditations....[more] | |||||
| November 07 2008 Teenagers told IT is a "dream job" Teenagers are being told that IT is a "dream job" with the promise of working for "inspirational companies". The BigAmbition initiative launched by e-skills UK is aimed at getting 14- to 19-year-olds excited about a career in technology....[more] | |||||
| November 07 2008 UK government admits it cannot ensure data safety The UK Government has faced repeated embarrassments over lost data, with over 270 data breaches being reported over the past year. Prime Minister Gordon Brown has admitted that the government cannot promise the safety of personal data entrusted by the public, and is blaming it on human error....[more] | |||||
| November 06 2008 Microsoft preps two patches for Tuesday Microsoft on Tuesday is scheduled to ship two patches as part of his monthly security update, according to an advance notification issued on Thursday. One of the fixes is "critical" and addresses at least one vulnerability in XML Core Services when installed on Windows and Office. The affected Windo...[more] | |||||
| November 06 2008 Start-ups find an edge in the cloud Start-ups stand in a good position to benefit from new technology developments such as the cloud, small-business directors said at a roundtable on Wednesday. The roundtable, which was held in London on Wednesday, brought together representatives from eight IT companies to discuss the position of sta...[more] | |||||
| November 06 2008 Card-not-present fraud increases by 18 percent According to APACS, the UK payments association, Card-not-present fraud rose by 18 % in the first six months of 2008. A leading member of the Information Security Awareness Forum (ISAF) has issued a further warning after cybercriminals ordered a laptop on credit and had it delivered to her home in a...[more] | |||||
| November 06 2008 Once thought safe, WPA Wi-Fi encryption is cracked Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, r...[more] | |||||
| November 05 2008 Gov't announces airport ID-card trials The Home Office has announced the first trials of ID cards for airside workers. ID cards will be trialled at two airports from autumn 2009. "Manchester and London City airports have agreed to work with the Home Office as part of the first wave of airports and will help develop detailed plans for int...[more] | |||||
| November 05 2008 Cops enlist HAL in fight against crime Artificial intelligence is being prepared to serve on the front line of UK policing. Looking at how AI techniques can boost digital forensics, the government-funded Cyber Security Knowledge Transfer Network (KTN) will examine the potential use of AI in web counter-terrorism surveillance, fighting in...[more] | |||||
| November 05 2008 UK savers warned of Icesave scam risk Customers trying to claim deposits from a collapsed Icelandic bank could be at a higher risk over the next few weeks of falling victim to phishing scams, according to security analysts....[more] | |||||
| November 05 2008 Microsoft sees fewer flaws but higher severity Microsoft released its Security Intelligence Report this week finding, among other trends, that reports of vulnerabilities have continued to drop as more researchers and hackers focus on finding issues in applications, not operating systems....[more] | |||||
| November 05 2008 Few second-hand hard disks wiped clean Businesses and individuals are dumping hard disks with large amounts of data still on them, leaving the door open for identity theft, commercial sabotage or political compromise, a yet-to-be-released study has found....[more] | |||||
| November 05 2008 Hackers leverage Obama win for massive malware campaign Hackers have seized on the results of the U.S. presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe Systems Inc.'s Flash, but actually plants a Trojan horse on unprotected PCs, security experts warned today....[more] | |||||
| November 05 2008 The end of an era - Windows 3.x Windows 3.x has come to the closing moments of its long life. On 1 November Microsoft stopped issuing licences for the software that made its debut in May 1990 in the US. The various versions of Windows 3.x (including 3.11) released in the early 1990s, were the first of Microsoft's graphical user in...[more] | |||||
| November 04 2008 Adobe patches for critical vulnerabilities in Adobe Reader Adobe on Tuesday delivered a new version of Adobe Reader and Acrobat 8 to correct a number of critical vulnerabilities that could allow an attacker to take remote control of an infected computer....[more] | |||||
| November 04 2008 NHS trusts guards against further data loss NHS Lothian is ramping up the patient information security following a recent data loss incident. The Scottish Trust is implementing access management security from Lumension Security to restrict network access to approved devices. This is being complemented with end-point control technology from Be...[more] | |||||
| November 04 2008 Site tracking voting problems has glitch of its own A Web site set up to monitor voting problems in the 2008 U.S. presidential election suffered some technical difficulties of its own Tuesday. Technical staff working on the OurVoteLive.org site were forced to remove some of the site's search features Tuesday morning, after the site was overwhelmed wi...[more] | |||||
| November 04 2008 IT worker let spammers into ex-employer's servers An IT manager who five months after being fired logged onto to his former employer's computer network and opened the e-mail server up to spammers has been sentenced to one year in prison....[more] | |||||
| November 03 2008 Worm Exploiting Microsoft Windows Server Spotted A worm designed to exploit the recently patched vulnerability covered in Microsoft Security Bulletin MS08-067 has been detected, US-CERT, the government's cybersecurity organization, warned Monday....[more] | |||||
| November 03 2008 Businesses lack confidence in police e-crime handling Businesses are not confident that the police have the necessary resources or technical knowledge to deal with e-crime effectively, a survey has found. The survey, Is Organised Electronic Crime On The Rise?, was conducted by the Corporate IT Forum, a conglomerate of 150 blue-chip companies, and relea...[more] | |||||
| November 03 2008 A quarter of law firms admit to losing confidential information According to a survey by Credant Technologies amongst 100 legal firms across the UK, 24% of UK legal firms have confessed to misplacing at least one mobile device containing confidential documents. These losses leave the data saved to the device vulnerable to exposure with case-notes, contracts and...[more] | |||||
| November 03 2008 Finjan reveals how corporate data is stolen and stored by Cybercriminals Finjan today announced that its Malicious Code Research Center (MCRC) has documented step-by-step how corporate data is being stolen and stored on remote servers owned by criminals....[more] | |||||
| November 03 2008 Lipstick on a pig and how it relates to IT security As someone that has become totally engrossed in Tuesday's U.S. elections, Barack Obama's comment about lipstick on a pig resonated because in my opinion it just about sums up the approach to IT security in most enterprises today. You have SOX, PCI, Basel, ISO or whatever other policy you can think o...[more] | |||||
| November 03 2008 IPS dismisses 14 staff for data-protection breaches The Identity and Passport Service has dismissed 14 people over the last three years, in the majority of cases for abusing access to the passport database. Of 16 cases where data-protection regulations were breached, all but one involved members of staff who had legitimate access to the Passport Appl...[more] | |||||
| November 03 2008 Firms demand aid on hi-tech crime UK businesses have little faith that the government is doing enough to tackle hi-tech crime, says a report. Of those questioned 57% said any malicious hi-tech crime in the workplace would not be dealt with properly by the police....[more] |
Get the Industry's top stories delivered straight to your inbox...
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |