Archive for March, 2011
If this new legislation becomes law it would require users to have security software on their PCs. The Korea Communications Commission (KCC) would have the authority to decide which security products are acceptable and which are not. This law would give the KCC the authority to "examine the details of the business, records, documents and others' of those believed to be out of compliance with the security software mandate.
Government workers in Australia will no longer have access to use free web-based email services like Gmail and Hotmail. The government made the decision to follow a report from Australia's Federal Auditor-General recommending that "agencies should not allow personnel to send and receive emails on agency ICT systems using public web-based email services." For situations in which government employees require access to these services, the auditor recommended the use of single, stand-alone desktops. The ban will take effect on July 1, 2011.
According to a study from McAfee, cyber thieves are increasingly targeting intellectual property. Some attackers are specializing in stealing data from corporate computer systems. In particular, information thieves seem to be looking for trade secrets, research and development reports, marketing plans and source code. The report also noted that many companies are not taking adequate measures to protect information and are not going public with news of data security breaches. Of the companies that reported experiencing a data security breach, just half said they had taken steps to improve cyber security.
The Briar Group LLC, which runs a number of restaurants in the Boston area, has agreed to pay US $110,000 to settle allegations that it did not take adequate precautions to protect customers' personal information and placed at risk of compromise information on tens of thousands of payment cards. The Briar Group was the target of a data security breach in April 2009; malware that had been surreptitiously placed on the company's computer systems was not removed until December 2009. The Massachusetts attorney general filed a lawsuit as a result.
Spotify has apologized for an attack that exposed users of the free version of its music streaming service in Europe to malware through tainted advertisements. The ads served content that attempted to infect users' machines with scareware. Spotify disabled third-party advertisements on Friday, March 25 after learning of the problem. The company isolated and removed the offending ad, and service was back to normal in the next few days.
Google has updated its Chrome browser to address six vulnerabilities, all of which have been rated high security risks.
A survey conducted by the Ponemon Institute on behalf of ACVG says that mobile phone users in the US are lax on mobile phone security. Nearly 84 percent of those surveyed use the same phone for both business and personal matters. Many people also make purchases over their mobile phones. Few consumers use phone-locking passwords and many use the same password for multiple apps.
An investigation commissioned by data protection company CPP Group found that many people in the UK who sell their old smartphones and SIM cards are failing to wipe the devices of sensitive personal data. More than half of the devices examined for the study were found to contain credit card PINs, bank account information, and login information for social networking sites. The information was gathered from 35 used phones and 50 used SIM cards. Users selling old phones should perform a factory reset. Unless old SIM cards are being transferred to another of the owner's devices, they should be destroyed.
SANS Secure Europe is getting closer, have you registered? This is your chance to be part of the second biggest Info Sec training event in Europe with seven great technical, in-depth, and hands on classes running over two weeks in the heart of Amsterdam.
This year we will be running:
- SEC401: SANS Security Essentials Bootcamp Style with Jim Herbeck
- SEC540: VoIP Security with Paul Henry
- SEC560: Network Penetration Testing and Ethical Hacking with Stephen Sims
- FOR508: Advanced Computer Forensic Analysis and Incident Response with Jess Garcia
- SEC617: Wireless Ethical Hacking, Penetration Testing and Defences with Steve Armstrong
- SEC660: Advanced Penetration Testing, Exploits and Ethical Hacking with Stephen Sims
- FOR558: Network Forensics with Jess Garcia
REMEMBER, this is the only time that SEC540 & SEC617 will be running in Europe this year so don't miss this opportunity.
PLUS, this will be the first time that SEC660 has run in Europe since London 2010 where it sold out. It is currently running in SANS 2011 in Orlando, where it has sold out. Seats for Amsterdam are selling fast, and we are expecting another sell out in Amsterdam. So don't miss your place, register now http://www.sans.org/info/74349
If you register and pay before April 13th, you will save EUR 150 off the tuition fee. So don't wait any longer, make sure you have your place booked and save some money at the same time.
SANS Secure Europe will be taking place at the Radisson Blu Amsterdam, right in the centre of this fantastic city, so check our location page, http://www.sans.org/info/74354, to see how you can get the best rates available at the event hotel.
Next week on Tuesday, 5th of April, sees the start of our SANS Secure Europe Webcast series with "Evolving VoIP Threats," taught by Paul Henry
- 3:00 p.m. Central European Time.
VoIP is thriving in an otherwise down economy:
1. VoIP implementations are growing driven by cost savings 2. Cost is typically the only consideration in the implementation of VoIP – it is all about saving money 3. Security if considered at all is clearly an afterthought 4. Too many still dismiss VoIP threats as theoretical
VoIP can allow significant costs savings while not sacrificing an organizations security. Recognizing the threats and implementing the compensating and technical controls can make all the difference in a successful VoIP implementation.
Further Webcasts involving the instructors in Amsterdam will take place over the coming weeks; further details will be coming soon.
So make sure you are part of what is going to be a great training experience, and we'll see you in Amsterdam.
Google Chrome Style Handling Memory Corruption Vulnerability
Software Google Chrome 10.x
Critical Level: High
Impact: System could become compromised leading to Possible System Access
Solution: Update to version 10.0.648.133