Thursday, May 29, 2008

Daily Report

• The Associated Press reports that an Iranian-born naturalized U.S. citizen who worked as an engineer at the Palo Verde Nuclear Generating Station was convicted of illegally accessing a protected computer. The man quit his job in 2006 and brought a laptop to Iran containing training software with design schematics and other plant details. (See item 5)

• The Telegraph reports that CDC researchers have discovered a strain of the bird flu that appears to be moving towards developing traits that make human transmission more possible. The virus shows “the same strong sugar binding properties” that have characterized previous pandemics (See item 27)

Banking and Finance Sector

10. May 28, Boston Globe – (Massachusetts) Secretary of State issues scam warning. The Massachusetts Secretary of State is warning consumers about a scam that offers the promise of winning a $250,000 sweepstakes but seems to be a scheme to obtain personal financial information. The official indicated that he was prompted to issue the warning following reports to the Securities Division of his office by people who said they have received letters with a $4,620 check in them with instructions to call a “service tax” agent and provide financial information. The check, which is supposed to be used to pay a “non-resident government service tax,” appears to be “fake,” the secretary’s office said. The current version of the scam claims to come from Newfoundland, and it announces a “compensation draw” for the “Sweepstakes Association of North America,” the official’s office said. “Unsolicited notices like this should always raise an immediate red flag” he said in a statement. Source: http://www.boston.com/business/ticker/2008/05/galvin_issues_s_3.html

Information Technology

34. May 28, Silicon Republic – (International) ‘Digital 9/11’ unless EU network security heightened. Europe is in danger of experiencing a ‘digital 9/11’ if problems in national security approaches are not addressed, a European IT security organization has warned. ENISA, the EU Agency for European Network and Information Security, outlined some of the dangers posed by cyber attacks, spam and social networking misuse in its summary of its General Report 2007. The agency said EU member states have a long way to go to safeguard the European digital economy. It said that while spam cost business €64.5bn in 2007, double the figure for 2005, the fact that only 6 percent of spam reaches mailboxes gives the false impression that the problem is under control. However, ENISA noted that spam is growing in quantity, size and bandwidth and remains a costly problem, with the unseen 94 percent being an invisible part of the ‘iceberg.’ “Europe must take security threats more seriously and invest more resources in network and information security,” said the executive director at ENISA. “ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done.” “The member states should undertake concerted efforts to reduce the imbalances in security levels, through more cross-border co-operation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for member states to co-operate more closely,” he added. Source: http://www.siliconrepublic.com/news/news.nv?storyid=single11127

35. May 27, IDG News Service – (National) New Adobe flaw being used in attacks, says Symantec. An unpatched bug in Adobe Systems’ Flash Player software is being exploited by online criminals, Symantec reported Monday. Few details on the bug are available, but the flaw lies in the latest version of the Adobe Flash Player browser plugin, which is widely used by Internet surfers to view animated Web pages. The flaw affects both the recently released Flash Player version 9.0.124 .0 and version 9.0.115.0, according to an advisory posted Monday to Symantec’s Security Focus Web site. The flaw lets attackers run unauthorized software on the PC, and if the attack fails for some reason it will likely crash the browser, Security Focus said. Symantec is not aware of any vendor-supplied patches for the flaw, the advisory states. Flash bugs have lately been a favorite of attackers. Adobe last month patched seven bugs in Flash Player, including the one that allowed a hacker to win a laptop and US$5,000 for hacking into a Windows Vista machine in a March contest at the CanSecWest security conference. In January, Adobe and other Web-development-tool vendors had to fix bugs in their development tools that created buggy Shockwave Flash (.swf) files that could be exploited in a cross-site scripting attack. This attack can be used by phishers, but it also gives the bad guys a nearly undetectable route into a victim’s bank account or almost any type of Web service. Source: http://www.networkworld.com/news/2008/052708-new-adobe-flaw-being-used.html

36. May 27, Security Focus – (International) Microsoft: Kraken nearly Storm’s size. While researchers have disagreed as to the size and importance of the Kraken botnet, the malicious software has compromised roughly the same number of computers as a more famous bot program, Storm, Microsoft’s security response team stated last week in a blog post. Early data from Microsoft’s Malicious Software Removal Tool indicates that the Kraken botnet, which the company refers to as Oderoor, reached about 80 percent of the size of the Storm botnet, the team stated. In the first week following the inclusion of Kraken into its Malicious Software Removal Tool, Microsoft detected nearly 464,000 instances of the program and cleaned 254,000 machines. For the Storm Worm, which Microsoft refers to as Nuwar, the company detected 537,000 copies and deleted the program from nearly 320,000 machines in its first week. Source: http://www.securityfocus.com/brief/743?ref=rss

Communications Sector

37. May 27, Computerworld Singapore – (International) IT managers daunted by mobile device security. IT managers are reluctant to take on the responsibility of managing the mobile devices that employees are increasingly using and integrating with enterprise applications, according to a new report by Datamonitor in London. The report “Enterprise Mobility: Trend Analysis to 2012” also predicts global enterprise expenditures on mobile devices. According to the study, mobile devices will grow from $6 billion today to an estimated $17 billion by 2012. The report highlights that this kind of growth underlines the need for IT managers to begin to implement mobile device policies. “Enterprises are fighting a losing battle against employees when it comes to mobile devices, and they should consider supporting a limited selection of devices rather than banning them outright,” said an analyst at Datamonitor and the report’s author. Security concerns are the largest barrier to mobility deployments, according to the author. In March 2007, Datamonitor conducted a survey of 467 IT managers, CIOs and IT decision-makers to establish issues that are currently preventing enterprises from investing in mobility products. It found that the majority of the respondents rated security as the greatest barrier to adopting those products. According to the study, as mobile devices like the iPhone are increasingly becoming popular among end users, enterprises are finding that employees want to be able to integrate their personal devices with their corporate e-mail account and other applications. They do not want one device for personal use and an IT-issued device for work. However, according to the report, so far very few IT departments have yielded to these changing scenarios and are refusing to be responsible for managing such a wide variety of mobile devices. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9089539&source=rss_topic15

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)