Many enterprises are lacking key tools for protecting Web 2.0 data, study says

Enterprises are allowing increasingly wider use of Web 2.0 technologies in the workplace for both business and personal use, but many are not ready to secure those applications, according to a study released Wednesday.

According to “Web 2.0 At Work,” a study conducted by research firm Dynamic Markets and commissioned by Web security vendor Websense, some 95 percent of companies currently let their employees access some Web 2.0 applications — including Webmail, mashups, and wikis — and 62 percent of IT managers believe that Web 2.0 is necessary to their businesses. IT executives are feeling pressure from all levels of the organization to expand support for Web 2.0 technologies across the enterprise, the study says.

Read full story

At CSI/SX, Verizon Business’ Peter Tippett talks trends and lessons learned in data breaches

Given the nature of data breaches today, organizations are better off saving money and doing “lightweight” security testing across more of their infrastructure than conducting deep assessments across a few systems, Peter Tippett, vice president of innovation and technology for Verizon Business, told attendees at the Computer Security Institute (CSI) Security Exchange conference here this week.

Read full story

A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergency Readiness Team warned on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, CERT said.

Continue reading the article …

This week’s installment of what’s-old-is-new-again in the world of malware comes from one of the many groups making and distributing phishing Trojans in China. Earlier this year, someone discovered a hacktool called ZXArps, and began distributing it in earnest as a payload from another malicious downloader.

Unlike most malware we see these days, ZXArps (which dates back to 2006, and was discovered by the English-speaking security community the following year) isn’t designed to perform a single task. It’s more like a Swiss Army knife, giving its users a great deal of control over not only the computer on which it’s running, but the immediate network environment in which that computer sits.

Continue reading the article …

Wirtschaftsspionage: Bedrohungspotenzial für die Unternehmen

Angriffsziele der Spionage durch fremde Nachrichtendienste sind Politik, Militär und – immer stärker – Wirtschaft und Wissenschaft.
Die Bundesrepublik Deutschland als Standort zahlreicher Unternehmen der Spitzentechnologie und Forschungseinrichtungen von Weltklasse weckt naturgemäß Begehrlichkeiten fremder Staaten und ihrer Nachrichtendienste. Im Mittelpunkt steht der Versuch, auf vielfältige Weise Informationen abzuschöpfen und Know-how zu beschaffen mit dem Ziel, sowohl der eigenen Volkswirtschaft auf den – im Zeitalter der Globalisierung – enger werdenden Märkten Wettbewerbsvorteile zu verschaffen, als auch möglichst schnell in strategischen Industrien Technologielücken zu schließen.

Weiterlesen ….

Regulatory changes are coming for the payment-card industry, say leaders of the PCI Security Standards Council, which is responsible for developing and implementing security standards for cardholder data protection.

The council, which has about 500 participants, just completed the annual process of electing its board of advisors. Cisco and Citrix Systems were among the victorious candidates this week, winning a combined 14 elected positions on the 21-member advisory board, which will be providing feedback on upcoming initiatives.

Among these initiatives are possible new requirements around the use of virtualization and wireless technologies, as well as more definitive answers on how to “scope,” or set the limits of, a PCI assessment.

Still unclear is whether the council will back the concept of end-to-end encryption as a way for the industry to help fight payment-card fraud, such as the breach that struck Heartland Payment Systems earlier this year.

Continue reading the article …

Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security.

The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat’s own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there’s an average of seven unfixed vulnerabilities in a Website today.

Continue reading the article …