Security firm PandaLabs reports today that it received more malware in the first eight months of 2008 than in the previous 17 years combined -- Trojans being the leading cause of malware infections. In 2008, Panda Security's malware analysis and detection laboratory states that it found an average of 35,000 malware samples each day, 22,000 of which were new infections. By the year's end, the total count of malware threats detected exceeded 15 million. more»
In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more»
A malignant security flaw found in all versions of Microsoft's Internet Explorer browser has yet to be fixed, and the problem is spreading. Microsoft detailed the flaw in a security update blog post six days ago. Since then, the problem has spread across the globe, hitting at least 2 million computers. Unlike other computer exploits, this one does not require users to click on fishy links or download mysterious software: it plagues computers that simply open an infected Web page. Internet Explorer is currently used by 69 percent of Web surfers. more»
Eugene Kaspersky, co-founder of Internet security software Kaspersky Lab, was recently interviewed PC World where he talked about his views regarding cybersecurity and the evolution of malware. In response to fixing the problems with malware on the Internet, Kapersky says: "The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of Internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. ... There is no such thing as anonymity on the Internet, for the average user." more»
An unpatched vulnerability found in Internet Explorer 7 also affects older versions of the browser as well as the latest beta version, Microsoft has warned. The new information widens the pool of users who could be at risk of inadvertently becoming infected with malicious software installed on their PC, as Microsoft does not yet have a patch ready. In an advisory updated on Thursday, Microsoft confirmed that IE 5.01 with Service Pack 4, IE6 with and without Service Pack 1 and IE8 Beta 2 on all versions of the Windows operating system are potentially vulnerable. more»
The Cyber Secure Institute has recently announced its launch with the mission to raise awareness and pressure on addressing issues related to cyber threats faced by the U.S., companies, and individuals. The Institute is unique in that it is not a trade association or industry group. Rob Housman, the Institute's Executive Director, said "We formed the Cyber Secure Institute because this is a critical time for cybersecurity. ... However, we can't address this threat through cybersecurity as we now know it -- endless after-the-fact struggles to close gaps exposed in inherently insecure technologies. If we continue this constant cycle of hack and patch we will never be secure." more»
The latest security report from Sophos suggests that more malware is hosted on U.S. websites and more spam is relayed from American computers, than any other country. As evidence of this, when an American Internet company, McColo Corp., accused of collaborating with spammers and hackers, was taken offline last month, there was a staggering 75% drop in global spam volume. more»
Virus writers are likely to unleash increasingly sophisticated strains of malware next year in an attempt to bounce back from some high-profile botnet shutdowns in 2008, according to new predictions from managed security provider MessageLabs. The company predicted that hackers will launch new attacks in which malware will exist as a virtualisation layer running directly on the hardware and undiscoverable by the operating system. more»
Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more»
Security researchers and PandaLabs have issued a security alert today revealing a direct correlation between the recent stock market volatility and the growth of new threats. According to firm, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts believe the recent spike in malware could be related to cybercriminals now having fewer possible targets as a result of consolidation within the banking industry. more»
Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more»
The U.S. federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise is facing challenges, according to a draft Government Accountability Office (GAO). Keith Epstein, a correspondent in BusinessWeek's Washington bureau reports: "...GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers." more»
Main Internet data carriers have stopped providing connectivity to Atrivo, an ISP notorious for serving a large number of scammers and spammers. Reporting on Washington Post's Security Fix, Brian Krebs uncovers thousands of domain names linked to spam and illegal activities that are registered through EstDomains, Atrivo's "most important customer". EstDomains is a reseller of Directi's registration services -- the ICANN accredited domain registration company which has also been under scrutiny as a result. more»
A recent test of leading anti-virus vendors over a thirty-day period has revealed that more than half of all malware threats on the Internet go undetected, according to a report issued today by cyber intelligence firm, Cyveillance. Data for the test was compiled from thousands of active malware threats that Cyveillance says it detects daily and was then fed through each of the vendors' anti-virus solutions in real-time. more»
IT security pros, analysts and researchers are coming together for the meeting of the minds that is Black Hat 2008. The popular security conference officially kicked off Aug. 2 in Las Vegas with a series of training sessions that wrap up Aug. 5. However, the real buzz for many attendees will be the technical briefings Aug. 6-7 at Caesars Palace. The activities Aug. 6 will begin with some words from Black Hat founder Jeff Moss and a keynote from author and London School of Economics professor Ian Angell. From there, the conference launches into two days of briefings on several different tracks such as reverse engineering and rootkits. There is already hype around a number of the sessions, including the much-talked about DNS flaw discovered by security researcher Dan Kaminsky. more»
