[ISN] See you all at Thotcon 0x4 and BSidesChicago 2013!

Two days away from the mushroom farm and hanging out with all the cool kids at Thotcon 0x4 – http://www.thotcon.org/ and BSidesChicago – https://securechicago.org/ I hope to see & meet some InfoSec News subscribers over the next 72 hours! Cheers! William Knowles ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Adobe’s first CSO sets security of hosted services as top priority

https://www.computerworld.com/s/article/9238687/Adobe_s_first_CSO_sets_security_of_hosted_services_as_top_priority By Lucian Constantin IDG News Service April 25, 2013 Adobe Systems has appointed Brad Arkin, the company’s senior director of security for products and services, to become its first CSO. With a mature product security program already in place, the top priorities for Adobe’s new security chief are to strengthen the security of the company’s hosted services and its internal infrastructure. For the past several years, Arkin has overseen Adobe’s software product security efforts as leader of the Adobe Secure Software Engineering Team (ASSET) and the Adobe Product Security Incident Response Team (PSIRT). During this time, Adobe Reader and Flash Player, two applications that are frequently targeted by attackers due to their large user base, have received significant security improvements including anti-exploitation mechanisms like sandboxing and silent automatic updates. While the secure software engineering work will continue, Arkin’s focus is strengthening the security of the company’s hosted services, like the Adobe Creative Cloud and the Adobe Marketing Cloud. “I think that our secure product lifecycle and the work we’ve been doing with our shrinkwrapped products is very mature,” Arkin said. “We’ve been doing this for years now.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Facebook Used to Market Banking Trojans

http://www.bankinfosecurity.com/facebook-used-to-market-banking-trojans-a-5714 By Tracy Kitten Bank Info Security April 26, 2013 Within the last week, researchers at security vendor RSA stumbled upon a Facebook page called Casper Spy Botnet that hackers and malware developers were using to promote and sell the legacy banking Trojan Zeus. The page has since been deactivated, says RSA’s Limor Kessem, a top cyber-intelligence expert within The Security Division of EMC. But it’s likely it was available for several months. And it signifies a concerning trend, she says in an interview with BankInfoSecurity. “This just brings Trojans to the awareness of those who would not otherwise be selling Trojans or using them,” Kessem says. “It was just interesting to see Trojans being sold on a popular site, like Facebook. It proves the sale of Trojans has moved from the underground.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Audit finds state servers vulnerable to cyberattack

http://www.baltimoresun.com/news/maryland/politics/bs-md-cyber-audit-20130425,0,3404521.story By Erin Cox and Carrie Wells The Baltimore Sun April 25, 2013 Servers that host internet service for more than 30 state agencies are vulnerable to a cyberattack, according to a legislative audit released this week. The Maryland State Archives, which oversees the five servers, did not update the operating systems in more than five years, auditors found. Without the protective software patches and updates, Internet service for nearly the entire state government could be at risk, Legislative Auditor Thomas J. Barnickel III said. Auditors said there was no evidence of hacking, merely a weakness in the system that could hypothetically knock most state agencies offline or direct state Internet traffic to malicious sites. The audit, released Tuesday, also found that the archives had inadequate procedures to prevent loss or employee theft of its $31.4 million art collection. The report prompted calls for a quick fix from Del. Jon Cardin, a a Baltimore County Democrat, who pointed out that the audit arrived on “the same day Wall Street suffered a near meltdown at the hands of a Twitter hacker.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 6 steps to keep security issues at bay

http://www.healthcareitnews.com/news/6-steps-keep-security-issues-bay By Bernie Monegain Healthcare IT News April 25, 2013 Healthcare institutions should emulate best-of-breed privacy polices developed by financial services firms rather than other hospitals, recommends William Tanenbaum, partner at New York-based technology law firm Kaye Scholer LLP. When it comes to privacy and data security, healthcare institutions face tremendous exposure to regulatory violations and monetary damages, Tanenbaum said in a news release. Tanenbaum advises clients on a wide range of technology and Internet issues, including data security and privacy. “Criminals pay more for stolen personal health information than they do for stolen credit card information,” he said. “The top of a medical chart contains all the information needed for identify theft. While better IT is the solution, not all wheels have to be reinvented.” Tannebaum advises hospitals to adopt the IT solutions, privacy and data security procedures and employee education programs that already have been developed and tested by leading financial institutions to protect sensitive personal information in a regulatory environment. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail