Excerpt:
The highly effective, very targeted and complex nature of new security threats is making the job of security professionals increasingly difficult. Early examples of context-aware security intelligence systems, although built and functioning well, lack buyers’ attention for additional …
Gartner customers can read this research by clicking here.
Best wishes to all on this holiday. Please remember all those working and serving overseas who cannot be with their families today. Thanks! Everyone @ InfoSec News www.infosecnews.org
http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/ By Dan Goodin Ars Technica Nov 27 2013 Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz, as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday. But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” The researcher went on to say the attacker behind the Intel version is also hosting ELF files that exploit the other chip architectures. […]
http://www.latimes.com/business/money/la-fi-mo-anthem-doctors-breach-20131125,0,4528975.story#ixzz2lvd0rfqG By Chad Terhune Los Angeles Times November 25, 2013 In a departure from most medical privacy cases, Anthem Blue Cross said it accidentally posted online Social Security or tax identification numbers for about 24,500 California doctors. [Updated 1:03 p.m. PST Nov. 25: An Anthem spokesman said Monday that 24,500 doctors were affected, up from the previous 5,900 figure issued by the company.] Anthem, a unit of insurance giant WellPoint Inc., said the private information was mistakenly included with its online provider directory for about 24 hours late last month. The state’s largest for-profit health insurer said once it identified the error, it removed the information from its website. Anthem said this breach didn’t involve any patient data. […]
http://jobs.siliconindia.com/career-news/99-Percent-Of-Indian-IT-Engineers-Lack-Secure-Programming-Skills-nid-157340.html Silicon India 27 November 2013 Mumbai: Spelling alarm for the country’s corporate and defense establishments, a recent survey shows that less than one percent of Indian IT students are skilled in secure programming. The survey-cum-test “The Talent Crisis in InfoSec” was was conducted by EC-Council, a global leader in InfoSec certifications and training. Unveiling the findings, EC-Council president Jay Bavisi said that a mere 13 percent of engineering students were found trainable in the InfoSec domain, with nearly 86 percent unskilled even in its basics. “The world is recognizing vulnerabilities, leading to cyber threats and attacks. India holds a key position in the global IT and IT-enabled services map. Every country is taking steps towards building a talent pipeline towards a secure future and we urge Indian industry and academia to address the concerns to retain their leadership in the domain,” Bavisi said. […]
http://www.canada.com/news/Quebec+hacker+when+crippled+government+websites+gets+probation/9220389/story.html BY SIDHARTHA BANERJEE THE CANADIAN PRESS NOVEMBER 27, 2013 MONTREAL – A Montreal hacker who was just 12 when he crippled several provincial government websites and shared information in exchange for video games has been sentenced to 18 months probation. The 14-year-old pleaded guilty in October to attacks that occurred in 2012 at the height of Quebec’s student protests. The group for which he acted, Anonymous, was particularly vocal against the then-Liberal government, particularly a law limiting the right to protest. A series of attacks targeting government-related websites ensued under a campaign dubbed “Operation Quebec” in response to the law, which has since been repealed. […]
http://news.techworld.com/security/3490854/racing-post-website-in-chaos-after-hackers-raid-database/ By John E Dunn Techworld 25 November 2013 British horse racing bible Racing Post has had to suspend member access to its website while it clears up the mess caused by a weekend breach of a customer database. “The Racing Post apologises for the inconvenience and worry caused to our customers by a malicious attack on our systems,” the paper began its notification using the now familiar tone adopted by numerous other sites in the same situation. The site hasn’t specified how many accounts holders have been affected, nor the number of users affected (the physical newspaper has a circulation of between 50,000 and 60,000), but described the attack as “sustained and aggressive.” One database was breached while “we believe others were subject to similar attacks at the same time,” the notification said. […]
https://www.cerias.purdue.edu/site/blog/post/the_passing_of_a_pioneer/ By Gene Spafford November 26, 2013 Willis H. Ware, a highly respected and admired pioneer in the fields of computing security and privacy, passed away on November 22nd, 2013, aged 93. Born August 31,1920, Mr. Ware received a BSEE from the University of Pennsylvania (1941), and an SM in EE from MIT (1942). He worked on classified radar and IFF electronic systems during WWII. After the war he received his Ph.D. in EE from Princeton University (1951) while working at the Institute for Advanced Studies for John von Neumann, building an early computer system. Upon receiving his Ph.D., Dr. Ware took a position with North American Aviation (now part of Boeing Corporation). After a year, he joined the RAND Corporation (in 1952) where he stayed for the remainder of his career
Buy a copy of my book!
This management book focuses on the crucial knowledge you'll need to become a great manager and leader. It will teach you the important management and leadership skills so others will call you "great"!