The highly effective, very targeted and complex nature of new security threats is making the job of security professionals increasingly difficult. Early examples of context-aware security intelligence systems, although built and functioning well, lack buyers’ attention for additional …
Gartner customers can read this research by clicking here.
http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/ By Dan Goodin Ars Technica Nov 27 2013 Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz, as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday. But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” The researcher went on to say the attacker behind the Intel version is also hosting ELF files that exploit the other chip architectures. […]
http://www.latimes.com/business/money/la-fi-mo-anthem-doctors-breach-20131125,0,4528975.story#ixzz2lvd0rfqG By Chad Terhune Los Angeles Times November 25, 2013 In a departure from most medical privacy cases, Anthem Blue Cross said it accidentally posted online Social Security or tax identification numbers for about 24,500 California doctors. [Updated 1:03 p.m. PST Nov. 25: An Anthem spokesman said Monday that 24,500 doctors were affected, up from the previous 5,900 figure issued by the company.] Anthem, a unit of insurance giant WellPoint Inc., said the private information was mistakenly included with its online provider directory for about 24 hours late last month. The state’s largest for-profit health insurer said once it identified the error, it removed the information from its website. Anthem said this breach didn’t involve any patient data. […]
https://www.cerias.purdue.edu/site/blog/post/the_passing_of_a_pioneer/ By Gene Spafford November 26, 2013 Willis H. Ware, a highly respected and admired pioneer in the fields of computing security and privacy, passed away on November 22nd, 2013, aged 93. Born August 31,1920, Mr. Ware received a BSEE from the University of Pennsylvania (1941), and an SM in EE from MIT (1942). He worked on classified radar and IFF electronic systems during WWII. After the war he received his Ph.D. in EE from Princeton University (1951) while working at the Institute for Advanced Studies for John von Neumann, building an early computer system. Upon receiving his Ph.D., Dr. Ware took a position with North American Aviation (now part of Boeing Corporation). After a year, he joined the RAND Corporation (in 1952) where he stayed for the remainder of his career