Thursday, May 31, 2012

Official Australian e-health info page defaced

Australian website hacked!

An apparent trio of ‘hackers’ operating under the LatinHackTeam banner has claimed the Australian Government’s Department of Health and Ageing eHealth education site as its 13,789th ‘defacement‘ victim.

The group’s latest record on Zone-H, a site that archives website vandalisations, is the department’s eHealth education site,

The site is a learning portal aimed at preparing consumers and healthcare professionals for the July 2012 launch of eHealth records in Australia. “infEkt”, “Adminp4nic” and “eCore” apparently do their homework, claiming to have targeted the site because they were “Against government corruption !!” “We are LatinHackTeam. We are three. We dont (sic) make DDOS. We do research. Respect us! Land of liberty, home of the brave..”

Most of the trio’s recent targets appear to be the websites of government organisations, but they occasionally stray to target organisations like the Spanish Red Cross in Granada, regional websites of Amnesty International, and the Creative Commons (Peru). The most recent Australian target before the eHealth site was the Australian website of global automotive stereo company, Alpine. In that defacement, which occurred on May 6, the group said it was “Against Monopoly Companies”.

The snapshot of the Department of Health and Ageing’s eHealth education site defacement appears to have been taken on May 17.

Source CSO Australia

Wednesday, May 30, 2012

Video: How Viruses Attack a PLC/HMI without Deep Packet Inspection via an USB memory stick?

Virus Attack & Prevention With/Without Deep Packet Inspection

In the first video, Eric Byres, cto and vp Engineering of Tofino Security, a Belden Co., shows how a worm can attack a PLC/HMI in a simulated Oil and Gas environment. This video sees Deep Packet Inspection in action to prevent a USB thumb drive attack.

The second video sees Deep Packet Inspection in action to prevent a USB thumb drive attack

Monday, May 28, 2012

Checklist security of ICS/SCADA systems

Brief Good Practice Guidelines for ICS/SCADA Systems Security

ICS/SCADA is used in many different areas, varying from very critical systems and processes to simple applications. It is up to their owners to decide which level of security and depth of measures are necessary. This checklist makes a distinction between organisational and technical/operational measures.

A brief explanation is provided for each measure, including references to additional background information and/or tips for implementation. The checklist focuses on measures against the most frequent vulnerabilities and security problems. It is important to note that complying with all items on this checklist does not mean that your organisation is fully protected and 100% safe.


Hackers and security researchers are increasingly and visibly turning their attention to the security of process control systems (ICS/SCADA). Systems that can be accessed directly from the Internet are especially at risk, although this Internet connection is not the only potential security problem for process control environments.

The National Cyber Security Centre (NCSC) has therefore developed this ICS/SCADA system security checklist. This checklist may help your organisation to determine whether the ICS/SCADA environment is sufficiently protected based on measures considered ‘good practice’.

Another publication is the NCSC Fact sheet 2012-01 entitled ‘Security risks of online SCADA systems’, including a checklist focused on reducing the risk of (undesirable) Internet connections of SCADA systems.

Context of this checklist

ICS/SCADA is used in many different areas, varying from very critical systems and processes to simple applications. It is up to their owners to decide which level of security and depth of measures are necessary.


Checklist security of ICS-SCADA systems

Saturday, May 26, 2012

Utilities Sector Have The Poorest Governance Practices

Corporate Boards Still In the Dark About Cybersecurity

As the U.S. natural gas pipeline sector and the Department of Homeland Security square off against malicious cyber intrusions aimed at companies, along comes yet another study that highlights serious governance shortcomings of critical infrastructure companies when it comes to cybersecurity.

The Governance of Enterprise Security: CyLab 2012 Report” [PDF], released last week by Carnegie Mellon University, offers the first side-by-side comparison of industries on governance practices and cybersecurity oversight.

Compared against the financial, IT/telecom, and industrials sectors, energy/utilities companies fared the worst. “Of the critical infrastructure respondents, the energy/utilities sector had the poorest governance practices,” writes study author Jody Westby in Forbes (a co-sponsor of the survey, along with RSA).

“When asked whether their organizations were undertaking six best practices for cyber governance, the energy/utilities sector ranked last for four of the practices and next to last for the other two.” The energy/utilities sector responses, as reported by Forbes, broke down as follows:

  • 71 percent of their boards rarely or never review privacy and security budgets.
  • 79 percent of their boards rarely or never review roles and responsibilities.
  • 64 percent of their boards rarely or never review top-level policies.
  • 57 percent of their boards rarely or never review security program assessments.

The energy/utilities respondents also “placed the least value on IT experience when recruiting board members,” writes Westby, the CEO of the consultancy Global Cyber Risk. Westby finds the energy/utilities results particularly troubling: “What is disturbing about these findings is that the energy/utilities sector is one of the most regulated industry sectors and one of the most important to business continuity,” she says.

The sector is also heavily dependent on industrial control systems (known by the acronym SCADA), “most of which were not designed for security and have no logging functions to enable forensic investigations of attacks,” she adds. The survey noted that overall, “the financial sector has better privacy and security practices than other industry sectors.”

The financial sector got the highest marks on undertaking best practices, and respondents from those companies also indicated “they are much farther ahead in establishing risk committees” on the board:

78 percent said they had a risk committee separate from the audit committee, compared to 44 percent among industrials, 35 percent among energy/utilities, and 31 percent among IT/telecom. The energy/utilities and the IT/telecom sectors were the least likely to review cyber insurance coverage—79 percent and 77 percent, respectively, said they did not do so. Meanwhile, 52 percent of financial sector boards and 44 percent of industrial sector boards said they didn’t perform a review.

But as the first round of CyLab survey findings published earlier this year revealed, governance around cyber risk is generally lacking. Despite holding extensive troves of digital assets—and bearing an explicit fiduciary duty to protect those assets—boards and senior management “are not exercising appropriate governance over the privacy and security of their digital assets,” according to the results.

These findings on board oversight dovetail with those of a 2011 study by the Center for Strategic and International Studies and McAfee, focused on power, oil, gas, and water companies around the world. That report, too, uncovered a similar dearth of preparedness.

“What we found is that they are not ready,” wrote the authors of last year’s “In the Dark: Crucial Industries Confront Cyberattacks” [PDF]. “The professionals charged with protecting these systems report that the threat has accelerated—but the response has not.” 

 Those threats, as reported by company executives, increased substantially from the previous year. In the 2010 survey, “nearly half of the respondents said that they had never faced large-scale denial of service attacks or network infiltrations,” according to the authors.

By 2011:

  • 80 percent of respondents said they had faced a large-scale denial of service attack.
  • 80 percent of respondents said they had faced a large-scale denial of service attack.
  • 85 percent said they had experienced network infiltrations.
  • A quarter of respondents reported daily or weekly denial-of-service attacks on a large scale.
  • Nearly two-thirds said that, on at least a monthly basis, they found malware designed for sabotage on their system.

Yet the bottom line for corporate cybersecurity was still disappointing: “Most companies failed to adopt many of the available security measures. This means that, for many, security remained rudimentary.”

Refer here to read more details.

Thursday, May 24, 2012

Beware fake Chrome installers for Windows.

Fake Google Chrome Installer Steals Banking Details

A file named "ChromeSetup.exe" is being offered for download on various websites, and the link to the file appears to be legitimately hosted on Facebook and Google domains. In reality, the software won't install Google's Chrome browser, but an information-stealing Trojan application known as Banker, according to antivirus vendor Trend Micro.

Once the malware--which appears to be targeting Latin American users, especially in Brazil and Peru--is executed, it relays the IP address and operating system version to one of two command-and-control (C&C) servers, then downloads a configuration file. After that, whenever a user of the infected PC visits one of a number of banking websites, the malware intercepts the HTTP request, redirects the user to a fake banking page, and also pops up a dialog box informing the user that new security software will be installed.

In fact, the malware has been designed uninstall GbPlugin, which is "software that protects Brazilian bank customers when performing online banking transactions," said Trend Micro security researcher Brian Cayanan in a blog post. "It does this through the aid of gb_catchme.exe--a legitimate tool from GMER called Catchme, which was originally intended to uninstall malicious software. The bad guys, in this case, are using the tool for their malicious agendas."

Refer here to read further details.

Monday, May 21, 2012

How to protect your Facebook account from hackers?

Nine Major Ways Criminals Use Facebook
  1. Hacking Accounts

    When criminals hack a Facebook account, they typically use one of several available “brute force” tools, Grayson Milbourne, Webroot’s Manager of Threat Research for North America, told 24/7 Wall St. in an interview. These tools cycle through a common password dictionary, and try commonly used names and dates, opposite hundreds of thousands of different email IDs.

    Once hacked, an account can be commandeered and used as a platform to deliver spam, or — more commonly — sold. Clandestine hacker forums are crawling with ads offering Facebook account IDs and passwords in exchange for money. In the cyber world, information is a valuable thing.
  2. Commandeering Accounts
    A more direct form of identity theft, commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity.

    The impostor can use this identity for a variety of confidence schemes, including the popular, London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. The London scam has a far-higher success rate on Facebook — and specifically on commandeered accounts — because there is a baseline of trust between the users and those on their friends list.
  3. Profile Cloning
    Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send friend requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted, the crook has access to the target’s personal information, which they can use to clone other profiles or to commit fraud.

    As Grayson Milbourne puts it, “Exploiting a person’s account and posturing as that person is just another clever mechanism to use to extract information.” Perhaps what’s scariest about this kind of crime is its simplicity. Hacking acumen is unnecessary to clone a profile; the criminal simply needs a registered account.
  4. Cross-Platform Profile Cloning

    Cross-platform profile cloning is when the cyber criminal obtains information and images from Facebook and uses them to create false profiles on another social-networking site, or vice versa. The principle is similar to profile cloning, but this kind of fraud can give Facebook users a false sense of security because their profile is often cloned to a social platform that they might not use. The result is that this kind of fraud may also take longer to notice and remedy.
  5. Phishing
    Phishing on Facebook involves a hacker posing as a respected individual or organization and asking for personal data, usually via a wall post or direct message. Once clicked, the link infects the users’ computers with malware or directs them to a website that offers a compelling reason to divulge sensitive information. A classic example would be a site that congratulates the victims for having won $1,000 and prompts them to fill out a form that asks for a credit card and Social Security number.

    Such information can be used to perpetrate monetary and identity fraud. Grayson Milbourne of Webroot, also explained that spearphishing is becoming increasingly common, a practice that uses the same basic idea but targets users through their individual interests.
  6. Fake Facebook
    A common form of phishing is the fake Facebook scam. The scammers direct users via some sort of clickable enticement, to a spurious Facebook log-in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected in a database, which the scammer often will sell.

    Once scammers have purchased a user’s information, they can take advantage of their assumed identity through apps like Facebook Marketplace and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalize on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise.
  7. Affinity Fraud
    In cases of affinity fraud, con artists assume the identity of individuals in order to earn the trust of those close to them. The criminal then exploits this trust by stealing money or information. Facebook facilitates this type of fraud because people on the site often end up having a number of “friends” they actually do not know personally and yet implicitly trust by dint of their Facebook connection.

    Criminals can infiltrate a person’s group of friends and then offer someone deals or investments that are part of a scheme. People can also assume an identity by infiltrating a person’s account and asking friends for money or sensitive information like a Social Security or credit card number.
  8. Mining Unprotected Info
    Few sites provide an easier source of basic personal information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information is often used as passwords or as answers to secret security questions.

    While the majority of unprotected information is mined for targeted advertising, it can be a means to more pernicious ends such as profile cloning and, ultimately, identity theft.
  9. Spam
    Not all spam — the mass sending of advertisements to users’ personal accounts — is against the law. However, the existence of Facebook and other social sites has allowed for a new kind of spam called clickjacking. The process of clickjacking, which is illegal, involves the hacking of a personal account using an advertisement for a viral video or article.

    Once the user clicks on this, the program sends an advertisement to the person’s friends through their account without their knowledge. This has become such an issue for the social media giant that earlier this year that the company has teamed up with the U.S. Attorney General to try to combat the issue.

Saturday, May 19, 2012

The evolving role of the CISO

New study by IBM
A study by IBM’s Center for Applied Insights concludes that there are now three ‘types’ of CISO: influencers, protectors and responders. Evolution towards the ‘influencer’ role is necessary, and happening.
Security is now seen as a vital aspect of business, and the role and influence of the chief information security officer is correspondingly rising, concludes Finding a strategic voice, a new study from IBM.

The primary driver, suggests IBM, is that security is now recognised as a business rather than just a technology imperative. “In today’s hyper-connected world,” states the report, “information security is expanding beyond its technical silo into a strategic, enterprise-wide priority,” driven by the increasing number of high profile attacks.

The result is that while “many organizations remain in crisis response mode, some have moved beyond a reactive stance and are taking steps to reduce future risk.” Key to this is that business is beginning to understand what security experts have been saying for years: security is not a thing or a product that can be bought and installed – it is a continuous process at the heart of the business itself.
“The Influencers have the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. These leaders understand the need for more pervasive risk awareness.” Influencers have a strategic role on business security. “Responders,” says the report, “are more tactically oriented.
They are concentrating on foundational building blocks: incorporating new security technology to close security gaps, redesigning business processes and hiring new staff. While technology and business processes are still important to Influencers, they are in the mode of continuously innovating and improving rather than establishing basic capabilities.”

In reality, the clear implication here is that business either needs both an influencer and a responder, or that the influencer needs also to be a responder: strategy needs implementation tactics. But what of the protectors? This is the traditional view of security. Almost half of the report’s respondents take this role, a role that is likely to be the most prevalent in smaller companies.
“These security leaders,” says IBM, “recognize the importance of information security as a strategic priority. However, they lack important measurement insight and the necessary budget authority to fully transform their enterprises’ security approach.” “This data painted a profile of a new class of CISO leaders who are developing a strategic voice, and paving the way to a more proactive and integrated stance on information security,” said David Jarvis, IBM’s author of the report.
“We see the path of the CISO is now maturing in a similar pattern to the CFO from the 1970s, the CIO from the 1980s – from a technical one to a strategic business enabler. This demonstrates how integral IT security has become to organizations.”
In short, this IBM study demonstrates that security and the role of the CISO is evolving from a reactive stance to a proactive stance, both within security itself and the wider business – but there is still a long way to go from protector to influencer.

To read further please refer here.

Thursday, May 17, 2012

NIST Drafting New Guidance to Mitigate Supply Chain Risk

10 Practices to Secure the Supply Chain 

Guidance that identifies 10 overarching practices to mitigate supply chain risks is being developed by the National Institute of Standards and Technology. Supply chain risks can occur when organizations purchase and implement information and communications technology products and services. 
"Supply chain risk is significant and growing," says Jon Boyens, a NIST senior advisor for information security who's co-authoring the new guidance, NIST Interagency Report 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems.
This is the second draft of IR 7622. In the latest version, NIST computer scientists pared to 10 from the 21 prescriptive practices to blunt supply chain risks described in the initial draft. They are:

  1. Uniquely identify supply chain elements, processes and actors;
  2. Limit access and exposure within the supply chain;
  3. Create and maintain the provenance of elements, processes, tools and data;
  4. Share information within strict limits;
  5. Perform supply chain risk management awareness and training;
  6. Use defensive design for systems, elements and processes;
  7. Perform continuous integrator review;
  8. Strengthen delivery mechanisms;
  9. Assure sustainment activities and processes; and
  10. Manage disposal and final disposition activities throughout the system or element life cycle.

Supply chain risk management, as described in the guidance, is a multidisciplinary practice with a number of interconnected enterprise processes that, when performed correctly, will help departments and agencies manage the risk of using information and communication technology products and services.

The publication calls for procurement organizations to establish a coordinated team approach to assess the supply chain risk and to manage this risk by using technical and programmatic mitigation techniques. Improving the supply chain is part of the federal government's Comprehensive National Cybersecurity Initiative, which states that managing risk requires a greater awareness of the threats, vulnerabilities and consequences associated with acquisition decisions.
"The growing sophistication of technology and increasing speed and scale of a complex, distributed global supply chain leave government agencies without a comprehensive way of managing or understanding the processes from design to disposal, and that increases the risk of exploitation through a variety of means including counterfeit materials, malicious software or untrustworthy products," according to a NIST statement that accompanied the latest draft. 
NIST is basing IR 7622 on security practices and procedures it published along with those from the National Defense University and the National Defense Industrial Association. NIST is expanding the guidance to meet specific demands of the supply chain. Before issuing the final guidance later this year, the authors of IR 7622 seek comments on the document, including prioritizing the supply chain risk management components.

To help understand how the proposed process works, the authors want reviewers to consider how the practices could be applied to recent and upcoming procurement activities and provide comments on the practicality, feasibility, cost, challenges and successes. Comments should be sent to by May 25.

Tuesday, May 15, 2012

Top 15 Paying IT Certifications According to Global Knowledge Training

Certifications are good for marketing and a necessary evil, but certainly not the be all/end all!

Global Knowledge Training LLC published a white paper outlining the top 15 paying IT certifications for 2012 based upon a survey they conduct annually. In the white paper, they don’t specify how they selected their sample for the survey; however they do maintain that the certifications and associated salaries were included only if there were at least 200 responses for that particular certification in the survey.

As such (and as the author points out), some certifications that do not have a large population in the work force (or that are more exclusive) may be inadvertently – and obviously – missing from this list (e.g., CCIE, VCDX, or OCSP).

Here are the results from the survey:

PMP - Project Management Professional $111,209
CISSP – Certified Information System Security Professional $110,342
CCDA – Cisco Certified Design Associate $101,915
ITIL v3 Foundation $97,691
MCSE – Microsoft Certified Systems Engineer $91,650
VCP – Vmware Certified Professional $91,648
CCNP – Cisco Certified Network Professional $90,457
CompTIA Server+ $84,997
MCITP – Microsoft Certified IT Professional $84,330
CCNA – Cisco Certified Network Associate $82,923
MCSA – Microsoft Certified Systems Administrator $82,923
CompTIA Security+ $80,066
MCP – Microsoft Certified Professional $79,363
CCENT – Cisco Certified Entry Network Technician $74,764
CompTIA Network+ $71,207

These results are based on US job market but you can use these figures as a benchmark or if you already have above certification, you can campre your salary with the US market. is a free online tool built to help certified professionals manage and track their continuing education. Sign up for a free account now.

Sunday, May 13, 2012

Basic checklist for Remove Access Security

The Remote Access Security Checklist

The checklist of must-haves for any remote access policy.

Remote Access Policy Security Checklist

Antivirus software with real-time protection enabled - Make sure company-approved antivirus software is included on all remote access devices and set to update regularly.

Required personal firewall - In addition to antivirus software, a personal firewall should be configured and enabled on all remote devices. If a threat is detected all communications should be blocked.

Defined operating systems - Only allowed operating systems should be able to connect to the corporate network. If your company only uses and supports Windows computers, you should disallow *nix, Macs, etc.

Time out periods – Should be defined and set to when there is no activity on the computer. If there is no activity for 30 minutes for example, enforce a policy so the connection terminates. Be careful to test and make sure a download or upload triggers activity.

Targeted access to systems while on VPN - Only allow access to necessary internal resources. If a department only accesses one application on your internal network only provide them with access to that application.

Non-Disclosure Agreement - Vendors, third party companies, and even employees should sign an NDA in order to gain remote access. This will help protect any confidential information.

Friday, May 11, 2012

Whitepaper: HMI/SCADA System Security Gaps

Understanding and Minimizing Your HMI/SCADA System Security Gaps

Being at the heart of an operation’s data visualization, control and reporting for operational improvements, HMI/SCADA systems have received a great deal of attention, especially due to various cyber threats and other media-fueled vulnerabilities.

The focus on HMI/SCADA security has grown exponentially in the last decade, and as a result, users of HMI/SCADA systems across the globe are increasingly taking steps to protect this key element of their operations. The HMI/SCADA market has been evolving over the last 20 years with functionality, scalability and interoperability at the forefront.

For example, HMI/SCADA software has evolved from being a programming package that enables quick development of an application to visualize data within a programmable logic controller (PLC) to being a development suite of products that delivers powerful 3-D visualizations, intelligent control capabilities, data recording functions, and networkability. With HMI/SCADA systems advancing technologically and implementations becoming increasingly complex, some industry standards have emerged with the goal of improving security. However, part of the challenge is knowing where to start in securing the entire system.

The purpose of this paper is to explain where vulnerabilities within a HMI/SCADA system may lie, describe how the inherent security of system designs minimize some risks, outline some proactive steps businesses can take, and highlight several software capabilities that companies can leverage to further enhance their security.

Refer here to download this website. (Registration Required)

Wednesday, May 9, 2012

Top 20 Critical Security Controls

Twenty Critical Security Controls for Effective Cyber Defense

The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.

With the change in FISMA reporting implemented on June 1, the 20 Critical Controls become the centerpiece of effective security programs across government These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact.

These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.

The automation of these Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 94% reduction in “measured” security risk through the rigorous automation and measurement of the Top 20 Controls.

  1. Inventory of Authorized and Unauthorized DevicesCritical Control
  2. Inventory of Authorized and Unauthorized SoftwareCritical Control
  3. Secure Configurations for Hardware and Software on Laptops, Workstations, and ServersCritical Control
  4. Continuous Vulnerability Assessment and RemediationCritical Control
  5. Malware DefensesCritical Control
  6. Application Software SecurityCritical Control
  7. Wireless Device ControlCritical Control
  8. Data Recovery CapabilityCritical Control
  9. Security Skills Assessment and Appropriate Training to Fill GapsCritical Control
  10. Secure Configurations for Network Devices such as Firewalls, Routers, and SwitchesCritical Control
  11. Limitation and Control of Network Ports, Protocols, and ServicesCritical Control
  12. Controlled Use of Administrative PrivilegesCritical Control
  13. Boundary DefenseCritical Control
  14. Maintenance, Monitoring, and Analysis of Security Audit LogsCritical Control
  15. Controlled Access Based on the Need to KnowCritical Control
  16. Account Monitoring and ControlCritical Control
  17. Data Loss PreventionCritical Control
  18. Incident Response CapabilityCritical Control
  19. Secure Network EngineeringCritical Control
  20. Penetration Tests and Red Team Exercises


Monday, May 7, 2012

New Study Shows Internet Vulnerabilities Drop, Yet Risks Rise

Symantec 2011 Security Trends: Beware Insider Threats

There's some good news on the cybersecurity front, for a change: The number of Internet vulnerabilities identified by Symantec dropped 20 percent last year, according to the security technology company's just-released annual Internet Security Threat Report.

The tone of the rest of the report, however, isn't so optimistic. In fact, it's downright gloomy, as the company cautioned the IT security community about an 81 percent uptick in malicious attacks and the expectation of more to come in 2012.

IT managers jittery about defending their organizations' information systems should look over their shoulders from time to time. The insider, as we've been told time and time again, remains - and is likely to continue to be - one of the biggest threats.
"While external threats will continue to multiply, the insider threat will also create headlines, as employees act intentionally - and unintentionally - to leak or steal valuable data," Symantec notes.
Why? Because we're not doing enough to educate employees and customers about security and risk. Symantec's Global Intelligence Network monitors hacking and Internet attacks in more than 200 countries and territories. It also maintains a database that holds almost 48,000 recorded vulnerabilities from nearly 16,000 global vendors.

So, Symantec's analysis is one of the best available, at least where Internet security threats and trends are concerned. The actual number of Internet vulnerabilities identified by Symantec dropped 20 percent from 2010, and Symantec, for its part, blocked more than 5.5 billion malicious attacks in 2011 -- 81 percent more than it blocked the previous year.

Hacking exposed more than 187.2 million identities last year, Symantec found. But the root of most data breaches is not linked to hacks; it's linked to old-fashioned theft and/or sloppy security, such as through the loss of a laptop.

Symantec does offer advice, such as keeping antivirus software up-to-date and enforcing effective password policies. All important, but without the education piece, we won't have a fighting chance.

Refer here to download the report.

Saturday, May 5, 2012

VIDEO: 36 websites selling credit card details shut down

Cybercrime is big business these days, in fact it's an industry

Authorities are taking action against those who are turning cybercrime into such a significant underground industry.

So it's not a surprise to find that criminals are embracing ecommerce. Sophos advised that users will be surprised to discover just how professional and legitimate criminal websites can appear.

The UK's Serious Organised Crime Agency (SOCA), working alongside the FBI and the US Department of Justice, has announced that it has seized the domain names of 36 websites used to sell stolen credit card information.

For instance, watch the following video to see footage of a website that was selling stolen credit card details.

Thursday, May 3, 2012

FBI Advises Internet Users To Test For DNSChanger

Remember to Check for Malware

The FBI is providing greater urgency for computer users to monitor their systems for malware. By July 9, victims of the malware DNSChanger may lose access to the Internet.

Is yours one of the estimated half a million computers infected? Be sure to check by July 9, the date the FBI says victims may lose Internet access. Here are tips from the FBI on how to test your system for the malware.