admin

CyberMonday, November 28, 2011 – Be Prepared

/0 Comments/in /by

The weekend after Thanksgiving marks the massive start of the holiday shopping season. However, it has also become the time when hackers come out to play, creating mischief and mayhem for unsuspecting computer users and online shoppers.

The term “Cyber Monday” refers to the Monday immediately following Black Friday, the ceremonial kick-off of the holiday online shopping season in the United States between Thanksgiving Day and Christmas. Whereas Black Friday is associated with traditional brick-and-mortar stores, “Cyber Monday” symbolizes a busy day for online retailers.

The premise was that consumers would return to their offices after the Black Friday weekend, making purchases online that they were not able to make in stores. Although that idea has not survived the test of time, Cyber Monday has evolved into a significant marketing event, sponsored by the National Retail Federation’s Shop.org division, in which online retailers offer low prices and promotions.

This year “Cyber Monday” will fall on November 28, 2011 and here are 3 safety tips to help you stay safe:

1. Know the website you are purchasing from. Many users will conduct a search for a product, and may end up on shady looking sites. Try to stick with the notable names. A good way to check up on a merchant is to get information through the Better Business Bureau or through comparison shopping sites such as buysafeshopping.com.

2. Make sure your system is online ready by having the latest updated anti-virus, anti-malware installed on your PC. In addition, make sure your firewall is on too.

3. Try to shop at home on your personal computer. Shopping on computers shared by other or a public system may have malicious software to monitor your input.

admin

“Guy Fawkes Virus” May Be The Cause for Offensive Facebook Images

/2 Comments/in /by

On Sunday, I logged onto Facebook to update my status.  In my attempt to do so, I noticed a high amount of pornographic and vile images that appeared as updated news feed on my “friends” pages.  It was a surprise since many of my Facebook “friends” are responsible individuals.

Twenty-Fours hours later, the problem continues to be an issue for Facebook users as they have gone to Twitter and Google+ to complain about the embarrassment and frustration of these images being posted under their profile.  It seems Facebook is still having problems rectifying the matter and we have not seen much on the Facebook security page to update users on the matter.

In an article I wrote back on September 9th of this year on Politic365.com, The Department of Homeland Security stated Anonymous will attempt to initiate an attack on Facebook titled “Operation Facebook” on November 11 in protest of the social media company’s alleged privacy violations.

The hacker group stated, “Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world”.

Many security experts feel this is in response to the threat.

The attack is exploiting the new photo-enhanced layout of the website, which now places full images in the newsfeed of users when a friend comments on a photograph, even if it is to detail their distaste or disgust, it forces the photograph onto the news feeds.

SecurityOrb.com concern resides on what effect these images will have on children who are participating on Facebook.  The policy to open a Facebook account  is a user must be 13 years old or older, but we all know there are children on facebook that are younger than 13 years of age.

Until Facebook is able to manage the problem correctly, parents are being advised to keep their kids off Facebook or to monitor their usage.

 

SecurityOrb_Staff

CISO Summit – The Platform to Congregate, Connect and Interact

/0 Comments/in /by

CISO Summit

Event Details
Dates
Dec 5 – 6, 2011
Venue
The M Resort Spa Casino Las Vegas
*Special Offer: CISO Summit attendees enjoy a special room rate of just $110 per night (excl taxes)

Register Now

About EC-Council
CISO SummitThe CISO Executive Summit is a place to network with top security executives and develop the support that CISOs need to design, develop and manage the most effective information security strategy for their organization. The CISO Executive Summit will also give you the opportunity to gather insight and advice on how to solidify your place as an indispensible member of the organization’s executive team. The CISO Summit is a panel discussion based event (16 panels), and due to the nature of the discussions that will take place, it is a closed-door event open only to senior information security executives (C-levels, VPs, Senior Directors, etc.).

Connect with us

LinkedIn Facebook Twitter

For more information about the EC-Council CISO Summit,  please visit http://www.eccouncil.org/cisosummit

or email
leonard@eccouncil.org

 Is Your Organization Ready for the Threats & Challenges Ahead?
Stay ahead of attackers. Arrive with questions and concerns and leave armed with innovative ideas, out of the box solutions and a group of new industry colleagues.The EC-Council CISO Executive Summit provides a much-needed platform for IS leaders to discuss the challenges the industry is facing and develop guidance for information security executive leaders to develop a new way of thinking to ensure your success in protecting organizations.The goal of the CISO Executive Summit is to provide CISOs the opportunity to share best practices and knowledge to overcome the challenges that our industry presents today so that you are prepared to defend tomorrow.CONGREGATE | CONNECT | INTERACTThis inaugural event is designed to be wholly panel discussions based, so as to allow for more interactivity, and enhanced networking opportunities among like minded professionals – something senior executives like you will definitely find value.“Knowledge has to be improved, challenged, and increased constantly, or it vanishes.” – Peter Drucker

The CISO Executive Summit will be your forum to explore IT security, privacy and risk and compliance issues such as:

  • Embracing the Cloud & Mitigating Surrounding Threats
  • Structuring and Managing your Infosec Workforce
  • Achieving PCI DSS Compliance in the Cloud
  • Implementing a High-Performing Information Security Program
  • Best Practices of Information Security Operations and Maintenance
  • >Monitoring and Evaluating of your IT security policies
  • Dealing with New and Emerging Technologies and Processes
  • Managing Insider Threats
  • Preparing for Future Challenges
  • Factors with Greatest Impact on the Information Security Profession
  • Key performance index of a Information Security Program
Due to the nature of the discussions that will take place, this will be a closed door event and only senior information security executives are invited to participate in this exclusive event. Upon registration, and if you qualify, we will be sending you a separate mailer containing more information and registration instructions.*Registration Fee (UP: $999) will be waived for all qualified attendees.
Register Now
EC-Council CISO Summit 2011 | EC-Council | 6330 Riverside Plaza Ln NW Suite 210, Albuquerque, NM, USA 8712Copyright © 2011 EC-Council
Privacy Statement

 

 

SecurityOrb_Staff

Security News: US report blasts China, Russia for cybercrime; Duqu Malware: Still No Patch; MIT server hijacked in drive-by download campaign

/0 Comments/in /by

US report blasts China, Russia for cybercrime

By LOLITA C. BALDOR, Associated Press – 4 hours ago

WASHINGTON (AP) — Cyberattacks by Chinese and Russian intelligence services, as well corporate hackers in those countries, have swallowed up large amounts of high-tech American research and development data, and that stolen information has helped build their economies, U.S. intelligence agencies have concluded.

Source: USAToday

 

Duqu Malware: Still No Patch

Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.
By Mathew J. Schwartz InformationWeek
November 02, 2011 11:30 AM

The recently discovered Duqu malware can exploit a zero-day Windows kernel vulnerability, which would help it to infect PCs and spread without being detected.

That revelation came after researchers at CrySyS Lab at the Budapest University of Technology and Economics managed to recover a dropper file, aka installer, for Duqu. Droppers are typically the first malicious files to infect a computer, and then they download and install further malicious files onto the computer.

Source: InformationWeek.com

 

MIT server hijacked in drive-by download campaign

Hackers used the MIT server to compromise other websites

A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender.

“One MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites,” the BitDefender researchers who spotted the attack said in a blog.

Source: InfoWorld.com

 

admin

USAJobs.gov 3.0 Not Off to a Good Start – Availabilty Issues

/0 Comments/in /by

On October 11, the Office of Personnel Management (OPM) unveiled its much-anticipated and newly designed USAJobs.gov 3.0 federal job search website which had been in development for over a year.  The new launching of the website has been introduced with many negative complaints from frustrated users.

Many of the issues with the site stems from users struggling to navigate the redesigned job search website to the numerous error messages, data disappearing from one page to the next as well as the underdeveloped search features.

Penny Mayo stated, “The so called new USA Jobs site is absolutely terrible.” While Bobby Nathan Jr. expressed, “The “Search Jobs” feature needs to add ability to search by the “Jobs Category”. This would allow me to search, for example, Accounting and Financial jobs as a group”

USAJobs.gov was previously operated and hosted by Monster.com, but now OPM has taken over the operation and hosting functions on their own servers.

In fact, the OPM has had its fair share of issues with its website this year.  In August of 2011, more than 70,000 federal job applications were lost or partially lost during an outage to update an application support system connected to USAJobs.gov site.  In total, more than 54 agencies had to be notified to implement contingencies due to the lost applications.

Dan Thibodeau, OPM’s Web Manager posted on the USAJobs Facebook page, “We are still working on the error messages that some of you are getting, and we won’t stop working until it’s corrected!”.

You can view or express your feeling about the new website on OPM’s Facebook page.

SecurityOrb_Staff

Keynote Announced: Cybersecurity Initiatives and Policies

/0 Comments/in , /by
Keynote Speaker Announced

Register today for this FREE solutions seminar to discuss cybersecurity policy developments, the latest technology initiatives and best practices for managing access to electronic information.

Keynote Session: Cyber Security Initiatives and Policy – Now and Beyond 2012
Jeremy Grant
Senior Executive Advisor for Identity Management, National Institute of Standards and Technology

Mr. Grant has a deep understanding of identity and cybersecurity issues, having served in a range of leadership positions spanning government and industry.

In his keynote address he will discuss how the National Strategy for Trusted Identities in Cyberspace (NSTIC) encourages the private-sector development and public adoption of online user authentication systems — register now.

REGISTER

Registration is free but seating is limited.

REGISTER

Event Details

When:
November 17, 2011

Time:
7:30 – 11:45 am

Location:
The Willard Hotel
1401 Pennsylvania Ave.
Washington, DC 20004

> Visit the Event Website

Who Should Attend?

  • CIOs
  • CISOs
  • Inspectors general
  • ICAM advisors
  • Cybersecurity strategists
Presented By:
Federal Computer Week
Sponsored By:
Experian