Despite consorted efforts to detect and block one of the world’s most dangerous forms of malware, security experts predict the Conficker worm will continue to deactivate security defenses and wreck havoc on computer networks throughout 2010. That’s bad news for security professionals who are actively doing everything they can to protect their networks from more harmful botnets and malware. Continue reading this post…
Social network security key issue for business in 2010
There have been many cases of social networks overlapping security software this year. Whether they are using Twitter or Facebook for botnet control or propagating phishing links through shortened URLs, online criminals are finding ways to tap into the explosive growth of social networks and use that to exploit end users and their devices.
A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Continue reading this post…
A look at application whitelisting in control systems on Digital Bond
Jason Holcomb, from Digital Bond, recently attended a live implementation of CoreTrace’s award-winning BOUNCER application whitelisting product. He has a great post about his impressions on whitelisting in general, as well as his experience using BOUNCER on a control system server. His reaction?
“My overall impression: this is an elegant and effective solution to some of the security challenges we face with Windows servers and workstations in control systems.”
Jason hits on many of the reasons why application whitelisting has been so popular in the energy industry and why, more than ever, it is being used to protect critical SCADA and DCS systems as well as met NERC CIP requirements. Continue reading this post…
Patching and Signatures Can’t Keep Up With Today’s Threats
Last week Microsoft issued an advisory on a new vulnerability with the IIS FTP service. This vulnerability already has a published exploit and can result in allowing the attacker to execute unauthorized code on the target. Details of the vulnerability are available at the US-CERT website. If you have an anonymous account on your ftp server then you are especially at risk because no theft of credentials would be needed to execute this exploit.
To me the key to this issue is that a fix won’t be included in today’s Microsoft security patch release. There simply wasn’t enough time to identify, code and test the patch before it was released. Microsoft complained that the security researcher didn’t report the vulnerability responsibly. While this may be true, it certainly highlights the weakness of a desktop security plan that relies on patching and antivirus signatures. Continue reading this post…