Endpoint Security News

Disaster recovery measures 'should be implemented swiftly'

Thu, 30 Jun 2011 13:48:52 GMT

Businesses should make sure that they have adequate disaster recovery solutions in place to protect against severe data loss, one technology expert has advised.

Kenneth Hess, a full-time Windows and Linux system administrator, has pointed out that "agility is important", in that companies should get procedures activated as soon as possible.

He explained that one system that could help implement this is cloud services, as it presents a method at a much smaller price than trying to create individual measures.

Mr Hess, who has experience in MAC, UNIX and Windows systems for over 15 years, noted: "It wasn't raining when Noah built the Ark and if you wait until you need a disaster recovery solution, it's too late to build that recovery Ark."

In other file security advice, David Ladd, principal group program manager, security engineering strategy, SDL evolution at Microsoft, has recommended that companies "take a trusted stack approach to security" to protect their data from cyber criminals.

Data security attacks 'wane public's trust in digital portals'

Thu, 30 Jun 2011 13:47:52 GMT

The reports of multiple successful data security hacks over the past few months have put a dent into how much people trust digital services now.

MCV conducted a study which has shown that 34 per cent of individuals now doubt the ability of companies to protect personal information.

A further fifth of respondents have admitted that they now have no trust in download portals any more.

In fact, just 46 per cent of people say that they currently fully trust businesses operating digital services.

Such attacks on Sony's PlayStation Network, Nintendo, AT&T and Citibank have also led to a third of concerned consumers deleting their online accounts.

One of the main groups to claim involvement about data loss breaches, LulzSec, has recently declared their retirement.

However, Rob Enderle, founder and principal analyst at the Enderle Group, told V3.co.uk that the group might only be the "canary in the coal mine", with further hacking activity very possible in the future.

Apple iOS more secure than Google Android?

Wed, 29 Jun 2011 13:45:50 GMT

Apple's operating system could provide people with more file security than Google's alternative portal, if new research is anything to go by.

In a study conducted by Symantec, it was found that the Apple iOS proved more resistant to three out of five threats than what Android provided.

Incidents which the iOS was able to withstand with positive results included issues of data loss and malware.

Meanwhile, the other two threats, social engineering attacks and web-based attacks, provided equal results between Google Android and Apple's iOS.

Commenting on the findings, Symantec noted that Google "does not appear to perform a rigorous security analysis" on some of its marketplace apps.

"This means that malware authors can distribute their apps through this distribution channel with less likelihood of being discovered," the firm added.

Such research reflects the calls of Con Mallon, director of regional product marketing at Norton, that people need to be further educated about security on mobile devices.

LulzSec's retirement 'was inevitable'

Wed, 29 Jun 2011 13:44:00 GMT

The announcement of the disbandment of LulzSec has not come as much of a surprise to one data security expert.

Rob Rachwald, director of security strategy at Imperva, believes that two of the reasons why the decision could have been predicted beforehand were that its members had been under pressure and in threat of arrest.

As a result of this, he acknowledged that the retirement of the infamous hacking group was "inevitable".

"During this week, they tried to cover their tracks in order to avoid arrest by: Regrouping with Anonymous; creating the 'antisec' operation; falsely claiming the UK census was hacked as a red herring," Mr Rachwald added.

The net has apparently been quickly closing around LulzSec recently, with an anonymous post on Pastebin claiming to have named four of the six members of the group.

Meanwhile, Essex-based Ryan Cleary was given bail earlier this week, after an arrest was made under the suspicion that he is part of the hacking team.

Fight against data loss 'with a digital password wallet'

Tue, 28 Jun 2011 14:09:59 GMT

Businesses have been told that one way to protect themselves from data loss is to obtain a digital password wallet.

This is the advice of Thomas Kristensen, chief security officer of Secunia, who acknowledged that such a product will be able to securely keep all passwords used on websites.

As a result, people will be able to use different code words for every website without the need to reduplicate or forget one.

Mr Kristensen noted that using the same password across the internet "is just the worst thing you can do" when it comes to data security.

He explained: "There's the risk that [websites will] lose your account, and once your password is out there and associated with your email address, you probably won't know it's been stolen until they've heisted something."

Meanwhile, Con Mallon, director of regional product marketing at Norton, has pointed out that another area that people need educating in is cyber attacks on mobile devices, as the issue is becoming more common.

LulzSec has acted as 'the canary in the coal mine'

Tue, 28 Jun 2011 14:06:51 GMT

Despite announcing its 'retirement' recently, the effects that LulzSec had on data security procedures could be felt for a long time to come.

In fact, Rob Enderle, founder and principal analyst at the Enderle Group, has gone far enough to warn V3.co.uk readers that the actions of the infamous hacking group could act as the "canary in the coal mine".

"I think it woke up an awful lot of folk and put them on notice. They showed that it was easy to penetrate these companies that were not as secure as everyone thought," Mr Enderle added.

Johnnie Konstantas, director of cloud security marketing at Juniper Networks, shared his own thoughts on the legacy of LulzSec, believing that it has been successful in "putting firms on notice" where data loss is concerned.

The hacking group called it a day after 50 days of obtaining personal information from such organisations as Nintendo, EA, and the Brazilian government.

LulzSec announces its 'retirement' from data security attacks

Mon, 27 Jun 2011 16:51:43 GMT

Companies who have been enhancing their file security programs may be pleased to hear the news that LulzSec is calling it a day.

In a statement by the infamous hacking group, it was revealed that the organisation's "50 day cruise has expired" but hopes to have left an impact.

"For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could," the statement added.

However, LulzSec completed its 'retirement' with a series of data security breaches, which included information regarding AT&T and IP addresses of the likes of Sony, Disney and NBC Universal.

A raft of personal data from organisations including hackforums.net, EA's game Battlefield Heroes and NATO online bookshop were also released.

LulzSec has been linked to a number of other major breaches recently, including Brazilian government websites, and the videogame pairing of Nintendo and Bethesda.

Brits need 'educating on mobile data security threats'

Mon, 27 Jun 2011 16:49:24 GMT

Those concerned about data loss have been warned that they should take more care when using online features on mobile devices.

Con Mallon, director of regional product marketing at Norton, pointed out that there are already signs of enablers and drivers on platforms related to cyber attacks.

Despite noting that they had only being 163 mobile-related vulnerabilities identified last year, he acknowledged that there is beginning to be more need to teach people of mobile data security issues.

"Really just trying to get the public more involved, more attuned, more knowledgeable about the requirement to basically start to take security seriously on their smartphones and on tablets," Mr Mallon advised.

His recommendations come soon after Juniper Research found that third-party security programs were only present on around one in 20 smartphones and tablets.

This is despite the cases of data loss and theft, as well as viruses and malware, rising on such mobile devices.

Data security breaches 'affected 90% of businesses last year'

Fri, 24 Jun 2011 16:58:44 GMT

The majority of companies surveyed in a new study by Ponemon Research Institute have been caught up in a data security attack.

According to the statistics released by the analyst firm, upwards of 90 per cent of businesses have been affected by at least one online breach in the past year.

The attacks do not seem to be central to just one country though, as the study was conducted with companies operating in the US, UK, France and Germany.

Furthermore, just under two-thirds have admitted that they have suffered from at least two breaches over the same time period.

Dr Larry Ponemon, chairman of the Ponemon Institute, commented: "Our survey research provides evidence that many organisations are ill-equipped to prevent cyber attacks against networks and enterprise systems."

The video game industry has proved to be a particularly popular target for cyber criminals, with Sony, Nintendo, Epic Games, Codemasters and Square Enix among those reporting breaches to security recently.

Protect email security 'by ignoring phishing messages'

Fri, 24 Jun 2011 16:57:44 GMT

Businesses which have expressed fears about their email security have been advised of ways to avoid being caught up in phishing scams.

Tony Neate, managing director of Get Safe Online, has pointed out that one of the biggest issues relating to emails that could have malicious intent is replying to them.

This is because a response shows to those sending out a phishing attack that there is a 'live' user on the other end of the email address.

"If you reply, they know they've got someone and a dialogue can start," Mr Neate warned to those trying to enhance their data security programs.

However, by pinpointing an email as part of a phishing scam and not replying, senders will likely believe that there is no-one at the other end of an address, the expert noted.

"Be aware of what the current scams are out there and be aware that criminals are using this method to obtain financial information and money," Mr Neate added.

Recently, a blog post by the senior technology consultant at Sophos, Graham Cluley, has warned of a particular phishing email currently travelling around Microsoft Outlook.

Staples Business Depot hit by data security breach

Thu, 23 Jun 2011 15:13:40 GMT

Office supplies company Staples Business Depot has put the file security of its customers at risk by breaching the privacy law of Canada.

The firm has been found to have attempted to resell laptops and storage devices that were returned by individuals before fully wiping the products clean of past data.

Such a procedure was highlighted in an audit by the office of Privacy Commissioner Jennifer Stoddart, which was delivered to Canada's parliament in compliance with the country's Personal Information Protection and Electronic Documents Act this week.

Of the 149 devices set to be resold that were tested, 54 of them were found to still contain such personal information as academic transcripts, social insurance numbers, tax records and banking data.

In a summary of the audit, it was noted: "The position of our office is that if Staples is unable to remove all customer data from a particular manufacturer's device, it is unacceptable to resell that device."

Meanwhile, the NHS has been caught up in its own data security incident, after 12 laptops have gone missing from one of its buildings in Camden, London.

Think about data security when on the cloud

Thu, 23 Jun 2011 15:11:54 GMT

Business owners have been told to take care when considering data security procedures on cloud computer systems.

Alex Teh, the commercial director of Vigil Software, noted that determining who is accessing the cloud can be "tricky" to administer.

To do so, companies need to clarify just who is dipping into such applications and what they are actually doing there.

However, he pointed out that businesses should not be put off about cloud computer technology because of the need to carry out such practices.

Mr Teh said: "It provides small organisations, or large organisations, with the ability to deliver applications without investing in the infrastructure required to do it."

His comments follow a Dell study, which found that 57 per cent of IT professionals were deterred from cloud computing because of data security worries.

In fact, over half of those who took part in the survey felt that their business leaders shared the same opinion.

PSN breach 'has made Sony more vigilant'

Wed, 22 Jun 2011 16:24:10 GMT

Following the widely-reported file security breach of the PlayStation Network (PSN), Sony has now adopted enhanced "hyper vigilance" on the portal.

The Japanese gaming giant's online system was brought to its knees in April, following an attack that saw over 70 million accounts possibly compromised.

Andrew House, the boss of Sony Europe, has told Computer and Video Games that he is "genuinely humbled and extremely grateful" that many gamers have "continued to put their trust" in the company.

"That's a responsibility we now take even more seriously … We'll try our absolute best to try and make our system as secure as we possibly can," he added.

Data loss incidents have continued to plague the video game industry since the PSN's problem first occurred.

Some of the established developers in the sector targeted by cyber criminals have included Gears Of War creator Epic Games, developer and publisher Codemasters, and the long-time gaming duo of Nintendo and Sega.

Brazilian government hit by data security breaches?

Wed, 22 Jun 2011 16:22:29 GMT

Lulz Sec may have turned its attention to data security systems across Brazil, if new claims are to be believed.

The infamous hacking group has acknowledged on its Twitter page of supposed successful attacks on a couple of Latin American government websites.

News of the breaches first came to light when LulzSecBrazil noted on the social networking portal: "TANGO DOWN brasil.gov.br & presidencia.gov.br".

The main Lulz Sec page then picked up on the file security attacks by posting the message: "Our Brazilian unit is making progress. Well done @LulzSecBrazil, brothers!"

Breaches are believed to have affected both the online sites of the Brazilian government and the President's Office.

Meanwhile, Ryan Cleary is still being held by police in connection with allegedly having a major role to play at Lulz Sec.

The 19 year old was detained yesterday (June 21st) at his Essex family home, following a joint investigation by Scotland Yard and the FBI.

Sky News reported that Mr Cleary could face extradition to the US if claims that he is linked to the hacking group are found to be true.

Anonymous and Lulz Security team up for new campaign

Tue, 21 Jun 2011 14:06:28 GMT

Businesses that are worried about experiencing data loss incidents may be fearful to hear of a new partnership between two high-profile hacking groups.

Infamous hackers Lulz Security and Anonymous have teamed up to announce the launch of Operation Anti-Security, which has plans to target government organisations and banks.

Within the scheme, the groups are calling for cyber criminals worldwide to help with the cause by aiming their attacks at sources which "continue to dominate and control our internet ocean".

Lulz Security commented in a post to pastebin.com: "We encourage any vessel, large or small, to open fire on any government or agency that crosses their path."

This particular hacking group has been linked to breaches at video game developers Bethesda and Nintendo recently, while Anonymous has become known for its past support of Wikileaks.

To protect a company's email security, Tony Neate, managing director of Get Safe Online, advised individuals to be more aware of targeted phishing attacks, which is commonly being referred to as 'spear phishing'.

Soca website hit by data security attack

Tue, 21 Jun 2011 14:05:04 GMT

A major UK national law enforcement unit has been forced to take its website offline following a data security breach.

The Serious Organised Crime Agency (Soca) is suspected to be the latest in a growing line of targets by infamous hacking group Lulz Security.

Its online portal was inaccessible late last night (June 20th) and was still unavailable in the early hours of today, though it was back in operation later in the morning.

Lulz Security took to Twitter to declare that it had indeed compromised operations at Soca, claiming: "Tango down – soca.gov.uk – in the name of #AntiSec."

A spokesman at Soca has said that the decision was taken to remove its website temporarily from the web so that it could "limit the impact" of the file security attack.

They explained: "The Soca website is a source of information for the general public which is hosted by an external provider. It is not linked to our operational material or the data we hold."

Meanwhile, Sky News reported today that a 19-year-old individual from Essex has been arrested in connection to Lulz Security breaches, under an operation by the FBI and Scotland Yard.

Sega Europe admits data security breach

Mon, 20 Jun 2011 15:01:19 GMT

Sega has joined the exhaustive list of video game companies being affected by data security hacks, though Microsoft has denied that its Xbox Live system has been targeted too.

Over the weekend, Sega Europe admitted that its Sega Pass System has been breached with an "unauthorised entry".

The attack has led to the details of over 1.29 million users being taken, which includes their names, email addresses, encrypted passwords and dates of birth.

However, the firm, which is most famous for having Sonic the Hedgehog as its loyal mascot, has assured that no financial data was obtained during the breach.

"After the unauthorised entry was identified, we immediately stopped the SEGA Pass service and took emergency action to prevent further damage. This action included immediately contacting all our registered SEGA Pass users," the publisher acknowledged.

Meanwhile, Microsoft has assured Xbox Live users that the online system has not being compromised, despite Lulz Security claiming to have published personal details and password data of thousands of customers.

Protect email security 'by being aware of phishing attacks'

Mon, 20 Jun 2011 15:00:18 GMT

Company owners who are worried about their email security have been warned about phishing attacks through the messaging portal.

Tony Neate, managing director of Get Safe Online, believes that one of the main concerns of the moment is that of targeted phishing attacks, also known as 'spear phishing'.

This issue sees cyber criminals going for an individual domain or business, meaning whole companies are under just as much of a threat as individuals.

Mr Neate added: "[Phishing attacks] can affect them just as much as they can affect an individual if people aren't aware that they are out and they receive a phishing email purporting to be an invoice."

Recently, British taxpayers were warned about fake phishing messages which could compromise email security if opened and actioned by people unaware of the scam.

HM Revenue and Customs has said that over 46,000 phishing emails have already being picked up and reported on by customers.

Enhance data security 'with penetration testing'

Fri, 17 Jun 2011 15:21:12 GMT

Businesses that have expressed fears over their file security procedures have been advised to do some penetration testing on systems of concern.

IT Governance Ltd gave the recommendation, noting that such a strategy is a sure-fire way to protect networks against attacks by the cyber criminal community.

The advice was shared following large-scale breaches which have caused a multitude of problems for such well-known organisations as Citigroup and Sony recently.

Alan Calder, the chief executive of IT Governance, has noted that "there shouldn't be anything complicated or mysterious about security assurance", which should encourage company owners to take measures to protect their personal information.

Data loss has been an issue for 77 per cent of businesses that were questioned as part of The Understanding Security Complexity in 21st Century IT Environments report.

The study, which was put together by Ponemon Institute and Check Point Software Technologies, found customer information to be the most compromised form of data.