Read more ....
Solutions : www.xcyss.in
Cyberspace has become all pervasive. Every facet of a modern life has elements of cyberspace embedded in it. Therefore securing the cyberspace has become a necessity, which can no more be wished away. This space collate the news and views affecting the security of our cyberspace.
Are you protecting yourself from getting hacked? Think you're not at risk? According to a recent Norton cybercrime report, 431 million adults in 24 countries experienced some type of cybercrime over the past year, which is up 3 percent from the 2010 study. (The top three cybercrimes, according to the study, are viruses or malware, online credit card fraud, and phishing - or e-mail scams.) In the United States, that comes to 141 victims per minute.
"Our study found over 41 percent of us don't have software security," said Helen Malani, Norton's consumer cybercrime expert. "There's a general apathy about it - a disconnect. Three times as many people have been the victim of online crimes, but yet they are more afraid that they will be robbed on the street."
According to the study, over the past year the United States' total bill for cybercrime topped $139 billion.
"We were astounded by the costs in terms of cash lost," Malani said. "The number came to more than $388 billion globally. That's more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously."
Men are more at risk than women, Malani said, because the adult sites they frequent are more susceptible to cybercrimes. (The Norton report says men are four times more likely than women to view adult content online, and they are twice as likely to visit gambling sites.) Another concern, she said, is the rise in cybercrimes from our mobile devices.
"Mobile crimes are up 10 percent globally," Malani said. "And if you are male, a millennial and mobile, you are the most at risk. Men spend more time online than women. They talk to more strangers online. They visit sites that are more risky, like gaming or adult sites. And the millennials use social networks more often so that is fertile ground for spreading malware."
Here are some of Malani's tips for protecting yourself from cybercrime.
Don't ignore software updates. "Many times the notice for an update will pop up on your computer screen, and people close it out and never go back to it," she said. "It won't take that long, and if you keep putting it off, you could be putting yourself at risk."
Don't share too much onTwitter or Facebook. "Don't say the names of your pets or your kids if those are what you use as your passwords," Malani said. "We do leave the breadcrumbs of information about us online without even thinking about it."
Get creative with your passwords and change them frequently. Instead of a dictionary word or a real name, Malani suggested using an acronym of a phrase; IL2G2S could stand for 'I love to go shopping', for example. And be sure to change the passwords often.
"Also, consider answering the security questions with fake answers," she said. "So instead of giving the real name of your pet or child, pick something that's totally false."
Get an app for your mobile device that protects your data. Malani said only 20 percent of those accessing the Internet from their mobile devices have installed the most up-to-date mobile security.
"There are apps that wipe out your personal data if your phone is lost, or can lock your phone remotely," she said. "Having these can definitely put your mind at ease if your phone is lost or stolen."
An Australian technologist has caused a global stir after discovering Facebook tracks the websites its users visit even when they are logged out of the social networking site.
Separately, Facebook's new Timeline feature, launched last week, has been inadvertently accessed by users early, revealing a feature that allows people to see who removed them from their friends' lists.
LOS ANGELES — An Arizona college student was arrested and charged Thursday in a breach of computers at Sony Pictures Entertainment early this summer where more than 37,000 customers had their information stolen.
An indictment unsealed in Los Angeles charged Cody Kretsinger, 23, of Tempe, Ariz., with one count each of conspiracy and unauthorized impairment of a protected computer. If convicted of both counts, he faces up to 15 years in prison.
It wasn’t immediately known if Kretsinger had retained an attorney.
Kretsinger appeared in a Phoenix federal courtroom Thursday afternoon where a judge restricted his travels to Arizona, California and Illinois, where he has family, before releasing him on his own recognizance. Kretsinger was ordered to use his computer only for schoolwork and told to appear in Los Angeles federal court Oct. 11 for a post-indictment arraignment.
Authorities say Sony Pictures computers were compromised in late May and early June by a group known as Lulz Security, whose members anonymously claimed responsibility. The organization had bragged of accessing more than 1 million accounts, but Sony, whose offices are in Culver City, Calif., later said about 37,500 users had personally identifiable information stolen.
Kretsinger is the first person arrested in the U.S. who is a current or former member of LulzSec, which has been linked to other hacking scandals involving various government and business entities across the world, authorities said.
Kretsinger, known by the moniker “recursion,” grabbed confidential information from Sony and passed it along to other members of LulzSec, who posted the stolen material on its website, according to the indictment.
Additional charges may be forthcoming because the indictment notes Kretsinger was aided by other known and unknown co-conspirators. The investigation is ongoing, said FBI spokeswoman Laura Eimiller. Parent company Sony Corp. has been dogged by personal data loss problems, including separate hacks that compromised the personal information of more than 100 million users earlier this year.
5:48 p.m. PDT, September 21, 2011Alec Fishburne works for a computer software company in downtown Seattle. He said when computer hackers got into the company’s system, his sense of security was shattered.
“We never really had any cause to be suspicious internally in our 20 year history,” said Fishburne. “It was a very disconcerting time.”
Fishburne’s company was one of 53 businesses around Puget Sound that were targeted by a group of hackers during the last two years. Hundreds of thousands of dollars were stolen.
Federal prosecutors said three men from the Seattle area, Joshua Witt, Brad Lowe, and John Griffin, would break into and hack into computers, or do something called "war driving." War drivers used high-tech antennas mounted to bikes or cars to find wi-fi signals that they could crack.
“They simply drive around slowly and wait until they can pick up an electronic wave or an electronic signal,” said Jim Pugel, Assistant Chief of Seattle Police. He said then they would begin draining payroll, accessing checking accounts and
“They got into multiple bank accounts,” said Mark Houtchens, another cyber victim. “Then they moved tens of thousands of dollars.”
Another company said the hackers attempted to put two false employees on the payroll and then pay them through a bank in North Dakota.
U.S Attorney Jenny Durkan said the cyber burglars used the money they stole to buy several goods, ranging from Rolex watches to engines for their cars.
Durkan warns businesses and everyone using computers in their daily life to be vigilant. She recommended checking your accounts on a regular basis and making sure your wi-fi is secure.
“Everything that makes it easy for us to do our business online makes it easy for the criminals to defraud you online, so you have to take precautions.”
Here are some helpful hints to protect your
computer system from a cyber attack:
The new centre, to be headed by the Singapore Infocomm Technology Security Authority (SITSA)—an authority responsible for operational IT security development and implementation on a national level—is expected to enhance Singapore’s capabilities in early detection and prevention of cyber attacks.
Teo said a central dilemma of cyber security is to balance the internet’s benefits with the risk of abuse, exploitation and criminality.
“A safe and functioning cyberspace is critical to our society, economy and national security. The frequency and sophistication of cyber attacks will continue to grow, and so must our capabilities and response plan,” stated Teo.
The centre will be completed in phases within two to three years. The first phase, focused on cyber monitoring of critical information infrastructure in security and emergency services, has already been completed.
A state law enacted in 2007 requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. That could include leaks of individual names along with other sensitive information, such as Social Security numbers or bank account, credit card, and debit card numbers. The law was passed in 2007, after hackers stole 45 million credit card numbers from Framingham-based retailer TJX Cos.
Coakley said that her office is just beginning to analyze the reports to find out whether the law is helping to reduce data breaches. But she predicted the problem will get worse as more Americans store vital personal data on various computer networks. “There is going to be more room for employee error, for intentional hacking,’’ Coakley said. “This is going to be an increasing target.’’
The attorney general’s office has received 1,166 data breach notices since January 2010, including 480 between January and August of 2011. About 2.1 million residents were affected by the various incidents, though it’s unknown whether any of them were actually defrauded as a result of the data leaks. Of the reported incidents, 25 percent involved deliberate hacking of computer systems containing sensitive data. Another 23 percent involved accidental sharing of information with unauthorized people, such as sending faxes or e-mails with personal information to the wrong recipient. In 15 percent of cases, retailers reported the theft of customer credit card numbers. Data was also lost through thefts or accidental losses of laptop computers and paper documents, or in cases in which workers deliberately gained unauthorized access to client files.
The biggest single data breach in the report occurred last July, when South Shore Hospital in South Weymouth said it lost 14 years’ worth of records on 800,000 patients, employees, volunteers, and vendors. The hospital blamed an outside data management company for losing a batch of records they had been ordered to destroy.
Other major breaches included an incident in May, when the state’s Executive Office of Labor and Workforce Development found a virus in its computer system that transmitted data to unidentified hackers. The agency said that files on 210,000 state residents were compromised. A similar virus attack in June affected the records of more than 2,000 patients at Beth Israel Deaconess Medical Center.
Among major data breaches this year was a case in April, when the e-mail marketing firm Epsilon Data Management LLC reported that data thieves had stolen the e-mail addresses of as many as 60 million people. In the same month, Japan’s Sony Corp. revealed that three of its online gaming networks had been raided by hackers, who had compromised the credit card numbers of 101 million people worldwide.
The incidents in Massachusetts have involved far fewer victims. In 82 percent of reported breaches in the state, fewer than 100 people were affected; in 30 percent of the cases, just one person’s information was at risk.
Beth Givens, director of the Privacy Rights Clearinghouse in San Diego, said that consumers would be even better served by being able to sue companies that lose their data. “Unfortunately, there have been very few successful lawsuits,’’ said Givens, because it’s hard to prove that someone whose information was lost or stolen has actually been harmed by the loss.
Givens said that laws like the one in Massachusetts are the next best thing. They force companies to publicly acknowledge the problem and take action to upgrade their security policies.
Friday, 16th September 2011, 16:42:53
A new report from Chatham House has highlighted the requirement for a coherent and effective strategy to protect critical national infrastructure (CNI) against the ongoing threat of cyber attacks from external sources. The Cyber Security and the UK's Critical National Infrastructure document suggests that the increase in illegal activity carried out over the internet could pose as a substantial concern to the government, but can not be met by politicians alone. "There is a need to raise awareness about the constantly evolving character of cyberspace," report author Paul Cornish remarked. For this reason, the report suggested that the government is unable to provide all the answers and guarantee a s
ociety without the threat of cybercrime and called upon CNI businesses to take on greater responsibilities to protect themselves against the continuing threat. In addition, the document suggested that it is vital for company employees to increase their awareness of online security while improving their operations to prevent the increasingly common attacks from occurring. "Given society's reliance upon digital processing and communications, governments are right to take cyber security seriously," Mr Cornish added. The report, which was released earlier this week, also urges businesses of all sizes to assess their dependencies and vulnerabilities concerning the threat of cybercrime, while ensuring that awareness of the issue is coordinated with standard management techniques. However, analysts from Chatham House highlighted that there appears to be little coherence to what activities constitute a cyber vulnerability, as we
ll as limited consensus on the nature or severity of the problem. The organisation suggests that more should be done to make sure essential services such as electricity, communications, water, gas, transport and banking - which are dependent on ICT - safer against the threat of illegal activity. Meanwhile, high numbers of businesses have revealed that they feel unprepared to effectively contend with and prevent the threat of IT crime due to a lack of appropriately trained staff, a study from Kaspersky Lab highlighted. Pos
ted by Phil Williams
Lead Auditor ISO 27001
ISO 27001 Lead Auditor
Auditors, IT staff
Internal Auditor ISO 27001
Internal auditors and It staff
Information Security awareness course for ISO 27001 compliance
For compliance with clause 4, 5 and 10A of ISO 27001
Training for CISSP
CISSP certification preparation for experiencedInfosecprofessionals