Intrusion Detection - Infoworld en Michaels security breach affected nearly 3 million payment cards <p>About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.</p> <p>Michaels said it had found evidence confirming that its systems and those of Aaron were attacked using sophisticated malware that had not been encountered previously by either of the security firms it had retained to investigate a suspected breach. It did not provide details of the malware.</p> Security Data Security Intrusion Detection Malware Fri, 18 Apr 2014 11:56:15 +0000 admin 240802 at Researchers disclose vulnerabilities in Oracle Java Cloud Service <p>Security researchers released <a href="" target="_blank">technical details and proof-of-concept code for 30 security issues</a> affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.</p> Cloud Computing Security Oracle Cloud Security PaaS SaaS Intrusion Detection Vulnerability Assessment Wed, 02 Apr 2014 17:24:49 +0000 admin 239663 at Cyber security expert: Internet of things is 'scary as hell' <p>The terms "Internet of things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, <a href="" target="_blank">Prescient Solutions</a>.</p> Networking Security Internet of things Cyber Crime Data Security Intrusion Detection Wed, 26 Mar 2014 12:07:02 +0000 admin 239104 at Security vendor Trustwave named in Target data breach suit <p>Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to <a href="">Target's data breach</a>, one of the largest on record.</p> <p>Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.</p> Security Cyber Crime Data Security Intrusion Detection Malware Wed, 26 Mar 2014 11:45:46 +0000 admin 239119 at NSA's plans reportedly involve infecting millions of computers with surveillance malware <p>The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.</p> Security The Industry Standard E-government Intrusion Detection Malware Security Tools Wed, 12 Mar 2014 21:14:58 +0000 admin 238275 at Gameover malware tougher to kill with new rootkit component <p>A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.</p> <p>Gameover is a computer Trojan based on the infamous Zeus banking malware whose source code was leaked on the Internet in 2011. Gameover stands apart from other Zeus-based Trojan programs because it uses peer-to-peer technology for command and control instead of traditional servers, making it more resilient to takedown attempts.</p> Security Microsoft Windows Cyber Crime Data Security Encryption Intrusion Detection Malware Vulnerability Assessment Fri, 28 Feb 2014 20:12:16 +0000 admin 237430 at Researchers bypass protections in Microsoft's EMET anti-exploitation tool <p>Security researchers managed to bypass the protections offered by Microsoft's EMET (Enhanced Mitigation Experience Toolkit), a utility designed to detect and block software exploits, and concluded that the tool would not be effective against determined attackers.</p> Security Endpoint Protection Intrusion Detection Patch Management Vulnerability Assessment Tue, 25 Feb 2014 18:42:35 +0000 admin 237118 at AT&T and IBM cement security partnership <p>AT&amp;T and IBM, at the RSA Conference, announced they've sealed a partnership to provide security services for a wide range of enterprises in a way that blends technology and professional services both vendors have.</p> Security AT&T IBM Verizon Firewall Intrusion Detection Tue, 25 Feb 2014 12:26:10 +0000 admin 237063 at Sneak peek: The big security questions surrounding RSA Conference <p>In anticipation of next week's RSA show, IDG News Service's Keith Shaw chatted with Kevin Conklin of Prelert and Elad Yoran of Vaultive about the security trends they expect for 2014. The discussion was captured in the video below.</p> Cloud Computing Cloud Security Encryption Intrusion Detection Security Thu, 20 Feb 2014 20:23:00 +0000 InfoTube 236762 at Exploit released for vulnerability targeted by Linksys router worm <p>Technical details about a vulnerability in Linksys routers that's being exploited by a new worm were released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.</p> <p>Last week, security researchers from the SANS Institute's Internet Storm Center identified a self-replicating malware program that exploits an authentication bypass vulnerability to infect Linksys routers. <a href="">The worm has been named TheMoon</a>.</p> Networking Security Cyber Crime Network Router Intrusion Detection Malware Security Tools Vulnerability Assessment Tue, 18 Feb 2014 12:21:31 +0000 admin 236475 at Sorry about that virus -- I didn't want to bother you <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="" alt="Sorry about that virus -- I didn't want to bother you" width="243" height="182" align="right" /></div><p>Communication is, indeed, a two-way street. We in IT will try to be clear and explain things users need to know.</p> your IT tales IT Jobs IT Management IT Training Anti-virus Intrusion Detection Wed, 12 Feb 2014 11:00:00 +0000 Anonymous 236155 at Attackers use NTP reflection in huge DDoS attack <p>Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.</p> <p>The attack <a href="" target="_blank">was revealed Monday on Twitter</a> by Matthew Prince, CloudFlare's CEO, who said that it's "the start of ugly things to come" because "someone's got a big, new cannon."</p> Security The Industry Standard Anti-virus Cyber Crime Network Tools Intrusion Detection Tue, 11 Feb 2014 19:46:46 +0000 admin 236143 at Cyberespionage operation 'The Mask' compromised organizations in 30-plus countries <p>A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries.</p> <p>Details about the operation were revealed Monday in <a href="" target="_blank">a paper</a> by security researchers from antivirus firm Kaspersky Lab who believe the attack campaign could be state sponsored.</p> Security Anti-spyware Hacking Intrusion Detection Malware Government Tue, 11 Feb 2014 13:33:32 +0000 admin 236097 at Where PCI compliance fails: Security testing, network monitoring <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="" alt="Where PCI compliance fails: Security testing, network monitoring" width="243" height="182" align="right" /><br /><em><p align="right">Credit: shuchun ke</p></em></div> Networking Security Compliance Network Monitoring Intrusion Detection Network Security Security Standards Vulnerability Assessment Fri, 07 Feb 2014 19:57:46 +0000 InfoWorld Tech Watch 235948 at Tor-enabled malware stole credit card data from PoS systems at dozens of retailers <p>Payment card data was stolen during the past three months from several dozen retailers that had their point-of-sale systems infected with a memory-scraping malware program called ChewBacca.</p> <p>The cyber criminal operation was investigated by antifraud researchers from RSA, the security division of EMC, who analyzed the malware and its command-and-control infrastructure.</p> Security Cyber Crime Data Security Intrusion Detection Malware Fri, 31 Jan 2014 12:17:25 +0000 admin 235404 at Information related to Target breach vanishes from Web <p>At least three security companies have scrubbed information related to Target from the Web, highlighting the ongoing sensitivity around one of the largest-ever data breaches.</p> <p>How hackers broke into Target and installed malware on point-of-sale terminals that harvested up to 40 million payment card details is extremely sensitive. Now, details that give insight into the attack are being hastily removed or redacted, perhaps not to tip off hackers or jeopardize the investigation.</p> Security Cyber Crime Data Security Intrusion Detection Malware Wed, 22 Jan 2014 12:12:46 +0000 admin 234730 at Syrian Electronic Army hacks Microsoft's Office Blogs site <p>After hijacking several of Microsoft's Twitter accounts and compromising its official blog over the past two weeks, the Syrian Electronic Army hacked into the Microsoft Office Blogs site Monday.</p> <p>The SEA (Syrian Electronic Army) <a href="" target="_blank">posted a screenshot on Twitter</a> of the Microsoft Office Blogs site with a rogue article titled "Hacked by the Syrian Electronic Army." The article has since been removed from the site, but is still visible in Google's cache.</p> Security Authentication Hacking Intrusion Detection Tue, 21 Jan 2014 19:03:27 +0000 admin 234679 at Two coders closely tied to Target-related malware, security firm says <p>A Los Angeles security company has named a second individual living in Eastern Europe whom they suspect coded malicious software that was modified and used against Target.</p> <p>The information comes from an analysis of "cyber prints," or a collection of data and postings on underground password-protected forums where stolen card data and malware are sold, said Dan Clements, IntelCrawler's president, in a phone interview Monday.</p> Security Cyber Crime Data Security Intrusion Detection Malware Tue, 21 Jan 2014 12:58:41 +0000 admin 234596 at Hallelujah, the NSA has been reformed! <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="" alt="Hallelujah, the NSA has been reformed!" width="243" height="182" align="right" /><br /><em><p align="right">Credit: Reuters/Jason Reed</p> Data Center Open Source Software Security Data Security Internet Privacy Intrusion Detection Data Center Government Security Mon, 20 Jan 2014 11:00:00 +0000 Paul Venezia 234549 at Target credit card data was sent to server in Russia <p>The stolen credit card numbers of millions of Target shoppers took an international trip -- to Russia.</p> <p>A peek inside the malicious software that infected Target's PoS (point-of-sale) terminals is revealing more detail about the methods of the attackers as security researchers investigate one of the most devastating data breaches in history.</p> Security Cyber Crime Data Security Hacking Intrusion Detection Malware Fri, 17 Jan 2014 12:26:36 +0000 admin 234464 at