SecurityWeek

Tripwire, a provider of IT Security and compliance solutions that was recently acquired by private equity firm Thoma Bravo, has released a library of pre-selected “Cybercrime controls” for the company’s Tripwire Enterprise solution that combines key configuration hardening standards with a collection of breach detection rules into an easy-to-install package for Windows servers.

WatchGuard Technologies today announced that it has added SCADA Signatures to its next-generation firewalls and UTMs with Application Control. The SCADA (supervisory control and data acquisition) signatures enable WatchGuard XTM and legacy e-Series security appliances to provide threat protection for industrial control systems that monitor and control industrial, infrastructure or facility-based networks.

NeXpose 2011 Summer Release Brings Increased Deployment Flexibility, Enhanced Integration, Scalability and Improved Administrative CapabilitiesRapid7, a Boston-based provider of vulnerability management and penetration testing solutions, today launched NeXpose® 2011 Summer Release, the latest update of the company’s vulnerability management solution, adding support for private cloud deployments based on its multi-tenant architecture, along with other enhancements.

Operators Sold Networking Gear Supported by Counterfeit Cisco Labels, Boxes, Manuals and Serial Numbers Obtained from Cisco Support SiteAfter selling $1 million worth of counterfeit Cisco equipment through a business operated with a co-defendant, Christopher Myers, 42, of Leawood, Kansas, has been sentenced to 33 months in federal prison.

Following news on Monday that hacker collective Anonymous had breached systems at defense technology contractor giant Booz Allen Hamilton, the company late Tuesday issued a statement, saying its systems were breached as a result of a recent cyber attack.

In its largest coordinated product release ever, VMware today unveiled VMware vSphere® 5 along with a comprehensive suite of cloud infrastructure technologies.

New Solution Delivers All-Inclusive Software Providing 'Secure Everywhere Access' to Help Meet Regulatory and Compliance Requirements Network security vendor Fortinet, today launched FortiClient, an endpoint software agent that brings secure remote access connectivity to remote devices.

McAfee Appoints Michael DeCesare and Todd Gebhart as Co-Presidents McAfee today said President David DeWalt has announced his resignation, and said it would create an office of the president, to be headed by Michael DeCesare and Todd Gebhart who will serve as co-presidents. DeWalt, who served as President for more than four years, will continue as a non-employee member of the McAfee Board of Directors.

CloudFlare, a startup that recently gained significant visibility as a result of helping hacker group LulzSec keep its site up and running during large traffic spikes and rival hacker attacks, has raised $20 million in a Series B funding round.

UpdatedAccording to Anonymous, in what the hacker group is calling, “Military Meltdown Monday,” they have acquired and released to the public, a list of approximately 90,000 military emails and Base64 password hashes, after hacking into systems from Booz Allen Hamilton, the large government contractor that works closely with many defense, intelligence, and civil sectors on cyber security. (Anonymous originally stated the passwords were MD5, non-salted hashes)

PCI-DSS has made it possible for organizations to virtualize their infrastructure. But moving the PCI-DSS related products and processes to the public cloud is not yet an easy task...

Just like any business, cybercriminals need to be ready to respond to incidents and events that can be beneficial to their businesses. For cybercriminals utilizing malware as a tool of choice for their dark-sided business, ongoing delivery and spreading of their malicious software is critical to a successful and profitable operation. Malware Delivery Networks are a key component of cybercriminal success, and key component in the the malware supply chain.

It’s always the insider. Well, maybe not always, but it sometimes seems that’s what we are hearing. I was reading articles on some recent cases and any of them seem to have a common theme: “XXX Case Exposes Insider Risks” and “Employee Error Leads to XXX Hack” are just a couple recent headlines. The press also published info about a recent breach which was caused when an employee clicked on an attachment that they pulled from the junk email folder.

The Washington Post has notified users of its job board that a recent a cyber attack has resulted in a data breach that compromised up to 1.27 million job seeker accounts.The Washington Post said that the attack occurred in two brief episodes, once on June 27 and once on June 28, resulting in the attacker(s) getting hold of roughly 1.27 million user IDs and e-mail addresses. Passwords or other personal information were not compromised, the publisher said.

It’s July. An odd time to be talking about Super Bowl security, right? Actually, it’s never too early to focus on information security and risk management, and Super Bowl security is certainly no exception. Super Bowl officials take two full years to plan and implement their strategy. IT security pros everywhere would be well advised to learn from them and take action long before crunch time.