SecurityWeek

Student Hackers Develop New Design Techniques to Protect Against Vulnerabilities in Vital Components in the Electronics Supply Chain

A new report coming from the Anti-Phishing Working Group (APWG) reveals that phishing attacks against Chinese banking and e-commerce Web sites soared by 44 percent in the first half of 2011. According to the report, 70 percent of all maliciously registered domain names in the world were established by Chinese cybercriminals for use against Chinese brands and enterprises.

Apple security guru Charlie Miller said he has uncovered a bug in Apple iOS that allows an attacker to circumvent Apple’s code signing approach.According to Miller, who is principal research consultant with Accuvant Labs and a veteran of the Apple bug-finding world, the vulnerability could spell trouble for iOS users if exploited.

Millions of people in Brazil have potentially been exposed to malware as a result of a nationwide DNS attack. Additionally, several organizations in Brazil are reporting that network devices are also under attack. After being compromised remotely, scores of routers and modems had their DNS settings altered to redirect traffic. Police have arrested a 27-year-old ISP employee who is suspected to have taken part in the attacks.

Network security company Palo Alto Networks today announced a slew of product and technology enhancements to its line of Next Generation Firewalls, including a new service designed to help enterprises defend against the threats of today’s evasive malware.

A Netherlands company has stopped issuing SSL certificates due to concerns about the possible breach of a Website used to buy certificates.

McAfee today announced a round of enhancements to its Cloud Security Platform, the company’s offering to help organizations take advantage of cloud computing in a secure fashion.The McAfee Cloud Security Platform is a content-aware solution that secures the primary channels of traffic including email, web and authentication – moving between an organization and the Cloud.

A Strong Risk Management Strategy can Provide Efficiencies and Cost Savings in Security Operations.

A compromised server at the Massachusetts Institute of Technology (MIT) has been identified as being used as a vulnerability scanner and attack tool, probing the Web for unprotected domains and injecting code. According to researchers at Bitdefender who discovered the attack, the ongoing attacks appear to be related to the Blackhole Exploit Pack, a popular crime kit used by criminals online.

A new scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system.

Yammer, the high flying software company that lets companies create their own private Twitter-like networks, this week announced that it has hired Josha Bronson as director of securityBased in the company's headquarters in San Francisco, Bronson will be responsible for the overall security testing, compliance and governance issues.

I recently found two great security articles from 2000 from a well-respected Microsoft security guru, Scott Culp. Culp provided two sets of Immutable Laws of Security - one on the consumer side, and the other on the admin side.

Microsoft has released a workaround to address the zero-day bug exploited in the Duqu attacks while it continues to work on a fix.

Microsoft is slated to release four security bulletins as part of November’s Patch Tuesday, but the company is staying silent on when it will patch a Windows zero-day at the center of the Duqu attacks.

IBM has announced enhancements to its security services portfolio, including improved analytics and new services to provide deeper, real-time analysis of security threats.