IT security | Breaking Cybersecurity News | The Hacker News

Hackers are planning to increase data security attacks via applications on social networking websites this Christmas, according to an expert. Earlier this month, IT security firm Sophos traced the history of malware and viruses created over the Christmas period from 1987 until 2009. The blog post revealed that, although some were relatively harmless festive pranks, more cyberattacks over the holidays could have serious repercussions for computer users. Rik Ferguson, senior security analyst at Trend Micro, stated that hackers conduct such attacks annually. "Criminals absolutely do, every year without fail, conduct campaigns designed to take advantage of people's willingness to search for and click on links relating to Christmas activity, whether that's through phishing campaigns or sending social engineering emails masquerading as Christmas cards," he said. Mr. Ferguson added that apps on social networking sites had "come of age as an attack platform" and

Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies. Traditional perimeter defenses like firewalls and intrusion prevention systems (IPS) are no longer sufficient. Companies must address security for smartphones, MiFi devices, and other consumer mobile devices. Rise of Social Media The growth of social media platforms like Facebook has created new attack surfaces for cyber threats. This development demands heightened awareness and security measures. Utilities as Targets The Stuxnet virus has alerted utilities, particularly those under NERC-CIP compliance, to the need for improved security as SCADA systems transition to IP. This shift demands a significant upgrade in security measures. Information Leakage and Reputation Damage The Wiki

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not specify whether this refers to the source code or binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as saying, "You could shut down power stations, you could shut down the transport network across the United Kingdom." There is hard evidence that Stuxnet is in the hands of highly motivated, well-trained, and well-financed criminals. Sky News' source declined to provide more precise information. Audun Lødemel, VP of Marketing and Business Development at German IT service provider Norman, believes that "It was just a matter of time before the Stuxnet code was made available for anyone, with even the most basic knowledge of coding, to alter and potentially wreak havoc on the UK infrastructure. This is serious stuff,

The crystal ball gazing has started early this year. Typically, tech prediction pieces emerge after Christmas, but the first 'security trends for 2011' missive has already dropped into my inbox. So, what does the somewhat premature Imperva Application Defense Center think will worry us the most on the IT security front next year? I predict the list will include more Stuxnet-like attacks, insights on the cloud's benefits or drawbacks, and concerns about mobile device security. Let's see if my crystal ball accurately predicts the predictions. Imperva ADC says the top 10 IT security trends for 2011 will be, with my comments in parentheses: Nation-Sponsored Hacking : (Yay, strike one - Stuxnet worm clones prediction right at the top.) These attacks will build on concepts and techniques from the commercial hacker industry to create more powerful Advanced Persistent Threats. (I predict someone will get a Buzzword Bingo full house with that one.) Insider Threat Awarenes

Hacktivists are militant hackers attacking sites in Egypt, Morocco, Spain, and Israel. Their screen messages resemble banners used in protests, supporting various political, social, or religious ideologies. Active in Morocco, they often hack sensitive security systems. Behind their computer screens, these hackers meticulously encode and decode IT security systems, seeking the slightest vulnerability to launch attacks. Known as hackers in Morocco, they relentlessly penetrate local and foreign sites. Egypt, Kuwait, and Israel have all fallen victim to their actions. Rise of Hacktivism These hackers are not casual credit card thieves but belong to a new category of activists known as "hacktivists." The Internet fuels this underground movement, but their ideological beliefs keep it alive. "It is the oldest form of hacking. Many developing countries resort to this mode of protest," says Ali El Azzouzi, a Moroccan IT security expert. Recently, Morocco, like many other