CISOs at financial firms worry about insider threats; Cisco warns of WLAN controller vulnerabilities

More security problems in the Treasury Department; Trojan pushing parking tickets Security Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Qualys Automating Security Compliance. Simplify and automate the convergence of security and compliance with software as a service (SaaS). Find out how in this whitepaper, "Four Key Steps to Automating IT Security Compliance." The benefits include: Mitigating risk and eliminating threats, monitoring and measuring network compliance and customized security and compliance reports. Download this whitepaper now. Spotlight Story CISOs at financial firms worry about insider threats: survey By Ellen Messmer A survey of 250 chief information security officers (CISOs) involved in the financial-services world shows that while they have increasing responsibility for IT strategy and planning, they harbor growing concerns about internal security and management support amid the sharp economic downturn. Read full story Related News: Cisco warns of four WLAN controller vulnerabilities Cisco WLAN security alert warns of four vulnerabilities affecting all of Cisco’s wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher. GAO finds more security problems in the Treasury Department Data used to fight money-laundering and funding for terrorists is at risk because of significant security weaknesses within the networks used by a crime-fighting arm of the U.S. Treasury Department, according to a government study. A New Internet Attack: Parking Tickets Trojan-pushing parking tickets? Yes, really. The Internet Storm Center, which tracks Internet attacks and threats, documented a case in Grand Forks, North Dakota where someone put yellow fliers on cars that claimed to ticket a parking violation. The fliers named a Web site that purportedly had pictures of your supposed violation. Social Engineering: Anatomy of a Hack As the founder of Lares, a Colorado-based security consultancy, social-engineering expert Chris Nickerson is often asked by clients to conduct penetration testing of their on-sight security. Nickerson leads a team which conducts security risk assessments in a method he refers to as Red Team Testing. Watch Nickerson and his team pull off a $24,000 heist in a video. SMB Security: 5 Bright Ideas Adam Hansen is that rare bird in the small to midsize business (SMB) realm: He is a CSO. Hansen heads up security for Sonnenschein, Nath and Rosenthal, an 800-attorney law firm in Chicago. Removing admin rights stymies 92% of Microsoft's bugs Nine of out 10 critical bugs reported by Microsoft last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed Tuesday. Sunbelt pioneers new antivirus technology U.S. company Sunbelt Software is set to become one of the first antivirus vendors to embrace a promising but as yet little-used new technique for malware detection known as 'file emulation'. FBI warns of money mule scams The job looks pretty good at first blush: "Become our partner and earn $2,000 or more!" New Firefox release fixes critical security bugs Mozilla developers released the latest version of their Firefox browser Tuesday, version 3.0.6, which fixes several security bugs in the software. February giveaways from Cisco Subnet and Microsoft Subnet Up for grabs: One American Express gift card worth $250 from Global Knowledge; One Microsoft training course worth $2,995 from Global Knowledge; 15 copies each of the hot book titles Voice over IP Security, and CCNA Wireless Official Exam Certification Guide and 15 copies of Exchange Server 2007 How-To: Real Solutions for Exchange Server 2007 SP1 Administrators. Get all the entry details here. Betting on SuperNAP In Las Vegas, data center takes power and cooling to the limit. Hot spot safety tips How to protect laptop data at your local Wi-Fi hot spot. Sponsored by Qualys Automating Security Compliance. Simplify and automate the convergence of security and compliance with software as a service (SaaS). Find out how in this whitepaper, "Four Key Steps to Automating IT Security Compliance." The benefits include: Mitigating risk and eliminating threats, monitoring and measuring network compliance and customized security and compliance reports. Download this whitepaper now. Preparing for the Next Cyber Attack. Ensure you are up-to-speed on the latest security technologies available to keep your network safe. Get a thorough assessment of the corporate security threat landscape. Protect your network with data leakage protection, NAC and other technologies. Download this Executive Guide now. Successfully Manage a Secure Database. Database professionals are invited to join this Oracle Live Webcast on Thursday, February 5 at 2:00 p.m. ET/11:00 a.m. PT. Gain a better understanding of database security and how to more strategically work with security administrators. Don't miss out. Register for this live webcast now.   02/05/09 Today's most-read stories: VMware goes open source with desktop virtualization release Need a supercomputer? This guy builds 'em himself Optical chip could lead to terabit Ethernet IBM to build new monster supercomputer Free BlackBerry Storm downloads Wi-Fi hot spot horrors Google executives facing jail in Italy over a video Juniper switch enables mega-router creation Is West Wing BlackBerry security possible? Cellular guys hurl femtocell salvo Compare Security Information Management Products Get side-by-side product comparisons, buying tips, market trend information, case studies and more with Network World's newly enhanced Security Information Management Product Guide. Visit now Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com