Search This Blog

Monday, June 30, 2014

FBI warns businesses “Man-in-the-E-Mail” scam escalating

Network World Security - Newsletter - networkworld.com
How to protect yourself against privileged user abuse | Why are phishers targeting gamers? 'Cause that's where the money is …

Network World Security

Forward this to a Friend >>>


FBI warns businesses "Man-in-the-E-Mail" scam escalating
The FBI and Internet Crime Complaint Center (IC3) are warning businesses to be on the lookout for growing scam that tricks them into paying invoices from established that look legitimate but in fact are fraudulent.The FBI says the scam is a tweak of the timeworn “man-in-the-middle” scam and usually involves chief technology officers, chief financial officers, or comptrollers, receiving an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account, the FBI said. +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2013+To read this article in full or to leave a comment, please click here Read More


RESOURCE COMPLIMENTS OF: Guidance Software

What's Your Endpoint IQ?
SANS and Guidance Software set out to determine how organizations monitor, assess, protect and investigate their endpoints. 50% work under the assumption of compromise. 70% collect endpoint data that's not useful for threat detection. 26% wants to respond within five minutes. 54% spend more than two hours returning machines to trusted state. Sound familiar or would you have answered differently? Find out your Endpoint IQ – Download the SANS Endpoint Intelligence Survey results now.

WHITE PAPER: HP

Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More

How to protect yourself against privileged user abuse
The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees. Read More

Why are phishers targeting gamers? 'Cause that's where the money is …
There’s a story that when the notorious bank robber “Slick Willie” Sutton was asked why he robbed banks he replied “Because that’s where the money is”(see Sutton’s Law). As a strategy for maximizing the potential “take home” Sutton was, if you’ll forgive the pun, right on the money even if the risk was higher than, say, knocking over a supermarket.So, if you’re a black hat hacker in the 21st Century who do you go after? Not the banks, they have defenses that are (usually) far too much work to penetrate. Nope, you look for a softer target, one that is less sophisticated, more numerous, and has a lower risk. That target would be gamers who rack up staggering numbers of visits to Web sites (the top 15 Web sites currently get around 121.85 million visits per month …and those are long visits).To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: HP

Big Data Security Analytics and Advanced Persistent Threats
This technical white paper demonstrates how to use Big Data security analytics techniques to detect advanced persistent threat (APT) cyber attacks, and it shows how HP ArcSight -- a Security Information and Event Management (SIEM) solution from HP -- applies these techniques to spot and stop attacks. Learn More

Rare SMS worm targets Android devices
A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.Once installed on a device, the malware, which was dubbed Selfmite, sends a text messages to 20 contacts from the device owner’s address book.Most malware programs for Android are Trojan apps with no self-propagation mechanisms that get distributed from non-official app stores. Android SMS worms are rare, but Selfmite is the second such threat discovered in the past two months, suggesting that their number might grow in the future.To read this article in full or to leave a comment, please click here Read More

How Google declared open war against passwords at I/O
Google hasn't been shy in the past about its desire to kill the password, and at Google I/O, the company started throwing punches.The next version of Android will include several ways to unlock a smartphone without having to enter a PIN or lockscreen pattern, a feature dubbed "personal unlocking." If the user is wearing an Android Wear smartwatch, the phone will unlock automatically, and you'll be able to set up trusted locations, such as home or work, where a PIN isn't required, or use a voiceprint to unlock the phone. The capabilities carry over to Chrome OS; Chromebook users will be able to automatically authenticate themselves via a paired Android phone, unlocking the laptop and logging into your Google account without ever having to bother with a single password.To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: Damballa

Q1 2014 State of Infection Report
How many active infections are in your network? Learn why security teams must focus on detecting true infections. Read Now

Groups pressure US lawmakers with NSA surveillance scorecard
U.S. lawmakers got a report card on Friday: they’ve been graded by the Electronic Frontier Foundation and other groups on whether they are effectively reining in the National Security Agency’s surveillance programs.The new StandAgainstSpying.org scorecard, which gives letter grades to U.S. legislators based on their sponsorship or votes on a handful of bills, aims to pressure lawmakers into passing NSA reform measures, said Rainey Reitman, the EFF’s activism director. Greenpeace, Reddit, Free Press, the Sunlight Foundation and other groups are also behind the effort.The scorecard rates U.S. representatives on their support for two of several NSA bills that lawmakers have introduced in the year since news organizations began publishing stories based on leaks from former NSA contractor Edward Snowden. The original USA Freedom Act, before it was amended and weakened, and the Surveillance State Repeal Act represent the two “broadest, strongest” bills on NSA reform, the groups said.To read this article in full or to leave a comment, please click here Read More

Twenty-year-old vulnerability in LZO finally patched
After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as it did because of the practice of recycling code in the development community.Due to this, the vulnerability touches everything from open source libraries, mobile phones (Android on Samsung devices), and other embedded devices.LZO was created in 1994 by Markus Oberhumer. The compression algorithm is optimized for speed, and it regularly outperforms zlib and bzip. The most common use is image data, which makes it perfect for applications that rely on video transmissions or projects that need to send large image files.To read this article in full or to leave a comment, please click here Read More

Airport breach a sign for IT industry to think security, not money
The two U.S. airports that had their computers compromised by an unknown group of hackers is a wake up call that America's best IT talent needs to focus less on money and more on national security, an expert says.[Six ways to prevent a breach like the one at AT&T]The Center of Internet Security (CIS), a government-endorsed nonprofit that helps states with cybersecurity, said in its recently released report that it was notified in the summer of 2013 of advanced persistent attacks (APTs) against four U.S. airports.To read this article in full or to leave a comment, please click here Read More

Android malware targets South Korean online banking customers
Thousands have been infected by malware masquerading as a legitimate banking application, Cheetah Mobile said Read More


SLIDESHOWS

5 potential Facebook killers

Outside of the obvious suspects – LinkedIn, Twitter and Google+ – who has the potential to unseat Facebook? Here are five possibilities.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES

1. 10 Bad Coding Practices That Wreck Software Development Projects

2. 17 obscure Windows tools and tricks too powerful to overlook

3. Microsoft botched all aspects of Exchange outage

4. 10 things to know about the smartphone kill switch

5. Comparing the top Hadoop distributions

6. Hackers found controlling malware and botnets from the cloud

7. Carnegie Mellon system lets you get to the good parts of video, fast

8. 8 Internet things that are not IoT

9. Apple hires lead software engineer from Atlas Wearable

10. SDN: The next steps


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **