Monday, January 14, 2008

Security Report: New malware toolkit thwarts AV

========================================================================
SECURITY REPORT

http://www.infoworld.com/
Monday, Jan 14, 2008
========================================================================


***************** Sponsor *******************************

THIS ISSUE IS SPONSORED BY IBM BUSINESS RESILIENCE SOLUTIONS.

How resilient is your company? There's more to resilience than just
disaster recovery. Here's a tool that can help you identify gaps
in your business continuity plan. Take the Business Continuity
Self-Assessment and receive a personalized view of potential gaps
within your business, including data and event threat areas.

http://ad.doubleclick.net/clk;176928112;11645720;c?http://ad.doubleclick.net/clk;164675089;22893317;u?http://www-935.ibm.com/services/us/bcrs/self-assessment/index.html

***********************************************************


Table Of Contents:


* New malware toolkit thwarts AV
* Hacked MySpace page serves up fake Windows update
* Risk model moves into identity
* Congressional report rips U.S. TSA Web site security
* Storm worm gets holiday boost
* Security design: Why UAC will not work
* Oracle to ship critical security patches next week
* Yahoo tests support for OpenID


Other Resources:

IT STRATEGY GUIDE:
Risk Management.
http://www.accelacomm.com/jlp/topnewsletter/13/7081/


-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

NEW MALWARE TOOLKIT THWARTS AV

Web gateway filtering specialist Finjan is reporting a new toolkit that
uses randomized JavaScript to stay hidden from virus crawlers and
deliver its payload via compromised Web sites.

More of this article at:
http://www.infoworld.com/article/08/01/14/New-malware-toolkit-thwarts-AV_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

HACKED MYSPACE PAGE SERVES UP FAKE WINDOWS UPDATE

There's now one more reason to be security-conscious while using
MySpace.com: fake Microsoft updates.

More of this article at:
http://www.infoworld.com/article/08/01/11/Hacked-MySpace-page-serves-up-fake-Windows-update_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

RISK MODEL MOVES INTO IDENTITY

Across the security industry, experts are encouraging businesses to
abandon piecemeal IT systems and data-defense efforts in favor of
overarching risk management strategies.

More of this article at:
http://www.infoworld.com/article/08/01/11/Risk-model-moves-into-identity_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================


***************** Sponsor *******************************

THIS ISSUE IS SPONSORED BY IBM BUSINESS RESILIENCE SOLUTIONS.

How resilient is your company? There's more to resilience than just
disaster recovery. Here's a tool that can help you identify gaps
in your business continuity plan. Take the Business Continuity
Self-Assessment and receive a personalized view of potential gaps
within your business, including data and event threat areas.

http://ad.doubleclick.net/clk;176928112;11645720;c?http://ad.doubleclick.net/clk;164675089;22893317;u?http://www-935.ibm.com/services/us/bcrs/self-assessment/index.html

***********************************************************

CONGRESSIONAL REPORT RIPS U.S. TSA WEB SITE SECURITY

A Web site commissioned by the U.S. Transportation Security
Administration (TSA) to help travelers whose names were erroneously
listed on airline watch lists originally had multiple security problems
that could lead to identity theft, says a congressional report released
Friday.

More of this article at:
http://www.infoworld.com/article/08/01/11/Congressional-report-rips-US-TSA-Web-site-security_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

STORM WORM GETS HOLIDAY BOOST

Some clever, sexy Christmas-themed spam and a long holiday season helped
the criminals behind the notorious Storm Worm more than double their
network of infected PCs over the past few weeks, security experts
say.

More of this article at:
http://www.infoworld.com/article/08/01/11/Storm-worm-gets-holiday-boost_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

SECURITY DESIGN: WHY UAC WILL NOT WORK

It's security's dirty little secret: Not having your users logged in as
root or administrator will not stop malware.

More of this article at:
http://www.infoworld.com/article/08/01/11/02OPsecadvise-user-account-control_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

ORACLE TO SHIP CRITICAL SECURITY PATCHES NEXT WEEK

Oracle plans to fix dozens of flaws in its software products next
Tuesday, including critical bugs in the company's database, e-business
suite, and application server.

More of this article at:
http://www.infoworld.com/article/08/01/10/Oracle-to-ship-critical-security-patches_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================

YAHOO TESTS SUPPORT FOR OPENID

Yahoo appears close to implementing OpenID, a Web authentication
standard that relieves people of the need to remember multiple passwords
to log into different Web sites.

More of this article at:
http://www.infoworld.com/article/08/01/09/Yahoo-tests-support-for-OpenID_1.html?source=NLC-SEC&cgd=2008-01-14

========================================================================


***************** Sponsor *******************************

THIS ISSUE IS SPONSORED BY IBM BUSINESS RESILIENCE SOLUTIONS.

How resilient is your company? There's more to resilience than just
disaster recovery. Here's a tool that can help you identify gaps
in your business continuity plan. Take the Business Continuity
Self-Assessment and receive a personalized view of potential gaps
within your business, including data and event threat areas.

http://ad.doubleclick.net/clk;176928112;11645720;c?http://ad.doubleclick.net/clk;164675089;22893317;u?http://www-935.ibm.com/services/us/bcrs/self-assessment/index.html

***********************************************************

DAILY NEWS, DELIVERED TO YOUR COMPUTER, MP3 PLAYER OR CELL PHONE

The InfoWorld Daily podcast provides readers with up-to-the-minute news
and features that shape the world of enterprise IT. Tom Sullivan reports
on the leading news and events that shape the today's IT community.

http://www.infoworld.com/weblog/podcasts/new_podcasts_index.html

========================================================================
ADVERTISE

To advertise, contact Gregg_Pinsky@infoworld.com.
========================================================================

UNSUBSCRIBE/MANAGE NEWSLETTERS

If you do not wish to continue to receive this newsletter, go to:
http://www.infoworld.com/newsletter/newsletter-unsub.html

Contact Customer Service at: customerservice@infoworld.com

To view InfoWorld's privacy policy, visit:
http://www.infoworld.com/about/abt_prv.html

Copyright (C) 2007 InfoWorld Media Group.
501 Second St., San Francisco, CA 94107

No comments:

Post a Comment