Toronto-based security researchers have helped uncover a China-based cyber espionage network — Ghostnet 2.0 — that has stolen sensitive documents from the Indian government and visa information from Canadians.
Cyber spies used phishing e-mail attacks and a bot network — abetted by social media — to steal top secret Indian government documents and visa information from Canadian citizens.
The University of Toronto’s Citizen Lab worked with Ottawa-based security research computer SecDev Group and other American researchers to uncover an even more widespread cyber espionage operation. The total number of stolen documents is greater than 700.
The researchers released their findings yesterday. Read the full story at itbusiness.ca .
Dynamic, interactive Web 2.0 technologies have transformed the Web into a core business application platform. Traditional customer relationship and payroll applications are now delivered interactively over the Web, while applications like social networking are used on a daily basis for recruitment, lead generation, and other business processes.
Along with Web 2.0, however, comes new risk as dynamic and user-generated content renders traditional security technologies, such as antivirus and URL filtering, ineffective. These technologies also do not provide control over sensitive outbound data posted to Web 2.0 sites.
Websense® Web Security Gateway leads the secure Web gateway market by providing the best protection against modern Web 2.0 threats with the lowest total cost of ownership. Web Security Gateway secures the use of Web 2.0, with its real-time dynamic threat protection, and Web content categorization that classifies content within Web pages “on the fly,” helping to maintain productivity and compliance with acceptable use policy.
Based on ability to execute and completeness of vision, Gartner positions Websense in the Leaders Quadrant of its Magic Quadrant for Secure Web Gateway.
Access a complimentary copy of the Gartner Magic Quadrant for Secure Web Gateway and learn more.
Websense just launched the indurstry’s first real-time security app for Facebook !
It provides Facebook page owners real-time content and security analysis of comments, wall posts, third party applications, links and other content posted to their Facebook page. According to Dan Hubbard, CTO, Websense…
“Other Web security technologies that try to address uncategorized Web 2.0 content using only virus signatures, URL reputation or categorization are fundamentally flawed and limited,”
Whereas other security offerings are designed to clean a user’s computer after it has been infected, Websense worked with Facebook to create the first and only security application that helps protect Facebook users from encountering malicious links, inappropriate content, viruses or spam, and is the first application to do so for both corporate and individual Facebook page owners.
The Websense security application for Facebook is immediately available in limited beta. To download it for free, or to learn more about the Defensio 2.0 platform for Web 2.0 sites, visit Defensio. To view a video introduction to Defensio 2.0 and its new features, see the video on youtube.
When Parliament was prorogued last month by Canada’s Conservative party government, the so-called anti-malware bill, and three other tech-related bills died.
Getting them back on the legislative agenda will depend on the prime minister’s priorities
The bills are C-27, the Electronic Commerce Protection Act, which covers spam and malware; C-47, which gives police increased power for criminal investigations; and two pieces of legislation, C-46 and C-58, are for fighting child pornography.
Of particular interest to those gearing up their email campaign marketing plans for the new year, is Bill C-27 which forbids anyone in Canada from sending a commercial message to any electronic address unless the receiver has consented. An exception is if the person sending the message has had a business transaction with the recipient in the previous 18 months. Penalties range from up to $1 million for individual violators to up to $10 million for organizations.
As a business owner, this may be your window to run that email campaign to prospects you had planned. As an over spammed consumer, hopefully Bill C-27 gets resurrected and passed soon !
Read realetd story on Network World Canada.
It used to be coal if you weren’t nice … but Malware ??
Websense Security Labs™ ThreatSeeker™ Network has discovered that the Koobface Web site offers a video posted by ‘SantA’. The usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a file that is, you guessed it, malware.
This malicioius file is currently detected by less than 40% of the available antivirus products according to VirusTotal
On the compromised Facebook page the user is presented with a link to a compromised site in Switzerland. The user is redirected to one of several Koobface Web sites through a malicious Flash movie file hosted on the compromised site. If the user runs the infected file, the worm will automatically login to their Facebook, Myspace, and several other social networking sites and send messages to all their friends.
See screenshot of the malicious wall posts here.
My advice… make sure you have the right technology that prevents you from connecting to this and other infected sites using various ‘lures’… and in this case … Santa !!
Web 2.0 — the emerging social media world populated by entities like Facebook, Twitter and MySpace — represents the greatest danger in a sea of threats for 2010 … Read the rest of the security trends for 2010 on eChannelline.
Ontario’s privacy commissioner Ann Cavoukian says that banning employees from visiting social media sites, such as Facebook and Twitter at work isn’t a good idea.
“I think it’s a mistake,”Cavoukian said. She completely understands why in today’s environment some businesses may favour an outright ban, but says such prohibitions are almost always counterproductive.
What the commissioner has neglected to mention, is the fact that although a ‘blanket ban’ is not the solution, neither is unsecured open policy.
To leverage the advantages that twitter, facebook and other social networking/user generated content sites bring to your business, you have to allow access and mitigate the security risks associated with them.
I am a whole hearted advocate of saying ’yes’ to these Web 2.0 sites - as long as you have both a usage policy to educate your ‘users’ AND a security solution in place that can categorize pages on these sites in real time - thus giving you the ability to maximize the advantages, without compromising your security posture.
Read the story as reported on itbusiness.ca
On Wednesday the Canadian Radio-television and Telecommunications Commission said it realizes Internet providers may need “measures to manage the traffic on their networks at certain times.” But they must ask the CRTC before they block delivery of content to an end user or slow down time-sensitive traffic, such as video conferencing or voice over IP, “to the extent that content is degraded.”
“Canada is the first country to develop and implement a comprehensive approach to Internet traffic management practices,” said Konrad von Finckenstein, Q.C., Chairman of the CRTC.
Read the full press release here.
The Burton Group analysis surveyed vendors on their market and product strategy and included interviews with the customers to gauge customer satisfaction.
A live demonstration of each vendor product was also conducted using a scenario designed by the analysts. Once completed, the vendors were ranked based on vendor viability, customer satisfaction, market leadership, sales, service, support and product evaluation.
“DLP has been used to track data in motion, but now another part of the software is its ability to look at repositories and file shares and even fingerprint data to control data changes by either blocking it or putting an alarm on it,” said Eric Maiwald, vice president and research director for Burton Group Security and Risk Management Strategies.
“Some of [the] tools have [the] ability to identify who owns a particular set of information and send a message to that data owner if a policy has been violated.”
Read the full story here. Download an executive guide to DLP here.
Sponsored by Dimension Data and conducted by researchers by IDC, the survey of more than 400 IT security decision makers found that more than half of companies worldwide report that they are planning to invest in DLP technology.
Even in today’s economic climate, spending on security continues, based on this report. Approximately 19 percent of those surveyed reported that they actually increased security spend this year, while an additional 40 said their security budget remained the same.
This spend in security dollars will bode well for the security Channel partners that prepare and position themselves, as the trusted advisors with the right technologies, expertise and service capabilities for these organizations.
