The day he was terminated, from midnight until approximately 06:30 a.m. on August 24, the contractor “sabotaged various programs and applications; and accessed, copied, downloaded and/or disseminated trade secrets and proprietary information.” Further, the automaker charges the former contractor with modifying 13 applications on toyotasupplier.com causing it to crash.
Toyota asked the court for a temporary restraining order preventing him from leaving the country and returning to India. The automaker asked the court for a temporary restraining order preventing him from leaving, but it wasn’t needed as he agreed to an order on Monday that he would not travel for 14 days. He remains free on a $2,500 bond until trial.
Founded in 1987, Quest is headquartered in Aliso Viejo, California, has 3,850 employees, and claims more than 100,000 customers around the word. The company had $857 million in global revenue based on its fiscal year 2011 results.
wiredmikey writes: In its latest threat report released on Monday, Symantec revealed that while the number of vulnerabilities fell by 20% in 2011, the number of malicious attacks jumped by 81% and the number of Web-based attacks that the company blocked jumped by 36%. Moreover, the number of unique malware variants surpassed 400 million.
Another interesting takeaway from the report is the fact that targeted attacks are growing. Symantec notes that the number of daily targeted attacks increased from 77 per day to 82 per day by the end of 2011. More than 50 percent of such attacks target organizations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. When it comes to the actual targets, 58 percent of attacks focused on employees in roles such as human resources, public relations, and sales.
According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory.
This issue once again brings attention to the security of the electronics supply chain which has been a hot topic as of late. In March 2012, a consortium of experts published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products. The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM.
According to Microsoft, organizations should focus first on MS12-027 and MS12-023. Already, MS12-027 has come under limited, targeted attack. MS12-027 addresses a vulnerability affecting the MSCOMCTL.OCX ActiveX control that could allow remote code execution if a user visits a website with specially-crafted content designed to exploit the vulnerability. This particular vulnerability affects several pieces of software, including versions of Microsoft Office, SQL Server and BizTalk Server.
John Harrison, group product manager with Symantec Security Response, advised organizations to also pay attention to MS12-024, which patches a critical vulnerability in Windows that could permit remote code execution if a user or applications runs or installs malicious, signed portable executable files on an affected system.
Through the new Big Data initiative and associated monetary investments, the Obama Administration promises to greatly improve the tools and techniques needed to access, organize, and glean discoveries from huge volumes of digital data.
Interestingly, as part of a number of government announcements on big data today, The National Institutes of Health announced that the world’s largest set of data on human genetic variation – produced by the international 1000 Genomes Project (At 200 terabytes so far) is now freely available on the Amazon Web Services (AWS) cloud.
Additionally, the Department of Defense (DoD) said it would invest approximately $250 million annually across the Military Departments in a series of programs.
“We also want to challenge industry, research universities, and non-profits to join with the Administration to make the most of the opportunities created by Big Data,” Tom Kalil, Deputy Director for Policy at OSTP noted in a blog post. “Clearly, the government can’t do this on its own. We need what the President calls an ‘all hands on deck’ effort.”
In the column, using several quotes and examples from Einstein's work, Rochford argues how a Security Guru should be more than just a technician, and that his/her education must reach far beyond I.T. It is easy to forget that there is a reason for the procedures, policies and approaches that we use and advocate beyond having some in place.
Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek.
Besides the RDP bugs, this month’s Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio. All those issues are rated ‘important’ with the exception of one of the Windows’ denial-of-service bugs, which is rated ‘moderate.’
wiredmikey writes: If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a recent survey, more than half of workers don’t always follow or are unaware of their company’s security policies.
The survey numbers show that more than half (54 percent) of employees don’t always follow their company’s IT security policies, or aren’t even aware of the policies (21 percent).
wiredmikey writes: Recently the New York Police Department announced it was working with the Department of Defense to develop gun-scan technology capable of detecting concealed firearms. The scanner would work in a similar fashion as an infrared detector, but with a slight twist – it would read the energy people emit and identifying where that energy is being blocked by an object, such as a gun.
This question is being asked and answered by Brad Bowers, a security operations manager for a large financial institution.
“I focused on Radio Frequency (RF) MASINT for my research, and while I don't see it being used in the traditional sense for tracking down hackers defacing Websites, it can still be a very valuable tool for tracking down attackers,” he said. MASINT, he said, is a better fit for critical infrastructure companies with complex computer systems controlling various types of sensors, valves and temperature gauges.
“The impact of these forces will make architectures of the last 20 years obsolete,” said Analyst Peter Sondergaard. “Together, they force the issue – they drive us to create the post-modern business, drive simplicity and force creative destruction.”
wiredmikey writes: Wade Williamson provides an interesting read on the evolution of malware, starting with a brief history, and background of modern malware threats, along with an explanation of the modern malware lifecycle...
Modern malware is emerging as one of the most concerning forces at play in information technology. With the ability to potentially coordinate millions of infected nodes, pass through security boundaries undetected on demand, and to adapt functionality on demand, modern malware has more in common with a fully distributed cloud-based application than it does with the simple self-replicating viruses and worms that we have known in the past.
40 years ago while working at BBN, Bob Thomas began experimenting with the concept of a mobile application. To this end he developed the Creeper program, which had the ability to move from machine to machine. Creeper quickly proliferated through ARPANET infecting everything in its path, and the emergence of the computer virus was upon us.
wiredmikey writes: Adobe today said it would release a Flash Player update tomorrow, September 21, 2011. The out of cycle update will address critical security issues in flash player as well as an important universal cross-site scripting issue that is reportedly being exploited in the wild in targeted attacks.
wiredmikey writes: With data breaches and cyber attacks constantly making headlines, it’s clear businesses continue to face challenges when it comes to securing IT assets and protecting company data. The good news – a recent survey shows IT security budgets and workforces may be reacting accordingly.
Symantec’s 2011 State of Security Survey fielded responses from a total of 3,300 businesses around the world to gauge their attitudes about risk and security. Among the findings: the number of organizations reporting attacks in the past 12 months dropped to 71 percent from 75 percent in 2010, and the number reporting an increased frequency of attacks dropped from 29 percent to 21 percent year-over-year.
The main drivers of security will sound familiar. When asked what industry trends are affecting the difficulty of security, the most mentioned issues were mobile computing (47 percent), social media (46 percent) and consumerization of IT (45 percent).