FW: NEWSBANK:: Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College

-------------------------------------------
From: Paul Ferguson (RD-US)
Sent: Thursday, September 02, 2010 4:02:03 AM
To: Newsbank
Subject: NEWSBANK:: Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College
Auto forwarded by a Rule

Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College

Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, KrebsOnSecurity.com has learned.

The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public and liberal arts college located in the town of Wise in southwestern Virginia.

Kathy Still, director of news and media relations at UVA Wise, declined to offer specifics on the theft, saying only that the school was investigating a hacking incident.

“All I can say now is we have a possible computer hacking situation under investigation,” Still said. “I can also tell you that as far as we can tell, no student data has been compromised.”

According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.

Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations.

The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa.

 

 

 

 

http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/

 

-ferg

 

 

--

"Fergie", a.k.a. Paul Ferguson

 Threat Research,

 CoreTech Engineering

 Trend Micro, Inc., Cupertino, California USA

 

FW: [Newsbank] Why Smaller Botnets are Big Business

-------------------------------------------
From: David Perry (MKT-US)
Sent: Thursday, September 02, 2010 3:36:18 AM
To: Ivan Macalintal (RD-US); Newsbank
Subject: RE: [Newsbank] Why Smaller Botnets are Big Business
Auto forwarded by a Rule

NOTE: by Rental, Ivan means that the botnet itself goes out to 'rent' for further criminal or profit motivated use. This is the dominant model in the malware world today. This means that at the time of infection, the only purpose the bad guy had in mind was to capture your system. The real use only happens later.

 
David Perry | Global Director of Education

10101 North De Anza - Cupertino, California 95014 USA

Office: +1 (714) 846-5689 | Mobile: +1 (949) 500-2033

-----Original Message-----
From: Ivan Macalintal (RD-US)
Sent: Wednesday, September 01, 2010 10:04 AM
To: Newsbank
Subject: [Newsbank] Why Smaller Botnets are Big Business

That is why ZeuS is big business.

Excerpt:

'....Rather than this bigger-is-better mentality prevailing, nowadays, smaller botnets are more valuable as far as the rental business is concerned. This is largely due to the success of security researchers and law enforcement in taking down some of the big botnets and their hosts.

With the good guys now able to infiltrate and sabotage highly visible botnet operations, to the point of effectively putting them out of business for weeks - a week is a very long time in online crime activity - it has become far easier and safer for the bad guys to creep under the radar using smaller botnets. .....'

To read the complete article see:
http://www.pcpro.co.uk/realworld/360712/why-smaller-botnets-are-big-business

-- Ivan@FTR

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

FW: [Newsbank] Why Smaller Botnets are Big Business

> -------------------------------------------
> ???: Ivan Macalintal (RD-US)
> ????: Thursday, September 02, 2010 1:04:19 AM
> ???: Newsbank
> ??: [Newsbank] Why Smaller Botnets are Big Business
> ????????
>
That is why ZeuS is big business.

Excerpt:

'....Rather than this bigger-is-better mentality prevailing, nowadays, smaller botnets are more valuable as far as the rental business is concerned. This is largely due to the success of security researchers and law enforcement in taking down some of the big botnets and their hosts.

With the good guys now able to infiltrate and sabotage highly visible botnet operations, to the point of effectively putting them out of business for weeks - a week is a very long time in online crime activity - it has become far easier and safer for the bad guys to creep under the radar using smaller botnets. .....'

To read the complete article see:
http://www.pcpro.co.uk/realworld/360712/why-smaller-botnets-are-big-business

-- Ivan@FTR

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

FW: Newsbank :: DEF CON survey reveals vast scale of cloud hacking

-------------------------------------------
寄件者: Miguel Pascual Martinez (TS-IE)
傳送日期: Wednesday, September 01, 2010 6:39:38 PM
收件者: Newsbank
主旨: Newsbank :: DEF CON survey reveals vast scale of cloud hacking
自動依照規則轉寄

https://www.fortify.com/news-and-events/press-releases/2010/2010-08-24.html

DEF CON survey reveals vast scale of cloud hacking - and the need to bolster security to counter the problem

San Mateo, CA, August 24, 2010 — An in-depth survey carried out amongst 100 of the elite IT professionals attending this year's DEF CON 2010 Hacker conference in Las Vegas recently has revealed that hackers view the cloud as having a silver lining for them.

And a gold, platinum and diamond one, it seems, as an overwhelming 96 per cent of the respondents to the Fortify Software-sponsored poll said they believed the cloud would open up more hacking opportunities for them.

This is being driven, says Barmak Meftah, chief products officer with the software assurance specialist, by the belief from the hackers, that cloud vendors are not doing enough to address the security issues of their services.

"89 per cent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 per cent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem," he said.

"While ‘only’ 12 per cent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud," he added.

According to Meftah, when you factor in the prediction from numerous analysts that at the start of 2010 20 per cent of businesses would have their IT resources in the cloud within four years (http://bit.ly/7dvygF), you begin to appreciate the potential scale and complexity of the security issues involved.

In the many predictions, he explained, 20 per cent of organizations would own no appreciable IT assets, but would instead rely on cloud computing resources - the same resources that 45 per cent of the DEF CON 2010 attendees in the survey cheerfully admitted to already having tried to hack.

Breaking down the survey responses, 21 per cent believe that Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable, with 33 per cent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their cloud travels.

Remember, says Meftah, we are talking about hackers having DISCOVERED these types of vulnerabilities in the cloud, rather than merely making an observation.

DEF CON has evolved considerably since the first event was held way back in 1993, and the hackerfest in the last couple of years has attracted 8,500 of the world's top hackers and IT security researchers. “Anecdotal evidence suggests this year's Las Vegas event was even more successful, meaning that our survey results highlight the very real security challenges that lie ahead for cloud vendors and security defense professionals," he said.

"More than anything, this research confirms our ongoing observations that cloud vendors - as well as the IT software industry as a whole - need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," he added.

"It is of great concern to us here at Fortify that the message about software assurance has still to get through to everyone in the software development community, and the DEF CON survey results strengthen our resolve to get this message across to as large an audience as possible."

For more on Fortify Software: www.fortify.com

 

 

 

Miguel Pascual Martinez |  Technical Support Engineer , EMEA IDA Business & Technology Park, Model Farm Road, Cork, Ireland Office: +353 (0)21 730 7386 | Ext:18386 | www.trendmicro.com

 

FW: Newsbank :: 5 Resources for Migrating to the Cloud Securely

-------------------------------------------
From: Susan Wilhite (MKT-US)
Sent: Wednesday, September 01, 2010 7:48:31 AM
To: Newsbank
Subject: Newsbank :: 5 Resources for Migrating to the Cloud Securely
Auto forwarded by a Rule

Top billing.  Wow.

 

http://www.readwriteweb.com/enterprise/2010/08/encrypt-your-cloud-storage-wit.php?utm_source=Web&utm_medium=twitter&utm_campaign=Feed1

 

5 Resources for Migrating to the Cloud Securely

By Klint Finley / August 31, 2010 12:30 PM

A recent poll found that most enterprises that have already become infrastructure-as-a-service customers worry much less about cloud security than companies that are only thinking about making the leap. But for the rest of you, security remains the number one concern when considering the cloud. If you're under pressure to take advantage of the benefits of cloud computing, but need to ensure a high level of security, here are a few companies with products and services that can help you make the move without losing sleep.

Trend Micro SecureCloud

Trend Micro announced the public beta of its new SecureCloud SaaS today. SecureCloud enables you to store encrypted data in the cloud while controlling your own keys using Trend's key-management technology. The advantage here are that customers, not the providers, own their own keys without the need to create a complex secure file infrastructure. SecureCloud is currently offered only as an SaaS, but Trend promises an on-premise solution soon.

Trend has also released today a new version of its Deep Security product, a clientless security system for both physical and virtual servers.

EnStratus

EnSTratus offers enterprise cloud encryption, key management, a user management for the cloud, and many other solutions. EnSTratus works by separating the roles of infrastructure provider from the role of security provider. EnSTratus holds encryption keys and manages user access from its own SaaS solution, shielding data housed in the public cloud from unauthorized access. ReadWriteCloud's coverage of EnStratus is here.

Nasuni

For those only needing storage and looking for a simple, solution Nasuni takes a different approach with its on-site/cloud hybrid product Nasuni Filer. The company setups up a NAS-like local device that caches data from its encrypted cloud storage for faster performance. Nasuni has multiple cloud hosting providers, including Amazon Simple Storage Service and RackSpace.

Irdeto

Irdeto, which started out as a DRM company, is paying a lot of attention to the cloud computing. For enterprises that just need to control user access, Irdeto's Cloakware manages privledged account passwords, both in the cloud or in your enterprise.

Fortify

Fortify, the software testing company recently acquired by HP, works with companies to ensure that applications developed for private data-centers are cloud-ready.

How Do You Secure Your Cloud

Have you worked with any of the vendors mentioned in this article, or are you using other solutions? Let us know!

 

 

Susan Wilhite | UX Researcher & Trend Community Manager 10101 North De Anza Blvd., Cupertino, CA USA 95014 Office: 408.863.6594

 

 

FW: Newsbank: Trend Micro brings encryption to the cloud

-------------------------------------------
From: Rolf Rennemo (PM-US-CTS)
Sent: Wednesday, September 01, 2010 3:44:44 AM
To: Newsbank
Subject: Newsbank: Trend Micro brings encryption to the cloud
Auto forwarded by a Rule

 

http://www.networkworld.com/news/2010/083110-trend-micro-cloud-encryption.html?source=NWWNLE_nlt_daily_pm_2010-08-31

 

SecureCloud service works with Amazon EC2, Eucalyptus, VMware vCloud

By Ellen Messmer, Network World
August 31, 2010 11:08 AM ET

Trend Micro is blazing a new trail with a service called SecureCloud intended to give enterprises a way to encrypt data in cloud-computing environments.

SecureCloud allows you to maintain control over the encryption key used to secure data stored in the Amazon EC2, Eucalyptus or VMware vCloud cloud infrastructures. Other cloud-computing variants could be added in the future.

"IT operations may be firing up [a remote virtual machine] image but we have security validating the integrity, and it's encrypted until it hits the cloud, and it's encrypting data at rest," according to Todd Thiemann, senior director of data center security and marketing at Trend Micro.

He notes that SecureCloud allows the IT department using either public or private cloud-computing services to answer the basic questions, "Is this image OK? And is it mine?"

Now in beta with general availability expected by year end, SecureCloud is provided through a Web site portal and makes use of policy-based encryption to allow access to a virtual-machine image as well as storing related activity logs.

In addition to offering the security service, Trend Micro is looking at making comparable software available to companies for on-premises use.

In a separate announcement, Trend Micro also unveiled an antimalware protection module for its VMware server security software, Deep Security 7.5. It includes integrity monitoring, log inspection and stateful firewall capabilities, and leverages the most recent VMware vShield Endpoint APIs. Trend Micro Deep Security 7.5 is expected to ship in October.

Read more about data center in Network World's Data Center section.

 

FW: Newsbank :: Top 10 Most Important Features for Enterprise Smartphone Management Solutions

-------------------------------------------
From: Susan Wilhite (MKT-US)
Sent: Wednesday, September 01, 2010 3:20:02 AM
To: Newsbank; Roger Knott (MKT-US); Steve Quane (Seg GM-SMB);
Christina Tsai (MKT-US); Liwei Ren (RD-US); Robert Liu (RD-US);
Sam Huang (RD-TW); James O'Donnell (PM-TW-ENT); Ian HY Lee (PM-TW-ENT);
Daniel Yang (RD-US)
Subject: Newsbank :: Top 10 Most Important Features for Enterprise Smartphone Management Solutions
Auto forwarded by a Rule

I am conducting a user experience study on just this issue – employee-owned smartphones supported in the IT environment.  Stay tuned. 

 

Roger,  please send me this report when we have it. Thanks!

 

Top 10 Most Important Features for Enterprise Smartphone Management Solutions

By Klint Finley / August 28, 2010 2:38 PM

A new report from Forrester confirms a trend we've been reporting: enterprises are turning away from "one size fits all" organization-owned smartphone phone strategies in favor of multi-device, employee owned smart phone strategies. Of the firms polled by Forrester, approximately half are already embracing a multiplatform strategy, and nearly 60% support personally owned smartphones. Many enterprises are considering solutions to augment or replace their Blackberry Enterprise Servers. Forrester has identified the ten most important features for smart phone device management solutions, and ten vendors that offer all ten features.

Challenges for the enterprise

According to Forrester, IT is struggling with a two-fold challenge: mobile device management and security. To solve this problem, enterprises are increasingly investing in device-agnostic solutions. In the firm's report on mobile application development, Forrester recommends creating Web applications, instead of native applications, whenever possible.

Key Functionality for Smartphone Management Solutions

Forrester identified ten key pieces of functionality for smart phone solutions. The first seven are key features that have standardized across most device management solutions:

·         Configuration management

·         Security management

·         Central console

·         Over-the-air (OTA) intelligence, troubleshooting, and support

·         Asset management and reporting

·         Software management

·         Scalability

The other three are newer but increasingly important functionality:

·         Remote control

·         Device recovery

·         Self-service portals

Of the 26 solutions Forrester evaluated, the following ten include all ten key pieces of functionality:

·         AirWatch

·         FancyFon

·         Fromdistance

·         Good Technology

·         MobileIron

·         RIM

·         Smith Micro

·         Sybase

·         Trust Digital

·         Zenprise

However, many other solutions contain important and useful solutions, so enterprises should consider other possibilities. For example, Motorola's MSP solution can also manage peripheral devices such as cash registers, scanners, RFID readers, printers, signature capture pads, and kiosks, and SOTI's MobiControl supports location-based asset tracking features.

What the Future Holds for Smart Phones in the Enterprise

Forrester makes the following three predictions for the near future:

·         Support for BlackBerry, iOS, and Android will be a top priority for IT managers

·         Vendor consolidation will continue

·         True convergence of smartphone and PC management is inevitable but still years away

 

http://www.readwriteweb.com/enterprise/2010/08/post.php

 

Susan Wilhite | UX Researcher & Trend Community Manager 10101 North De Anza Blvd., Cupertino, CA USA 95014 Office: 408.863.6594