• Adobe to patch zero-day Reader, Acrobat hole

    On 12 January Adobe will release patches to fix zero-day vulnerabilities in Reader and Acrobat; malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec; the rate of infection is extremely limited and the risk assessment level is very low, the company said.

  • Prediction for 2010: The coming cloud crash

    Technology maven Mark Anderson predicts a big remote-computing service disaster; “My hunch is that there will never really be a secure cloud,” he says; businesses will view cloud services more suspiciously and consumers will refuse to use them for anything important, he says

  • Cisco annual information security report highlights risks of social media

    Cisco has released its annual information security report for 2009 and the year-end analysis; the report highlights the impact of social media on network security and the critical role that people — not technology — play in creating opportunities for cybercriminals.

  • New NIST director says U.S. faces "critical time in cybersecurity"

    Patrick Gallagher, the new director of the U.S. National Institute of Standards and Technology, sees NIST’s role as a catalyst for the application of technology to pressing environmental, economic, and social concerns

  • Cyberattacks on U.S. military systems rise

    In 2000, there were 1,415 cyber attacks on U.S. military networks; in all of 2008 there were 54,640 malicious cyber incidents targeting DoD systems; in the first six months of 2009 tThere were 43,785 such incidents.

  • Cyber security certification is not a panacea for cybersecurity woes

    The U.S. Congress is deliberating proposals to require cybersecurity certification for cyber security professionals; although a good certification standard might be a measure of a baseline level of competence, it is not an indicator of job performance; having certified employees does not mean firewalls will be configured securely, computers will have up-to-date patches, and employees won’t write passwords on the backs of keyboards

  • Industry, academia join hands to solve U.S. most pressing cyber threats

    Northrop Grumman forms cybersecurity research consortium to help secure the U.S. critical infrastructure and counter growing threats; consortium’s members include MIT, Carnegie Mellon, and Purdue

  • CERT Australia promotes on network security

    Australia’s Attorney-General’s Department national security resiliency division says CERT Australia would be a two-way clearing house for notifications from local and international authorities, with responsibility for tracking down compromised machines in Australian domains

  • Top 10 information security trends for 2010

    Further adoption of cloud, social media, and virtualization technologies will continue to blur the network parameter; organizations — large and small — should consider a layered, centralized security solution that provides multiple security touch points within the network, rather than around it

  • New report: The line between cybercrime and cyberwar is blurred

    New McAffee cybersecurity report: “International cyber conflict has reached the tipping point where it is no longer just a theory, but a significant threat that nations are already wrestling with behind closed doors. The impact of a cyberwar is almost certain to extend far beyond military networks and touch the globally connected information and communications technology infrastructure upon which so many facets of modern society rely”

  • U.S. suspects terrorists are exploring counter-infrastructure cyber attacks

    A lack of security protections in U.S. computer software increases the likelihood that terrorists could execute sophisticated counter-infrastructure attacks in the future; DHS official says that if terrorists were to amass such capabilities, they would be wielded with “destructive and deadly intent”

  • Cyber threats now targeting traditional companies

    U.S. companies, even small and medium size, are more and more exposed to cyber threats from organized crime, foreign intelligence services, and probably terrorist organizations; 85 percent of U.S. critical infrastructure is owned and operated by private companies — and these companies are especially vulnerable to determined attacks which may ruin or seriously disrupt company operations

  • Raytheon's insider threat solution receives federal validation

    Raytheon’s SureView product is now FIPS 1402 Level 1 complaint; validation means that Raytheon’s enterprise monitoring and investigation tools may now be used by government agencies, including the Department of Defense, to protect sensitive government data in computer and telecommunication systems

  • Growth trends in software security favor Beyond Encryption

    Irish company specializing in developing software for protecting sensitive data stands to benefit from growth trends in the global security software market; most encryption products rely on the user having to remember a password to unlock their data; the approach of Beyond Encryption is to have access controlled by an administrator so that the data is protected wherever it goes