Latest Hacking and intrusion prevention News

Managed DDoS mitigation service is the most cost-effective solution against DDoS attacks
posted on 01/06/2010

DDoS attacks are increasing in frequency, scale and sophistication. A report by Forrester found that just under 75 percent of respondents had been a victim of one or more DDoS attacks within the past year. All affected organisations were from varying sectors but said the consequences were the same: their ISP’s services were disrupted and their companies consequently lost revenue. Last week CNN reported that Media Temple, the web hosting provider for a range of blue chip companies, being hit with a sophisticated distributed denial of service attack. The Associated Press also reported that a Nebraska man has been sentenced to a year in federal prison for his role in a cyber attack on the Church of Scientology's websites two years ago. VeriSign security expert Matthew Bruun commented, “This case highlights the gravity of the situation around DDoS attacks. The fact that the attack against the Church of Scientology was recognised as a serious cyber crime – to the extent that the perpetrato... [more]

Secret keys in a mobile phone can be revealed simply by monitoring its power consumption
posted on 01/06/2010

Cryptography Research are warning that a closer scrutiny of the security of smartphones is now required, particularly against attacks that involve the monitoring of the power consumption of the phone. There is a class of attacks that can reveal the secret keys and other stored information in a mobile phone by the simple monitoring of its power consumption, thereby leaving an opportunity for fraudsters to exploit. Cryptography Research discovered this vulnerability, Differential Power Analysis (DPA), in the mid-1990s in its developments with smart cards. The payment card industry worked alongside Cryptography Research to implement countermeasures to make sure that the chips it uses in payment cards are safe. Today, there are about 4.5 billion cards shipped annually that use Cryptography Research’s countermeasures against DPA attacks. Cryptography Research says the DPA attack story is unfinished. Today, smartphones offer more applications and use more power to operate these fun... [more]

Businesses are complacent with the security risks they face
posted on 24/05/2010

Cyber criminals have evolved their skills and techniques to such an extent that they can breach the four walls of any company at will. Today’s cyber attacks are well organised, sophisticated, and targeted, not random, aimed at specific businesses or organisations seeking to steal valuable information for resale or fraudulent use. The 2008 RBS WorldPay incident is a good example of such an attack. First, ATM account credential information was stolen from a hacked computer system, and then used to make counterfeit ATM cards. Then over a few hour period US$9 million was taken from 2100 ATMs in 280 cities across three continents, leveraging a well-organised group of cashers spread across the world. According to one report the revenue generated by cyber criminals approaches US$1 trillion annually. This new breed of criminal congregates anonymously in underground chat rooms where they can find similarly minded criminals who have particular specialties useful for a particular heist. T... [more]

Comodo HackerGuardian allows firms to meet PCI vulnerability scanning requirements more easily
posted on 17/05/2010

Businesses that receive, transmit, or store credit card data must perform a network vulnerability scan every quarter. Scanning identifies vulnerabilities that could be exploited by hackers to steal confidential customer information. Comodo has announced the latest version of HackerGuardian™, allowing firms to meet PCI vulnerability scanning requirements more easily. Comodo CA Ltd. is a PCI-approved scanning vendor. With HackerGuardian, the scanning and reporting processes have been improved, allowing businesses to meet the requirements in less time-leaving them more time for their core businesses. HackerGuardian's enhancements and new features include * Overview dashboard - Enables quick access to the most common functions and information needed to manage scans * Setup wizard - Engage a setup wizard at any time. The user sets up once and lets HackerGuardian run itself * Simplified layout - Consolidated pages enable more function with less complexity * Drilldown cap... [more]

Law enforcement is catching up with cyber criminals
posted on 13/05/2010

There is now a tougher approach to tackling cyber crime with sentences becoming more punitive. This is in contrast to seven years ago when malware was treated as an online annoyance rather than a malicious criminal activity. There has been significant success in arresting and prosecuting cyber criminals across the globe in the first half of this year. Launching the first part of its Security Review 2010, F-Secure expressed hopes that this indicated a permanent shift in the ability of law enforcement officials to identify, capture and prosecute cyber criminals. Mikko Hypponen, chief research officer at F-Secure, said: “Anti-virus companies are not the police but we always provide the material uncovered by our investigations into cybercrime to the authorities so they can take action. It’s great to see this is having an effect and we hope that new level of arrests and harsher sentencing will represent a permanent shift in the way cybercrime is tackled.” This year has seen several la... [more]

Other Security news and resources