STE WILLIAMS

BETHESDA, Md., Dec. 2, 2013 /PRNewswire-USNewswire/ — SANS announces results of its 2013 mobile security policy and management survey in which 576 IT professionals answered questions about the use of employee-owned devices within their organizations (termed bring your own device or BYOD), awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was sponsored by TCG and the SANS Internet Storm Center.

The professionals who took this survey represent the front lines of IT, setting policy for mobile device use, managing deployments of mobile devices and tackling the tough technical challenges associated with meeting the mobile device operational requirements of end users while maintaining the security requirements of the organization.

“Organizations are feeling the pressure of BYOD adoption, with or without policy and security tools to manage the deployments,” says survey author Joshua Wright.

“Tried and true security mechanisms, such as VPN, represent the primary tools used by organizations to protect mobile data, regardless of the limitations and inflexible nature of those solutions.”

From the survey, it is clear that BYOD triggers fear and loathing among respondents but is seen as the wave of the future. When asked about what types of controls are in place for such usage, respondents indicated that 48% rely on user education and awareness, while a disconcerting 23% have not deployed any controls. It is encouraging that respondents overwhelmingly agreed that they are not confident with their existing policies.

“Even though convenient access to email is the number one app for enterprise data access, increased adoption of CRM and ERP mobile apps will inevitably increase the mobile risk surface for enterprise networks,” Wright adds.

Results and suggestions for updating application controls and device management and reporting will be released during a webcast on Tuesday, December 10, at 1 PM EST. To register for the complimentary webcast please visit

www.sans.org/info/144867

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by Joshua Wright.

The SANS Analyst Program, www.sans.org/reading_room/analysts_program, is part of the SANS Institute.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 25 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

Article source: http://www.darkreading.com/mobile/sans-announces-results-of-its-2013-mobil/240164415

MINNEAPOLIS, Dec. 3, 2013 /PRNewswire/ — Shavlik, a business unit of LANDesk Software, and a recognized leader in agentless patch management capabilities, announced today that it has joined the Microsoft System Center Alliance Program.

As the first company to provide third-party patches to Microsoft System Center

2012 R2 Configuration Manager customers, Shavlik has continued to refine its popular SCUPdates product and add supplementary products to enhance the features of Microsoft System Center Configuration Manager. By joining the System Center Alliance, Shavlik is reaffirming its commitment to its customers.

“Shavlik is thrilled to be part of the Microsoft System Center Alliance Program,” said Marshall Smith, Vice President of Partnering and Operations for Shavlik. “We have patched Microsoft and third-party applications since the beginnings of Shavlik and we plan to continue empowering our customers with our popular SCUPdates, Management Intelligence, and additional Shavlik products that add value to System Center customers. Our membership in the Alliance will help us continue to foster the communication required to shape and refine our products and to meet the needs of our mutual customers.”

Building on Shavlik’s recognized expertise in patch detection and deployment, SCUPdates has the ability to extend the reach of System Center Configuration Manager beyond current Microsoft products to patch today’s most attacked applications. SCUPdates takes advantage of the System Center Configuration Manager workflow and does not require the installation of an application or agent for deployment. By syncing with Shavlik SCUPdates, System Center Configuration Manager customers have a single System Center Configuration Manager workflow for deploying updates for Microsoft operating systems, Microsoft applications, and non-Microsoft applications.

“System Center 2012 R2, with its trailblazing functionality, provides a solid foundation for third parties such as Shavlik to build on and add value for customers,” said Brian Hillger, Director, Product Marketing, Microsoft Corp.

“With SCUPdates, Shavlik is helping customers keep third-party applications patched and secure with consistent accuracy and ease-of-use. Microsoft is pleased to welcome Shavlik into the System Center Alliance.”

In addition to SCUPdates, Shavlik has products to patch the datacenter, track and manage software licenses, and manage mobile devices that are designed to enhance the end-user experience and expand System Center Configuration Manager beyond its current feature set.

A free trial version of SCUPdates and other Shavlik products is available for evaluation on the Shavlik website and through select resellers.

About Shavlik

Shavlik is a pioneer in agentless patch management and a leader in innovative network security and management solutions. Since 1993, Shavlik has been at the forefront of patch security, first by providing the only third-party patch management to Microsoft System Center Configuration Manager customers and later asserting industry leadership in the patching of virtual machines. Its products and solutions include Shavlik Protect, Shavlik SCUPdates, and Management Intelligence. Shavlik’s “Just Add Water and Stir” approach allows customers to get up and running in as little as thirty minutes.

Article source: http://www.darkreading.com/management/shavlik-joins-microsoft-system-center-al/240164397

Arlington, VA – December 3, 2013 – Lookingglass Cyber Solutions, the leader in cyber threat intelligence management, announced today innovative workflow and data integration enhancements to its flagship product, ScoutVisiontrade, that will enable organizations to effectively leverage threat intelligence throughout their security infrastructures. With an updated interface, ScoutVision now empowers users to manage threat intelligence more efficiently through new Cyber Heads up Display (CyberHUD) capabilities, including streamlined alert monitoring and a watchlist style interface, as well as the availability of expanded integration with existing, validated threat sources.

ScoutVision, Lookingglass’ Cyber Threat Intelligence Monitoring and Management Platform, connects, collects and processes all-source cyber threat indicators and intelligence. It then offers threat, risk and security teams a workspace to research, manage and monitor meaningful developments in cyber activity and infrastructure that affect enterprise risk. Furthermore, organizations can extend this capability into their existing security investments through the platform’s robust Application Programming Interface (API). The latest version of ScoutVision offers broader capability, scale and system wide integration improving the overall collection, exploitation and workflow.

Key ScoutVision feature enhancements include:

System Wide

New Cyber Heads up Display (CyberHUD) Behavior – CyberHUD now provides a “watchlist” style, alerting interface. New indicators added into a monitored network space will be highlighted for the user. Users will also be able to “clear” the watchlist as they vet and address the events that caused an alert situation.

Communications Page Redesign – Simplified and new paging and sorting functions of telemetry and log data to assist users with reduction and prioritization.

Bulk import – Users can now bulk import and tag thousands of IP addresses directly via the user interface (UI). This allows users who wish to tag large sets but do not want to do command line scripting to quickly import data sets they have in other systems/formats.

Analyst Workspace

Streamlined User Interface (UI) – Updated look and feel adapted to user’s task focused workflow to make it easy to navigate across network elements.

Highly Scalable Collection Exploitation Architecture – The new architecture enables faster database writes and includes supports metadata for collection sources.

Historical Timestamps – Provides 90-days of historical indicators associated with specific network entities to track threat activity and observe changes that occur over time.

Premium Indicator Sources – New data relationships enable expanded integration with trusted industry threat sources available through a single analyst workspace.

Collaboration – Improved project import/export functionality enables sharing of information between Lookingglass customers.

Expanded Tagging

Domains – Users can now directly associate tags to fully qualified domain names (FQDNs) directly via the UI.

Indicator and Tag History – The system displays a minimum of 90-days of indicators and/or user tags associated with a network element over time.

Unannounced Classless Inter-Domain Routing (CIDRs) Ranges – Users can tag unannounced CIDR ranges to monitor for threat data aggregated for unannounced IP address space.

“Our latest release was driven by our customers’ input and necessary architecture changes to support our future roadmap,” said Chris Coleman, Lookingglass president and chief executive officer. “These improvements to our intelligence processing architecture, data persistence and intelligence navigator bring effective and efficient threat data and threat intelligence management and monitoring to our clients.”

ScoutVision provides a global view into the Internet and transforms threat data into threat knowledge. This information is essential for threat intelligence, risk managers, and security operations teams to identify, understand, manage and prioritize cyber threats within and beyond the enterprise perimeter. ScoutVision offers continuous monitoring capabilities that alert customers to the presence of threats within networks that are relevant to their organization and ecosystem while delivering aggregated, contextualized threat intelligence. Rather than being tied to the antiquated ‘stop any and all security events’ mindset, customers can rapidly determine the relevance of threats and more effectively focus resources, thereby adopting a new cyber security risk approach that tightly aligns business needs with operational realities. The value of data can only be realized through rigorous collection, processing and normalization. ScoutVision tackles this challenge, and focuses on transforming threat data into information and knowledge.

About Lookingglass

Lookingglass Cyber Solutions is the world leader in threat intelligence monitoring and management enabling global cyber threat visibility. With its ScoutVisionTM and CloudScoutTM products, Lookingglass delivers a threat intelligence monitoring and management workspace to continuously monitor threats far and near, such as the presence of botnets, hosts associated with cybercriminal networks, unexpected route changes and the loss of network resiliency. Lookingglass’ outside-in approach accounts for a client’s entire enterprise cyber ecosystem including the extended enterprise, and other networks beyond their control. This visibility brings an unprecedented view to help organizations understand their risks and enable a more proactive approach to the management of their overall security posture. For more information, visit www.LGScout.com.

Article source: http://www.darkreading.com/management/lookingglass-expands-threat-intelligence/240164398

WASHINGTON, GOVERNMENT IT FORUM, BOOTH #201A, and BOSTON, December 3, 2013 – Forum Systems Inc. is partnering with immixGroup, Inc. to deliver its FIPS-certified Forum Sentry API Security Gateway to public sector IT organizations through immixGroup’s contract vehicles. The announcement comes in conjunction with the Government IT Forum where Forum Systems is showcasing Forum Sentry in Booth #201A.

Processing and securing more than 10 billion transactions per day worldwide, Forum Sentry significantly reduces the cost and complexity of centralizing security, identity and governance for hundreds of global organizations, including some of the world’s largest federal agencies. The industry leader in SOA, XML and Mobile Gateway technology, Forum Sentry provides FIPS 140-2 level security, has been independently certified by NIST, DoD and the U.S. Treasury, and holds the industry’s only patent for cryptographic acceleration of security processing.

Since 1997, immixGroup has helped technology companies do business with the government. Its public sector aggregation programs give software and hardware manufacturers the resources and expertise they need to grow their public sector business. Government agencies rely on immixGroup to provide them with reliable access to the leading technologies needed to complete their mission objectives.

“Opening up communications between government entities has been a boon for conducting business – but in exposing their critical back-office systems and processes to external partners, those agencies have created a larger attack surface area. That, in turn, is increasing their cyber security risk,” said Bruce Herron, Vice President of Worldwide Sales for Forum Systems. “By partnering with immixGroup, we are reaffirming our long-standing commitment to the public sector in delivering patented, industry-leading gateway technology that accelerates and secures the interagency communication that drives efficient, effective and safer B2B exchange.”

In October, Forum Systems unveiled the latest version of its flagship Forum Sentry. Expanding on its market-leading capabilities, Forum Sentry features intelligent edge caching for network optimization, Amazon S3 integration for secure enterprise-to-cloud storage and expanded OAuth 2.0 support to simplify mobile SSO. Notably, Forum Sentry is the industry’s only FIPS 140-2 secured edge caching solution that provides tight integration with all enterprise-class identity stores to satisfy mobile users’ demand for anytime, anywhere access while ensuring the highest levels of network security.

“Forum Sentry is a FIPS-certified security gateway that meets the unique, exacting requirements of public sector IT organizations,” said Chris Wilkinson, Director of Cyber Security Technologies at immixGroup. “We are pleased to partner with Forum Systems and offer the company’s API Security Gateway through our contract vehicles, enabling government agencies to procure this technology to help meet their business and organizational objectives.”

About immixGroup, Inc.

immixGroup helps technology companies do business with the government. immixGroup’s unique platform of services enables software and hardware manufacturers and their channel partners to grow their public sector business and accelerate the sales cycle. Since 1997, immixGroup has delivered the specialized resources and expertise these companies need to increase their revenue, support their demand creators, and operate efficiently. And government agencies trust immixGroup to provide leading IT products through their preferred contracts and business partners. For more information, contact immixGroup, Inc. at 703-752-0610, via email at [email protected], or on the Web at www.immixgroup.com.

About Forum Systems

Forum Systems, a wholly owned subsidiary of Crosscheck Networks, Inc., is the innovation leader in content security gateway technology. The industry’s most comprehensive solution for centralized security, identity and governance for SOA, REST and mobile communications, Forum Sentry enables comprehensive threat mitigation and trust enablement, providing enterprises and government organizations worldwide with the foundation for achieving Secure Service Mediation. Processing more than 10 billion transactions per day worldwide, the FIPS- and DoD-certified Forum Sentry API Security Gateway delivers unparalleled protection against HTML-, XML-, SOAP- and REST-based vulnerabilities. Notably, Forum Systems products provide simplified integration and task processing with over 100 built-in, standards-based processing tasks. For more information, please visit www.forumsys.com.

Article source: http://www.darkreading.com/government-vertical/forum-systems-teams-with-immixgroup-to-d/240164368

LONDON and OKLAHOMA CITY, Dec. 3, 2013 /PRNewswire/ — ValidSoft (www.validsoft.com), a global supplier of advanced telecommunications-based fraud prevention, authentication and transaction verification solutions, and a wholly owned subsidiary of Elephant Talk Communications Corp. (NYSE MKT: ETAK), has joined the FIDO (Fast Identity Online) Alliance (www.fidoalliance.org), which is dedicated to creating standards for simple, open, scalable and widely compatible strong authentication systems.

ValidSoft joins many of the largest and most progressive brands in the payments industry in supporting the FIDO Alliance, which already includes global leaders PayPal, Lenovo, Mastercard and Google as members. FIDO’s shared goal is to develop industry standards that increase compatibility and reduce reliance on usernames and passwords to authenticate online users, approaches that are both easily compromised and notoriously difficult to remember. Passwords would instead be replaced by ‘low-friction’ authentication methods embedded in device hardware, a philosophy already reflected in ValidSoft’s multi-factor mutual authentication, identity and transaction verification solutions which also in corporate features such as voice biometrics and location proximity.

Pat Carroll, Chairman of ValidSoft, says: “We’re pleased to support FIDO Alliance’s efforts to create and implement simpler and higher authentication standards that will help protect people from ever more sophisticated fraud.

Thanks to our unique security ‘by design’ approach and our ability to leverage advanced telecommunications capabilities and real-time invisible checks that do not involve the customer, we are allowing payment processors to provide stronger verification and authentication, without negatively impacting the consumers’

experience.”

Michael Barrett, FIDO Alliance President and Chief Information Security Officer of PayPal, an eBay company says: “We are excited to welcome ValidSoft as our newest member. The FIDO vision of universal strong authentication promises better security, enhanced privacy, more commerce and expansion of services throughout digital industries. ValidSoft’s contribution to our Alliance supports our industry goal to make user authentication easier and safer for all parties.”

About ValidSoft:

ValidSoft provides advanced mobile- and cloud-security solutions. ValidSoft has developed a custom-built sophisticated multi-factor authentication platform

(SMART(TM)) for the mobile world, which takes full advantage of mobile telecommunication channels and devices and includes a leading proprietary voice biometric engine. These solutions combat electronic fraud and safeguard consumer privacy across internet and mobile banking, credit/debit-card and (mobile and fixed line) telephony channels. ValidSoft’s solutions are used to verify the authenticity of both parties to a transaction (Mutual Authentication), ensure the fidelity of telecommunication channels (Secure Communications), and confirm the integrity of transactions themselves (Transaction Verification) – in each case in a manner which is scalable for the mass market, cost-effective, secure and easy to use and deploy. The company counts some of the world’s largest financial institutions among its customers. ValidSoft is the only security software company in the world that has been granted three European Privacy Seals. Visit: www.validsoft.com.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. Visit:

www.fidoalliance.org.

About Elephant Talk:

Elephant Talk Communications Corp. (NYSE MKT: ETAK), is a leading international provider of mobile proprietary Software Defined Network Architecture (Software

DNA(TM)) platforms for the telecommunications industry that empower Mobile Network Operators (MNOs) and Mobile Virtual Network Operators (MVNOs), Enablers

(MVNEs) and Aggregators (MVNAs) with a full suite of applications, Full OSS/BSS Systems, Delivery Platforms, Support and Managed Services, on-site, cloud, hybrid and S/PaaS solutions, including Network, Mobile Internet ID Solutions, Secure Remote Access Management, Loyalty Management and Transaction Processing Services, superior Industry Expertise and high quality Customer Service without substantial upfront investment. Elephant Talk counts several of the world’s leading Mobile Operators amongst its customers, including Vodafone, T-Mobile, Zain and Iusacell. Visit: www.elephanttalk.com.

Article source: http://www.darkreading.com/privacy/validsoft-joins-fido-alliance-to-support/240164416

Australian news site news.com.au has reported a rather worrying problem with the mobile website of Aussie clothing brand Witchery.

According to News Limited journalist Sarah Michael, customers visiting Witchery’s mobile site were able to retrieve – and even to edit – the personal information of other customers via a feature called “track my order.”

Customers could also view every order currently being processed, not just their own.

The good news is that a spokesperson for Country Road, the company that owns the Witchery brand, has gone on the record to say that no credit card information was exposed.

That’s a relief, because Witchery’s mobile site proudly boasts:

Card-free membership – make your wallet that bit lighter – your card number is stored in the app!

The bad news, of course, is that your credit card is one of the few aspects of your PII (Personally Identifiable Information) you can change fairly easily.

You also enjoy some statutory protections against fraud and abuse of your card, notably that you will probably get your money back if someone rips you off.

Things like the combination of your name and address are much harder to change if you think they have fallen into the wrong hands.

There’s no suggestion that Witchery’s regular website suffered from the same problem, and this wouldn’t be the first time that the security of a company’s mobile offering was found to be lower than its full-sized counterparts.

For example, when Facebook finally announced “HTTPS everywhere” in late 2012 – a move in which Naked Security likes to think it played a modest part – it had to admit that it was still working with mobile phone vendors to bring the same privacy and security benefits to mobile users.

Likewise, in Apple’s world, apps approved for sale in the App Store have been found not only to grab hold of your contact data without proper permission, but also to upload it to the app’s creator using unencrypted HTTP, something that would be considered out of the question for a regular website.

If news.com.au has it right, the Country Road spokesperson described Witchery’s problem with the words, “A small problem has been identified by our third party provider and is being fixed.”

We’re not sure that’s quite the right way to put it – describing a leak of customers’ PII as “a small problem” isn’t merely insensitive, it seems to imply that as long as what’s breached doesn’t have some immediate financial connection, such as a credit card number or expiry date, it doesn’t really count.

You can listen to more about this topic in a recent Sophos podcast, where Chester Wisniewski and I discuss where security is heading in the so-called the Internet of Things:

(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Chester explains that we aren’t really looking at an internet of things, but rather at an internet of intimate information about the people who happen to own and use various internet-connected things.

The relevant discussion kicks off at 10’19”, but we think you’ll enjoy the podcast enough to listen your way there rather than fast-forwarding.

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/OhXPzawOZr0/

It started in the fall, when the executive sports producer for the TV station WBAL – in the US city of Baltimore, Maryland – got a friend request on Facebook.

The request looked like it came from someone whom Chris Dachille knew, so instead of investigating who the sender really was, he went ahead and accepted.

Next thing you know, Dachille’s new friend had scraped images and other information from Dachille’s personal Facebook account and used it to create a profile under Dachille’s name.

Using the cloned account and Dachille’s friend list, the attacker then turned around and sent friend requests to Dachille’s friends, many of whom accepted the overture.

As Ars Technica’s Sean Gallagher reports, the attack quickly spread through the newsroom to Dachille’s colleagues, with their own doppelganger Facebook accounts popping up and the attacker or attackers spamming out malicious links and using their assumed identities to request money.

It was only when Dachille’s friends started to bombard him with warnings did he realize what was going on.

In an interview on WBAL, Dachille said that the idea of somebody pretending to be him and contacting his friends for money was “very troubling”:

My first thought was, do they have my banking info? Do they have personal information, my [tax identification number], things like that?

Giving a stranger access to a Facebook account might not be the same as handing over our Social Security numbers, but it does give potential attackers valuable bait for phishing expeditions.

Posing as colleagues or friends, attackers can send malicious links to our friend list, as was done at WBAL. Such links could well link to malware that infects victims’ computers with all manner of nastiness, including keyloggers.

In short, when we give strangers access to our Facebook accounts, it might not mean an attacker has gotten their hands on our banking information, but it certainly means that they’ve gotten a lot closer to it and are armed with information that’s useful in carrying out phishing expeditions.

The media professionals used the “report abuse” button to alert Facebook, but it took weeks for the company to respond and take down the cloned accounts.

In fact, it took the involvement of the Maryland Attorney General, whom the station wound up contacting.

As Ars Technica’s Gallagher points out, in Facebook’s defense, it’s difficult for the service to tell the difference between a fake account and a real one:

Many legitimate accounts share a name with another user, and the level of detail in their accounts made these clones seem genuine. [One of the reporters] told me that the duplicate account had even filled in a birthday that was close to the date of her own – information she hadn’t provided in her original profile.

The victimized newsroom staffers were all using their personal accounts for both work and personal purposes, Gallagher said. The attackers not only scraped photos from the users’ accounts, they also used lookalike email addresses, and, in some cases, used other personal data they obtained by getting the target to friend them.

Then they sent out friend requests to all the target’s friends and repeated the process, launching spam news feed content from each of the cloned accounts.

What can a normal Joe do to claim their digital identities on, or within, social networks? Gallagher notes that Facebook offers a verified identity service for pages that are created to enable businesses and public figures to separate their personal and business personas.

Twitter, for its part, offers a blue “verified” checkmark badge to establish authenticity, but it’s not open to everybody: mostly, the service concentrates on select users, such as celebrities, musicians or brands.

When someone receives a friend request, Facebook systems are designed to check whether the recipient already has a friend with the same name, along with other factors.

When people report impersonators using Facebook’s built-in reporting flows, its teams review each one and take the appropriate action – including setting checkpoints (requiring additional information to proceed) or shutting down profiles if necessary.

Gallagher mentioned not being able to get to the phishy content in time to check whether it led to malware. That’s actually a good sign: it means that Facebook’s squashing this stuff fast when such issues arise.

That’s not much consolation to WBAL, which was plagued with the attack for weeks before the clones were taken down, but again, verification is a tricky business.

Gallagher proposes that the best defense might well be to connect with others personally to ask, Is that really you? Or, alternatively to say, Yes, this is really me.

How do you prove you’re you, though? Do you hand over personal data? That seems to defeat the purpose.

And how do you assume that when you’re vetting a friend request, the respondent isn’t an attacker who’s feeding you personal information he scraped off of heaven knows where?

Your thoughts are welcome in the comments section below.

In the meantime, Facebook told me that it’s aware of these reports and has developed several techniques to help detect and block this particular form of abuse.

Facebook encourages people to:

• Vet all friend requests;
• Beware of suspicious emails with misspellings, typos, multiple fonts or oddly placed accents; and
• Report suspected phishing messages using the appropriate links placed throughout the service.

Facebook has more help on phishing in its Help Center.

And if you’d like to keep up to date on the latest Facebook scams and other security-related news, consider liking our Naked Security Facebook page.

Follow @LisaVaas

Follow @NakedSecurity

Image of news desk courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/J6P4s6DvmOc/

Quick guide to disaster recovery in the cloud

RBS, Natwest and Ulster Bank customers were hit by an “IT meltdown” on Cyber Monday that stopped card payments, borked ATMs and closed down online banking, leaving them with no way to pay for anything.

Problems started around 6.30pm yesterday as folks trying to do their Christmas shopping online and those looking for a few groceries for their dinner were left red-faced when cards were declined.

Disappointing Embarrassing trying to buy groceries for dinner!! and attempting 3 cash machines with complete failure @Natwest_help #RBS

— Paul (@porkpie2310) December 3, 2013

Millions of rbs and natwest customers couldn’t use their credit cards yesterday so cyber monday largely fucked-bet you it’s back next week

— Armchaireverton (@Armchaireverton) December 3, 2013

RBS, which owns Natwest, has said that the technical issue, which it has so far refused to explain, is now resolved, but users are still reporting problems.

Natwest customer Beth told The Reg that she still wasn’t able to access her account online and the bank was now telling her that there could be a block on her card.

“A card block wouldn’t result in a technical error, so it’s absolute rubbish,” she complained. “I think the online team are clutching at straws. I know lots of people do have access but I’m not amongst them!”

Reg readers who could get into their online accounts also reported money missing from their balances. In some cases, salaries that had recently come into the account had now disappeared, leaving the customer overdrawn and causing cheques to bounce and payments to be refused.

An RBS spokesperson told The Reg that the majority of users had access to their money again, but some folks could still be having trouble.

“There could be a small number of customers still experiencing some residual issues,” they said. “[And] there could be one or two people whose payments are taking some time to update. Any customer experiencing issues this morning should get in touch with our call centres or branches where our staff will be ready to help.”

RBS Group, which also includes Ulster Bank, has also promised compensation for the outage.

“We would like to apologise to our customers. If anyone has been left out of pocket as a result of these systems problems, we will put this right,” it said in a statement.

The outage is the latest in a line of IT problems at the banking group that are adding to its growing bad reputation. In June last year, millions of account holders were left without access to their accounts, in some cases for up to a week. The Reg discovered that an inexperienced RBS tech was to blame, bungling the patch-up after an upgrade to the batch processing software used by the bank went wrong.

Earlier this year, a hardware fault in the group’s mainframes stopped customers from accessing their accounts online, at the cash machine or using their cards. ®

If you’re in the know and would like to add to the coverage of this latest outage at RBS Group, drop The Reg a note or call the London office on 020 3189 4620.

Hybrid storage performance leadership

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/03/rbs_it_outage/

Cloud services aim to simplify the implementation and management of business applications, a goal that has generally worked well for security services. Yet, simplified interfaces and aggregated data can often hide the details that management needs to make decisions about attacks.

Responding to customers’ requests for more access to security-event data, cloud providers are exposing customer-specific aspects of their massive data sets to help businesses better defend themselves. Cloud security firm Incapsula, for example, announced last month that it would start delivering to each customer their servers’ performance and attack metrics in real-time. The company takes millions of transactions across 15 data centers, brings them into a central data repository, organizes them, and then displays the data relevant to each customer. The data can be used by businesses to better react to certain types of attacks, such as application-layer denial-of-service attacks, says Marc Gaffan, co-founder and vice president of business development for the company.

“Now, our end user can see, in real-time, the transactions hitting their network,” he says. “This is gives them the visibility to work with us, and be more self-sufficient.”

Cloud security providers are finding that their customers want more data. For many companies, learning that a threat was blocked is no longer enough. More sophisticated enterprise customers want deeper access to the data on which a decision is based, so they can investigate the incident themselves and determine if they need to take further action.

In some ways, the trend is an adjustment in the cloud services model, says Dean De Beer, chief technology officer for malware-analysis-as-a-service platform ThreatGRID. Companies moved to security-as-a-service to simplify a complex set of processes, but that does not mean that they do not want access to the data on attacks or malware targeting their networks, he says.

“The ability for people to really make a difference in the environment without having to have the expertise to setup the infrastructure–it’s huge,” he says, adding that companies need to give the sophisticated users of their services as much information as they need to do their job. “The end user is saying that they want this data and vendors need to provide it.”

[With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities. See Services Offer Visibility Into Cloud Blind Spot.]

Another cloud security firm that has opened the curtains to reveal certain facets of its large datasets is OpenDNS. The company has modified its cloud-based domain name service to go beyond blocking or allowing traffic, and now offers companies the ability to gather additional details about the domains to which traffic is flowing.

Called Security Graph, the service lets customers of OpenDNS’s Umbrella service to dig down into the data and determine, for instance, if an attack is part of a mass, opportunistic probe or a targeted attempt to compromise the business. In an opportunistic attack, the company will be one of many OpenDNS customers that attempt to go to a specific, malicious server; in a targeted attack, the company may account for the lion’s share of traffic to that server, says Dan Hubbard, chief technology officer for OpenDNS.

“If you see a machine beaconing out to a domain, a cloud solution would say, this is blocked as malware,” he says. “With that sort of response, there is not enough information to determine if this is an attacker looking for Paypal credentials or is this is someone exfiltrating data to a Chinese network.”

While using Big Data analytics for security has garnered a great deal of attention, it typically requires staff with specialized knowledge to successfully implement. Because of their expertise in dealing with large datasets, cloud providers can excel at providing meaningful access to the data, says Incapsula’s Gaffan.

“I think Big Data analytics and security analytics are a core competency for cloud service providers,” he says. “They can immediately identify a certain pattern and give companies visibility into the data.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/services/cloud-providers-reveal-more-big-data-ana/240164385

A total of 343,927 new malicious websites have been detected in the past 30 days, according to a study published Monday.

The study, conducted by security vendor Commtouch, indicates that the number of websites created specifically for malicious purposes is growing at an unprecedented rate.

“The average of nearly 11,500 new threats every day increases the digital foothold of cybercriminals as well as the likelihood that victims will stray into dangerous territory,” the study says. “The malware endangers businesses and end users with a wide range of threats, including password and identity theft, use of hacked PCs as bots for spam, denial of service attacks, and a growing favorite of cybercriminals – encrypting and then ransoming critical data.”

Some 173,314 of the newly detected sites are malware sites, according to Commtouch. Spam sites accounted for 56,503 of the total, and phishing sites accounted for 114,110.

“Malware sites typically rely on exploit kits that seek out known vulnerabilities in the browser, operating system, or PDF reader software, among others, and then use these vulnerabilities to gain control of the visiting computer or smartphone,” the study states. “The majority of phishing sites targeted PayPal users, but an increasing number aimed for the Google credentials of users, since these credentials open up an increasing range of linked Google services.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/study-340000-new-malicious-websites-dete/240164387