Cyber-War, SIEM, Web Scams, Cloud Security Top Week's Security News
As the Department of Homeland Security launched events around the
country to kick off October as National Cyber Security Awareness Month,
cyber-war and cyber-security awareness dominated the week.
Cyber-war fears came to the fore as Wired's Danger Room broke the news on Oct. 7 that the United States Air Force computers controlling unmanned surveillance and attack drones have been infected with keylogger malware. The keyloggers may have gotten on the closed systems via removable disk drives, the Wired report said.
Apple founder and former CEO Steve Jobs' death this week was on everyone's minds this week. Even as technology professionals, consumers, and politicians all praised Jobs' contributions to technology, scammers were busy drawing web users into a survey click-jacking scam promising free iPads. More than 25,000 users were tricked into visiting the scam site before the Bit.ly link was disabled.
At the Interop networking show in New York this week, the focus was on the cloud, security and mobile devices coming into the enterprise. Organizations are talking about how to secure the mobile devices being used by the employees to check corporate email and access other services.
Bug bounties for security vulnerabilities were back in the news as a site associated with NSS Labs, ExploitHub, offered $4,400 for actual exploits targeting 12 common flaws in Microsoft Internet Explorer and Adobe Flash Player.
IBM and McAfee announced on the same day their acquisitions in the security space. IBM acquired Q1 Labs, a Security Information and Event Management (SIEM) vendor known for its analytics capabilities to create a new security division focused on "security intelligence." McAfee announced its own SIEM deal for Nitro Security, a company focused on managing the vast amounts of data being generated from various sources. This is the third major SIEM deal this year, after Hewlett-Packard acquired ArcSight.
Microsoft is also taking on a different kind of unwanted email in its revamped Hotmail Webmail service. Noting that "true" spam accounted for only 3 percent of mail received in user inboxes, Microsoft rolled out new features that would allow users to clean out newsletters, special deals from retailers and e-commerce sites, and other messages that the user may have wanted at one time but no longer do. The company called this category of mail "graymail."
Researchers at Android Police site uncovered a serious security flaw in certain HTC phones. HTC had recently rolled out a logging suite on some of its phones running the HTC-customized "Sense" version of the Android mobile operating system. The suite was collecting data and making it available to any app that was trying to access the internet, researchers found. HTC said it is investigating the issue and will be fixing it.
President Obama signed an executive order to mandate federal agencies to implement basic security measures to ensure a data breach similar to WikiLeaks couldn't happen again. The order created a steering committee and an intra-agency task force to ensure the guidelines are carried out across all departments and agencies. The order comes a few days after a General Accountability Office study found that security incidents and data breaches in federal agencies have increased 650 percent over the past five years.
Microsoft also announced it plans to fix 23 bugs in its October Patch Tuesday release planned for next week. Of the eight security bulletins planned, two are rated "critical" and the remaining six are rated "important." A critical flaw in Internet Explorer Web browser will be patched.