============================================ New in Europe! SABSA® Foundation Training Are you already familiar with COBIT, BSI, ISF and the Code of Information Security? The SABSA approach complements these popular norms and standards on areas where they fail. The SABSA® Certification framework is a comprehensive, competence-based testing programme that provides you with the professional capability to meet the needs of your particular business to design, deliver, and manage business security architectures. http://www.imf-online.com/en/partner/hns/ ============================================ HNS Newsletter Issue 450 - 22.12.2008 http://www.net-security.org Table of contents: 1) Security news 2) Advisories 3) Reviews 4) Software 5) Conferences 6) Security World 7) Virus News [ Security news ] ---------------------------------------------------------------- CISCO REPORT SPOTLIGHTS WORLDWIDE CYBER SECURITY THREATS Cisco released a security report that warns that Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers. http://www.net-security.org/news.php?id=16238 JAPANESE BILLBOARDS ARE WATCHING BACK In Japan, NTT is testing a digital billboard system that watches back. http://www.net-security.org/news.php?id=16239 WHITEPAPER - MAXIMIZING SITE VISITOR TRUST USING EXTENDED VALIDATION SSL Explore the benefits of Extended Validation SSL, so you can show your customers that they can trust your site. http://www.net-security.org/news.php?id=16240 EUROPE'S ELITE BANKS COLLABORATE TO COMBAT CYBERCRIME Global banks and financial institutions are bracing for the increase in cybercrime and online fraud that accompanies an economic downturn and merger activity. Noted by leading analysts during a recent customer event, the spike in attacks has already begun and will climb significantly in 2009. http://www.net-security.org/news.php?id=16241 SPAM VOLUMES BEYOND 95% IN 2009? Marking the five-year anniversary since the CAN-SPAM act was signed into law in the United States, Barracuda Networks predicts that spam volumes will rise slightly higher than 95 percent in the year ahead as growing use of botnets continues to proliferate. http://www.net-security.org/news.php?id=16242 WHITEPAPER - IS VIRTUALIZATION A BLACK HOLE IN YOUR SECURITY? Learn how incorporating virtualization into your overall security strategy, you can protect your network from its dangers while profiting from its benefits. http://www.net-security.org/news.php?id=16243 FINDINGS OF THE LATEST WEBSITE SECURITY STATISTICS REPORT The sixth installment of the WhiteHat Website Security Statistics Report, provides a unique high-level perspective on the leading Web application security issues across industries such as retail, financial services, technology and healthcare, based on real-world websites. http://www.net-security.org/news.php?id=16244 REVIEW: IPHONE SECURITY SOFTWARE - SPLASHKEY SplashKey is a password generator for the iPhone. This freeware comes from SplashData, a company well known in the world of mobile applications. Their software products have been successful on various mobile platforms including Windows Mobile, Series 60 and Symbian UIQ. http://www.net-security.org/news.php?id=16245 SOFTWARE SECURITY TOP 10 SURPRISES Gary McGraw, Brian Chess, and Sammy Migues interviewed nine executives running top software security programs in order to gather real data from real programs. In the course of analyzing the data to create a maturity model, they unearthed some surprises. http://www.net-security.org/news.php?id=16246 ---------------------------------------------------------------- [ Advisories ] All advisories are located at: http://www.net-security.org/archive_advi.php ---------------------------------------------------------------- SUSE Security Announcement - MozillaFirefox,seamonkey (SUSE-SA:2008:058) http://www.net-security.org/advisory.php?id=9549 Ubuntu Security Notice - avahi vulnerabilities (USN-696-1) http://www.net-security.org/advisory.php?id=9548 Slackware Security Advisory - mozilla-firefox (SSA:2008-353-01) http://www.net-security.org/advisory.php?id=9547 Mandriva Linux Security Update Advisory - firefox vulnerabilities (MDVSA-2008:245) http://www.net-security.org/advisory.php?id=9546 Ubuntu Security Notice - shadow vulnerability (USN-695-1) http://www.net-security.org/advisory.php?id=9545 Ubuntu Security Notice - libvirt vulnerability (USN-694-1) http://www.net-security.org/advisory.php?id=9544 Ubuntu Security Notice - firefox vulnerabilities (USN-690-2) http://www.net-security.org/advisory.php?id=9543 Ubuntu Security Notice - firefox vulnerabilities (USN-690-3) http://www.net-security.org/advisory.php?id=9542 Ubuntu Security Notice - ekg, libgadu vulnerability (USN-692-1) http://www.net-security.org/advisory.php?id=9541 Ubuntu Security Notice - LittleCMS vulnerability (USN-693-1) http://www.net-security.org/advisory.php?id=9540 Ubuntu Security Notice - firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1) http://www.net-security.org/advisory.php?id=9539 Mandriva Linux Security Update Advisory - mozilla-firefox (MDVSA-2008:244) http://www.net-security.org/advisory.php?id=9538 US-CERT Technical Cyber Security Alert - Microsoft Internet Explorer Data Binding Vulnerability (TA08-352A) http://www.net-security.org/advisory.php?id=9537 Gentoo Linux Security Advisory - JasPer: User-assisted execution of arbitrary code (GLSA 200812-18) http://www.net-security.org/advisory.php?id=9536 Gentoo Linux Security Advisory - Ruby: Multiple vulnerabilities (GLSA 200812-17) http://www.net-security.org/advisory.php?id=9535 Ubuntu Security Notice - ruby1.9 vulnerability (USN-691-1) http://www.net-security.org/advisory.php?id=9534 SUSE Security Announcement - SUSE Security Summary Report (SUSE-SR:2008:028) http://www.net-security.org/advisory.php?id=9533 Mandriva Linux Security Update Advisory - enscript (MDVSA-2008:243) http://www.net-security.org/advisory.php?id=9532 US-CERT Technical Cyber Security Alert - Apple Updates for Multiple Vulnerabilities (TA08-350A) http://www.net-security.org/advisory.php?id=9531 Debian Security Advisory - linux-2.6 (DSA-1687-1) http://www.net-security.org/advisory.php?id=9530 Mandriva Linux Security Update Advisory - wireshark (MDVSA-2008:242) http://www.net-security.org/advisory.php?id=9529 Apple Security Update - Security Update 2008-008 / Mac OS X v10.5.6 (APPLE-SA-2008-12-15) http://www.net-security.org/advisory.php?id=9528 Gentoo Linux Security Advisory - Dovecot: Multiple vulnerabilities (GLSA 200812-16) http://www.net-security.org/advisory.php?id=9527 Debian Security Advisory - no-ip (DSA-1686-1) http://www.net-security.org/advisory.php?id=9526 Gentoo Linux Security Advisory - aview: Insecure temporary file usage (GLSA 200812-14) http://www.net-security.org/advisory.php?id=9525 ---------------------------------------------------------------- [ Reviews ] All reviews are located at: http://www.net-security.org/reviews.php ---------------------------------------------------------------- IPHONE SECURITY SOFTWARE - SPLASHKEY http://www.net-security.org/review.php?id=192 ---------------------------------------------------------------- [ Software ] Windows software is located at: http://net-security.org/software_main.php?cat=1 Linux software is located at: http://net-security.org/software_main.php?cat=2 Pocket PC software is located at: http://net-security.org/software_main.php?cat=3 Mac OS X software is located at: http://net-security.org/software_main.php?cat=5 ---------------------------------------------------------------- NTOP 3.3.9 (Linux) ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. http://www.net-security.org/software.php?id=36 PASSWORD SAFE 3.15.1 (Windows) Password Safe is a password database utility. http://www.net-security.org/software.php?id=172 SHOREWALL 4.2.3 (Linux) Shorewall is an iptables based firewall that can be used on a dedicated firewall system, a multi-function masquerade gateway/server or on a standalone Linux system. http://www.net-security.org/software.php?id=40 ---------------------------------------------------------------- [ Conferences ] All conferences are located at: http://net-security.org/conferences.php ---------------------------------------------------------------- 25th Chaos Communication Congress (25C3) Organized by CCC - 27 December-30 December 2008 http://www.net-security.org/conference.php?id=285 ShmooCon 2009 Organized by ShmooCon - 6 February-8 February 2009 http://www.net-security.org/conference.php?id=286 Southern California Linux Expo (SCALE 7x) Organized by SCALE - 20 February-22 February 2009 http://www.net-security.org/conference.php?id=283 InfoSec World 2009 Conference & Expo Organized by MIS Training Institute - 7 March-13 March 2009 http://www.net-security.org/conference.php?id=282 The Fourth International Conference on Availability, Reliability and Security (ARES 2009) Organized by Vienna University of Technology / Secure Business Austria - 16 March-19 March 2009 http://www.net-security.org/conference.php?id=260 2009 European Workshop on System Security (EuroSec) Organized by EuroSec - 31 March-31 March 2009 http://www.net-security.org/conference.php?id=281 RSA Conference 2009 Organized by RSA Conference - 20 April-24 April 2009 http://www.net-security.org/conference.php?id=280 21st Annual FIRST Conference Organized by FIRST - 28 June-3 July 2009 http://www.net-security.org/conference.php?id=284 The 9th Privacy Enhancing Technologies Symposium (PETS 2009) Organized by PET - 5 August-7 August 2009 http://www.net-security.org/conference.php?id=275 ---------------------------------------------------------------- [ Security World ] All security world articles are located at: http://www.net-security.org/secworld_main.php Send your press releases to press@net-security.org ---------------------------------------------------------------- Juniper positioned among the leaders of SSL VPN Magic Quadrant http://www.net-security.org/secworld.php?id=6878 Microsoft releases Intelligent Application Gateway SP2 http://www.net-security.org/secworld.php?id=6876 Data center transformation a top priority in 2009 for CIOs http://www.net-security.org/secworld.php?id=6875 Documenting requirements for RFID data center asset tracking standard http://www.net-security.org/secworld.php?id=6874 LaCie Ethernet Disk: up to 6TB in a rack-mounted backup appliance http://www.net-security.org/secworld.php?id=6873 Backup and recovery with DriveClone Version 6 http://www.net-security.org/secworld.php?id=6872 Screenshots of the new Lavasoft Anti-Virus Helix in action http://www.net-security.org/secworld.php?id=6871 Findings of the latest website security statistics report http://www.net-security.org/secworld.php?id=6869 RSA Conference Awards for 2009 nominations form now online http://www.net-security.org/secworld.php?id=6870 Futronic launches FS25 USB2.0 fingerprint Mifare card reader/writer http://www.net-security.org/secworld.php?id=6868 Urgent security update for Microsoft Internet Explorer http://www.net-security.org/secworld.php?id=6867 Problems with online auctions, badware, protecting personal data http://www.net-security.org/secworld.php?id=6866 First iPhone spy software hits the market http://www.net-security.org/secworld.php?id=6865 Crossbeam Systems certifies Sourcefire 3D System on its security platform http://www.net-security.org/secworld.php?id=6864 Securing the open source LAMP stack with MetaFortress Open http://www.net-security.org/secworld.php?id=6862 New HardCopy 3 for computer forensics hard-drive duplication http://www.net-security.org/secworld.php?id=6861 F-Secure’s new Exploit Shield zero-day protection http://www.net-security.org/secworld.php?id=6860 Verizon ranked among the most trusted companies for privacy http://www.net-security.org/secworld.php?id=6859 Spam volumes beyond 95% in 2009? http://www.net-security.org/secworld.php?id=6858 Securing Cyberspace for the 44th Presidency - changes in the U.S. federal market http://www.net-security.org/secworld.php?id=6857 Network security management solution for virtual environments from Q1 Labs http://www.net-security.org/secworld.php?id=6856 PGP encryption approved for use within UK Government http://www.net-security.org/secworld.php?id=6855 Europe's elite banks collaborate to combat cybercrime http://www.net-security.org/secworld.php?id=6854 Mac OS X 10.5.6 patches vulnerabilities http://www.net-security.org/secworld.php?id=6853 Firewalls with data leak prevention functionality http://www.net-security.org/secworld.php?id=6852 Video: the botnet security problem http://www.net-security.org/secworld.php?id=6851 Cisco report spotlights worldwide cyber security threats http://www.net-security.org/secworld.php?id=6850 The MiFi ultra portable mobile hotspot http://www.net-security.org/secworld.php?id=6849 Lavasoft releases Anti-Virus Helix http://www.net-security.org/secworld.php?id=6848 ---------------------------------------------------------------- [ Virus News ] All virus news are located at: http://www.net-security.org/viruses.php ---------------------------------------------------------------- Malware week: Antivirus360 antivirus and Sinowal.VXR banker trojan http://www.net-security.org/virus_news.php?id=1015 Zero-day web malware blocks surpass yearly average http://www.net-security.org/virus_news.php?id=1014 The most dangerous malware of 2008 came from the Internet http://www.net-security.org/virus_news.php?id=1013 Free removal tool for Mac OS X DNSChanger trojan horse http://www.net-security.org/virus_news.php?id=1012 ---------------------------------------------------------------- ============================================ New in Europe! SABSA® Foundation Training Are you already familiar with COBIT, BSI, ISF and the Code of Information Security? The SABSA approach complements these popular norms and standards on areas where they fail. The SABSA® Certification framework is a comprehensive, competence-based testing programme that provides you with the professional capability to meet the needs of your particular business to design, deliver, and manage business security architectures. http://www.imf-online.com/en/partner/hns/ ============================================ Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org ---------------------- Unsubscribe from this weekly digest on: http://www.net-security.org/subscribe.php The archive of the newsletter in TXT and PDF format is available http://www.net-security.org/newsletter_archive.php