All Entries in the "Security Data" Category
Exploitable IE6 Still Top Browser Used
in 2001, Microsoft released Internet Explorer version 6. 5 years later the released version 7 and just recently the released version 8. While there are now two newer FREE versions, as well as many other FREE products from other vendors, the majority of systems still use IE6. Some of the major milestones [...]
Breach Severity
From the latest Microsoft Security Intelligence Report it states “In contrast to the decrease in total disclosures, vulnerabilities rated as High severity increased 13% with respect to the second half of 2007, with roughly 48% of all vulnerabilities receiving a rating of High severity. This is still a 28% decline from the first half of [...]
Lots of Malware Out There
Article Link
250,000 malicious sites created daily
60% of these poisoned web pages are live for around 24 hours
Security as a company culture
Nearly half of all companies cite a lack of training and an “upsupportive company culture” around security according to the ISC2 security organization. (see article)
The survey was of 700 security professional
46 percent say employees have a “weak understanding” of security policy.
48 percent say there is a lack of training and an overall unsupportive company [...]
Would your employees sell out?
According to a new survey of 600 people, one third of employees would sell company secrets for compensation. The amount of compensation needed varied based on who was spoken to. This survey was done by the same people who famously got usernames and passwords from people in exchange for a chocolate bar last [...]
Lost or stolen laptop incur $50,000 loss
In a recent study by the Ponemon Insitute (see article) found that losing a laptop costs a firm on average $49,246 dollars after accounting for data loss, intellectual property, replacement, lost work time and legal expenses. Executives that lost laptops cost organizations about half that while managers who lost a laptop cost the company about [...]
Criminals Register Domains Like Yours
The Anti-Phishing Working Group (APWG) performed some analysis around the use of registering domains to be used for the purpose of Phishing attacks. What criminals do is register a domain name that looks similar to yours. For example, if your domain was myfinance.com they might register myf1nance.com (where the i has been changed [...]
Financial Data Breach Sources
Some good analysis from a post on Perimeter.
“In the study we just released on financial institution data breaches between 200 and 2008 we analyze the breach sources.
Hacking accounts for 42 percent of incidents but 55 percent of records compromised. This is the largest percent of incidents and records which is why financial [...]
Record Breaking Malware Growth
According to the latest report by F-Secure, malware has had explosive growth during the last half of 2008 with trends continuing into 2009.
The report sites that 2007 doubled over the previous 2006 records, and 2008 more than tripled the 2007 numbers in total malware instances found. The database with signature based definitions [...]
Common Hacker Attack Pathways
In the 2008 Data Breach Investigations Report written by Verizon it discusses the most common methods of access (pathways) used to compromise networks. What they found from the 500+ caseload was the following:
Nearly half of all breaches exploited remote access and control systems. The report states that this is often remote access software [...]