As we continue to stumble into a down economy, many CIOs and IT managers have expressed their concerns to me about static or even shrinking IT budgets and resources. They are very specifically concerned about how they can maintain the effectiveness of their security organizations through economic uncertainty. They know the need for compliance, controls, oversight, and audit will persist, however allocation of resources will be an even greater struggle for most.

I have gone through several of these conversations and have worked with multiple clients to assist in getting them ahead of the economic curve. This was done by building more effective, efficient and visible security environments that require less management and maintenance resources.

We have done this through the use of robust tools and smarter designs that leverage Bat Blue's operational experience. Moreover many of the organizations whose tools I am recommending for your review are at the cusp of their breakthrough as industry stars. These organizations are flexible and anxious for your engagement. Here are some of my recommendations:
Read more here...

A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs.

The MayDay botnet can evade leading antivirus products, and so far has compromised thousands of hosts, according to Damballa, which says 96.5 percent of the infected machines are in the U.S., and about 2.5 percent in Canada.


Read more here...

Symantec reported that it has spotted the first exploits using the "drive-by pharming" concept that researchers have been warning about for two years.

"With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email," Symantec says.

"The attacker’s malicious code could change the DNS server settings on the victim’s home broadband router (whether or not it’s a wireless router)," the company reports. "From then on, all future DNS requests would be resolved by the attacker’s DNS server, which means that the attacker effectively could control the victim’s Internet connection."

Read more here...

First it was spam, then it was denial of service. Now the operators of Storm have found a new use for the botnet: phishing.

Major banks targeted in intensive phishing effort driven by infamous botnet.

Phishers masquerading as Barclays Bank and the Halifax unit of the National Bank of Scotland are now pumping out bogus messages to unwary users, according to separate alerts issued by Fortinet and Trend Micro last night.


Read more here...

Researchers from Google and a well-known security firm have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors.

The security bugs reside in Flash applets, the ubiquitous building blocks for movies and graphics that animate sites across the web. Also known as SWF files, they are vulnerable to attacks in which malicious strings are injected into the legitimate code through a technique known as cross-site scripting, or XSS. Currently there are no patches for the vulnerabilities, which are found in sites operated by financial institutions, government agencies and other organizations.


Read more here...