HP's annual Pwn2Own contest has been run and won. Critical flaws in every major browser, which allowed remote code execution, were found as well as issues with Adobe's Flash and Reader products. Pwn2Own is a hacker contest that runs within the CanSecWest event in Vancouver. Hackers are offered cash prizes as incentives as well as donations of computer hardware and other prizes given to the security researchers.
Hackers are adapting distributed denial of service (DDoS) attacks and combining these with social engineering tactics to try and infiltrate banks during 2013, warns Gartner.
Enterprise information security in Australia could come under much greater scrutiny with the nation’s Information Commissioner looking to drill down deeply into the details of an organisation’s security practices after a breach.
In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today. We’ve looked at internal negligence and continue the series by speaking to experts about the problem of social engineering.
I had the opportunity to speak at a new security conference last week, Security Threats 2012. I presented on the topic of balancing business benefits with risks in the cloud (more on that later), but the event touched on a wide range of pertinent IT topics, provoking stimulating discussions of some of the most pressing challenges business leaders are facing.
Sign up now »
Advanced protection for physical, virtual and cloud servers
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.