LIVE WIRE !  THE SECURITY NEWSLETTER 

VOLUME 2: March 14, 2007  

SECURITY NEWS

Examination of the threat landscape in 2006 and predictions of malware and spam developments during 2007 - as per The Security Threat Report 2007 from Sophos, a world leader in IT security

The Sophos Security Threat Report 2007 examines in detail the top ten Malware threats of the last year, and also confirms that Malware authors are continuing to turn their backs on large-scale attacks in favor of more focused strikes against computer users.

Microsoft Windows continues to be the primary target for hackers, with internet criminals increasingly manufacturing downloading Trojan horses rather than mass-mailing worms to do their dirty work for them.

Read more: Source: www.sophos.com

Download "Sophos Security Threat Report 2007"

------------------------------------------------------------------------

The ISO 27001 way - the growing need for an externally-validated, best-practice approach to Information Security 

Over the last decade, rapid globalization, increasingly pervasive information technology, the evolving business risk and threat environment, and today's governance expectations have, between them, created a fast-growing and complex body of laws and regulations – such as Data Protection and privacy legislation (e.g. HIPAA, GLBA, DPA) and governance requirements (e.g. SOX) - that all impact the organization's IT systems. Regulatory requirements in all these areas concentrate on preserving the Confidentiality, Integrity and Availability of electronic data held by organizations operating within the sector.

Organizations are left to establish, for themselves, how to meet these requirements. They have to do this in an uncertain compliance environment where the rewards for success don't grab headlines, but the penalties for failure do. There are no technology products which, of themselves, can render an organization compliant with any of the data security regulations, because all data security controls consist of a combination of technology, procedure and human behaviour.

The adoption of an externally-validated, best-practice approach to information security – one that provides a single, coherent framework that enables simultaneous compliance with multiple regulatory requirements - is, therefore, a solution to which organizations are increasingly turning.

ISO 27001 provides just such a solution. It focuses on the confidentiality, availability and integrity of data and its key precepts and requirements all occur in the regulatory requirements. Implementation of an ISO 27001 framework enables an organization to comply, at one step (and subject to specific documentation and working practices tailored for each individual regulation), with all the core requirements of information related regulation anywhere in the world.

Request for our ISO 27001 Whitepaper today!

------------------------------------------------------------------------

5200 websites defaced last year: CERT-In

Over 400 Indian websites came under attack by hacker groups during December 2006, compared to 340 sites that were defaced during the previous month.

This takes the total number of websites that were defaced during the full year (2006) to about 5200, according to data by Indian Computer Emergency Response Team (CERT-In).

About 37 security incidents were reported to CERT-In from various national and international agencies in December, 2006.

Of the total number of sites that were hacked and defaced, an overwhelming majority were in the ‘.com’ domain (303 incidents), while 54 incidents occurred within the .in domain. As many as 47 defacement incidents were recorded in the .org domain while the .net and .info domains accounted for 18 and eight incidents, respectively.

Read more: http://www.cert-in.org.in/defacementdetails06.htm

TEN TIPS TO SAFEGUARD AGAINST IDENTITY THEFT

Ï   Do not share passwords or PIN numbers with anyone.

Ï  Do not reply to, or click on links within, emails or pop-up messages that ask for personal or financial information.

Ï   Update Virus Protection software regularly.

Ï   Update security patches for web browsers and operating systems regularly.

Ï  Shred, or otherwise destroy, all documents with personal information prior to  disposal.

Ï  Monitor personal credit reports and statements from financial accounts regularly.

Ï  Install Firewall software.

Ï  Before transmitting personal information online, verify that the connection is secure (i.e., check for an “s” after “http” in the URL, as well as a lock symbol in the lower right-hand corner of the screen, which indicates the transmission is encrypted).

Ï  Do not email personal or financial information.

Ï  Keep a list of telephone numbers to call to report the loss or theft of your wallet, credit cards, etc.

MIEL NEWSBYTES

MIEL attains ISO 27001:2005 Certification

MIEL e-Security Pvt. Ltd. attained the ISO 27001:2005 (formerly BS 7799) certification for its Information Security Management System in February 2007. With the ISO 27001 certification, the highest certification standard on Information Security available from the International Standards Organisation (ISO), MIEL joins the select list of global IT companies in the world that complies with this latest security standard. Our accreditation provides our clients assurance that the confidentiality of their information is secure in accordance with an internationally recognized standard.

------------------------------------------------------------------------

Helios Lite, the new version of Helios released with power-packed features and functions!

MIEL released Helios Lite, the new power-packed features version of Helios on 5th March based on the feedback of the community and after tremendous Research & Development by the MIEL Labs team.

Helios Lite is a rootkit detection product based on some of the components of the Helios rootkit detection technologies. It is an implementation of the idea of Cross View Detection for the detection of persistent and non-persistent rootkits. It successfully detects a large number of user mode and kernel mode rootkits including Hacker Defender, Vanquish, Fu, FuTo, phide_ex and Unreal.A. It searches for hidden processes, hidden files as well as hidden registry keys.  

Helios Lite is designed to be quick and portable, and does not require installation and can be run off a USB drive. The only prerequisites are that it is run as a system administrator.

Download Helios Lite now at the following URL:
http://helios.miel-labs.com/downloads/Helios-Lite.zip
------------------------------------------------------------------------

Trident Infotech Services (A Product Division of MIEL), wins the annual McAfee ‘Outstanding Systems Security Partner 2006’ Award

Trident Infotech Services (A Product Division of MIEL), wins the annual McAfee ‘Outstanding Systems Security Partner 2006’ Award at the recently held McAfee Partner Conference 2007 in China among leading System Integrators. The Award from McAfee is an acknowledgement of Trident’s outstanding Sales and Technical performance with respect to McAfee’s Antivirus Software and Intrusion Prevention Solutions.

"Trident Infotech Services was the deserving winner of the Outstanding Systems Security Partner 2006 award", said Mr. Kartik Shahani, Regional Director of India for McAfee. "Their outstanding effort and commitment to McAfee customers ensured a high level of customer satisfaction".
------------------------------------------------------------------------NASSCOM profiles MIEL in its ‘100 IT Innovators Book' released at NASSCOM 2007 in Mumbai, India

The '100 IT Innovators Book', NASSCOM's special Innovation Book, second in the series, provides a wide angle view of the innovation being fostered within the IT-BPO industry. It honours the Indian IT companies that have injected innovation into existing know-how and come up with new ideas, products, business models, processes or technologies. The Book highlights MIEL's Technology innovation, Helios – a patent-pending, first Indian next-generation Information Security product, an anti-malware system that redefines the way you protect your IT systems from malicious software.

Read more: http://www.nasscom.in/upload/51252/Miel%20e-Security.pdf

------------------------------------------------------------------------

Recently concluded Information Security Training Programs carried out through MIEL’s Information Security Training Institute - ISTI^TM

v     Microsoft’s CISSP Training conducted in Mumbai for a record of 30 participants i.e. Microsoft employees across India  

v     CA’s CISSP Training conducted in Hyderabad for CA's e-Security Team

v     The Indian Army Cyber Security Establishment CISSP Training Program conducted in New Delhi which had the top Army Officers attending the program.

v     ISO 27001 Lead Auditor Training Program conducted in Mumbai which was attended by professionals from industry leaders across verticals such as Banking, Financial Institutions, BPO & IT Services, Research Institutions etc.

------------------------------------------------------------------------

Upcoming Training Programs

CEH (Certified Ethical Hacking)

March 19th – 23rd (Regular Batch)

Business Continuity Management System (BS25999) - Implementation Course

April 5th – 7th

ITSMS Implementation Course (ISO 20000)

April 19th – 21st

CEH (Certified Ethical Hacking)

April 14th, 15th, 21st, 22nd, 28th (Weekend Batch)

To register, contact us today at isti@mielesecurity.com!

Know more about our other Training Programs, visit our Training section today at www.mielesecurity.com.   

Your ideas, suggestions, tips and recommendations are highly valued. Please send us your feedback about our newsletter at marketing@mielesecurity.com, and thank you once again for your continued support of MIEL.

DISCLAIMER NOTICE:

The information contained in this electronic mail ("e-mail") transmission is intended by MIEL e-Security Private Limited for the use of the named individual or entity to which it is addressed and may contain information that is privileged or otherwise confidential. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee (or a person authorised to deliver it to the named addressee), except as otherwise expressly permitted in this e-mail transmission. If you are not the intended recipient and have received this e-mail transmission by error, please do not read, copy, use, disseminate or disclose this communication to others. Additionally, please notify the sender, by replying to this message or by using the contact details provided herein and then delete this e-mail from your system. To discontinue receiving any more e-mails, please notify the sender of this message by replying to this message by using the subject line as "unsubscribe". Thank you.