According to Global Phishing Report by APWG, there were around 67,677 phishing attacks worldwide during the second half of last year.

Albuquerque, NM -- (SBWIRE) -- 05/04/2011 -- Phishing has been one of the common techniques used by cybercriminals to defraud Internet users. However, the attacks have become more sophisticated over the last few years. Information is much more easily available, which could be used to launch targeted attacks. The latest Global Phishing Report by the Anti-Phishing Working Group (APWG) indicates significant rise in average (73 hours) and median uptimes (over 15 hours) of all phishing attacks during the second half of last year. There were around 67,677 phishing attacks worldwide during the second half of last year. Attackers are frequently targeting Chinese e-commerce sites and banking institutions. Taobao, a Chinese online shopping and auction site was the major target of attacks.

Majority of the malicious domain registrations concentrate in .COM, .TK, and .NET top-level domains. .TK domain is associated with the tiny pacific atoll of Tokelau, a New Zealand territory, which has become the third largest country code top-level domain after .de and .uk associated with Germany and United Kingdom. However, the free domain has been misused by cybercriminals for phishing activities. Cybercriminals made use of 2,429 unique .tk domain names to target 54 different targets worldwide. However, over 80% of the domains were used to phish Chinese organizations.

Phishers detect security flaws in websites and IT infrastructure, identify negligent user practices, gather e-mail lists, register counterfeit domain names, build websites identical to legitimate sites, identify phishing tools and send well-crafted mails to large number of users.

Organizations must take proactive measures to streamline IT security. Professionals qualified in masters of security science could help organizations in strengthening the defenses against security threats. Regulatory authorities must set up restrictions on domain name registration and avoid exploitation of sub-domain registration services.

Counter crime agencies must identify and close phishing sites, initiate steps to enhance user awareness through online degree programs, e-tutorials and security alerts. Internet users must avoid responding to e-mails, which request personal and financial information. They must verify the check the authenticity of the URL through Internal search engines. They must be cautious in providing e-mail addresses on websites to avoid spam e-mails. Users can verify the authenticity of a banking site by clicking on the padlock. Valid padlocks display security certificate on single or double-click, whereas fake padlocks may not display any information.

Organizations may collaborate with educational institutions and encourage employees to undertake online university degree courses on cyber security to foster security conscious culture.

About EC-Council
University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Sony's PlayStation Network (PSN) and Qriocity services go offline after external intrusion attempt.

Albuquerque, NM -- (SBWIRE) -- 05/04/2011 -- Popular websites and networks are favorite targets of cybercriminals. Attackers not only gain instant publicity, but also extract privileged customer and business information. The extracted information could Sony is still investigating the attack, which forced the company to take Sony PlayStation Network (PSN) and Qriocity services offline last week. The services are used by over 75 million people worldwide. While PlayStation provides online gaming, Qriocity offers audio and video services for Sony devices. Security professionals of the company are investigating the attack. The company had initially referred to the attacks as an external intrusion attempt.

Information security professionals of the company are revamping the network infrastructure to strengthen defenses against intrusion attempts. The company has not disclosed whether any user related data has been compromised. The information may include personal information such as name, age, contact details and financial information such as credit card numbers. Information security is crucial for continued trust of customers. Last month's data breach at Epsilon has affected millions of customers worldwide.

Customers, whose e-mail addresses were exposed, are receiving several phishing e-mails. IT professionals may update themselves on latest threats and data protection mechanisms by participating in webinars, training programs and undertaking online university degree courses.

Anonymous group was in the news for launching distributed denial-of-service attacks on Sony's servers earlier this month. The group has denied responsibility for the new set of attacks. Threats to network security may be active or passive. Both internal and external factors may pose threat to network security. Cyber-attacks result in disruption of regular services and adversely affect the business of the company. Hiring experienced IT professionals qualified in masters of security science, penetration testing and network security administration may help in understanding the network security environment, identification of threat vectors and security tools required to remediate the flaws.

Attackers may also target specific individuals of the company through social engineering attacks to compromise their computer systems, and gain access to other computers in the network. Therefore, organizations must create awareness among employees on social engineering threats such as spear phishing, impersonation as peers, fake online accounts on social media sites through huddle sessions and e-learning programs. Employees could be encouraged to undertake online degree courses on cyber security to inculcate safe computing practices.

Network security must be evaluated at regular intervals to identify and mitigate weaknesses. Network administrators must also keep track of security advisories to identify and apply necessary patches.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, counter crime agencies in China arrested 23 persons alleged to be involved in a voice phishing or vishing scam.

Albuquerque, NM -- (SBWIRE) -- 05/02/2011 -- Recently, counter crime agencies in China arrested 23 persons alleged to be involved in a massive voice phishing or vishing scam. Vishing is a type of attack wherein fraudsters try to seek sensitive information over phone call. The fraudsters allegedly targeted South Korean citizens. The arrest follows an agreement between South Korean and Chinese Authorities to combat against vishing scams. Fraudsters impersonating as representatives of a bank contact legitimate customers over phone and seek sensitive information or urge customers to deposit money in a particular account. They also allegedly impersonate as counter crime officials and seek details over phone. In some cases, fraudsters demand ransom from customers by claiming that they have detained one of their relatives. Over the last three years, South Korea has reportedly suffered loss of over $185 million due to phone fraud. The attackers are reportedly based in China and used to make independent random calls to avoid detection by counter crime agencies. Chinese authorities are expected to further crack down on culprits.

Fraudsters make use of social engineering techniques to extract confidential personals and financial information. The extracted information could be used for identity theft, producing fake credit cards and conducting fraudulent transactions. In some cases, attackers use Rogue Interactive Voice Response (IVR) systems to defraud users. Victims receive an e-mail, which appears to come from a legitimate bank, wherein they ask users to call on a specific number. Unwary customers, who call on the provided number, compromise their credit card and PIN number.

Counter crime agencies are now required to devote considerable time to resolve cybercrime cases. Frequent instances of cybercrime have led to increased demand for professionals qualified in masters of security science, computer forensics and IT security courses.

Users must be vary of replying to or following instructions provided in suspicious e-mails. Customers must cross-check the authenticity of persons seeking confidential information by directly contacting the respective bank or organization. online degree, security blogs and e-tutorials may help customers in understanding different security threats and precautionary measures.

Counter crime organizations may collaborate with educational institutions to encourage their employees to undertake online university degree courses to keep themselves abreast of latest developments in IT security and modus operandi of fraudsters.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Dallas, TX -- (SBWIRE) -- 05/02/2011 -- EC-Council's new Center for Advanced Security Training (CAST) will make its official debut at TakeDownCon Dallas, May 15-17.

TakeDownCon is a new technical IT security conference series developed by EC-Council.

CAST was developed to provide highly technical, advanced security training to information security professionals – in order to address the rapid evolution of new threats, vulnerabilities and exploits. EC-Council designed CAST to be specialized, current and domain-specific, to ensure that professionals are proficient and up to date on the latest threats.

Those who undergo CAST training will:

• Acquire advanced security knowledge through highly technical, hands-on training
• Learn proven advanced security techniques and strategies from industry practitioners
• Combat real-world attack and defense scenarios through well-designed, intensive labs

CAST training programs currently cover topics such as:

• Advanced Penetration Testing – learn how to hack patched and hardened operating systems, networks, and applications.
• Digital Mobile Forensics – learn how to recover digital forensic evidence from a mobile device.
• Advanced Application Security – learn how to harden applications from within through defensive programming.
• Advanced Network Defense – learn how to defend networks by taking on the offensive mindset of a hacker.
• Cryptography – learn how cryptographic protocols and cryptanalysis techniques work.

CAST training officially launches in the US the week of May 15th, at TakeDownCon Dallas, the EC-Council's new technical IT security conference series. For more information, visit www.TakeDownCon.com or www.ECCouncil.org.

About TakeDownCon
TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Developed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com.

About EC-COUNCIL
The International Council of E-Commerce Consultants (EC-Council) is a member–based organization that certified individual in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics (CHFI) program, License Penetration Tester (LPT) program and various other programs offered in 84 countries around the glove. EC-Council has trained over 90,000 individuals and certified more than 40,000 security professionals. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government, National Security Agency (NSA), Committee on National Security Systems (CNSS), Army, FBI, Microsoft, and CERTs (Computer Emergency Response Team) of various nations. The U.S. Department of Defense (DoD) included the CEH program into its Directive 8570, making it one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP). Website: http://www.eccouncil.org

Contact Information
Leonard Chin
Director of Marketing, Conferences & Events
leonard@eccouncil.org

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

In yet another data breach incident, an attacker successfully intruded into some of the FTP servers of the European Space Agency (ESA).

Albuquerque, NM -- (SBWIRE) -- 04/29/2011 -- In the recent times, data breach incidents have become a common occurrence. In yet another data breach incident, an attacker successfully intruded into some of the FTP servers of the European Space Agency (ESA). The attacker was successful in extracting sensitive information and has allegedly published around 200 usernames and passwords on his blog site. The attacker has revealed information related to main server, root, database, admin, editor and FTP accounts. Some of the usernames, e-mail addresses and passwords are easily readable on the blog page of the attacker. The attacker has not revealed the method used to breach security and gain unauthorized access to the affected databases.

The affected FTP servers are used by researchers affiliated to partner organizations for exchanging information. Information security professionals are investigating the incident and the affected FTP servers have been taken offline. The attacker has identified himself as TinKode. TinKode was in the news for intruding into the website of British Royal Navy, MySQL.com. He was also behind attacks on some of National Aeronautical Space Administration's (NASA) websites, the U.S Army, Reuters and Kaspersky Portugal among others. The attack took place on the anniversary of Apollo 13 crew's safe return to earth following a failed moon mission.

TinKode revealed details of 13 FTP accounts to match the number of the mission. TinKode has also provided a brief description of ESA on his blog site.

Leakage of user credentials may provide attacker with access to privileged user accounts, which may contain strategic information.

Revelation of such sensitive information may pose threat to national security. Attackers may also modify and delete information contained in the databases. Websites must be regularly tested for vulnerabilities and security lapses. Professionals qualified in IT degree programs, secured programming and penetration testing may help organizations in timely detection and mitigation of security weaknesses.

Attackers constantly scan and exploit vulnerabilities through sophisticated techniques. Websites are susceptible to SQL injection, cross-site scripting and distributed denial-of-service (DDoS) attacks. IT professionals must keep themselves abreast of latest developments in website security, modus operandi of attackers and threat prevention mechanisms through training sessions and online IT degree programs.

Users must avoid common passwords on multiple websites as attackers having access to password for one account may easily gain access to other accounts of the user. Passwords must be unique and must not contain personally identifiable information. Online IT courses, e-tutorials and adherence to security alerts may help users in understanding security threats and safe online computing practices.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Oracle is all set to address 73 security vulnerabilities in upcoming quarterly critical patch update.

Albuquerque, NM -- (SBWIRE) -- 04/28/2011 -- Oracle is all set for the upcoming critical patch update. The pre-release announcement by the company indicates that in all 73 vulnerabilities associated with numerous products will be mitigated during the next critical patch update. The update will mitigate security vulnerabilities associated with Oracle database server, fusion middleware, enterprise manager, e-business suite, supply chain products, PeopleSoft, JD Edwards suite, Siebel CRM, industry applications, Sun products and Open office suite.

The company releases quarterly critical patch updates on Tuesday closest to 17th day of January, April, July and October. The company uses Common Vulnerability Scoring System (CVSS) version 2.0 to rate vulnerabilities. The vulnerabilities are assigned scores based on the prerequisites for exploiting the vulnerability, ease of exploit, and impact of the attack on availability, confidentiality and integrity. Base scores range from 0.0 to 10.0 with ten being the most severe vulnerability.

Vulnerabilities may be caused by technological flaws, programming errors, and other human errors. Developers are required constantly upgrade their technical skills through online IT degree courses, training programs and refresher courses to deal with ever evolving threats.

The critical patch update will address six vulnerabilities in database server. The vulnerabilities affect components such as application service level management, database vault, Oracle help, security service, warehouse builder, UIX and network foundation. Two of the six vulnerabilities do not require authentication for exploitation of vulnerabilities. Highest base score for security flaws affecting database server is 6.5. The update will mitigate 9 flaws associated with fusion middleware, 6 of which are exploitable without authentication.

The vulnerabilities affect Oracle help, HTTP server, JRockit, outside In technology, security service, WebLogic server, portal and single sign on. Oracle has assigned highest severity score of 10 for vulnerabilities affecting fusion middleware. 4 vulnerabilities will be fixed in Oracle applications, 2 of which are exploitable without authentication. The vulnerabilities have been assigned a base score of 4.3 and affect application object library, applications install, and web ADI. The update will resolve a flaw in Supply chain products suite, which is exploitable without authentication. Highest base score for vulnerability in supply chain products suite is 4.3 and affects Agile technology program.

14 security flaws have related to PeopleSoft Suite will be fixed in the upcoming critical patch, 1 of which is exploitable without authentication. Highest base score for security flaws associated with PeopleSoft suite is 4.3 and affects PeopleSoft Enterprise, Enterprise CRM, ELS, HRMS and People tools. The critical patch update will resolve 8 issues associated with JD Edwards suite, 7 of which are exploitable without authentication. Highest base score for vulnerabilities in JD Edwards suite is 6.4 and affects EnterpriseOne tools.

The update will address a vulnerability associated with industry applications, which affects InForm. Highest base score for vulnerability in industry applications is 5.5. 8 security flaws will be mitigated in Sun products suite, seven of which are exploitable without authentication. Oracle has assigned highest severity score of 10 for security flaws affecting Sun products suite. The components affected include Java Dynamic Management Kit, Java system web server, Solaris, OpenSSO Enterprise, GlassFish Enterprise server, java system application server, java system access manager policy agent, and java system messaging server.

The upcoming critical patch update will fix 8 security issues related to Open Office suite, of which 7 are exploitable without authentication. Highest base score for security flaws in Open Office suite is 9.3. Open Office, StarOffice and StarSuite are affected by the vulnerabilities.

Vulnerabilities are identified by professionals qualified in IT degree programs and security certifications such as penetration testing. Developers encourage both in-house and independent security researchers to detect and report security flaws so that they can be mitigated before exploitation by attackers.

Online IT courses, e-tutorials, security blogs and alerts from computer emergency response teams could help users in gaining insights on security threats, their implications and importance of security updates. Users must keep track of the security releases and install necessary updates to safeguard their systems and data from unauthorized access.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, a top executive of FBI highlighted cybersecurity challenges faced by the country at a hearing by Subcommittee on Crime and Terrorism.

Albuquerque, NM -- (SBWIRE) -- 04/26/2011 -- Recently, one of the top executives of Federal Bureau of Investigation (FBI) appeared before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism at a hearing titled: Cybersecurity: Responding to Threats of Cyber Crime and Terrorism. Gordon M. Snow, the Assistant Director for Cyber Division of the premier investigative agency highlighted cybersecurity challenges faced by the country during the hearing.

According to Snow, FBI has identified capability to inflict damage or death, illicit acquisition of assets, and unauthorized access to privileged military, intelligence and economic information as most significant cyber threats for United States (U.S). Financial institutions have been one of the major target of cybercriminals, causing significant economic losses. Cybercriminals also pose threat to critical infrastructural facilities, intellectual property and supply chain.

Critical infrastructural facilities are now characterized of increased automation making them vulnerable to cyber threats. Attackers are increasingly making use of malicious software tools to breach security perimeters. Industrial control systems, which handle the physical processes related to pipelines, transport and other critical infrastructural facilities, are at higher risk of cyber-attacks. According to FBI, there is a risk of proliferation of malicious attack techniques capable of degrading, disrupting and destroying critical infrastructure. IT professionals must constantly upgrade their expertise through online IT degree and e-learning programs.

Protection of Intellectual property rights is crucial for business continuity and success. Cyberspace is now used for stealing trade secrets, piracy and trafficking counterfeit goods through sophisticated techniques. Cyberspace could also be used to manipulate supply chain. Computer chips could be embedded with malware to extract personally identifiable information from computers. The dissemination of salvaged and repackaged computer chips would make it increasingly difficult for customers to distinguish between original and fake products. Operation Cisco Raider, a joint initiative of United States (U.S) and Canada, targets illegal distribution of counterfeit hardware and has seized components worth $3.5 million during the last five years. Internet users could be guided on cyber threats and safe online computing practices through online IT courses, e-tutorials and e-learning programs.

The country faces threat from botnets, which could be used by cybercriminals and rival countries to steal sensitive information related to countries, raise funds and disrupt access to critical infrastructure facilities. There is an increasing threat from activists such as Anonymous groups and attackers loyal to rival countries. The financial implications of cybercrime are immense Snow referred to a study by Ponemon Institute, which revealed that median annual cost of cybercrime ranges from $1 million to $52 million for individuals.

Sophisticated threats emanating from the cyber space require proactive action. FBI is proactively working with several domestic and international counter crime agencies to control the menace of cybercrime.

United States has been at the forefront in dealing with threats in the cyberspace. Last year, the country established a cyber command to strengthen the defenses of the country against cyber threats. The country faces shortage of cybersecurity professionals qualified in IT degree programs, network administration, incident management, system administration, computer forensics and security audit. The country has started many initiatives such as competitions and cybersecurity challenges to identify future cyber warriors.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Security researcher Jeremiah Talamantes will release a new penetration testing tool called "PlugBot" at this year’s TakeDownCon Dallas, a new IT security conference designed by the EC-Council.

Albuquerque, NM -- (SBWIRE) -- 04/25/2011 -- Security researcher Jeremiah Talamantes will release a new penetration testing tool called "PlugBot" at this year's TakeDownCon Dallas, a new IT security conference designed by the EC-Council.

PlugBot is an ultra compact penetration testing hardware device, designed to evade anti-virus and firewall detection, significantly reduce face-to-face social engineering interaction, and provide an onboard set of tools to allow an ethical hacker (penetration tester) to covertly infiltrate and dynamically hack the target from the inside out.

"I am excited to unveil this new tool at TakeDownCon Dallas," said Talamantes. "As an ethical hacker for many years, I set out to create a tool that would enable us to widen our window of opportunity while reducing the chance of being discovered and still have the luxury of hacking the target dynamically. I honestly wanted to make it as easy as … walk in, plug in, and walk out."

"PlugBot will be an interesting new tool for the pen-test community and TakeDownCon Dallas attendees will be the first to see it, " said Leonard Chin, Conference Director for TakeDownCon, and EC-Council Director of Global Marketing. "Jeremiah is a respected researcher and security practitioner and we're pleased he chose TakeDownCon as the place to debut this new tool. "

PlugBot was designed to facilitate penetration testing in many ways, such as:

• Reducing the need face-to-face social engineering, which may lead to compromise

• Allowing the dynamic use of other popular tools, such as nmap and Metasploit

• Remotely installing custom Perl and Python scripts on the fly

• Traversing strict egress firewall rules and filters

• Incorporating remote kill switch and IDS evasion capabilities

• Providing the ability to hack over multiple interfaces, including Ethernet, Bluetooth, and Wi-Fi

• Saving of tool output locally or via a web interface

• Viewing of statistics and logs for bot health and diagnostic purposes

In addition, PlugBot challenges:

• Physical Security

o Personnel access to conference rooms

o Wi-Fi range

o Bluetooth usage

o Rogue device detection and sweeps

• Technical Security

o Port configuration in conference rooms

o Wi-Fi security settings

o Bluejacking and Bluesnarfing

o Rogue AP detection

By using this pluggable device, penetration testers can gain access to the target location (e.g., a conference room), plug the PlugBot into the nearest wall outlet, and walk out. The PlugBot is configured to make an external connection (e.g., Wi-Fi or Ethernet) to a specified IP address in order to receive instructions. The Central Command allows the penetration tester to invoke scripts and applications. Output, as a result of testing, is encrypted and securely transmitted to the Drop Zone where the penetration tester imports data into the Central Command for analysis.

PlugBot is driven by a 1.2GHz processor, with 512MB of RAM, drawing just under 5 watts of power. It offers a suite of hardware and software features, including Debian, Perl, PHP, Gigabit Ethernet, Bluetooth, and 802.11b Wi-Fi, as well as a MicroSD socket for expandability of disk space - all in a small form factor for increased stealth and portability.

TakeDownCon Dallas, held at the InterContinental Dallas from May 14 - 19, is sponsored by Application Security, Element K, SAINT Corporation, and Damballa Inc, among others. It is supported by InfraGard's North Texas Chapter and NAISG's Dallas Chapter. The conference also enjoys the support of (ISC)2 as lead global education partner. For more information, including a complete program, presentation synopses, and registration details, go to: http://www.takedowncon.com

Website: http://www.theplugbot.com

About JEREMIAH TALAMANTES
Jeremiah Talamantes, CISSP, CEH, is a 13-year veteran of the information security industry, currently serving as Managing Partner and Security Researcher for RedTeam Security Corporation, based in Minneapolis, MN, where he also leads RedTeam Labs. His research - most notably in advanced penetration testing and application security - has led to the discovery of numerous 0-day exploits. An ISSA chapter board member, he writes collegiate level curricula, as well as writes and presents regularly on topics ranging from war driving, to live hacking demonstrations, to network boot camps, to enterprise 802.1x deployments.

In addition to being the founder of the PlugBot project, Jeremiah is the technical editor for "When Botnets Attack," an upcoming security book from Syngress Publishing.

About TAKEDOWNCON
TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Developed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com.

About EC-COUNCIL
The International Council of E-Commerce Consultants (EC-Council) is a member–based organization that certified individual in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics (CHFI) program, License Penetration Tester (LPT) program and various other programs offered in over 60 countries around the glove.

EC-Council has trained over 80,000 individuals and certified more than 30,000 security professionals. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government, National Security Agency (NSA), Committee on National Security Systems (CNSS), Army, FBI, Microsoft, and CERTs (Computer Emergency Response Team) of various nations.

The U.S. Department of Defense (DoD) included the CEH program into its Directive 8570, making it one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP). Website: http://www.eccouncil.org

Contact Information
Leonard Chin
Director of Marketing, Conferences & Events
leonard@eccouncil.org

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, WordPress.com suffered security breach. Attackers were able to intrude into several of the company servers.

Albuquerque, NM -- (SBWIRE) -- 04/25/2011 -- Recently, WordPress.com suffered yet another security breach. The site had suffered a massive distributed denial-of-service attack earlier in the year. In the latest case, attackers were able to intrude into several of the company servers. The attack puts at risk all the information contained on those servers. Information security professionals of Automattic, the company, which owns the popular WordPress.com blogging platform, are currently investigating the security incident. In a blog post on the site, Matt Mullenweg, the company's founder said that attackers were successful in extracting the source code. Mullenweg said that while much of the source code is Open source, some portion of the code is sensitive. The company is investigating the extent of information leaked, and identifying and mitigating the threat vectors, which allowed attackers to gain unauthorized access.

According to security researches at Internet security firm Sophos, the attack is more likely to have affected blogs posted on WordPress.com rather than websites, which utilize software provided by WordPress.org to host their own WordPress blog. Internet users using the WordPress.com must change their passwords as a security measure.

IT dependent environment requires users to operate online banking, online shopping, social media, blog and other online accounts.

Attackers take advantage of the tendency of Internet users to use simple, predictable and common passwords on multiple sites. Use of common passwords allows attackers having access to passwords of a particular account to attempt and intrude into several different online accounts of users.

Use of strong and unique passwords is the most fundamental and often ignored principle of cyber security. A password must essentially be alphanumeric, comprised of both uppercase and lowercase letters. They must not contain dictionary words as well as personally identifiable information such as name and date of birth. While multiple passwords may be difficult to remember, they help users in securing online accounts. Users may gain insights on safe online practices through online IT courses, following security blogs, threat alerts from computer emergency readiness teams and security advisories by developers.

Attacks on a website, may allow intruders to gain access to associated databases containing privileged information. Online IT degree programs, webinars and participation in discussion forums may enable IT professionals to stay up-to-date on latest threats and security mechanisms.

Organizations must regularly assess the security of their website to weed out threat vectors. Hiring professionals qualified in IT degree programs and security certifications such as penetration testing could help organizations in timely identification and mitigation of security flaws. They must also work with Internet security firms to improve security mechanism of the sites.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, Malaysiakini.com, a popular and independent Malaysian online news portal suffered DDoS attacks.

Albuquerque, NM -- (SBWIRE) -- 04/22/2011 -- Recently, a popular and independent Malaysian online news portal suffered cyber-attacks. Attackers launched sustained attacks on Malaysiakini.com, virtually shutting down main servers hosted at two different data centers of the company in Kuala Lumpur. Information security professionals of the organization have identified the attacks as distributed denial-of-service (DDoS) attack and are trying to restore the website. The cyber-attack on the news portal follows a similar attack on another website sarawakreport.org. The attacks come just days before scheduled elections in the Malaysian state of Sarawak. Sarawakreport.org was openly critical of the Chief Minister of the state for allegedly amassing disproportionate wealth.

DDoS attacks on news portals and other websites have become common. Earlier, two popular Russian media and blog sites were targeted with DDoS attacks. Some months back, Anonymous group launched attack on many websites in retaliation to their hostile attitude towards WikiLeaks.

Attackers take remote control of thousands of vulnerable computers, without user's knowledge. The compromised computers are then commanded to attack the targeted resource. Simultaneous requests from thousands of computers exhaust the resources of the server and make it impossible for the targeted website to deliver intended services to legitimate users of the site. DDoS attacks essentially, overload the server with multiple and concurrent requests. Meanwhile, Malaysiakini is publishing the news on blogs, social media sites such as Facebook and Twitter.

Organizations should continuously monitor web traffic to identify any unusual activity. Professionals qualified in IT masters degree and secured programming may help organizations in mitigating threat vectors and implementing IT security policy.

Persistent Internet based threats have made it necessary for IT professionals to update themselves on latest monitoring mechanisms, data protection techniques and intrusion prevention systems by undertaking online technology degree programs.

Cyber security education is crucial to create safe IT environment. Security blogs, e-tutorials, online computer degree programs may help individuals in understanding and implementing safe online computing practices. Users can safeguard their computers from being compromised by installing and updating anti-virus programs. Installation of firewalls could help users in restricting malicious traffic. Users must be careful in disclosing their e-mail address. They must avoid arbitrary disclosure of e-mail addresses to avoid receiving spam and unsolicited e-mails. Users may use filters provided by e-mail service providers to reduce spam e-mails. They must resist from following links in e-mails from unknown sources. They must adhere to the security updates from vendors to safeguard their computers from malicious attacks.

About EC-Council
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

French intelligence agencies are investigating a possible case of cyber espionage, which lead to leakage of confidential business information related to an aerospace and defense firm.

Albuquerque, NM -- (SBWIRE) -- 04/21/2011 -- Recently, French counter crime agencies identified a possible case of industrial espionage case at Turbomeca, a subsidiary of aerospace and defense firm Safran. Turbomeca manufactures gas turbine turboshaft engines for helicopters. According to Reuters, attackers allegedly intruded the computer networks of Turbomeca and gained unauthorized access to confidential information related to propeller systems. The attackers were also successful in extracting data on billing and project costs related to Safran. The Central Directorate of Internal Intelligence (DCRI) is conducting the investigation to the alleged industrial espionage case. Around 12 persons have been arrested in the case and are being tried in a court at Nanterre, one of the arrondissements in administrative division of Hauts-de-Seine. Attackers are alleged to have attacked the networks during the first eight months of last year. Law enforcement authorities are also investigating the possibility of insider involvement in the security breach. The attack assumes significance as French Government holds 30% stake in Safran.

Growing number of attacks on government and business organizations has led to increased demand for professionals qualified in computer science degree, IT masters degree, computer forensics, security audit, system administration, network administration, penetration testing and incident management.

Loss of privileged technical information may have severe strategic and financial repercussions for a business. Cyber espionage also encourages unfair practices among business organizations. Organizations must conduct in-depth security evaluation of IT infrastructure through penetration testing to identify and mitigate threat vectors. Software products must be regularly updated and appropriate patches must be applied to safeguard computer systems and networks. Disgruntled employees may also leak sensitive information related to business. Insider theft is more difficult to detect. As such, access to databases containing privileged information must be restricted to few authorized employees. Organizations must have proper monitoring mechanisms in place to identify any unauthorized activity.

Attackers may also use social engineering techniques to extract privileged information from employees. Employees must be trained on the security precautions to be taken while working on the Internet. They must be educated on the different types of online threats and methods used by fraudsters to extract confidential information. E-learning and online computer degree programs could help employees to acquaint themselves with safe online computing practices.

Organizations must also place on training of IT professionals to update their technical know-how and ability to combat sophisticated cyber threats. Undertaking online technology degree programs and regular participation in webinars, discussion forms and information security conferences may equip IT professionals with necessary skills to deal with vibrant cyber threats.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

About
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

TakeDownCon, the technical IT security conference series designed by the EC-Council, is making its debut in the information security conference arena next month.

Albuquerque, NM-- (SBWIRE) -- 04/19/2011 -- TakeDownCon, the technical IT security conference series designed by the EC-Council, is making its debut in the information security conference arena next month.

Taking place from May 14-19, in Dallas, Texas, TakeDownCon will feature advanced and highly technical presentations and demonstrations on new vulnerabilities and exploits from leading figures in the information security industry. It will also provide real-world infosec training through the EC-Council, including its flagship course, Certified Ethical Hacker (CEH) – an accepted certification by the U.S. Department of Defense (DoD) Directive 8570.

Key highlights at TakeDownCon Dallas 2011 include:

• Keynote speaker Barnaby Jack, who most recently gained widespread media attention for demonstrating, at
BlackHat 2010, the exploitation of vulnerabilities within Automated Teller Machines (ATMs)

• Advanced technical presentations from industry experts, including Josh Shaul, Joe McCray, Alex Rothacker,
and Jeremiah Talamantes, on topics including database attacks, automated malware analysis, smart phone
security models, and taking down government security systems, among others

• Pre-event training for the world-renowned, DoD Directive 8570-accepted Certification Ethical Hacker (CEH)
version 7, the Certified Security Analyst (ECSA), as well as the Computer Hacking Forensic Investigator
(CHFI) program

• Highly advanced and technically intensive courses provided by EC-Council's new Center of Advanced Security
Training (CAST), in areas ranging from advanced penetration testing, application security, and digital mobile
forensics

• Launching of "Nite Locks et al," an event that gives attendees a hands-on opportunity to test their lock-picking
skills under the tutelage of experts

TakeDownCon Dallas, May 14-19 at the InterContinental Dallas, is sponsored by Application Security, Element K, SAINT Corporation and Damballa Inc, among others. Some of the Supporting Organizations of the event includes the FBI InfraGard's North Texas Chapter and NAISG's Dallas Chapter. The conference also has the support of (ISC)2 as its Lead Global Education partner. For more information, including a complete program, presentation synopses, and registration details, please visit http://www.takedowncon.com

About TakeDownCon
TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Designed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com.

Contact
Leonard Chin
leonard@eccouncil.org
Director of Marketing, Conferences & Events
EC-Council

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, Hyundai Capital reported a data breach incident, which resulted in disclosure of sensitive customer information.

Albuquerque, NM -- (SBWIRE) -- 04/19/2011 -- In yet another data breach incident, Hyundai Capital reported unauthorized access to one of the databases. The breach has resulted in the disclosure of information associated with around 420,000 customers. Information security professionals of the organization are investigating the security breach incident. The consumer finance company is jointly owned by Hyundai Motor Group and GE Capital.

The data breach at Hyundai Capital follows a much publicized data breach at Epsilon, which resulted in leakage of e-mail addresses of customers related to several prominent companies. The data breach was discovered after Hyundai received an e-mail from a hacker last week, who threatened to make the data public, if undisclosed amount of money was not paid to him within a day. Preliminary investigations indicate leakage of names, addresses, mobile number and e-mail addresses of customers. Around 13,000 passwords of customer loan accounts were also accessed by the attackers. The company expects further attempts to intrude into company's servers. The company has apologized to the customers and has assured initiation of remedial measures to safeguard against further security breach incidents.

Financial Supervisory Service (FSS), the authority responsible for supervision of financial institutions in South Korea has also started investigations into the alleged data breach incident.

Hyundai Capital has advised the affected individuals to change their customer loan account passwords. Several users have the practice of using common passwords for multiple accounts for easy remembrance. As such, attackers having access to one user account may also try to access other user accounts of customers. They may also try to extract more information through social engineering techniques.

Advertisements, cyber security tips, online computer degree and video tutorials may help Internet users to adopt safe online computing practices. Hyundai Capital has also alerted the customers against providing any information on phone calls, wherein the callers identify themselves as staff of the company. The company has also reportedly elevated the site security level to maximum. The public announcement of the data breach incident came after counter crime agencies failed to trace the culprits before the stipulated deadline mentioned in the e-mail received by the company.

Information availability, integrity and security are crucial for continued trust of different stakeholders in an organization. Security breach incidents have adverse implications on the reputation and profitability of business. The information extracted could be used by fraudsters to impersonate the legitimate customers and conduct fraudulent transactions. Customers would be skeptical of availing services from companies which suffer regular security breaches. Security breach incidents also have legal repercussions for businesses. Lapses in information security practices may attract penalties from regulatory authorities and also lead to negative publicity of the organization. Professionals qualified in IT masters degree and penetration testing may help organizations in regular assessment of the information infrastructure and mitigation of security flaws.

IT professionals must be encouraged to update their technical skills and know-how through online technology degree and e-learning programs. Proactive action is crucial to deal with the sophisticated threats from cybercriminals and ensure protection of an organization's information infrastructure.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Microsoft will release 17 security bulletins in the upcoming Patch Tuesday. Out of the security 17 bulletins, nine are rated critical by the company, while the rest are rated as important.

Albuquerque, NM -- (SBWIRE) -- 04/18/2011 -- Microsoft is all set to mitigate 64 security vulnerabilities in the upcoming Patch Tuesday. The advance notification of the company states that 17 security bulletins will be released. The vulnerabilities are associated with Windows operating system, Office Suite, PowerPoint Web Application and Visual Studio. The developer will also release an updated version of the Microsoft Windows Malicious Software removal tool.

Out of the security 17 bulletins, nine are rated critical by the company, while the rest are rated as important. As per the company's severity rating system, those vulnerabilities are considered critical, which allow proliferation of an Internet worm, without any user intervention. Vulnerabilities, which could be exploited to compromise integrity, confidentiality and availability of data and processing resources, are considered important. In this case, exploitation of vulnerabilities associated with 15 bulletins may cause remote code execution. Out of the remaining two security bulletins, exploitation of vulnerabilities associated with one bulletin may lead to information disclosure, while that of other may cause elevation of privilege.

Vulnerabilities are identified by in-house security professionals, independent security researchers and experts associated with Internet security firms. Vulnerabilities and their exploits are also placed in the wild by cybercriminals. Professionals qualified in secured programming and IT masters degree could help in timely detection and mitigation of vulnerabilities in software products.

Microsoft releases patch on every second Tuesday of a month. Individual users and security administrators may keep track of the security bulletins issued by the company, update the relevant software and adhere to the guidelines issued. Ironically, cybercriminals take advantage of the lack of cyber security awareness and negligence of Internet users to exploit vulnerable systems. Developers must create awareness among people on vulnerabilities, patch management and cyber security guidelines through blogs, online tutorials and advertisements. They may also collaborate with universities to devise cyber security and online computer degree programs. Internet users must adhere to the security advisories and adhere to the guidelines.

Hiring professionals qualified in online technology degree programs may help organizations in timely identification and application of appropriate patches, and security updates. Proactive action by IT professionals is crucial to eliminate weaknesses in the IT infrastructure, before their exploitation by cybercriminals.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Albuquerque, NM -- (SBWIRE) -- 04/14/2011 -- Recently, Symantec released findings of the company's latest Internet Security Threat Report. The release discloses that over 286 million new threats were identified during 2010. The year witnessed more frequent and sophisticated targeted attacks. Cybercriminals were also successful in leveraging the growth and popularity of social networking sites to initiate more attacks. The year witnessed increased exploitation of java vulnerabilities to intrude into computer systems. The Internet security firm has also identified that cybercriminals are increasingly focusing on weaknesses in mobile applications and devices.

Stuxnet worm made headlines for targeting industrial installations, Iranian nuclear facilities in particular, during the previous year. The sophisticated attacks were aimed at disrupting the functioning of crucial installations. Google was in the news for facing sophisticated Hydraq attacks. The Trojan allows the attacker to open a back door on the targeted computer. Most of the targeted attacks exploited zero-day vulnerabilities to intrude into the computer systems. According to the security firm, the Stuxnet targeted four different zero-day vulnerabilities to attack the targeted systems.

Government agencies, corporates, small enterprises and public companies, all were targeted by cybercriminals over the last year.

Attackers first identified potential victims in these organizations and then intruded into the networks through customized social engineering attacks. The major purpose of attacks was to steal intellectual property, cause damage and extract personal information.

According to Symantec, over 260,000 identities were revealed per breach in case of incidents caused by intrusion. However, such incidents could be reduced by creating cyber security awareness among employees through training sessions, online degree and e-learning programs.

Social networking sites have become immensely popular. Organizations are also making use of the emerging medium to promote their business. Cybercriminals placed shortened Unique Resource Locators (URLs) on social networking sites to deceive unwary users through phishing and malware scams. In case of shortened URLs, users are not able to view the complete URL of the sites to which they are directed to. Cybercriminals also exploited the news feed option of the social networking sites. Attackers place shortened URLs directing to a malicious website in the status section of compromised user accounts. As networking sites distribute the links to news feeds of the compromised user's friends, more number of computers are infected. According to the Internet security firm, shortened URLs were used in around 65% of the malicious links in news feeds. Around 73% of these links were clicked 11 times or more and 33% of these links were clicked between 11 and 50 times. Regular security evaluation through professionals qualified in penetration testing, computer science degree and IT security certifications would enable service providers to mitigate weaknesses and provide secured services to the end-user.

The release identifies that attackers increasingly targeted Java vulnerabilities during the previous year. Attack toolkits such as Phoenix toolkit were used for web-based attacks. The popularity of mobile applications and devices has attracted the attention of cybercriminals. Symantec reports that attackers targeted mobile users by inserting malicious code in legitimate applications. Some attackers such as the creators of Pjapps Trojan even distributed compromised applications through public application stores. The Internet security firm identified around 163 security flaws, which could be exploited by attackers to acquire partial or complete control over devices running mobile platforms. IT professionals must constantly update their technical skills and know-how through webinars, online university degree programs and seminars to deal with the sophisticated threats in the IT environment.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Albuquerque, NM -- (SBWIRE) -- 04/14/2011 -- Recently, Epsilon, a leading marketing services firm notified clients of a possible data breach incident. The alert was issued after information security professionals identified unauthorized entry into Epsilon's e-mail system. Security professionals are investigating the incident. According to preliminary investigations, the unauthorized entry resulted in the disclosure of customer names and e-mail addresses. The firm has not divulged the number of customers affected, but has stated that the breach has affected around 2% of the company's clients. The company has over 2,500 clients and sends around forty billion e-mails to end-customers annually on behalf of the clients. Subsequent to the notification, several clients of Epsilon including McKinsey Quarterly, Kroger, JP Morgan Chase, Barclaycard U.S, Citigroup, Capital One, New York & Company, Walgreen and TiVo Inc. among several others alerted customers on disclosure of names and e-mail addresses. The companies have stated that no other personally identifiable and financial information has been disclosed. However, the clients are also conducting their own enquiries to confirm that no other personal and financial information was compromised.

Data infringement incidents may have adverse implications for the affected customers. The extracted information could be used to send spam e-mails. The gathered information could also be used to send phishing and spear phishing e-mails to entice customers to divulge more important information such as credit card details, social security numbers and mailing addresses. The e-mails are cleverly crafted and appear to come from a legitimate source. Last month, customers of Play.com complained of spam and phishing e-mails. The e-mails of the targeted customers were allegedly extracted from SilverPop, another third-party e-mail marketing service provider during a cyber-attack at the end of last year. Marketing companies are vulnerable to cyber-threats as they have databases containing names and e-mail addresses of large number of customers. Information security, integrity and confidentiality are crucial for continued and unhindered growth of business operations. Employees must be updated on the latest Internet threats and preventive mechanisms through refresher and online university degree courses, training sessions and e-learning programs.

Regular security assessment of computer systems and networks is crucial to detect and patch security flaws. Professionals qualified in computer science degree, penetration testing and security certifications may help in timely identification and mitigation of weaknesses in the information security infrastructure. Organizations suffering data breach incidents may have adverse business and legal implications. Clients utilizing the services of the targeted company may not extend, shorten or terminate their contracts, as they may lose customer trust and confidence.

Blogs, e-tutorials and online degree programs may be used to keep Internet users updated on latest security threats and implement safe computing measures. Affected individuals and Internet users must resist from replying to unsolicited e-mails, avoid clicking on links provided in e-mails from unknown sources and ignore e-mail attachments from unknown third parties.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Albuquerque, NM -- (SBWIRE) -- 04/13/2011 -- Recently, millions of web pages across the world suffered a massive SQL injection attack. The attack was first identified by Internet security firm Websense. Attackers injected SQL commands into the associated databases of websites by exploiting weaknesses in web applications. The code was designed to redirect users to different fake websites. Security researchers at Websense have termed the attack as 'LizaMoon' attack as that was one of the first websites to which victims were redirected. The redirected website warns the victims that their computer systems have been infected with malware and viruses. The site provides a link to download a fake anti-virus program called 'Windows Stability Center' and identifies itself as a Microsoft product to appear genuine to the users.

Once unwary users click on the link, they may inadvertently download malware in their computers instead of anti-malware software. Users are enticed to subscribe to a six month, 1 year or lifetime subscription of the fake software by displaying special discount offers. Unwary users, who choose to subscribe to the full version, may also compromise sensitive information such as names, addresses, contact numbers, e-mail addresses, credit card numbers, credit card expiry dates, card verification number and card verification code. According to a preliminary research by Websense, while majority of the visitors to the malicious website lizamoon.com hailed from United States (U.S), the site registered visits from all regions of the world. Security researchers are still investigating the attack and some of the domains used by the attackers to sell the fake software have been shut down.

Attackers are always on the lookout to exploit vulnerabilities in websites and web applications to dupe unwary Internet users. Lack of proper input validation is one of the major causes for the current spate of SQL injection attacks. Web applications that do not have filters to sanitize input for eliminating malicious commands are more vulnerable to such attacks. Organizations must scrutinize websites and applications for weaknesses and threat vectors at regular intervals. Developers must evaluate the security flaws in web applications and mitigate them to avoid exploitation by attackers. Professionals qualified in computer science degree and secured programming may help in identifying and mitigating programming errors. All inputs must be validated. Limits must be enforced on type and size of data entered. Inputs containing comment characters, escape sequences and binary data must be rejected or restricted. Use of parameterized queries and multiple layers of validation may help in prevention of SQL injection attacks.

Web application firewalls and web application scanners could help web administrators in understanding the vulnerability of websites to SQL injection attacks. E-learning and online university degree courses could help IT employees to update themselves on latest threats and preventive measures.

Video tutorials, online degree programs, security blogs and advisories may create cyber security awareness among Internet users. Users must download genuine security software by directly visiting legitimate websites. They must be vary of pop-ups warning of malware threat and desist from clicking on any links provided on them. Adherence to security guidelines, advisories and updates may help users to safeguard their systems.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

About
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Albuquerque, NM -- (SBWIRE) -- 04/11/2011 -- Recently, the Institute of Electrical and Electronics Engineers (IEEE), the world's largest and renowned technical professional association notified members of possible data breach. The association identified the unauthorized access to customer database in December. Computer forensics professionals were engaged to investigate the security breach incident. In February, the forensics investigators identified that a file containing customer data was deleted from the computers of IEEE in November last year.

The investigation led to the disclosure of several system vulnerabilities. Information security professionals of the association have mitigated the vulnerabilities. The compromised information was provided by the members, while registering for an IEEE conference. The file contained names, credit card numbers, credit card expiry dates and card identification numbers of around 828 members. The association reported that they are not aware, whether the attackers extracted customer data from the deleted file. The incident is alleged to be a sophisticated network intrusion attack. The association has notified the Federal Bureau of Investigation (FBI) on the incident and the concerned regulatory authorities.

Attackers scan the networks to identify and exploit security flaws in networks, computer systems and websites. Once they identify a vulnerable network and computer systems, they use sophisticated techniques to bypass security mechanisms and gain access to privileged databases. A successful intrusion attempt may provide access to sensitive customer information. The collected information could be misused for fraudulent activities such as identity theft, misrepresentation and conducting unauthorized transactions. The offenders may also sell the extracted information to their peers in the crime world and corporate rivals of the targeted organization. Organizations must conduct regular security evaluation of the websites. Hiring professionals qualified in computer science degree may help them in streamlining the security of the IT infrastructure.

IEEE has offered to provide one-year free subscription for Identity theft protection policy. Members must notify the credit reporting agencies and request for fraud alert on their accounts. The affected individuals must monitor their credit card statements and report any unauthorized activity to their respective banks and credit institutions.

Organizations must adhere to the regulatory provisions for collection and storage of data. Payment Card Industry Data Security Standard (PCI DSS) establishes security standards to be implemented by merchants, hardware and software developers, financial institutions and professionals. Training sessions, online degree and e-learning programs may help employees in understanding and implementing security standards and practices.

Employees must be aware of the various IT security threats, measures to be initiated in case of a security breach incident, protection of evidence, procedures for reporting security incident procedures and data recovery procedures. IT employees must be encouraged to undertake online university degree courses in computer forensics and incident management. Access to computers containing privileged information must be restricted to few authorized employees.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

About Company
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, Spotify users suffered malvertizing attacks. Malvertizing attacks involve injection of malicious code in advertisements to insert malware in vulnerable computers.

Albuquerque, NM -- (SBWIRE) -- 04/07/2011 -- Websites rely on third party advertisements to offer free services to the customers. Advertisements may come in the form of pop-up ads, banner ads, floating ads and video ads among several others. However, these advertisements could be misused by cybercriminals to install malware in user's computers. Recently, cybercriminals targeted Spotify user's with malvertizing attacks. In case of malvertizing, attackers insert or modify a code in the advertisement to exploit flaws in web browser code. They avail the services of popular online advertising networks for propagating the malware. Spotify is a popular online music service in European countries. Users of the free ad-supported version have the facility to listen to their favorite songs online. When unwary users clicked on some of the third party advertisements placed on the site, they also inadvertently downloaded malware on their computer systems. Attackers reportedly exploited a Java vulnerability to insert malicious code into vulnerable systems. The advertisements with malicious code may entice users with attractive offers, interesting news article, free downloads and fake anti-virus software.

When users click on the links placed in the advertisements, they may also be redirected to fake website or require users to download software to view the advertisement. Internet security firm Sophos has also reported the existence of a malware spreading advertisement on Facebook, which was quickly rectified by the social networking site.

Attackers may exploit vulnerabilities in website through malvertizing, drive-by malware, SQL injection and iframe injection attacks.

Website owners must review the security of the website regularly to identify vulnerabilities and threat vectors. They must also verify the procedures followed by third party advertising networks to evade malicious links and misuse of advertisements. Employees could be educated on various online threats, preventive and remedial measures through training sessions, refresher courses, online university degree and e-learning programs.

Online service providers may avail the services of IT professionals qualified in secured programming, masters of security science and security certifications to strengthen the defenses against online threats. Organizations may install web filtering technologies to prevent unintentional download and propagation of malware in computer systems and networks.

They must install and regularly update anti-virus and anti-malware solutions. Security software must be downloaded directly from the website of a legitimate developer rather than by clicking on links in pop-ups. They must be wary of visiting unknown third party sites to download software. Users must constantly update software products to avoid exploitation of vulnerabilities. They must be wary of clicking on third-party advertising links on websites. E-brochures, videos and online degree programs could be used to enlighten Internet users on different security threats and Internet safety tips.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, the Australian National Audit Office (ANAO) identified lapses in information security practices of government departments.

Albuquerque, NM -- (SBWIRE) -- 04/06/2011 -- The ongoing WikiLeaks exposure, frequent cyber-attacks and data breach incidents have forced governments worldwide to initiate measures to improve cyber security. WikiLeaks continues to leak sensitive diplomatic cables and classified information causing embarrassment for several governments worldwide. Recently, the Australian National Audit Office (ANAO) identified lapses in information security practices of government departments. The audit identified that the Department of the Prime Minister and the Cabinet allowed the staff to access free e-mail services such as those of Gmail and Hotmail. The audit recommended ban on use of free e-mail services in government departments and agencies as they may serve as threat vectors for attacks on computer systems and networks.

Attackers may use social engineering and other sophisticated techniques to extract privileged information from employees. They may install malware designed to gather confidential data on computer systems by luring employees to download malicious attachments. They may send cleverly crafted e-mails, which could lead to inadvertent disclosure of financial and non-financial data pertaining to the government departments and human resources. Leakage of such information may have adverse financial and strategic implications for the government.

Cyber-attacks on government departments may be caused by rival intelligence agencies, anti-national forces and cybercriminals. The motive behind such attacks may be to upstage targeted country through information warfare or extract sensitive information for cyber espionage. Online university degree programs on cyber security and other security certifications may help working IT professionals to keep them abreast of evolving threats and best IT security practices.

Usually, IT professionals qualified in masters of security science and penetration testing evaluate the security of the IT infrastructure. In this case, security professionals of the audit office evaluated the security practices. The audit also revealed use of weak passwords in government departments and agencies. Brute force techniques were applied to test the password practices. Twenty percent of the passwords at three separate departments were compromised in the tests including those with administrative accounts.

The auditors recommended review of password practices in all departments and agencies. Security briefs, training sessions, online degree programs on cyber security and e-learning may enable employees to understand and adhere to cyber security tips and improve the IT security scenario of the departments. Passwords must be strong, unpredictable and must have combination of upper and lower case characters. Employees must use different passwords for different user accounts.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

About
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, Telus Corporation, a major Canadian national telecommunications company warned customers of e-mail phishing scam.

Albuquerque, NM -- (SBWIRE) -- 04/05/2011 -- Phishing has been one of the common forms of attacks used by cybercriminals for over a decade. However, in the recent years, phishing e-mails have become more sophisticated and targeted. Recently, Telus Corporation, a major Canadian national telecommunications company warned customers of e-mail phishing scam. The phishing e-mails appear to come from Telus Corporation. The company has witnessed alarming increase in the volume of the phishing e-mail. Telus has identified two forms of phishing e-mails. One of the scam e-mails asks customers to upgrade to a new security system, while the other asks customers to verify their accounts.

The e-mails are cleverly crafted and designed to extract confidential information from Internet users. Users are tempted to follow the instructions provided in the e-mail as they appear to come from a legitimate organization. The phishing e-mails may also contain links directing customers to a fake site. The confidential information sought through phishing may include credit card details, user name and password, name, age, mailing address and contact numbers. Unwary users may reply to the e-mail and compromise their personal and financial information. The extracted information could be used for gaining unauthorized access to user accounts, stealing funds, conducting unauthorized transactions and creating fake credit cards. The compromised information could also be used to impersonate an individual to open fraudulent credit card and loan accounts. They may also create fake online shopping and other Internet accounts to conduct fraudulent transactions.

Telus has alerted customers to be vigilant of e-mails and phone calls purportedly coming from a legitimate company and seeking personal information. Cyber security awareness among users is crucial to deal with such threats. E-brochures, advertisements, online degree and video tutorials may be used to educate users on cyber security tips. Users must avoid e-mails requesting personal and financial information. They must be wary of words like account update and verify in the Unique Resource Locator (URL). When users click on a padlock, a legitimate site will display security certificate. Fake sites only have simulated padlocks and will not display any information.

Phishers collect information from various sources, register counterfeit domain names, and build fake websites or web pages that are identical to a legitimate site. The e-mails urge the targeted customers to initiate prompt action. Customers of banking and online shopping sites are frequently targeted by phishers. Attackers target users by spoofing legitimate e-mail addresses and domain names, insert malicious scripts on legitimate websites. They also make use of bots to send malicious links by exploiting the growing use of Instant Relay Chat (IRC). Phishing attacks may come in various forms such as man-in-the middle attacks, URL obfuscation attack, key logger attack and session hijacking. Phishers may also use hidden frames and graphical substitution to create fake content and deceive users.

E-learning programs and training sessions could be used to create awareness on security threats among employees. They could also be encouraged to undertake online university degree and refresher courses on cyber security.

Organizations must have proper monitoring mechanisms in place to monitor employee activity. Hiring IT professionals qualified in masters of security science could help organizations in framing appropriate IT security policies and guide employees on information storage, password construction, evading social engineering threats and handling suspicious e-mails.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, Google updated Chrome Stable and Beta channels to 10.0.648.204. The update mitigates six high-risk vulnerabilities.

Albuquerque, NM -- (SBWIRE) -- 04/05/2011 -- In yet another update, Chrome stable and beta channels have been updated to 10.0.648.204. The latest update mitigates six vulnerabilities identified by various security researchers, and resolves performance and stability issues. The update also includes support for password manager on Linux.

The release patches a buffer error in base string handling first identified by Alex Turpin. Security professionals at Google have resolved stale pointer in handling of Cascading Style Sheets (CSS) and SVG text handling, both identified by Sergey Glazunov. The update fixes a DOM tree corruption issue with broken node parentage. Use-after-free issues in the frame loader and HTML collection have been mitigated in the new Chrome channel. While the issue with frame loader was detected by S?awomir B?a?ek, Sergey Glazunov identified the issue with HTML collection. Use-after-free issue takes place, when memory is deallocated, but regained later. All the six vulnerabilities have been rated as high-risk. Google rates bugs as critical, high, medium and low. According to the company's severity policy, those vulnerabilities are rated as high, which enable an attacker to gain access or modify confidential information on a website, allow execution of arbitrary code in sandbox, interference with browser security features and issues in sandbox implementation.

Vulnerabilities in software products are exploited by attackers to breach the security of computers and websites. Coding errors, compatibility issues and other human errors may result in vulnerabilities in software products. IT professionals could be encouraged to undertake refresher courses, secured programmer certification and other online university degree programs to improve their technical skills.

Usually, developers evaluate the strength of products through penetration testing. Google encourages security researchers to identify and report vulnerabilities, before their exploitation by the attackers. The researchers are awarded a cash prize under the company's vulnerability rewards program. Sergey Glazunov received a total bounty of $7,000 for reporting four vulnerabilities.

The new version of chrome would be automatically updated. However, those users, who have not enabled automatic updates for the browser, must update the browser to avoid exploitation of vulnerabilities. Video tutorials, online degree and e-learning programs could help in creating cyber security awareness among individuals.

Hiring security professionals qualified in masters of security science and computer degree programs may enable organizations to keep track of the security updates and timely application of appropriate patches.

About EC-Council
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Albuquerque, NM-- (SBWIRE) -- 04/01/2011 -- Recently, New Jersey state legislature passed a bill, which sought to amend an earlier law to impose criminal penalties for criminal impersonation through any means including electronic communications or Internet website. The bill was not opposed by any member of the legislature. The new bill has been now referred to the Senate Judiciary Committee. The bill was sponsored by legislators Craig J. Coughlin, Annette Quijano and Jon M. Bramnick and co-sponsored by legislators John S. Wisniewski and Pamela R. Lampitt.

If the offence results in benefit to the perpetrator or loss to a legitimate party of an amount less than $500 and affects one victim, than the offence would be treated as a fourth degree crime. However, further convictions would constitute a third degree crime. An offense, which involves at least $500, but less than $75,000 or involves identity theft of at least two, but less than five people, would constitute a third degree crime. If the amount involved is $75,000 or more or affects the identity of five or more people, than the offense would be treated as second degree crime. If the identity theft does not involve any monetary value and affects one individual, than the offender would be considered guilty of disorderly persons offense.

While Internet has provided a convenient medium for people to conduct banking transactions, shopping and social networking, the technology has also provided a breeding ground for crime. Criminals constantly find ways to extract easily available personal and financial information from electronic channels. University websites, online shopping sites, banking sites and social media sites, all are targeted to gain access to databases containing sensitive information such as names, addresses, e-mail ids, usernames, passwords, credit card and debit card information, social security numbers, student enrolment numbers and contact numbers.

The collected information is used for impersonation, identity theft and fraud. Cybercriminals may file fake tax returns on behalf of legitimate tax payers, apply for student loans and new credit accounts in banks. The gathered information is also for stealing funds, conducting unauthorized transactions and money transfers. The extracted information could also be sold by offenders to their peers, who may create fake credit and debit cards. As such, laws providing for criminal penalties for misrepresentation and identity theft including those through electronic channels would help in reducing the instances of cybercrime.

Government authorities must also focus on employee training by encouraging them to undertake e-learning and online university degree programs, attend training sessions and seminars to understand and implement safe online computing practices.

Hiring security professionals qualified in masters of security science, computer forensics, secured programming, incident management, security analysis, computer forensics and security audit would help government and business organizations to strengthen the IT infrastructure.

Government must also emphasize on improving cyber education among Internet users through awareness programs, advertisements, documentaries, e-brochures and introducing online degree and diploma programs. As Internet crime could be committed by offenders located beyond a state jurisdiction, collaboration with other state governments and countries is crucial to minimize instances of cybercrime.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

About EC-Council University
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, security researchers at Kaspersky lab identified a new scam targeted at Facebook users.

Albuquerque, NM -- (SBWIRE) -- 03/29/2011 -- While the emergence of social networking sites has revolutionized the way people communicate with their friends, relatives and peers, they have also aided perpetrators of crime to peep into personal data of users. Facebook users in particular have been repeatedly targeted by cybercriminals to extract personal information.

Recently, security researchers at Kaspersky lab identified a new scam targeted at Facebook users. Many Facebook users received chat messages from their friends. The message read "Father crashes and dies because of THIS message posted on his daughters profile wall!" The message was followed by a shortened Unique Resource Locator (URL). Unwary users, who click on the link, are taken through a chain of redirections, which ultimately displays a fake and malicious Facebook application. The fake application seeks access to profile information including 'list of friends'. Once unwary users allow the malicious application to access the profile, the malicious chat messages are circulated among all online friends of the targeted user.

The user is also tricked to undertake an identity verification test on a separate page, wherein they are asked to choose between some of the quizzes. Social engineering techniques are used to create an impression among the users that the application is legitimate. The attack also uses Internet Protocol (IP) address geolocation and translation services to use the same language as that of the targeted user in messages. On completion of the identity verification test, the targeted users are asked to send a Short Message Service (SMS) message to an SMS number. The average cost of the SMS is around $3, which acts as income for the offenders.

Social networking sites have become a breeding ground for cybercrime as they contain loads of sensitive information. The information could be misused for creating fake accounts and impersonating legitimate users to extract confidential information from other users.

As organizations are also making use of the social networking sites for promotional activities, they must educate employees on the possible security threats and safe online practices through training programs, online degree and e-learning programs.

Analysis by security researchers indicate that Facebook users in Ukraine were most affected by the latest scam, followed by India, United States (U.S), Russian Federation and Belarus.

Social networking sites must conduct regular security evaluation of their sites through professionals qualified in security audit, masters of security science and penetration testing, to identify security flaws and lapses, which could be exploited by attackers.

Online university degree programs on cyber security and information assurance may help IT professionals in updating their technical know-how and skill sets.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Recently, a bill was introduced in the U.S Senate seeking creation of a National office for Cyberspace.

Albuquerque, NM -- (SBWIRE) -- 03/25/2011 -- Over the recent years, Internet threats have increased in frequency, scope and sophistication. The threats pose risk to information security and may compromise national security. The threats have forced governments worldwide to review their information infrastructure. Effective coordination and proactive action is required to combat the threats emanating from the Internet. Recently, a bill was introduced in the U.S Senate seeking creation of a National office for Cyberspace. The bill titled "Executive Cyberspace Coordination Act of 2011" is sponsored by Republican James Langevin and co-sponsored by Republicans Robert Andrews, Roscoe Bartlett, Norman Dicks, Ruppersberger and Loretta Sanchez. The bill emphasizes on information security controls and the establishment of a National Office for Cyberspace in the executive office of the President. The major aims of the Office would be to coordinate issues related with cyberspace and to achieve robust information infrastructure for the federal government. The Office would be headed by a Director and may include cyber security experts and consultants.

James Langevin was also one of the co-chairs of a CSIS Commission report titled "A Human Capital Crisis in Cybersecurity-Technical Proficiency" which referred to the shortage of cyber security experts with adequate skill sets. U.S requires more number of professionals qualified in computer science degree, masters of security science, penetration testing, system administration, computer forensics, incident management, network administration and other security certifications.

The bill provides for the formation of a Federal Cybersecurity Practice Board (FCPB) in the Office for Cyberspace, which would include representatives from civilian agencies, the defense department, the management and budget office, law enforcement agencies, the Chief technology office and other departments as deemed appropriate by the director. The board will be assigned the task of developing and regular updating of information security policies and procedures. The FCPB has to establish minimum security controls to safeguard government networked computers from known attacks, and safeguard individual agencies from information security risks.

The board would establish 'measures of effectiveness' to evaluate the effectiveness of the minimum security controls. The FCPB would be responsible for developing policies and procedures for use of products and services in information infrastructure. The board would be assigned the task of developing remedies to mitigate deficiencies in the information infrastructure. The board may also coordinate with industry and international community to improve information security. The FCPB would also encourage individual agencies to accept accountability for securing information infrastructure. Cyber security awareness is crucial to reduce security breaches. E-learning and online degree programs may be used to create cyber security awareness among employees.

The National Office for Cyberspace may also recommend to the President to provide monetary incentives and impose penalties on agencies for ensuring security of the information infrastructure. The agencies would have to assign responsibilities, ensure implementation of security policies, test information security controls, report incidents and coordinate with other government agencies.

Vibrant threats in the IT environment makes it crucial for IT professionals to update their technical skills and know-how by attending seminars, webinars and undertaking online university degree courses. Agencies may also organize regular training programs for IT professionals to improve their skills and secure information systems.

Contact Press

EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm