No contest: Mac vs. Windows security | Security – InfoWorld

Still, the question of whether Mac or Windows is more secure is no longer relevant. The computer security paradigm is shifting at this very moment. Cloud computing, Web 2.0, and mobile technologies are exploding, and with those changes, traditional attacks are making way for a new crop that ignore platforms. Think ANSI bombs, boot sector infectors, macro viruses — seen any of those lately?

via No contest: Mac vs. Windows security | Security – InfoWorld.

Black Hat: Apple does well but Microsoft does better with enterprise security

While still not great, the operating systems behind Apple desktops, laptops and phones are getting more secure, researchers at Black Hat  say.

While not recommended for corporate use unless it’s in islands within larger networks, the OSX operating system has made strides, says Alex Stamos, who lead a team of researchers from iSec Partners that researched the OSX and Windows 7 operating systems.

Their conclusion is that Apple does pretty well, but Microsoft wins. Even so, earlier versions of Apple’s software were more vulnerable to initial exploitation than Win 7, but the latest Apple version known as Lion makes up ground.

via Black Hat: Apple does well but Microsoft does better with enterprise security.

Networking Nuggets and Security Snippets: Remote Workers: An Easy Target for APTs

After Black Hat, DefCon, and the recent McAfee report, you are probably tired of all of the hype around APTs. I agree that the industry has co-opted and obfuscated but these “low-and-slow” attacks are something we need to understand and address before more of our private information and intellectual property flies out the IP-connected door.

One of the characteristics of APTs is some type of social engineering tactic where the bad guys somehow con an internal user to download a malicious executable. This creates an internal outpost where hackers can steal credentials, scan the network, and ultimately steal valuable data.

via Networking Nuggets and Security Snippets: Remote Workers: An Easy Target for APTs.

Microsoft expecting exploits for critical IE vulnerabilities | ZDNet

Microsoft today warned that multiple gaping security holes in its Internet Explorer browser could expose millions of Web surfers to hacker attacks via rigged web pages.

As part of this months’ Patch Tuesday release, Microsoft shipped a “critical” IE bulletin MS11-057 with fixes for total of 7 security flaws.   Two of the vulnerabilities were publicly discussed prior to the availability of the patch.

via Microsoft expecting exploits for critical IE vulnerabilities | ZDNet.

Strong Evidence Points to China as Cyberhack Source | China News | Epoch Times

Only five nations would be capable of sponsoring a massive cyber-espionage campaign that infiltrated governments, international organizations, and high-tech companies, persisted over years, and stole billions of dollars’ worth of intellectual property—like the operation unveiled by security firm McAfee this week.

The United States and the U.K. can be removed from the equation because they don’t spy on each other. Iran and Russia are capable, but the evidence doesnt suggest they were involved. Taking into account past campaigns of monumental hacking, and considering the Asian focus in the recent attack, there’s only one country left, according to James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, in a Twitter post.

China.

via Strong Evidence Points to China as Cyberhack Source | China News | Epoch Times.

The Truth Behind the Shady RAT | Symantec Connect Community

McAfee published an interesting report yesterday about what they called Operation Shady RAT, focusing on a series of what some may call “advanced persistent threat” attacks. The attacks were dubbed in some quarters as “one of the largest series of cyber attacks ever.” While quite a bit of data was presented regarding the potential scale of these attacks, details on the threats and how the attacks were staged were somewhat limited.

via The Truth Behind the Shady RAT | Symantec Connect Community.