Category Archives: Network Security

Law Firm Suing Chinese Developers Suffers Attack

Although law firms have been hit with network security attacks over the years and sustained significant losses in the process, it has never been the case that they were targeted simply because they chose the wrong side in a litigation.  That is until now.   According to this report, an exploit took place weeks after “filtering software firm CYBERsitter announced that it had retained Gipson Hoffman & Pancione to sue the Chinese government, two Chinese software developers and seven PC makers for allegedly distributing its software code as part of the Chinese state-sponsored filtering and monitoring program known as Green Dam Youth Escort.” 

There are reports of other attacks that were recently launched against Google and Yahoo! in order to retrieve account information regarding Chinese dissidents.   According to a report in The Economic Times, McAfee has stated that the Google attack exploited an Explorer flaw.   It will be interesting to see how these “China” exploits pan out in the coming weeks.

Data Theft by Former Employees

With unemployment now stretching past 10%, the Ponemon Institute “Data Loss Risks During Downsizing” survey conducted last year is more relevant than ever.  This survey found that 59% of employees who leave or are asked to leave a company are stealing proprietary or sensitive corporate data. Moreover, 79% of these respondents admit that their former employer did not permit them to leave with company data. Not surprisingly, 67% of respondents used their former company’s proprietary information to leverage a new job.

Virtualization Security Risk

If you are a larger middle-market company, another “below the radar” IT risk factor that may be impacting you may be driven by the cost savings inherent in using virtualized servers and desktops.  A security breach in a virtualized environment can have greater consequences than the same breach in a traditional IT environment because it is much more difficult to localize or isolate a virtualized IT environment.    This report gives further detail regarding the security threat and astutely points out that no one really understands where the real security problems can be found; and therefore, is the real problem.