An interesting article by Mickey McCarter of Homeland Security Today.com about President Obama take on the cybersecurity issue in the State of the Union address.
President Barack Obama called for cybersecurity legislation to provide incentives to businesses to protect their information systems from attacks or intrusions in the course of his State of the Union address [...]

This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of January 16, 2012. It is available here:

Lawmakers on Friday indefinitely postponed anti-piracy legislation that pits Hollywood against Silicon Valley, two days after major Internet companies staged an online protest by blacking out parts of prominent websites.

Senate Democratic leader Harry Reid postponed a showdown vote in his chamber on the Protect Intellectual Property Act, or PIPA for short, that had been scheduled for January 24.

“Carberp replaces any Facebook page the user navigates to with a fake page notifying the victim that his/her Facebook account is ‘temporarily locked,’” says Trusteer CTO Amit Klein in his blog. “The page asks the user for their first name, last name, email, date of birth, password and a Ukash 20 euro [approximately $25 US] voucher number to ‘confirm verification’ of their identity and unlock the account.

Shortened URLs are a fixture in the social networking world. They are the cryptic URLs you normally see on your Twitter feed as well as on Facebook.

Software vulnerabilities receive most of the limelight in network security, but weak, shared, and mismanaged passwords are often the biggest threat to most organizations.

FYI for those running Oracle products such as OracleDB, Glassfish, MySQL, Solaris, etc. The following links will provide additional information to assist you.

Oracle Critical Patch Update (CPU) Pre-Release Announcement – January 2012

Mario Armstrong has sales person demo security app FastAccess Anywhere by Sensible Vision. FastAccess Anywhere securely replaces passwords with a face to authenticate users to access their apps and web sites on mobile devices.

MobileIron, the innovator in enterprise management and security for mobile devices and apps, will be demonstrating its enterprise mobile device management and security platform in the Verizon booth at the Consumer Electronics Show (CES) in Las Vegas . The MobileIron platform was purpose-built for global companies to secure and manage mobile devices and apps. As business mobilizes, IT must support multiple operating systems, secure enterprise data on both corporate and employee-owned devices, and build and deliver mobile apps. MobileIron provides the most scalable solution for mobile device management, security and enterprise app storefronts.

Spear Phishing is very common to the traditional Phishing but more targeted to a specific group. Spear Phishing is define as an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear Phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information (SearchSecurity, 2005).

2011 was an attention-grabbing year in the information security industry. We saw some interesting things such as mobile apps become a talking point as well as some Mac OS X malware. Furthermore, the issues pertaining insider threat, hacktivism, Stuxnet’s sibling Duqu, social networking site vulnerabilities as well as our share of zero-day attacks to name a few. So, what is in store for 2012 you ask?