Leading security researcher Jamie Blasco with AlienVault has spotted a new version of the evolving Sykipot malware, this time tapping into the power of drive-by downloads.

 In January of this year, Jamie and his team found evidence of Chinese-originated attacks against US government agencies - including the US Department of Defense (DoD) and which used a new strain of the Sykipot malware to compromise DoD smart cards.

 Whilst one of the original versions of Sykipot was a trojan horse application that opened a backdoor into the infected PCs, he reports that this latest variant builds on a previous iteration of the malware that was able to bypass two-factor authentication and so access protected resources on the victim's network.

Cryptzone, the European IT Threat mitigation specialists, announces the release of AppGate MOVE (My Own Virtual Environment), a USB flash drive that provides a portable and robust way to access information and applications securely from virtually any computer. As the secure bootable USB works independently of the host device’s operating system, the risk from malware infection is eradicated.

 Jamie Bodley-Scott, Account Director for Systems Integratorsat Cryptzone says “With more organisations offering occasional home working, MOVE is a perfect low-cost option, providing trustedaccess to corporate information from anuntrusted computer at home or in a public space.MOVE allows people to work securely because the configuration of the PC is irrelevant and untouched.Thisis important from a security policy viewpoint.”

AlienVault’s research team have discovered a large human rights Web portal that has been compromised and is serving up malware to site visitors.

 The ASEAN site compromise is notable as the portal is both high profile and may be linked to Google’s warnings on state-sponsored attacks, says Jaime Blasco - a researcher with the Security Information and Event Management (SIEM) solutions specialist – who adds the crack appears to centre around a Windows XML Core zero-day vulnerability (http://bit.ly/N2xxU2)

 “Whilst this high-profile portal crack and consequent drive-by malware-fest is notable for being a possible hostile act by another government and/or its supporters, the fact that Windows flaw has been exploited so quickly and comprehensively proves the need for vigilance and understanding of zero-day flaws,” he said.

Today at the INSIGHTS 2012 conference, ISACA released COBIT 5 for Information Security, which builds on the recently released COBIT 5 framework to provide practical guidance for those interested in security at all levels of an enterprise. ISACA’s COBIT 5 framework is the only business framework for the governance and management of enterprise IT.

 In the past year, close to one in four (22%) enterprises has experienced a security breach and 21% have faced mobile device security issues, according to a global survey of more than 3,700 IT professionals who are members of ISACA. In the next 12 months, data leaks and employee-related issues top the list of hot-button IT issues most likely to challenge an organization’s network security. The threats were ranked in the following order: