Network Endpoint Security News - Watch Your End

US home mortgage lender Countrywide has reportedly suffered insider data loss when an employee copied up to two million confidential records onto a flash drive.

For more than two years, the employee was able to steal up to 20,000 records a time by copying files from the corporate network to a USB flash drive. It is thought that target customers for the data, which included mortgage application rejects, could have included other mortgage suppliers, as well as identity theft fraudsters needing social security numbers to open bank accounts.

The suspect, who had worked as a senior financial analyst at Full Spectrum Lending, Countrywide’s subprime lending division, was arrested by the FBI on Friday, more than two years since his data theft efforts began.

According to new research, around ten percent of all malware is designed to use portable storage media, such as removable USB drives, to attack and propagate.

The research found that the most common type of malware on USB sticks was INF/Autorun, a generic identification for malware that tries to use the autorun.inf file as a way of compromising a PC.

Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.

The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.

With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.

Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.

More than you might think, according to new research which suggests that the average business laptop has £260,000 ($500,000) of data stored on it. The survey also found that the average value of personal data on a laptop totalled £160,000 and nearly 40 percent of travellers had been affected by some form of malware.

According to a report released by the US Computing Technology Industry Association (CompTIA), the severity of security breaches has risen from 2.3 (out of 10) to 4.8 in 2006. Although the overall number of attacks decreased slightly, IT security managers are increasingly worried about the integrity of their systems and data.

Over half of respondens cited handheld devices as a major security concern, with the enforcement of security policies still a significant problem for many organizations.