The Center for Internet Security (CISecurity) has released a free tool to help plug vulnerabilities that the U.S. Federal Bureau of Investigation last week warned were being exploited by Russian and Ukrainian hackers.
The Center for Internet Security, founded in October, released PatchWork, a software tool that automates the process of finding the vulnerabilities and identifying needed patches. Its purpose is to assist companies that have not secured their systems to do so quickly, the center said in a release Saturday. The tool can be downloaded from the CISecurity Web site.
According to the FBI, the Russian and Ukrainian hackers belong to a gang that has stolen credit card and other personal information from electronic banking and electronic commerce sites and extorted money from the operators of the sites. [See "FBI warns e-commerce sites," March 8.]This type of hacker activity is the reason the center was created, the CISecurity release said. The center gives computer officials a chance to share the best available technical knowledge. Experts and users consult through the center to prioritize the threats and develop a consensus defining the specific actions needed to shield systems and networks from those threats. The result is a benchmark that organizations can use to measure the security of their systems and those of their e-business partners.
The first CISecurity benchmark covers the Solaris operating system and is expected to be issuedin June. CISecurity benchmarks for the other major operating systems are expected to be issued over the next six months.
Among the 150 members of the nonprofit CISecurity are government agencies, banks, insurance companies, manufacturers, universities, computer service companies and consulting organizations. The first general meeting of CISecurity will take place on May 17 in Baltimore.
CISecurity, in Chevy Chase, Maryland, can be reached at +1-301-951-0452 or found on the Web at http://www.cisecurity.org.