From Baseline…

Corporate America just ended its second year under Sarbanes-Oxley regulations, which, among other mandates, requires corporations to keep, secure and document the controls they use in their financial reporting.

Last month, across America, auditors were finishing up their work for 2005. So, it’s too early to tell how many companies failed to meet their SarbOx obligations.

For 2004, however, corporate-rating service Moody’s Investors Service did a count and found that about 5% of the companies it had been watching fell short of the government’s financial requirements. Among them: BearingPoint, the subject of this month’s cover story.

An interesting side note to the story is that the company’s chief information officer, Thomas Wilde, resigned at the end of last year to pursue other interests. And the company, says a spokesman, has not made “a determination on how that position will be handled going forward.”

<!- Vignette V6 Wed Feb 22 05:58:02 2006 -><!-WEB 12-><!- RELATED LINKS ->

But while companies certainly can get by for a while without a chief information officer, it’s probably not a good idea these days for BearingPoint or any other company to leave the post vacant for any extended period of time.

More…

From SearchSecurity.Com….

New proof-of-concept malcode designed to spread from desktop computers to wireless mobile devices has been discovered, according to the Mobile Malware Researchers Association (MARA).

Jonathan Read, a New Zealand-based CISSP and member of MARA - a group formed last year to find and raise awareness regarding mobile device threats - said in an e-mail Sunday that the malcode, dubbed Crossover, “is a proof-of-concept virus that shows how a virus can spread from a desktop computer to a Pocket PC. With the growing use of handheld devices, this type of virus may become very prevalent in the future.”

The group noted that this malcode isn’t actively in the wild. It’s a proof of concept for educational purposes only. That said, the group warned that its appearance signals another shift in the threat landscape.

“This virus closes the gap between handhelds and desktops. Now its one big world open to all,” the group said.

More….

From Bank Systems and Technology Online…

The number of sites distributing “crimeware” - or software engineered for criminal activity like identity theft - nearly doubled in December, rising from 4,630 in November to 7,197 the following month, according to a report issued today by the Anti-Phishing Working Group (APWG).

APWG Chairman David Jevans said in a statement, “The speed, precision and massive scale by which the phishers were able to identify and exploit this vulnerability for criminal enterprise highlights the fact that the eCrime industry has reached a level of efficiency that has the potential to threaten the larger online economy.”

Crimeware refers to a subset of malicious software, or malware, that has been specifically engineered for criminal activity like information theft and identity fraud. It can be thought of …

Read article…

From CNET News.com…

A security breach involving an undisclosed company has prompted Bank of America to cancel the debit cards of numerous customers, a spokesman for the country’s largest bank said Thursday.

Bank of America refused to release the name of the company involved, the exact number of customers affected or whether the company in question was online or a traditional brick-and-mortar establishment.

The case is unusual in that debit cards appeared to be at risk. Credit cards are typically involved in security breaches at financial institutions because they are used more often than debit cards for retail transactions.

Read More…