A company that monitors security at 1,300 organizations reports that its clients' databases are experiencing more than 8,000 SQL injection attacks per day. The company, SecureWorks Inc. in Atlanta, says that is up from an average of 100 to 200 exploits per day in the first three months of 2006. Attacks were detected coming from computers in Russia, China, Brazil, Hungary and Korea. The attacks are specifically crafted for the target organizations.

Effort aims to end malware confusion

The antivirus industry has once again proposed a Common Malware Enumeration (CME) program as a means of preventing confusion over the naming of major virus and worm outbreaks. The program was first proposed last fall by the U.S. Computer Emergency Readiness Team . The hope is that identifying malware with nonsequential CME numbers will avoid the confusion of having several names assigned to a single piece of malicious code.

Some can relax security spending

Gartner Inc. analyst Rich Mogull said at a recent security summit that organizations that have implemented security technology effectively can safely scale back security spending to between 3 percent and 4 percent of their IT budgets by 2008 so they can focus on new threats. Those that have skimped on security spending in the past and are inefficient may need to spend more than 8 percent of their IT budgets on security and will still be investing aggressively for the next few years, he said.