Computer Security Updates Week 3 of June 2013

Refer to Computer Security Updates Week 2 of June 2013; in which the biggest news was nothing. Nonetheless, one significant trend was observed; many Internet-based services such as Twitter and Evernote beefed up security with mulit-factor authentication.

For this week / last week, here are / were the biggest news.
  • U.S. charges eight people for cybercrime targeting banks, government.
  • SourceFire provides updates to FirePOWER platform.
  • Blue Coat positioned by Gartner in “Leaders” Quadrant of Secure Web Gateway Magic Quadrant.
  • Reuters reported that Israeli PM accused Iran and allies of APT.
  • Juniper announces the-only DDoS solution for data centers.
  • Reuters reported that Internet big boys deny granting servers access for U.S Government
  • Symantec reported that global banking trojan Citadel taken down.
  • Social networks are the most dangerous virtual ‘playground’ for children.
  • Sophos gets top marks from leading independent Antivirus Tester.
  • Silicon Valley should lead the battle against cyber attacks.

Reuters, Jun 12, 2013 - U.S. charges eight people for cybercrime targeting banks, government

Reuters reported that 8 people where accused and charged in relation to international cybercrime scheme targeting accounts at 15 financial institutions and government agencies.

Affected financial institutions include Automatic Data Processing Inc, Citigroup Inc, eBay Inc's PayPal, JPMorgan Chase & Co, TD Ameritrade Holding Corp and the U.S. Department of Defense.

They were accused with hacking by gaining illegal access to computer networks, diverted customer funds to bank accounts and pre-paid debit cards and used "cashers" to make ATM withdrawals and fraudulent purchases in Georgia, Illinois, Massachusetts, New York.

Get more details.

KUALA LUMPUR, June 12, 2013 -SourceFire provides updates to FirePOWER platform

SourceFire in a nutshell.

Sourcefire, Inc., a leader in intelligent cybersecurity solutions, today announced enhancements to its FirePOWER™ security platform, including its 7000 and 8000 series appliances, as well as updates to its Next-Generation Intrusion Prevention Systems (NGIPS) and Next-Generation Firewall (NGFW) solutions. With these new features, Sourcefire is offering customers increased flexibility and scalability to help ensure leading protection for any environment.

These updates include:
  • Enhanced IPv6 Product and Awareness Support
  • Geolocation Additions to Event Analysis
  • Network Address Translation (NAT) Policy Management
  • Enhanced High-Availability Features for NGFW
  • Site-to-Site IPSec VPN
Get more details.

KUALA LUMPUR, June 12, 2013 – Blue Coat Positioned by Gartner in “Leaders” Quadrant of Secure Web Gateway Magic Quadrant

Blue Coat Systems, Inc., the market leader in business assurance technology, today announced it has been positioned in the “Leaders” Quadrant of the Magic Quadrant for Secure Web Gateway, 20131 by research and advisory firm Gartner, Inc. According to a March 2013 Market Share2 report from Gartner, Blue Coat is also the leader of the worldwide secure Web gateway market with 18 percent market share. While the security market grew 7.9 percent in 2012 according to Gartner, Blue Coat grew 12.8 percent, outpacing the market and increasing its market share.

Blue Coat Secure Web Gateway products are the cornerstone of the Blue Coat Security and Policy Enforcement Center. The center, one of five that comprise the Blue Coat Business Assurance Technology, delivers business continuity by protecting against threats and data loss. With the Security and Policy Enforcement Center enterprises can provide a safe and productive Internet and network experience for users.

The Security and Policy Enforcement Center works in conjunction with the Mobility Empowerment Center, the Trusted Application Center and the Performance Center to drive business agility. The Resolution Center enables businesses to improve governance.

Get more details.

Reuters, June 9, 2013- Reuters reported that Israeli PM Accused Iran and allies of APT

According to the news, vital systems such as those related to water, power and banking had been targeted.

Get more details.

KUALA LUMPUR, June 7, 2013 - Juniper Announces the-only DDoS Solution for Data Centers

Based on intelligence analytics, Junos® DDoS Secure is meant to protect data centers against increasingly complex Distributed Denial of Service (DDoS) attacks.

The industry experienced the biggest DDoS incident ever on week 4 of Mar 2013 when Spamhaus, a non-profit IT organization, was attacked by massive DDoS.

The scale of the attack was unprecedented, with over 300 gigabits per second.

DDoS works by clogging your network's bandwidth where attackers are able to keep sending traffics such as web service requests.

Preventing such attacks requires security professionals have granular visibility and control of network traffic once it enters the data center versus simply the ability to block DDoS traffic at the edge of the network.

Get more details.

Reuters, June 6, 2013 - Internet Big Boys deny granting servers access for U.S Government

Reuters reported a report originally by Washington Post report that claimed to have information pertaining to the fact where U.S. National Security Agency and the FBI are "tapping directly into the central servers of nine leading U.S. Internet companies" through a secret program known as PRISM.

It named nine companies, including Apple, Facebook, Microsoft Corp and Google Inc, as having joined the secret program.

It was reported that all companies denied such involvement and existence of such reality.

Get more details and here.

London's mayor Boris Johnson felt that this controversy presents an opportunity for British entrepreneurs to do something better, while he juggles balancing act between ideologies of old-fashion vs new age.

Mr. Johnson wouldn't mind being monitored at all; he is always prepared.

Symantec, June 6, 2013 - Global Banking Trojan Citadel Taken Down!

Citadel, a banking Trojan which has been in existence since 2011, has been recently taken down by Microsoft and members of the financial services industry and the FBI. The takedown operation resulted in over 1,000 Citadel botnets being taken offline.

As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel is a descendant of that other behemoth of the financial Trojan world, Trojan.Zbot (Zeus). It came into existence after the Zeus source code was leaked in 2011, with criminal groups taking that code and enhancing it.

Citadel is aimed at a more "exclusive" attacker market than its more widespread predecessor, Zeus. The Citadel kit is sold through underground Russian forums and typically costs around $3,000, compared to $100 for the SpyEye and leaked Zeus kits. Citadel users have to also fork out a further $30-$100 to purchase Web inject code for the banks that they wish to target. Additionally, even if attackers have that money to spend, there is a strict vetting process with referrals required for new purchasers.

The Citadel Trojan interface

Get more details.

PETALING JAYA,June 5,2013 - Social networks are the most dangerous virtual ‘playground’ for children

Kaspersky Lab analyzed the response of the Parental Control modules incorporated in its protection products, and in the first 5 months of 2013, it found that the social networks ranks no.1 (31.26%) with pornographic no.2 (16.83%).

Parental Control allows parents to restrict access to specific sites and programs, or to the entire Internet. Similarly, parents can set timetables.

It is also available for iOS and Android.

Parental control is available from Kaspersky Internet Security, Kaspersky PURE and Kaspersky Security for Mac.

Get more details.

Kuala Lumpur, Malaysia, June 5, 2013 –Sophos Gets Top Marks From Leading Independent Antivirus Tester

Sophos received top marks in the latest report from AV-Comparatives, a leading international testing lab. The report, titled “Impact of Anti-Virus Software on System Performance,” evaluated twenty one of the world’s leading security products on a PC running under Windows 7.

The testing lab prepared a total of 545 infection scenarios, and Sophos’ antivirus offering tied for the highest score among the products reviewed. It also received an “Advanced +” award, based on the lab’s assessment of the overall results.

Additionally, Sophos recently received a VB100 award for Sophos Endpoint Security and Control as part of Virus Bulletin’s comparative review on Windows XP Professional SP3.

ESET Blog, June 4, 2013 - Silicon Valley should lead the battle against cyber attacks

Paul Rosenzweig, a former Department of Homeland Security official, now founder of Red Branch Consulting said that silicon Valley should take the lead role in solving cyber security issues - they should be held responsible.

Rosenzweig quoted that tech companies should bear responsibilities for flaws in their products which lead to the eventuality of cyber-attacks, in particularly, zero-days vulnerabilities.

Get more details.