Computer Security Updates Week 4 of June 2013

Refer to Computer Security Updates Week 3 of June 2013; in which the biggest news was Juniper announced the-only DDoS solution for data centers.

For this week / last week, here are / were the biggest news.
  • Reuters: Facebook admits year-long data breach exposed 6 million users.
  • Reuters: Cyber Cover on the rise in U.S market.
  • MMU wins national IT Security competition.
  • Barracuda Firewall Integrates with Client ‘Fingerprinting’ to protect against DDoS attacks
  • Sophos Launches Complete MSP Security.
  • RSA Conference APAC in Singapore.
  • Trend Micro co-worked with Taiwan CIB to solve targeted attack crime.
  • Kaspersky Lab uncovers APT ‘Operation NetTraveler’.



Reuters, Jun 21, 2013 - Facebook admits year-long data breach exposed 6 million users

Reuters reported that Facebook has inadvertently exposed 6 million users' phone numbers and email addresses to unauthorized viewers over the past year.

The leak was blamed on a technical glitch which had allowed Facebooks users who downloaded contact data for their friends inadvertently obtained additional contacts information.

Get more details.

Reuters, Jun 20, 2013 - Cyber Cover on the rise in U.S Market

Reuters reported that due to proliferations of cyber attacks on enterprises, cyber cover (insurance) in U.S has grown to be a market worth more than $1 billion in annual premiums; but Europe has not yet followed suit.

In the United States, laws forcing companies often at considerable cost to inform people if their private details had been compromised, led to a boom in cyber cover starting in around 2005.

Insurers say demand is concentrated currently among companies in sectors holding personal or financial data useful to criminals such as healthcare companies, financial institutions and retailers.

Between 5% to 13% of enterprises subscribed to cyber cover as reported by major insurers in the U.S.

It is still a very new market.

Get more details.

Kuala Lumpur, 19 June 2013 – MMU Wins National IT Security Competition

After one month of intense competition, undergraduate’s trio – Tan Jin Fu, Ong Yi Hao and Soh Chong Hwa - from Multimedia University (MMU), Malacca emerged triumphant as the grand prize winner for the 2013 F-Secure’s National Inter-Varsity IT Security Competition.

Mikko Hypponen with the Champion Team Little Pwnies

Over the past month, F-Secure representatives ventured throughout the country to administer qualifying tests to almost 200 participants from 28 universities and selected eight (8) finalists to compete in the semi-finals on the 17 of May. Two (2) teams from University Sains Malaysia, Penang and Multimedia University, Malacca advanced to the final level with the latter winning the competition for 2013!

Get more details.

KL, 18 June 2013 – Barracuda Firewall Integrates with Client ‘Fingerprinting’ to protect against DDoS attacks

Barracuda announced the latest Barracuda Web Application Firewall (WAF), version 7.8 firmware, specifically aimed at reducing the impact of automated attack attempts from botnets. WAF now has the ability to control traffic based on geographic regions, IP addresses, and client types – allowing administrators to fight botnets effectively. It has new features such as client fingerprinting techniques that can distinguish botnets from real human users, so as to block malicious requests from botnets.

Get more details.

KL, June 18, 2013 – Sophos Launches Complete MSP Security

Sophos announced Complete MSP Security, the company’s new partner program designed to drive market success for managed service providers by aligning with their business and technical needs to bring complete security services to market. Sophos Complete MSP Security is the first MSP-focused solution to offer complete protection for networks, endpoints, and mobile devices from a single vendor.

Sophos Complete MSP Security makes offering IT security as a service easier and more profitable. MSPs can offer a full range of IT security services that provide instant credibility and proven protection, including centralized management that allows them to easily manage all of their customers’ locations at no extra charge. With Sophos’ new self-provisioning MSP licensing, this program offers compelling usage-based pricing and pay-as-you-go monthly billing, and it requires no up-front commitments – a business model demanded by today’s MSPs that had gone unmet – until now.

Get more details.

Singapore, June 17, 2013 - RSA Conference Asia Pacific in Singapore

Security experts failed to anticipate the evolution of mobile devices and Internet-of-Things (IoTs) which have acted as catalysts for growth in security threats as well.

The conference discussed latest trends on computer security and highlighted that collaboration between the good-guys is critical success factor to win the cyber-war - the intelligent-driven model.

It also stressed the importance of GRC (Governance Risks Compliance) and the effectiveness of proactive-driven model.

The thought of achieving security utopia is not yet near; as stressed by Arthur Coviello, Executive Chairman, RSA and Executive Vice-President, EMC; nonetheless, security vendors should at least be able to keep pace with their adversaries and, in many instances, get ahead of them.

The conference also acknowledged governments involvement in counter cyber-security.

For example, the International Criminal Police Organisation (Interpol) with 190 member countries will open its Interpol Global Complex for Innovation (IGCI) in Singapore in 2014 - the IGCI in Singapore will assist police forces, especially in Asia and the South Pacific with information, knowledge, networking, skills, forensic laboratory facilities, training and other assistance to fight cybercrime.

Get more details.

Kuala Lumpur, 14 June 2013 -Trend Micro co-worked with Taiwan CIB to solve targeted attack crime

Trend Micro successfully co-works with the Taiwan Criminal Investigation Bureau to solve a targeted attack of personal data theft case. This is a crime that occurred to the Taiwan Bureau of National Health Insurance at the end of April. With the world leading cloud security vendor, Trend Micro’s customized analytics technology, the Taiwan Criminal Investigation Bureau (CIB) has successfully detected over 10 thousands of Trojan malware TROJ_GHOST.ZZXX and backdoor malware BKDR_GHOST.ZZXX. It was a great success for both CIB and Trend Micro.

This backdoor malware belongs to the GHOST family.

the hackers impersonated themselves as the Taiwan Bureau of National Health Insurance, and initiated a customized social email attack, by sending a huge amount of emails under the name of the Bureau, with a link of a certain document for the public to download.

Get more details.

PETALING JAYA, June 13, 2013 – Kaspersky Lab Uncovers APT ‘Operation NetTraveler’

Kaspersky Lab’s team of experts published a new research report about NetTraveler, which is a family of malicious programs used by APT actors to successfully compromise more than 350 high-profile victims in 40 countries. The NetTraveler group has infected victims across multiple establishments in both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists.

According to Kaspersky Lab’s report, this threat actor has been active since as early as 2004; however, the highest volume of activity occurred from 2010 – 2013. Most recently, the NetTraveler group’s main domains of interest for cyberespionage activities include space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications.

It is based on Microsoft vulnerabilities (CVE-2012-0158 and CVE-2010-3333) and propagates via pear-phishing emails - it is C&C nature.

Get more details.

Comments

Thanks for updates and details. I really appreciate your hard work.