Computer Security Updates Week 1 of Mar 2014

Refer to Computer Security Updates Week 3 of Feb 2014; the biggest news was the DDoS attack towards CloudFlare.

For this week / last week, here are / were the biggest news.
  • PR- PJ, Feb 28, 2014 - Kaspersky Lab solutions top overall test rating for 2013
  • PR- KL, Feb 28, 2014 - Cisco Security Introduces Open Source Application Detection and Control
  • Reuters - Feb 27, 2014 - British man charged with hacking
  • PR - KL, Feb 27, 2014 - Barracuda integrates eSignature into its Cloud Storage
  • Kaspersky - Feb 26, 2014 - Mobile malware evolution: 3 infection attempts per user in 2013
  • PR - KL, Feb 25, 2014 - Cisco Adds Advanced Malware Protection to product portfolios
  • PR - KL, Feb 25, 2014 - McAfee Expands Comprehensive Threat Protection in Security Connected Platform
  • PR - Feb 25, 2014 - Sophos Issues Mobile Threat Report at Mobile World Congress
  • PR - Feb 24, 2014 - McAfee offers updated, full-featured Mobile Security to consumers for free
  • Symantec - Feb 24, 2014 - The future of Mobile Malware - 2FA at risks
  • PR - Singapore - Feb 20, 2014 - CyberArk Launches Enhanced “CyberArk DNA” to Detect Pass-the-Hash Vulnerabilities
  • PR - Singapore - Feb 18, 2014 - McAfee Stops Advanced Threats Within Milliseconds



PR- PJ, Feb 28, 2014 - Kaspersky Lab solutions top overall test rating for 2013

Kaspersky Lab ranks first in a TOP3 metric based on solutions that performed consistently well in independent testing throughout 2013, according to statistics gathered from the most authoritative test organizations. Kaspersky Lab’s solutions were awarded first place in 41 out of 79 tests and in a further 20 tests they came second or third. The company’s number of top-three finishes far exceeded that of its competitors.

Details.

PR- KL, Feb 28, 2014 - Cisco Security Introduces Open Source Application Detection and Control

Harnessing the power of open source and community, Cisco today announced that the company is delivering the ability to create and integrate new open source application identification capabilities into its Snort engine through the release of OpenAppID. Open source application detection and control allows users to create, share and implement custom application detection so that they can address new app-based threats as quickly as possible.

In addition, a library of more than 1,000 OpenAppID detectors will be available at no charge through the Snort community at http://www.snort.org. Any community member may contribute additional detectors, including end user organizations with custom applications that are not commercially available.

Details.


Reuters - Feb 27, 2014 - British man charged with hacking

Reuters reported that a British man was charged with hacking into servers of various U.S goverment agencies, including those of Military.

According to the report, 'sequel injection' method was used for the hacking and the man posted stolen information to a website he controlled.

http://www.reuters.com/article/2014/02/27/us-usa-crime-hacking-idUSBREA1Q1R720140227



PR - KL, Feb 27, 2014 - Barracuda integrates eSignature into its Cloud Storage

Barracuda Networks, Inc.today announced the integration of work flow automation, eSignature and more to its secure cloud service Copy for business to enable organisations to simplify the way they collaborate and work, from anywhere or with any device.

Recognising the need for easier migration process, last year Barracuda partnered with Mover; the online data migration expert that allows users to easily and cost effectively migrate from other cloud storage providers such as Dropbox, Box and SugarSync. Mover’s hosted platform offers swift, simple and secure solutions for data migration and backups, with no downloads or installations.

Every new Individual Copy user account will receive 15GB of cloud storage free of charge. Paid Copy Pro plans start at $9.99 USD/month or $99 USD/year for up to 250GBs.

Companies can purchase Copy in 10-user packs of $79.99 USD/month or $899 USD/year for as much storage as they need. For additional pricing information, please visit https://www.copy.com/price/.

Details.

Kaspersky - Feb 26, 2014 - Mobile malware evolution: 3 infection attempts per user in 2013

The experts at Kaspersky Lab have published the results of their analysis of the mobile threat landscape in 2013.

Malware evolution chart from 2004 to 2014

Highlights:
  • Nearly 145,000 new malicious programs for mobile devices detected in 2013, more than double the previous year’s figureof 40059 samples. As of January 1, 2014 Kaspersky Lab’s collection included 143,211 mobile malware samples.
  • 98.1% of all mobile malware detected in 2013 targeted Android devices.
  • Approximately 4 million malicious applications used by cybercriminals to distribute mobile malware for Android-based devices. A total of 10 million malicious Android apps detected in 2012-2013.
Details.

PR - KL, Feb 25, 2014 - Cisco Adds Advanced Malware Protection to Web and Email Security Appliances and Cloud Web Security

Cisco today announced that it has added its Advanced Malware Protection (AMP), originally developed by Sourcefire, into its Content Security Portfolio of products, including Web and Email Security Appliances and Cloud Web Security Service. The integration provides customers worldwide with comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats.

Cisco has also added Cognitive Threat Analytics, acquired last year via Cognitive Security, as an option for Cisco® Cloud Web Security customers. Cognitive Threat Analytics is a highly intuitive, self-taught system that uses behavioral modeling and anomaly detection to identify malicious activity and reduce time to discovery of threats operating inside the network.

Details.

PR - KL, Feb 25, 2014 - McAfee Expands Comprehensive Threat Protection in Security Connected Platform

Today, McAfee announced expanded capabilities to find, freeze, and fix advanced threats faster by introducing the McAfee Comprehensive Threat Protection (CTP) solution.

Part of the McAfee Security Connected approach, the CTP solution tightly binds and shares threat intelligence and workflows across endpoints, network, and the cloud.

It also provides protection, performance, and operational savings that are not possible from point products, which aren’t designed to optimize security and risk management as an IT function and carry the overhead of manual integrations.

Details.

PR - Feb 25, 2014 - Sophos Issues Mobile Threat Report at Mobile World Congress

Sophos has launched its first Mobile Security Threat Report at Mobile World Congress today in Barcelona. The IT security firm also today announced growing momentum for its Mobile Device Management (MDM) solutions.

In a recent research note by IDC, 24 percent of SMB organizations currently utilize an MDM solution to govern and manage their mobile devices.

The study identified Sophos Mobile Control as the most deployed MDM product among all survey respondents at 25 percent.

The threat report shows that the mobile revolution is clearly in effect, and as a result, mobile malware is on the rise.

The report also shows that in some countries – Russia, Austria and Sweden – mobile malware has overtaken desktop malware. India, Spain and China all have high mobile threat exposure levels.

Details.

PR - Feb 24, 2014 - McAfee offers updated, full-featured Mobile Security to consumers for free

With always-connected devices and users’ tendency to share and store information as revealed in the recently released 2014 Love, Relationships & Technology survey, protecting our devices and data becomes even more necessary.

For the increased security of consumers, McAfee today announces a full-featured version of its award-winning McAfee Mobile Security is now available to Android users at no cost in 30 languages. This is shortly after McAfee also launched McAfee Internet Security for iOS devices.

McAfee Mobile Security for Android is designed to prevent privacy invasions, data loss, identity theft and device disappearances. Its latest version, including the free version includes:
  • Wi-Fi Security feature – Users are alerted to any risky or non-password protected networks they may be connected to
  • CaptureCam – When there is suspicious activity, the device snaps a picture of the person holding the device which, together with the location, is sent to the account owner
  • SOS feature which saves the device’s last location before the battery runs out
  • Integration with Intel Device Protection Technology, which proactively blocks and secures devices from malware

Details.

Symantec - Feb 24, 2014 - The future of Mobile Malware - 2FA at risks

With Mobile World Congress happening right now, smartphone and tablet innovations are set to become a reality over the next 12 months.

However, as mobile manufacturers and app developers have upped their game each year, so too have malware authors. Symantec discovered an average of 272 new malware variants and five new malware families per month targeting the Android mobile operating system in 2013. These threats have taken aim at mobile devices in several ways, such as by attempting to steal personal and financial information, track users, send premium rate SMS messages, and display intrusive adware.

Attackers have caught onto the trend of two factor authentication (2FA) and have developed Android malware to steal these 2FA codes. Threats such as Android.Hesperbot and Android.Perkel intercept SMS messages with 2FA codes and send them directly to attackers. They can also either steal other banking credentials or work with other computer-based threats to compromise victims’ accounts.

http://www.symantec.com/connect/blogs/future-mobile-malware

PR - Singapore - Feb 20, 2014 - CyberArk Launches Enhanced “CyberArk DNA” to Detect Pass-the-Hash Vulnerabilities

CyberArk today unveiled the latest version of Discovery & Audit (DNA), the first tool on the market to identify and map exposed privileged password hashes and all related vulnerable machines on a network.

CyberArk DNA™ is a patent-pending, light-weight, stand alone tool that exposes the magnitude of privileged account security risks by enabling organisations to easily identify and analyse all privileged accounts across their network. CyberArk DNA v4 free trial licenses are currently available to all businesses for a limited time.

CyberArk DNA v4 is available today. For a free trial of CyberArk DNA or for more information, please visit http://www.cyberark.com/discover-where-your-privileged-accounts.

Details.

PR - Singapore - Feb 18, 2014 - McAfee Stops Advanced Threats Within Milliseconds

Today, McAfee announced the launch of McAfee Threat Intelligence Exchange (TIE), the first in the industry to orchestrate local and global threat intelligence information and enterprise-wide security products into one cohesive integrated security system.

Instead of mere point-to-point integration, McAfee’s TIE allows for a bi-directional, real-time exchange of threat information between any device — spanning endpoint, network, gateway and SIEM (Security Information Event Management). McAfee’s TIE not only provides detection, but automated action in order to prevent threats on a deeper level.

With McAfee’s TIE, it will be possible for security components to dynamically join the real-time data exchange layer to operate as one in assessing, detecting, and surveilling security state enabling instant action, better protecting organizations.

Details.

Comments