Computer Security Updates Week 4 of Mar 2014

Refer to Computer Security Updates Week 1 of Mar 2014; the biggest news was regarding Cisco enhanced product portfolios with advanced malware protection.

For this week / last week, here are / were the biggest news.
  • Mar 18, 2014 - Hong Leong Bank Phishing Site Detected
  • PR - Mar 17, 2014 - HP Enhances Security Mobility Printing Solutions for Enterprise Customers
  • Reuters - Mar 16, 2014 - NATO hit by cyber attacks
  • Symantec - Mar 14, 2014 - Google Docs Users Targeted by Sophisticated Phishing Scam
  • PR- Mar 14, 2014 - WatchGuard Technologies Launches Industry’s First Enterprise-Level UTM targeting SOHO
  • PR- Mar 14, 2014 - Kaspersky Lab Bolsters Linux Mail Server Protection with Real-Time Threat Data and New Management Features
  • TheStar - Mar 14, 2017 - Malaysian Opposition leaders claimed phones hacked
  • Ovum - Mar 12, 2014 - Ovum sees security transformation underway
  • PR -KL- Mar 12, 2014 - Blue Coat Malaysia names Ivan Wen NEW country manager
  • PR -FORT LAUDERDALE, FL- Mar 12, 2014 - High-Bandwidth NTP Amplification DDoS Attacks Escalate 371% in the Last 30 days
  • Ovum - Mar 12, 2014 - MEPs voted for stronger safeguards for EU citizens’ personal data
  • Reuters - Mar 12, 2014 - Criminal botnets 'hijacked' by NSA
  • PR - Mar 10, 2014 - McAfee Labs Q4 Report Reveals Techniques Used in High-Profile Data Breaches
  • PR - Moscow, Mar 7, 2014 - An average of 900 online resources are active on TOR daily
  • PR - Feb 26, 2014 - HP Awarded $32.4 Million Cybersecurity Contract by U.S. Department of Homeland Security



Mar 18, 2014 - Hong Leong Bank Phishing Site Detected

A phishing email claimed to be originated from Hong Leong Connect Team, requesting to visit a new website with a new design and features

The hyperlink points to fraud URL: http://earnmoneyz.com/old/hlon.php - please do not click on it.

Email pointing to a phishing site

PR - Mar 17, 2014 - HP Enhances Security Mobility Printing Solutions for Enterprise Customers

HP today announced the launch of the first near-field communications (NFC) touch-to-authenticate solution for enterprise customers, enabling end users to easily authenticate themselves with the simple touch of their NFC-enabled Android smartphone or tablet to an HP Enterprise LaserJet printer or MFP.

The solution consists of HP Access Control 14.0 and Updates to HP ePrint Enterprise 3.2.

http://www8.hp.com/us/en/hp-news/press-release.html?id=1605483&pageTitle=HP-Enhances-Security-Mobility-Printing-Solutions-for-Enterprise-Customers#.Uyd9tqKEySo

Reuters - Mar 16, 2014 - NATO hit by cyber attacks

Reuters reported that several NATO websites was downed by hackers, believed to be a retaliation towards the looming tension of Crimea.

The attack came in the form of DDos and affected the e-mail network as well.

A Ukrainian group known as 'cyber berkut' claimed responsibility for the attack.

http://www.reuters.com/article/2014/03/16/us-ukraine-nato-idUSBREA2E0T320140316



Symantec - Mar 14, 2014 - Google Docs Users Targeted by Sophisticated Phishing Scam

Symantec security response discovered phishing scam targeting Google Docs and Google Drive Users.

Sent through emails, the scam uses a simple subject of "Documents" and urges the recipient to view an important document on Google Docs by clicking on the included link.

The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file which loads a fake 'Google Accounts' login page.

After pressing "Sign in", the user’s credentials are sent to a PHP script on a compromised web server.

This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content.

http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam

PR- Mar 14, 2014 - WatchGuard Technologies Launches Industry’s First Enterprise-Level UTM targeting SOHO

WatchGuard Technologies has unveiled the FireboxT10, an enterprise-level UTM security platform designed for home and small office environments. It is a timely solution given that many enterprise networks extend to homes given that 70 percent of high-value employees working at home at least once a week.

Context diagram how UTM works

According to a recent global WatchGuard survey of IT professionals[ii], more than 82 percent allow employees to access the corporate network from a small office or home office location. However, nearly 30 percent do not require a gateway security device. For those that do, only 23 percent require users to use security products similar to those used in the corporate headquarters, with features such as Intrusion Prevention, AntiVirus, Data Loss Prevention, Application Control, AntiSPAM, and more.

Details.

PR- Mar 14, 2014 - Kaspersky Lab Bolsters Linux Mail Server Protection with Real-Time Threat Data and New Management Features

Kaspersky Lab has announced that its latest Maintenance Pack (MP1) for Kaspersky Security for Linux Mail Server is now publicly available for installation. This new suite of enhancements includes significant improvements to the management capabilities and overall security effectiveness of the solution, which has already demonstrated outstanding test results in independent testing.

The newly-enhanced Kaspersky Security for Linux Mail Server will now feature full integration with the Kaspersky Security Network, which uses the cloud to deliver real-time threat intelligence from millions of our users around the world to our company’s experts, ensuring our customers are protected from the latest emerging threats.

Details.

TheStar - Mar 14, 2017 - Malaysian Opposition leaders claimed phones hacked

TheStar reported that top leaders from opposition party PKR, claimed their mobile phones have been hacked.

The hacking resulted in unsolicited text messages which were damaging to the reputation of their own party and allies were sent out from their one phones.

http://www.thestar.com.my/News/Nation/2014/03/14/Five-PKR-leaders-report-hacked-phones/



Ovum - Mar 12, 2014 - Ovum sees security transformation underway

Remarks by Mike Sapien, Principal Analyst, Enterprise, Ovum

Ovum attended the RSA conference in late February 2014 and the show continues to grow in importance and increased participation by most in the ICT community. Ovum expects this conference to continue to grow for the next few years with security and managing risk one of the top agenda items for the IT decision makers. It was more than just the Target and NSA incidents that is driving this growth.

Many of the security tactics (and managed security service providers) are adding more proactive measures and features to their security service portfolios. Historically most managed security services were more reactive and based on security incidents but this now has changed to providing more proactive features and going beyond identification and isolation of a security breech. Remediation in real time and immediate preventative policies are becoming standard requirements now. Customers want to know they have more proactive security services that are protecting their IT resources and end users in real time.

The traditional model of protecting the perimeter and the edge has now given way to more sophisticated solutions. This includes more core (network or IT infrastructure) security solutions which may also include increased use of cloud based security solutions within the IT core versus the perimeter. This has been driven by the complete implosion of the perimeter with mobile access, home workers and lack of any real perimeter any more.

The conference this year showcased two distinct dimensions in cloud services. The use of cloud services is driving the need for security within the enterprise as cloud services are deployed. Security vendors (new and emerging) are also leveraging cloud technology to provide more security services within the IT infrastructure. So the managed security service providers have to think about both dimensions when approaching customers with cloud based solutions to clearly address both dimensions. Are you providing security for implementing cloud services or are you using cloud services as a platform to provide increased security?

In many of the meetings, briefings and announcements around RSA, Cybersecurity initiatives and work efforts are underway. Not all vendors were in the same state but most of them were increasing, enhancing or adding Cybersecurity measures to their security service portfolios. Clearly, this is also part of the move and growth to more proactive (versus reactive) security protection

Every vendor mentioned the fact that all large enterprise customers have had a breech. Now it was more about knowing about the total exposure, assessing your risk and plugging the holes in your security program to manage your risk as well as remediate and resolve security incidents in real time.

PR -KL- Mar 12, 2014 - Blue Coat Malaysia names Ivan Wen NEW country manager

Today, Blue Coat Malaysia names IT-security veteran, Ivan Wen, as its NEW country manager to roll key investments in its ‘Business Assurance Technology’ offering for Malaysia.

In 2012, Blue Coat led the Asia Pacific market in Web Security market share. Country Manager, Ivan Wen says that the company have opportunity to increase the local market share by helping businesses securely embrace new technology trends such as mobility and applications– all possible via the ‘Business Assurance Technology’ offering.

(L-R)Ivan Wen, Country Manager; Jonathan Andresen, Marketing & Product Marketing Director,  Blue Coat Systems APAC

The Blue Coat ‘Business Assurance Technology’ blueprint addresses this via five (5) core centres of excellence that cover a comprehensive array of technologies, products, services, and capabilities that give businesses a total protection.
  1. Security and Policy Enforcement Center delivers business continuity by protecting against threats and data loss.
  2. Mobility Empowerment Center extends protection and policy to users in any location on any device.
  3. Trusted Application Center enables organizations to safely deploy and consume all types of applications.
  4. Performance Center aligns IT infrastructure with business priorities to assure network performance and optimize user experience across the extended enterprise.
  5. Resolution Center provides businesses with advanced threat protection by combining deep security intelligence and analytics.
Established since 2005, Blue Coat’s business model in Malaysia is 100% sales and distribution via channel partners.

Details.

PR -FORT LAUDERDALE, FL- Mar 12, 2014 - High-Bandwidth NTP Amplification DDoS Attacks Escalate 371% in the Last 30 days

Prolexic Technologies the global leader in Distributed Denial of Service (DDoS) protection services today issued a high alert threat advisory on NTP amplification DDoS attacks. This attack method has surged in popularity this year, fueled by the availability of new DDoS toolkits that make it simple to generate high-bandwidth, high-volume DDoS attacks against online targets.

A number of new DDoS attack toolkits have made it easier for malicious actors to launch attacks with just a handful of servers. With the current batch of NTP amplification attack toolkits, malicious actors could launch 100 Gbps attacks – or larger – by leveraging just a few vulnerable NTP servers.

Unlike the largest attacks of the past two years, the NTP amplification attacks were not focused on any particular sector. Industries targeted by NTP amplification attacks in February included finance, gaming, e-Commerce, Internet and telecom, media, education, software-as-a-service (SaaS) providers and security.

Details.

OVUM - Mar 12, 2014 - MEPs voted for stronger safeguards for EU citizens’ personal data

Remarks by Luca Schiavoni, regulation analyst at Ovum

“Today’s vote of the European Parliament on the draft Data Protection Regulation signals the clear intention to press ahead with the reform, despite all the delays and disagreements that had slowed down the process The Parliament has amended the draft to strengthen users’ protection in transfer of data outside the EU, which will have to be authorized by a national data protection authority and requires firms to inform the concerned person beforehand. This is now clearly becoming more of a sensitive issue, which is capturing the interest of citizens and firms concerned about the safety of their personal information, and may turn into a vote winner in the upcoming Parliamentary elections. It is therefore unsurprising that the EU Parliament has pressed ahead to tighten the grip on data transfer, even though the Regulation will not be finalized before the end of 2014.

“The Parliament has also shown to be aware of the importance of a robust set of fines, which will now be significantly higher than the EC’s initial proposal. They can now go up to €100 million, or 5% of a company’s annual worldwide turnover (whichever is greater) instead of €1 million, or 2% of the turnover initially proposed. Having significantly deterrent fines will be a key factor for the success of the new rules, since many firms whose business is across different geographies will often have to decide which rules they have to respect (e.g. whether to satisfy a request for data coming from the US, or refusing it to comply with EU regulation). However, it will be important to ensure that the fines are not disproportionate for small businesses, such as the flourishing tech start-ups on which European policymakers are relying to boost the EU’s economy. A phased introduction, or a more detailed differentiation in the set of fines, will be necessary in this respect.”

Reuters - Mar 12, 2014 - Criminal botnets 'hijacked' by NSA

Reuters reported that the NSA has been hijacking botnets from criminals for own benefits.

This revealed by Edward Snowden.

http://www.reuters.com/article/2014/03/12/us-usa-security-nsa-botnets-idUSBREA2B21420140312



PR - Mar 10, 2014 - McAfee Labs Q4 Report Reveals Techniques Used in High-Profile Data Breaches

Today, McAfee Labs released the McAfee Labs Threats Report: Fourth Quarter 2013, highlighting the role of the “dark web” malware industry as a key enabler of high-profile point-of-sale (POS) attacks and data breaches in the fall of 2013.

The main findings of the report include the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data. McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.

Some additional Q4 2013 findings include:
  • Mobile malware, with the mobile malware zoo of unique samples growing by an astounding 197%
  • Ransomware, which rose by 1 million new samples for the year
  • Suspicious URLs, with a 70% increase in 2013
  • Malware proliferation, where McAfee Labs found 200 new malware samples every minute
  • Master boot record-related, with found 2.2 million new MBR-attacks in 2013

Details.

PR - Moscow, Mar 7, 2014 - An average of 900 online resources are active on TOR daily

In recent months Kaspersky Lab experts have been closely monitoring so-called Darknet resources, mostly the Tor network.

'The Onion Router' or TOR which enables tracing real location of servers almost impossible by relaying messages across a virtual network consists of TOR software installed on supporting servers.

Recently cybercriminals have started actively using Tor to host malicious infrastructure. Kaspersky Lab experts found Zeus with Tor capabilities, then they detected ChewBacca and finally analyzed the first Tor Trojan for Android. A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc.

TOR first came into prominence when FBI (USA) shutdown Silk Road on Week 4 of Oct 2013.

Details.

PR - Feb 26, 2014 - HP Awarded $32.4 Million Cybersecurity Contract by U.S. Department of Homeland Security

HP today announced the U.S. Department of Homeland Security (DHS) has awarded the company a cybersecurity contract worth up to $32.4 million—the largest acquisition of software security assurance tools worldwide—under the DHS Continuous Diagnostics and Mitigation (CDM) government-wide Blanket Purchase Agreement (BPA).

Under this award, HP will provide licenses for two industry-leading enterprise security solutions that will be used to address the application security requirements with the CDM program: HP WebInspect and HP Fortify Static Code Analyzer.

http://www8.hp.com/us/en/hp-news/press-release.html?id=1590576&pageTitle=HP-Awarded-$32.4-Million-Cybersecurity-Contract-by-U.S.-Department-of-Homeland-Security--#.Uyd-iKKEySo

Comments