Google Analytics

Search This Blog

Monday, April 28, 2014

Computer Security Updates Week 5 of Apr 2014

Refer to Computer Security Updates Week 1 of Apr 2014; the biggest news was Kaspersky Lab Launches Real-Time Worldwide Interactive Cyberthreat Map.

For this week / last week, here are / were the biggest news.
  • May 1, 2014 - Bank Rakyat Phishing Site Discovered
  • PR - Apr 30, 2014 - Kaspersky Lab Discovered and Blocked Zero-day Vulnerability in Adobe Flash Player
  • PR - Apr 30, 2014 - CyberArk Eliminates Security Gaps Across Public, Private, Hybrid Cloud and SaaS Environments
  • PR - Apr 29, 2014 - Sophos cloud security solution manages Windows, Mac and Mobile in a single platform
  • USA Today - Apr 29, 2014 - Homeland Security advises consumers to refrain from using IE temporarily due to zero-day (CVE-2014-1776)
  • PR - Apr 29, 2014 - Kaspersky Lab’s Solution for Android-based Devices Proves its Effectiveness in Independent Testing
  • PR - Apr 25, 2014 - McAfee Study: Money Laundering Through Online Gambling
  • PR - Apr 24, 2014 - Kaspersky Lab stats show a surge in Bitcoin cybercrime
  • PR - Apr 24, 2014 - McAfee releases tools to swat the Heartbleed Bug
  • PR - Apr 23, 2014 - CyberArk Defines Maturity Model to Securing Privileged Accounts
  • PR - Apr 21, 2014 - Symantec Corp published Internet Security Threat Report Volume 19 (ISTR 19)
  • PR - Apr 17, 2014 - Kaspersky Lab Reveals Strategic Plans for Expansion in Enterprise IT Security Market
  • PR - Apr 11, 2014 - Kaspersky Lab to Extend Support for Microsoft Windows XP in Corporate and Consumer Products
  • PR - Apr 10, 2014 - Cisco Advanced Malware Protection (AMP) Ranks among Top Breach Detection Systems
  • PR - Apr 10, 2014 - McAfee Defines Strategy For Securing The Internet Of Things
  • PR - Apr 10, 2014 - WatchGuard Technologies Reinvents Advanced Persistent Threat Management with Launch of WatchGuard APT Blocker
  • Apr 8, 2014 - OpenSSL Heartbleed bug: What you need to know about it ?



May 1, 2014 - Bank Rakyat Phishing Site Discovered

The URL is already blacklisted by McAfee Site Advisor as suspicious.

Do not click on it.

Phishing attempt on Bank Rakyat


PR - Apr 30, 2014 - Kaspersky Lab Discovered and Blocked Zero-day Vulnerability in Adobe Flash Player

Kaspersky Lab’s heuristic detection protection subsystem has successfully blocked attacks via a zero-day vulnerability in Adobe Flash software. Kaspersky Lab researchers discovered this loophole, which was targeted by exploits distributed via a legitimate government website created to collect public complaints about breaches of the law in the Middle Eastern country.

In mid-April Kaspersky Lab experts analyzing data from Kaspersky Security Network, discovered a previously unknown exploit. On closer examination it turned out that the exploit was using a previously unknown vulnerability in the popular multimedia software Adobe Flash Player. The vulnerability exists in Pixel Bender – an old component, designed for video and photo processing.

Details.

PR - Apr 30, 2014 - CyberArk Eliminates Security Gaps Across Public, Private, Hybrid Cloud and SaaS Environments

CyberArk, the company securing the heart of the enterprise, today announced it has extended the CyberArk Privileged Account Security Solution to all major public, private, hybrid cloud and software as a services (SaaS) environments. By integrating with leading business, social media, IT and operational cloud solutions, CyberArk empowers customers to discover, monitor and secure privileged accounts across the entire IT infrastructure, protecting the primary pathway of all advanced attacks.

Plugging this critical security gap, CyberArk’s new cloud capabilities enable full monitoring and control over all privileged and administrative credentials that are uniquely required to manage cloud environments and hosted images. CyberArk is the only provider with a full solution-set, including behavioural analytics, covering the entire spectrum of privilege, including out of the box integrations with SaaS applications, hypervisor management solutions, as well as supporting major cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure.

Details.

PR - Apr 29, 2014 - Sophos cloud security solution manages Windows, Mac and Mobile in a single platform

Sophos today announced the latest version of Sophos Cloud, the company’s cloud-based solution for small- and mid-sized organizations seeking a simpler approach to IT security that still provides world-class protection. The new version of Sophos Cloud claims to leapfrog competitive solutions, as it is the only cloud-managed security service to manage Windows, Mac and mobile devices from a single console. It features user-based management, reporting and licensing; built-in web security to prevent user access to malicious and infected websites, and new policy-based Web Control features to enforce safe and productive web usage. Sophos Cloud is effortless to deploy and easy to use and manage for IT managers and channel partners, given its simple, intuitive user experience

A recent Sophos survey of IT managers highlighted the growing challenge of device diversity across their organizations, with a need to support Windows PCs, Macs and mobile devices: 78 percent support or plan to support Macs on their corporate networks, and 41 percent see the number of Macs increasing in their corporate environments. A recent IDC study showed that a quarter of SMBs are using mobile device management (MDM) and Sophos is the number one solution. However, 75 percent still have not adopted MDM and with this new release Sophos has made it simpler than ever for those customers to get control of their mobile devices to secure their future

Details.

USA Today - Apr 29, 2014 - Homeland Security advises consumers to refrain from using IE temporarily due to zero-day (CVE-2014-1776)

USA Today reported that the U.S. Department of Homeland security advised consumers not to use Internet Explorer web browser until a fix has been published for a serious security flaw.

It has emerged that the bug was first published by FireEye.

The flaw, supposedly categorized as 'watering-hole attacks', allows attackers to penetrate through the sandbox of web browser into Windows operating system.

In the original posting by FireEye, it published the flaw as a zero-day exploit of IE.

The post wrote that "The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to the vulnerability and released security advisory to track this issue."

Technically, FireEye reported that the exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections.

In response to the latest Microsoft Internet Explorer Zero Day vulnerability, Symantec is the first to provide a script to mitigate against the attacks and has posted the tool on its blog for users to download.

According to Symantec, Microsoft is working on a patch, but it will not be made available for XP users – the Symantec tool offers a workaround for those users.


All versions of IE on all platforms are affected and users can be exploited by browsing to maliciously crafted web pages. It's being used in targeted attacks which either means a malicious link is being sent in spear phishing emails or they’re setting up watering hole sites. For more information on how to stay protected, please see the image below and attached. and IE users.

http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html



PR - Apr 29, 2014 - Kaspersky Lab’s Solution for Android-based Devices Proves its Effectiveness in Independent Testing

Kaspersky Internet Security for Android earned top marks in the independent testing of mobile security products conducted by AV-Test in March 2014. Kaspersky Lab’s solution successfully blocked all threats and its performance received the highest rating from the test lab.

Kaspersky Internet Security for Android identified and neutralized 100% of the malware samples, compared with a 95% average score for all the participating solutions. It produced zero false positives and did not have any appreciable impact on the resources of the mobile device. This earned Kaspersky Internet Security for Android a score of 13 points out of 13, and a “Certified” award.

Details.

PR - Apr 25, 2014 - McAfee Study: Money Laundering Through Online Gambling

Online gambling involves huge volumes of transactions and cash flows, which might sometimes disguise money-laundering activities.

Money laundering is also made easier as online gambling does not involve a physical product or exchange of currency, which further complicates the task of tracking the flow of money.

In its report, Jackpot! Money Laundering Through Online Gambling, that was released today, McAfee (part of Intel Security) revealed three critical areas in which online gambling platforms enable money laundering.

These critical areas that the report explores are:
  • Anonymity advantages — Online casinos are designed to operate across jurisdictions, and casino operators are fairly advanced in the ways in which they support player anonymity
  • Various payment options available — There is a wide variety of gambling options, featuring various account deposit and withdrawal methods and middleman entities processing the transaction
  • Too many sites to police — As of November 2013, there were about 104 international jurisdictions regulating approximately 2,734 Internet gambling websites. In addition, there are estimated to be more than 25,000 unregulated gambling websites around the world
Details.


PR - Apr 24, 2014 - Kaspersky Lab stats show a surge in Bitcoin cybercrime

According to the ‘Financial cyber threats in 2013’ study carried out by Kaspersky Lab, financial malware targeting Bitcoin became extremely popular in 2013. The number of attacks targeting the crypto-currency increased more than 2.5 times and accounted for 8.3 million incidents.

More than 30 samples of finance-related malware were selected for Kaspersky Lab research. Nine of them were the program designed to steal the crypto-currency. These nine represented a total of 29% of all financial cyber attacks performed using malicious applications.

The percentage of users attacked by different types of malware each month

The tools used by cybercriminals to steal bitcoins can be divided into two categories. The first category includes programs created to steal wallet files. Applications in the second category are designed to install software for bitcoin generation ("mining”) on an infected computer. In absolute terms the bitcoin wallet thieves performed twice as many attacks in 2013; however, the tools for "mining" developed more rapidly.

Details.

PR - Apr 24, 2014 - McAfee releases tools to swat the Heartbleed Bug

Today McAfee part of Intel Security, has released two new tools to help consumers staying safe from the Heartbleed Bug, a vulnerability in OpenSSL that was discovered earlier this month.

McAfee Web Gateway (MWG) is available for corporate customers to detect and block users from accessing a site with the Heartbleed bug. MWG has the unique advantage of the so-called "subscribed lists" and "external lists" features that allow it to talk to external services, meaning that while being used concurrently with the "Heartbleed Vulnerability Checker" hosted on a web server (either on the internet or in any local environment), it will be able to provide information about vulnerable destination servers to MWG.

McAfee Heartbleed Detector app for Android helps consumers determine if a mobile device is vulnerable, as well as assess their apps’ risk level. This is done by checking which version of OpenSSL the Android device is using as well as checking the OpenSSL version of every app installed on the device.

PR - Apr 23, 2014 - CyberArk Defines Maturity Model to Securing Privileged Accounts

CyberArk, the company securing the heart of the enterprise, today released a maturity model to securing privileged accounts, titled The Three Phases of Securing Privileged Accounts: A Best Practices Guide. This guide will enable organisations to wrap their arms around how to prevent exploitation of this critical security layer by providing a simple, yet effective, framework for applying the best security strategy for any environment.

In this new paper, CyberArk simplifies the process of identifying, securing and managing these powerful accounts for organisations, detailing key phases of privileged account security.

Details.

PR - Apr 21, 2014 -Symantec Corp published Internet Security Threat Report Volume 19 (ISTR 19)

In 2013, there was a 62 percent increase in the number of data breaches globally from the previous year, resulting in more than 552 million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike. One mega breach can possibly be worth 50 smaller attacks.
(L-R) David Rajoo, Eric Hoh and Nigel Tan

Nigel Tan, Director of Systems Engineering at Symantec Malaysia said, “Malaysia’s Internet security profile declined last year and ranked 33rd among countries globally on Internet security threat activities. This is a clear indication that cybercriminals have not slowed down, in fact they are increasing the efficiency of their campaigns and have their eye on Small and Medium Businesses (SMBs) with less than 500 employees, in particular the healthcare and transport/utility sectors in Malaysia.”

Details.

PR - Apr 17, 2014 - Kaspersky Lab Reveals Strategic Plans for Expansion in Enterprise IT Security Market

On 15 April 2014, Kaspersky Lab revealed its vision of enterprise security at the company’s annual Cyber Security Summit in San Francisco, U.S.A. The event focused on how enterprise IT security realities affected businesses worldwide and featured commentary and panel discussions from influential figures in IT security. At the event, Kaspersky Lab also announced several new security solutions that are now available, as well as planned solutions and business strategies that will guide the company’s growth throughout the year.

A key theme discussed at the event included recent and significant changes to the IT security landscape: sophisticated attacks and complex cyber-espionage campaigns targeting corporations are “the new normal.” Another area of focus was how the IT industry also faces a rising tide of advanced threats specifically targeting financial service networks, a segment which requires specialized security solutions to meet their unique needs.

In 2013 Kaspersky Lab continued to deliver strong growth in the corporate IT security segment: 9% growth in the corporate segment overall and 18% in the enterprise segment*. Kaspersky Lab’s corporate client base exceeded 250,000 companies located around the globe, ranging from small and medium-sized businesses all the way up to large governmental and commercial organizations.

Details.

PR - Apr 11, 2014 - Kaspersky Lab to Extend Support for Microsoft Windows XP in Corporate and Consumer Products

Kaspersky Lab would like to assure its customers that although Microsoft will end support for the Windows XP SP3 operating system in April 2014, our company’s security solutions will continue to protect these systems beyond the Microsoft cut-off date, in accordance with Kaspersky Lab’s scheduled product life-cycles.

The list of products that will maintain compatibility with Windows XP include Kaspersky Lab’s corporate security solution - Kaspersky Endpoint Security 10 for Windows - as well as current and future versions of its consumer protection solutions, such as Kaspersky Anti-Virus 2013 and Kaspersky Internet Security 2013.

Details.

PR - Apr 10, 2014 - Cisco Advanced Malware Protection (AMP) Ranks among Top Breach Detection Systems

Today, Cisco announces that its Advanced Malware Protection (AMP) solution ranks as among Top Breach Detection Systems by leading independent security research and testing center, NSS Labs.

Cisco AMP scored a 99% overall breach detection rating and is proven with 100% detection of exploits in testing, demonstrating its leadership in identifying the malicious software used to breach and compromise systems.

Christopher Young, Cisco Security Group's Executive

Cisco Security Group’s executive, Christopher Young highlighted that the innovation in Advanced Malware Protection from Sourcefire, a company that Cisco recently acquired, is a critical component of Cisco’s security strategy. Cisco is taking a leadership position in delivering end-to-end protection including against advanced threats.

Details.

PR - Apr 10, 2014 - Mcafee Defines Strategy For Securing The Internet Of Things

Companies of all sizes are linking objects as diverse as smartphones, cars and household appliances to industrial sensors. While this connectivity brings convenience and opens a world of opportunities it also creates unprecedented security challenges in data privacy, safety, governance and trust.

To address these issues, McAfee (part of Intel Security) today outlined its strategy for enabling the secure Internet of Things (IoT). Utilizing McAfee’s history of securing the most demanding digital environments, McAfee is building and delivering future-focused security solutions that are essential in a world in which every device is connected.

McAfee feels that a comprehensive IoT strategy includes:
  • A secure and holistic solution for information rich environments across multiple environments and devices
  • Assurance that devices are operating as intended and have not been corrupted
  • Life cycle security across the device, network, and data center
  • Support for industry standards and device interoperability
  • Ability to solve Information Technology/Cloud services challenges
  • Provide technology to assure individual privacy

Details.

PR - Apr 10, 2014 - WatchGuard Technologies Reinvents Advanced Persistent Threat Management with Launch of WatchGuard APT Blocker

Advanced Persistent Threats (APTs) have long been understood to target government and state-owned organisations. However, in recent years, attackers have shifted their attention towards smaller organisations. Not anticipating these attacks, many small businesses are easy victims for ransomware as well as being used as pawns to penetrate networks of larger organisations. WatchGuard has since developed a new defense feature called the APT Blocker, which utilizes the latest code emulation technology that is able to detect evasive maneuvers that conventional sandboxing cannot.

Check out the evolution of APT (infographic) - interesting.

Details.

Apr 8, 2014 - OpenSSL Heartbleed bug: What you need to know about it ?

Reports on OpenSSL Heartbleed bug was first published by Trend Micro on Apr 8, 2014. CloudFlare also published a report on it on Apr 8, 2014 - whilst others a few days later, i.e Sophos published a report around Apr 10, 2014.

Thanks to Trend Micro who did a fantastic job in articulating the bug, here are some must-know facts about Heartbleed bug. I will just copy and paste the exact words directly to maintain greatest transparency.

http://blog.trendmicro.com/trendlabs-security-intelligence/skipping-a-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/
  • OpenSSL introduced an extension called Heartbeat around December 2011, with its 1.0.1 build release as defined in the RFC 6520 TLS/DTLS Heartbeat Extension. This extension’s function was to help avoid reestablishing sessions and allow for a mechanism by which SSL sessions could be kept alive for longer.
  • The vulnerability, dubbed as the Heartbleed Bug, exists on all OpenSSL implementations that use the Heartbeat extension. When exploited on a vulnerable server, it can allow an attacker to read a portion — up to 64 KB’s worth — of the computer’s memory at a time, without leaving any traces.
  • At its core, the Heartbleed bug is a simple and usual programming error, the kind of which leads to security issues. In simplified terms, it returns memory contents without checking on how much it actually reads and returns.
  • This vulnerability has been assigned with the identifier CVE-2014-0160.
http://www.trendmicro.com/us/security/heartbleed/index.html
  • According to Netcraft data: although 66% of sites use OpenSSL, only 17% are susceptible to the Heartbleed Bug, as of April 8th, 2014.
  • While the use of OpenSSL is widespread, the impact of Heartbleed is mitigated depending on the configuration of the systems using it.

    You are not vulnerable if you are:
    • not using OpenSSL (there are alternatives and many organizations use Hardware Security Modules instead of software implementation of SSL)
    • using OpenSSL compiled without the heartbeat function enabled (this excludes the heartbeat function being exploited in this attack)
    • using OpenSSL 1.0.0 or earlier (this bug was introduced following this release)
  • There have been no successful Heartbleed attacks documented to date as at Apr 8, 2014.

No comments: