Refer to 'Computer Security Updates Week 2 of Dec 2012'
The standing for the important threats identified for 2012, some of which are APTs (Advanced Persistent Threats) remains. These threats are:
Dec 21, 2012 - Businesses Embracing Encryption to Protect Their Most Sensitive Data
Almost half of companies worldwide have started using encryption technology to protect critical data. At the same time, companies are facing difficulties in implementing encryption systems and require comprehensive security solutions that are both effective and simple to use.
Key Numbers
Dec 20,2012- Symantec Announces Android.Pikspam
It is a madware - mobile adware which Symantec predicted to be a greater nuisance by 2013.
Just before the year comes to an end an Android SMS spam botnet, detected by Symantec as Android.Pikspam, has been discovered. While delivering spam by botnets is nothing new, mobile technology has opened up new attack vectors to cybercriminals who are using the proven attack techniques of social engineering and spam with success on mobile devices. This attack consists of SMS messages advertising free versions of popular games, or possibly to inform you that you have won a prize. Unsuspecting victims who receive the text messages and follow the link can download a Trojanized app from a third-party website. To activate, a victim is required to click an icon (like the one shown below). The Trojan installation is hidden from the user and traces of its presence removed while it installs the legitimate app onto the user device. Victims only see the advertised app, duping the victim into believing that all is safe. Once active, the Android.Pikspam Trojan will continually connect to a command-and-control (C&C) server and retrieve text for SMS spam messages along with a list of phone numbers.
More details.
Dec 20,2012 - Security threats: What to expect in 2013 by Check Point Software Technologies Ltd.
Nothing new being mentioned, except for the mention of HTML5. It was quoted "Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. Earlier this year, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5's cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality."
More details.
Dec 20,2012 - 63% of counterfeits infected with malware, claims Microsoft
MICROSOFT Corp unveiled the results of a South-East Asia internal computer security study which found that 63% of counterfeit software DVDs and laptop computers with illegal copies of Windows and other software had high-risk malware infections and viruses.
A staggering 85% of the sampled DVDs and 49% of sampled computers were found to contain malware, the company said in a statement.
These malwares leveraged on windows updates download as back-doors for penetration, be it re-routing download requests to malicious sites or zero-in on which latest security fixes had been denied.
More details.
Dec 18,2012 - Registration Open for 2013 Security Development Conference: Calling All IT Security Professionals
Registration is now open for the second Security Development Conference taking place in San Francisco May 14–15, 2013. The conference theme this year is “Proven Practices, Reduced Risk,” and event keynotes will include Edna M. Conway, chief security strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe products and services; and Scott Charney, corporate vice president, Trustworthy Computing, Microsoft Corp.
The annual event, which Microsoft hosts, brings together security professionals from a variety of organizations and industries around the world. Attendees will hear from leading security experts, grow their professional networks, and learn how to implement or accelerate adoption of secure development practices within their own organizations.
More details.
Dec 18,2012 - Symantec November Symantec Intelligence Report
Data breach - more than 80% of data breaches that are occurring this year are with organizations whose Internet presence is secondary to their main business, such as the healthcare and education sectors, where online access to services is often set up as a means of convenience instead of a business front. Viewing a website as an auxiliary service may mean laxer security, making them easier targets for data breaches.
Holiday Spam - Spammers are using the holidays as a means to entice users to check out the wares they’re peddling, in much the same way they have in years past, and holiday spam is becoming a norm. Common subject lines include 'thanksgiving, black friday and Christmas.
More details, and November Symantec Intelligence Report - Malaysia.
Dec 18, 2012 - IT Security in 2030: A Forward Look at Tomorrow’s Technologically-Driven Society by Kaspersky Lab
Magnus Kalkuhl, director of Kaspersky Lab’s European Global Research and Analysis Team, predicts the future of IT will dramatically shift by 2030 as cloud computing, augmented reality, quantum computing, artificial intelligence, and nanotechnology evolve into the next generation of information technology.
In Kalkuhl’s article “IT Security in 2030” a bright future of a technology-driven utopia, fueled by innovation and opportunity, is depicted that is completely separate from today’s device and computer-centric digital world. However, as the evolutionary development of future technologies accelerates, Kalkuhl also offers the alternative view of a technology-dependent dystopia, where issues regarding citizens’ privacy, individuality and overall security will be called into question future utopia fueled by innovation and opportunity.
“IT Security in 2030” offers a view into the technologies that are most likely to become a tomorrow’s “day-to-day reality” while analyzing the potential benefits and dangers for each one.
It is a challenger for IBM's Smarter Planet and Fujitsu's human centric intelligent society.
Prediction of the IT Security landscape is not possible without evaluating changes in technology and even society in general.
Dec 18, 2012 - Sophos Makes Significant Strides with Mobile Device Management in 2012
Less than eighteen months after introducing Sophos Mobile Control into its complete security product portfolio, Sophos announced that more than one million devices worldwide are now managed by the mobile device management (MDM) solution. This milestone comes on the heels of several major MDM developments in 2012, from a strategic acquisition to major product enhancements to the release of several free mobile security apps.
These enhancements include Sophos Mobile Control as-a-Service, which eliminates hardware costs and reduces time to administer MDM solutions. With a choice of delivery models, businesses can quickly and easily deploy an MDM solution without any changes to their existing IT infrastructures
More details.
Dec 14,2012 - Kaspersky Lab now detects 200,000 new malicious programs every day
Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The data analyzed in the report was obtained using the Kaspersky Security Network (KSN), the cloud-based infrastructure used by Kaspersky Lab products to report telemetry and to deliver instant protection in the forms of blacklists and heuristic rules, which are designed to catch the newest threats. The 2012 report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab’s products detected and blocked more than 1.5 billion web-based attacks in 2012 and more than 3 billion infected files.
At the present time Kaspersky Lab detects and blocks more than 200,000 new malicious programs every day, a significant increase from the first half of 2012, when 125,000 malicious programs were detected and blocked each day on average.
Kaspersky reports conclusion for 2012 is that 2012 was the year when new platforms such as Mac OS and Android were targeted by cybercriminals and also was the year for Java vulnerability.
Check out more:
Dec 13,2012 - Blue Coat Enables Businesses to Embrace Web and Cloud-based Applications
Blue Coat Systems, Inc., a market leader in Web security and WAN optimization, today introduced new updates for Blue Coat® PacketShaper® appliances that enable businesses to fully embrace Web, cloud and mixed-use recreational applications on the corporate network while providing a high quality user experience for maximum employee productivity. The newest advances for PacketShaper appliances provide visibility into Web applications and operations as well as the group and user-level policies that allow businesses to gain control over the shadow IT infrastructures that arise from the introduction of applications onto the corporate network without IT’s knowledge.
Updated features:
More details.
Dec 12, 2012 - Facebook helps FBI bust cybercriminals who infected 11 million computers
Investigators led by the Federal Bureau of Investigation and aided by Facebook Inc, have busted an international criminal ring that infected 11 million computers around the world and caused more than $850 million in total losses in one of the largest cybercrime hauls in history.
More details.
Dec 6,2012 - Hacker Halted's 9th event in Malaysia
Training agency EC-Council Academy hosted its ninth annual Hacker Halted regional event in Malaysia recently.
More than 400 regional information security professionals are gathered at the Berjaya Times Square Hotel for this year's event. The theme for Hacker Halted APAC 2012 is "Unravelling the Enigma of Insecurity", focuses on security issues related to the transition of desktops to mobile devices, cloud computing, and current hacking technologies," said Wong.
More details.
The standing for the important threats identified for 2012, some of which are APTs (Advanced Persistent Threats) remains. These threats are:
- Koobface
- OSX.FalshBack.K
- Flamer
- Android.Opfake
- Gauss
- MiniFlame
- Malnet
- Gozi Prinimalka
Dec 21, 2012 - Businesses Embracing Encryption to Protect Their Most Sensitive Data
Almost half of companies worldwide have started using encryption technology to protect critical data. At the same time, companies are facing difficulties in implementing encryption systems and require comprehensive security solutions that are both effective and simple to use.
Key Numbers
- Survey conducted by B2B International and Kaspersky Lab in July 2012 polled 3300 senior IT professionals from 22 countries
- 44% of companies have implemented encryption technology to protect critical corporate data
- 36% of IT specialists use full disk encryption (FDE)
- 32% of IT specialists use data encryption on external devices
Dec 20,2012- Symantec Announces Android.Pikspam
It is a madware - mobile adware which Symantec predicted to be a greater nuisance by 2013.
Just before the year comes to an end an Android SMS spam botnet, detected by Symantec as Android.Pikspam, has been discovered. While delivering spam by botnets is nothing new, mobile technology has opened up new attack vectors to cybercriminals who are using the proven attack techniques of social engineering and spam with success on mobile devices. This attack consists of SMS messages advertising free versions of popular games, or possibly to inform you that you have won a prize. Unsuspecting victims who receive the text messages and follow the link can download a Trojanized app from a third-party website. To activate, a victim is required to click an icon (like the one shown below). The Trojan installation is hidden from the user and traces of its presence removed while it installs the legitimate app onto the user device. Victims only see the advertised app, duping the victim into believing that all is safe. Once active, the Android.Pikspam Trojan will continually connect to a command-and-control (C&C) server and retrieve text for SMS spam messages along with a list of phone numbers.
More details.
Dec 20,2012 - Security threats: What to expect in 2013 by Check Point Software Technologies Ltd.
Nothing new being mentioned, except for the mention of HTML5. It was quoted "Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. Earlier this year, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5's cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality."
More details.
Dec 20,2012 - 63% of counterfeits infected with malware, claims Microsoft
MICROSOFT Corp unveiled the results of a South-East Asia internal computer security study which found that 63% of counterfeit software DVDs and laptop computers with illegal copies of Windows and other software had high-risk malware infections and viruses.
A staggering 85% of the sampled DVDs and 49% of sampled computers were found to contain malware, the company said in a statement.
These malwares leveraged on windows updates download as back-doors for penetration, be it re-routing download requests to malicious sites or zero-in on which latest security fixes had been denied.
More details.
Dec 18,2012 - Registration Open for 2013 Security Development Conference: Calling All IT Security Professionals
Registration is now open for the second Security Development Conference taking place in San Francisco May 14–15, 2013. The conference theme this year is “Proven Practices, Reduced Risk,” and event keynotes will include Edna M. Conway, chief security strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe products and services; and Scott Charney, corporate vice president, Trustworthy Computing, Microsoft Corp.
The annual event, which Microsoft hosts, brings together security professionals from a variety of organizations and industries around the world. Attendees will hear from leading security experts, grow their professional networks, and learn how to implement or accelerate adoption of secure development practices within their own organizations.
More details.
Dec 18,2012 - Symantec November Symantec Intelligence Report
Data breach - more than 80% of data breaches that are occurring this year are with organizations whose Internet presence is secondary to their main business, such as the healthcare and education sectors, where online access to services is often set up as a means of convenience instead of a business front. Viewing a website as an auxiliary service may mean laxer security, making them easier targets for data breaches.
Percentages of data type exposed in a typical data breach |
Holiday Spam - Spammers are using the holidays as a means to entice users to check out the wares they’re peddling, in much the same way they have in years past, and holiday spam is becoming a norm. Common subject lines include 'thanksgiving, black friday and Christmas.
More details, and November Symantec Intelligence Report - Malaysia.
Dec 18, 2012 - IT Security in 2030: A Forward Look at Tomorrow’s Technologically-Driven Society by Kaspersky Lab
Magnus Kalkuhl, director of Kaspersky Lab’s European Global Research and Analysis Team, predicts the future of IT will dramatically shift by 2030 as cloud computing, augmented reality, quantum computing, artificial intelligence, and nanotechnology evolve into the next generation of information technology.
Magnus Kalkuhl, Director of Europe Global Research & Analysis Team, Kaspersky Lab |
In Kalkuhl’s article “IT Security in 2030” a bright future of a technology-driven utopia, fueled by innovation and opportunity, is depicted that is completely separate from today’s device and computer-centric digital world. However, as the evolutionary development of future technologies accelerates, Kalkuhl also offers the alternative view of a technology-dependent dystopia, where issues regarding citizens’ privacy, individuality and overall security will be called into question future utopia fueled by innovation and opportunity.
“IT Security in 2030” offers a view into the technologies that are most likely to become a tomorrow’s “day-to-day reality” while analyzing the potential benefits and dangers for each one.
It is a challenger for IBM's Smarter Planet and Fujitsu's human centric intelligent society.
Prediction of the IT Security landscape is not possible without evaluating changes in technology and even society in general.
Dec 18, 2012 - Sophos Makes Significant Strides with Mobile Device Management in 2012
Less than eighteen months after introducing Sophos Mobile Control into its complete security product portfolio, Sophos announced that more than one million devices worldwide are now managed by the mobile device management (MDM) solution. This milestone comes on the heels of several major MDM developments in 2012, from a strategic acquisition to major product enhancements to the release of several free mobile security apps.
These enhancements include Sophos Mobile Control as-a-Service, which eliminates hardware costs and reduces time to administer MDM solutions. With a choice of delivery models, businesses can quickly and easily deploy an MDM solution without any changes to their existing IT infrastructures
More details.
Dec 14,2012 - Kaspersky Lab now detects 200,000 new malicious programs every day
Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The data analyzed in the report was obtained using the Kaspersky Security Network (KSN), the cloud-based infrastructure used by Kaspersky Lab products to report telemetry and to deliver instant protection in the forms of blacklists and heuristic rules, which are designed to catch the newest threats. The 2012 report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab’s products detected and blocked more than 1.5 billion web-based attacks in 2012 and more than 3 billion infected files.
Costin Raiu, Director of Global Research & Analysis Team Kaspersky Lab |
At the present time Kaspersky Lab detects and blocks more than 200,000 new malicious programs every day, a significant increase from the first half of 2012, when 125,000 malicious programs were detected and blocked each day on average.
- In 2012 Kaspersky Lab’s products blocked more than 1.5 billion web-based attacks throughout the year, which is 1.7 times greater than the total amount of web-based attacks in 2011.
- Kaspersky Lab successfully blocked more than 3 billion local infections on users’ computers in 2012. In total, 2.7 million unique modifications of malware and potentially unwanted programs attempting to launch on users’ computers were detected during these incidents.
- In 2012, 99% of all mobile malware detected by Kaspersky Lab was designed for the Android platform. Kaspersky Lab identified more than 35,000 malicious Android programs for the year, which is about six times more than in 2011.
Kaspersky reports conclusion for 2012 is that 2012 was the year when new platforms such as Mac OS and Android were targeted by cybercriminals and also was the year for Java vulnerability.
Check out more:
- Kaspersky Security Bulletin: The overall statistics for 2012
- Top Ten Security Stories that Shaped 2012 and Security Forecast for 2013
Dec 13,2012 - Blue Coat Enables Businesses to Embrace Web and Cloud-based Applications
Blue Coat Systems, Inc., a market leader in Web security and WAN optimization, today introduced new updates for Blue Coat® PacketShaper® appliances that enable businesses to fully embrace Web, cloud and mixed-use recreational applications on the corporate network while providing a high quality user experience for maximum employee productivity. The newest advances for PacketShaper appliances provide visibility into Web applications and operations as well as the group and user-level policies that allow businesses to gain control over the shadow IT infrastructures that arise from the introduction of applications onto the corporate network without IT’s knowledge.
Updated features:
- Granular application and operation visibility -comprehensive, detailed view of traffic on the corporate network
- Group and user-level control
- Aggregate view of user-level activity - aggregate view of a user’s activity across all the devices they are using on the network
More details.
Dec 12, 2012 - Facebook helps FBI bust cybercriminals who infected 11 million computers
Investigators led by the Federal Bureau of Investigation and aided by Facebook Inc, have busted an international criminal ring that infected 11 million computers around the world and caused more than $850 million in total losses in one of the largest cybercrime hauls in history.
More details.
Dec 6,2012 - Hacker Halted's 9th event in Malaysia
Training agency EC-Council Academy hosted its ninth annual Hacker Halted regional event in Malaysia recently.
More than 400 regional information security professionals are gathered at the Berjaya Times Square Hotel for this year's event. The theme for Hacker Halted APAC 2012 is "Unravelling the Enigma of Insecurity", focuses on security issues related to the transition of desktops to mobile devices, cloud computing, and current hacking technologies," said Wong.
More details.
Comments