Computer Security Updates Week 3 of Jan 2013

Refer to 'Computer Security Updates Week 2 of Jan 2013' which seals the conclusions for 2012 - let's move forward now.

In nutshell:
  • Kaspersky Lab Identifies new new APT known as  Operation “Red October”
  • Symantec launches new releases of system recovery tools for Windows 8, Windows Server 2012 and vSphere 5.1
  • Sophos cited as a Leader in New Endpoint Security Report 
  • Java security flaws linger on - Oracle is in the process of issuing fixes.

Jan 18 - 2013 - Symantec System Recovery 2013 Delivers Powerful and Easy To Use System Protection for Windows Server 2012 and vSphere 5.1

Symantec Corp. announced Symantec System Recovery 2013 in Malaysia, providing organisations with comprehensive system protection with full platform support for Windows 8, Windows Server 2012 and vSphere 5.1. With the new version, system recovery is even more efficient and easier to manage with simplified installation, efficient backup and reconciliation, free centralised management, and easier issue diagnosis. Symantec System Recovery 2013 continues to allow companies to restore physical and virtual systems in minutes, even to bare metal, dissimilar hardware, remote locations, or virtual environments.
Alex Ong, Country Manager, Malaysia, Symantec

The new features in this latest release further extend Symantec System Recovery’s leadership position in disaster recovery and data protection for businesses of all sizes. Symantec System Recovery 2013 includes support for the latest applications and operating systems, a new management solution for large scale deployments, and faster backup windows by up to 750 percent.

“IT organisations in Malaysia today face hardware, software and application downtime, lasting short periods of time to shutting down the business for days on a regular basis. Without adequate planning and preparation, any type of downtime can compromise a return to operations and cause financial damage as the ability to generate revenue is lost,” said Alex Ong, country director Symantec Malaysia. “In today's world, the need to ensure constant access to key applications is paramount. Symantec System Recovery 2013 provides SMBs with affordable application availability by simplifying recovery of both physical and virtual platforms.”

More details.

Jan 16, 2013 - Symantec Global Survey Reveals Upsurge in Rogue Clouds and Other Hidden Costs

More than 90 percent of all organizations are at least discussing cloud, up from 75 percent a year ago. Other key survey findings showed enterprises and SMBs are experiencing escalating costs tied to rogue cloud use, complex backup and recovery, and inefficient cloud storage.

Cloud computing adoption issues:

  • Rogue Cloud Issues - among organizations who reported rogue cloud issues, 40 percent experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services
  • Cloud Backup and Recovery Issues - most see cloud recovery as a slow, tedious process. Only 32 percent rate this is as fast and 22 percent estimate it would take three or more days to recover from a catastrophic loss of data in the cloud
  • Inefficient Cloud Storage
  • Compliance and eDiscovery Concerns - according to the survey, 49 percent of organizations are concerned about meeting compliance requirements in the cloud, and a slightly larger number (53 percent) are concerned about being able to prove they have met cloud compliance requirements
  • Data in Transit Issues - the survey showed companies found managing many SSL certificates to be highly complex: Just 27 percent rate cloud SSL certificate management as easy and only 40 percent are certain their cloud-partner’s certificates are in compliance with corporate standards

More details.

Jan 15, 2013 - Kaspersky Lab Identifies Operation “Red October”

Kaspersky Lab published a new research report which identified an elusive cyber-espionage campaign targeting diplomatic, governmental and scientific research organizations in several countries for at least five years. The primary focus of this campaign targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America. The main objective of the attackers was to gather sensitive documents from the compromised organizations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment.

Red October Demographics

In October 2012 Kaspersky Lab’s team of experts initiated an investigation following a series of attacks against computer networks targeting international diplomatic service agencies. A large scale cyber-espionage network was revealed and analyzed during the investigation. According to Kaspersky Lab’s analysis report, Operation Red October, called “Rocra” for short, is still active as of January 2013, and has been a sustained campaign dating back as far as 2007.

Jan 14, 2013 - Sophos Cited as a Leader in New Endpoint Security Report

Sophos announced that it has been positioned as a Leader in Forrester Research, Inc.’s new Client Security report, The Forrester Wave™: Endpoint Security, Q1 2013, a comprehensive overview of the endpoint protection vendor landscape. Forrester said that Sophos “delivers strong security capabilities,” and that its “antimalware product has one of the best malware detection rates on the market today and is well-reviewed in third-party studies.”

More details.

Jan 12,2013 - Oracle to fix Java security flaw

2012 was the year described as the year of Java security flaw. It took over from Adobe Reader as the most frequently exploited software in the industry.

Oracle was reported that they are planning fixes for these flaws.

Nonetheless, the U.S. Department of Homeland Security warned that software patches will not be enough. This is most likely attribute to the fact that Java's cross platform architecture isn't built from a comprehensive security framework standpoint.

This is getting interesting, given that Java is now owned by one of the world's biggest software maker and was the front-runner for cross-platform before Microsoft even invented the .NET framework.

Could this be the beginning of the sunset for Java ?