Computer Security Updates Week 4 of Jan 2013

Refer to Computer Security Updates Week 3 of Jan 2013.

In a nutshell:
  • Cyber-Ark launches new solution for securing and auditing privileged accounts on UNIX-based systems
  • Kaspersky Lab invites Malaysian students to participate in research paper competition - CyberSecurity for the Next Generation, Asia-Pacific & MEA Round 2013.
  • US authorities charge three people over 'Gozi' APT.
  • Microsoft survey shows people felt insecure about online data privacy.
  • Fortinet launches security appliances for DDoS (Distributed Denial-of-Service) attacks protection - enterprise grade. 
  • Symantec identifies Android.Exprespam - Android.Exprespam is a Trojan horse for Android devices that displays a fake message and steals personal information stored on the compromised device.
  • McAfee Outlines Strategy for Future of Business Security.
  • Sophos identifies fake Plants vs Zombies on Google Play.
Check out more on security and weekly updates series.

Jan 24,2013 - Cyber-Ark Launches New Solution for Securing and Auditing Privileged Accounts on UNIX-based Systems

Cyber-Ark® Software announced the release of its new SSH Proxy solution that secures, audits, and reports on all privileged SSH activity in UNIX environments. The new solution, available as part of Cyber-Ark’s Privileged Session Management (PSM) suite, monitors and records command-level activity, protects against malware-based attacks and provides real-time intelligence on malicious activity without changing SSH session workflows.

For more information on Cyber-Ark’s Privileged Session Management Suite, visit the website or download Cyber-Ark’s Next Generation Jump Server Solution Whitepaper.

More details.

Jan 23, 2013 - Kaspersky Lab Cybercrime Research Competition is Back

Kaspersky Lab, a leading developer of secure content and threat management solutions is calling on Malaysian students from universities and other higher education institutions to participate in a research competition on cybercrime.

Kaspersky Lab’s CyberSecurity for the Next Generation, Asia-Pacific & MEA Round 2013 aims to assemble students, experts and researchers to share their valuable knowledge and inspiring ideas related to cyber security.

The three best papers from Asia-Pacific & MEA Round will be given awards and valuable prizes; 1st place $1000, 2nd place $750 and 3rd place $500 from Kaspersky Lab and the authors will be invited to attend the international ‘CyberSecurity for the Next Generation’ conference at Royal Holloway, University of London, United Kingdom in June 2013.

To register and submit the papers, click here.

More details.

Jan 23, 2013 - Gartner Positions Oracle as a Leader for Identity Management (US Market)

Gartner, Inc. has again named Oracle as a leader in both of its latest identity management reports – specifically the “Magic Quadrant for Identity and Access Governance” for the fifth year and the “Magic Quadrant for User Administration/Provisioning” for the second year.

Identity management is a set of software suite which provides security control via means of user identification and access control. A popular competitor is Microsoft Active Directory.

More details.

Jan 23, 2013 - U.S. authorities charge three over 'Gozi' computer virus

'Gozi' or Gozi Prinimalka is a russian APT and was considered to be one of 2012 most destructive threats. It was planned to target 30 American banks in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hijacking scenarios.

US prosecutors said was one of the most financially destructive computer viruses in history.

Three people were charged with a variety of counts, including conspiracy to commit computer intrusion and conspiracy to commit bank fraud.

More details.

Jan 23, 2013 - Survey Shows People Need More Help Controlling Personal Info Online (US Market)

To mark Data Privacy Day 2013, Microsoft Corp. released new data reflecting consumers’ perceptions about how their information is used online and a new series of short videos to help people better manage their online privacy.

According to the results of a Microsoft-commissioned survey* of 1,000 U.S. adults, people feel they have little to no control about how their data may be collected by online companies. They are also increasingly in search of trusted sources of information to help them make better choices about their online privacy.

More details.

Jan 23,2013 - Fortinet arms Malaysian providers against DDoS attacks

NETWORK security solutions provider Fortinet has announced the immediate availability of the FortiDDoS product family for enterprises, web-hosting and cloud service providers in Malaysia.

The new FortiDDoS-100A, FortiDDoS-200A and FortiDDoS-300A are dedicated appliances that are designed to detect and help protect against today’s most damaging and sophisticated DDoS (Distributed Denial-of-Service) attacks, the company said in a statement.

More details.

Jan 22, 2013 - Android malware potentially infects thousands of devices stealing personal data

Symantec’s Security Response team has published an analysis of malware that targets Android users for personal information. Android.Exprespam was discovered at the beginning of January and has only been around for a couple of weeks, but analysis shows that the scammers seem to be having a lot of success with the malware already.

The data obtained indicates that the fake market called Android Express’s Play has drawn over 3,000 visits in a period of a week from January 13 to January 20, resulting in potential theft between 75,000 and 450,000 pieces of personal information - it was distributed via fake market called Android Express’s Play.

More details.

Jan 21, 2013 - McAfee Outlines Strategy for Future of Business Security

McAfee announced its strategy for building upon Security Connected, the framework in which security products and services work together to safeguard businesses with better protection from new types of attacks. McAfee will expand its current broad portfolio through strategic acquisitions, development projects and key partnerships to deliver more integrated solutions and comprehensive protection across mobile devices, endpoints, servers, and network through an extensible framework.

Check out McAfee's enterprise security portfolio which consists of:
  • Integrated Management - McAfee ePolicy Orchestrator,McAfee Enterprise Security Manager
  • Intelligent Solutions - McAfee Network Security,McAfee Endpoint Security
  • Innovative Technology - McAfee Global Threat Intelligence (GTI),Hardware-Enhanced Security
  • Open Architecture - McAfee is the only security vendor that has opened up its systems to connect with other vendors and has created a network of more than 150 partners integrating with the McAfee Security Connected framework.
More details.

Jan 21, 2013 - Fake Plants vs Zombies and other Android games infiltrate Google Play store, make money for fraudsters

Sophos' Graham Culey identified fake 'Plants vs Zombies' mobile app on Google Play. The app apparently was published by developer called "abbaradon".

The app itself isn't Plants vs Zombies at all. It's a simple jigsaw puzzle-type app, that uses an image from the game.

More details.