Computer Security Updates Week 1 of Mar 2013

Refer to 'Computer Security Updates Week 4 of Feb 2013'; in which the biggest news was about announcement of releases of Oracle security patch updates.

Security news blossomed this week, where we witnessed the followings:

  • Sophos published that Evernote were hacked - almost 50 million passwords reset after security breach.
  • Huawei launches new version of eSight with enhanced enterprise security features.
  • Symantec discovers latest Java Zero-Day exploit; Trojan.Naid.
  • Kaspersky Lab together with CrySys Lab identifies 'MiniDuke' which is considered to be a fresh malware released no earlier than Feb 2013. 
  • HP helps organizations improve security by providing context to big data. 
  • Akamai releases updates for Kona Site Defender.
  • Sourcefire introduces Dedicated Advanced Malware Protection Appliance in Malaysia.
  • McAfee acquires ValidEdge for its remarkable sandboxing technology. 
  • Imation: 18% drop in confidence of corporate data security contributed by mobile workforce trend.
  • Remotium named Most Innovative Company at RSA® Conference 2013.
  • Blue Coat Systems releases 2013 mobile malware report
  • Palo Alto Networks publishes Application Usage and Threat Report.

Check out more on security and weekly updates.


Sophos, Mar 2, 2013 - Evernote hacked - almost 50 million passwords reset after security breach

Evernote, the online note-taking service, has posted an advisory informing its near 50 million users that it has suffered a serious security breach that saw hackers steal usernames, associated email addresses and encrypted passwords.

Technical details are not available yet. Evernote advises users to choose a strong password, and to be suspicious of reset password links sent to users via email. Furthermore, everyone should ensure that they are not using the same password on multiple sites.

Get more details.

Shenzhen, China, March 1, 2013 - Huawei Launches eSight New Version to Help Enterprises Create Highly Intelligent, Innovative and Secure Networks

Huawei, a leading global information and communications technology (ICT) solutions provider, today announced the global launch of eSight new version, an integrated enterprise network management solution specially developed to address network management issues arising from the technological evolutions, such as Bring Your Own Device (BYOD) and Software Defined Networking (SDN). With eSight new version, Huawei has created an intelligent, innovative and secure enterprise network management system tailored for ICT users that contains an impressive array of function-rich components, including Access Control Manager (ACM), Data Center (DC) nCenter, and eSight Mobile.

Get More details.

Mar 1, 2013- Latest Java Zero-Day Shares Connections with Bit9 Security Incident

Symantec recently received information on a new Java zero-day, Oracle Java Runtime Environment CVE-2013-1493 Remote Code Execution Vulnerability (CVE-2013-1493). The final payload in the attack consisted of a DLL file, detected by Symantec as Trojan.Naid, which connects to a command-and-control (C&C) server at 110.173.55.187.

In a nutshell, Oracle Java Runtime Environment (JRE) is prone to a remote code execution vulnerability.Oracle JRE 1.6.0 Update 41 and 1.7.0 Update 15 are vulnerable; other versions may also be affected. According to Symantec's intelligence, there is no update patch made available by Oracle yet.

Anatomy of latest Java zero-day attack

Interestingly, a Trojan.Naid sample was also signed by the compromised Bit9 certificate discussed in the Bit9 security incident update and used in an attack on another party.

The Bit9 security incident was a series of organized attacks on the deployment of Bit9's self-hosted virtual machines that was brought online earlier. Almost as-if  attempted humiliation attacks for the company who preaches on trust-based security, Bit9 acknowledged that it happened due to lapse in standard operating procedures in which they forgot to use their own security systems on their own servers.

Get more details.

Feb 28, 2013 - Kaspersky Lab Identifies ‘MiniDuke’, a New Malicious Program Designed for Spying on Multiple Government Entities and Institutions Across the World

The MiniDuke backdoor was used to attack multiple government entities and institutions worldwide during the past week. Kaspersky Lab’s experts, in partnership with CrySys Lab, analyzed the attacks in detail and published their findings.

According to Kaspersky Lab’s analysis, a number of high profile targets have already been compromised by the MiniDuke attacks, including government entities in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland. In addition, a research institute, two think tanks, and healthcare provider in the United States were also compromised, as was a prominent research foundation in Hungary.

Eugene Kaspersky, Founder and CEO of Kaspersky Lab personally takes interest in this malware and is intrigued by its old-fashion characteristics. “MiniDuke’s highly customized backdoor was written in Assembler and is very small in size, being only 20kb,” added Kaspersky. “The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous.”

The malware is believed to be as freshly released as on February 20, 2013 and exploits the Adobe Reader patch of CVE-2013-6040 which it is able to bypass the sandbox of Adobe versions 9, 10, and 11.

To compromise victims, the attackers used extremely effective social engineering techniques, which involved sending malicious PDF documents to their targets. The PDFs were highly relevant - with well-crafted content that fabricated human rights seminar information (ASEM) and Ukraine’s foreign policy and NATO membership plans.

MiniDuke is C&C-powered. In short, MiniDuke exploits Adobe's patch loophole to gain backdoor access to computers and then power up command & control feature to allow penetration by attackers.

Full research report by Kaspersky Lab and the recommendations for protecting against MiniDuke attacks, reports from CrySys Lab.

Feb 28, 2013 - HP Helps Organizations Improve Security by Providing Context to Big Data

HP announced new offerings that enable organizations to use unique contextual understanding to gain actionable security intelligence from Big Data to better detect and prevent threats.

For the first time, organizations can automatically apply sentiment analysis and event information to their Big Data and security event platforms to gain real-time visibility into the internal and external threat landscape.

These are achieved mainly via two enablers:
  1. Uniting comprehensive, real-time correlation with content analytics.
  2. Leveraging Hadoop Big Data for broader security analysis.
Get more details.

Feb 27, 2013 - Akamai Raises the Bar for Web Security With Enhancements to Kona Site Defender

Akamai® Technologies, Inc., the leading cloud platform for delivering secure, high-performing user experiences to any device, anywhere, unveiled several feature upgrades to the company’s Kona Site Defender web security solution. The enhancements are designed to add greater intelligence, flexibility and simplicity to the defense of web site and application attacks, giving businesses the tools to help organizations of all types better protect web sites and applications from an ever changing threat landscape.

Included in the new version of Kona Site Defender are upgraded Web Application Firewall (WAF) capabilities and network layer controls, new user validation capabilities and improved configuration and automation tools that speed both initial deployment and response time to changing attacks. Further, Akamai has developed Application Programming Interfaces (APIs) and other modifications to Kona Site Defender. These are designed to make the technology easier to use by Managed Security Services Providers (MSSP) as well as to facilitate tighter integration with existing on-premises security technology.

Get more details.

Kuala Lumpur, 26 February 2013 - Sourcefire Introduces Dedicated Advanced Malware Protection Appliance in Malaysia

Sourcefire launched dedicated Advanced Malware Protection (AMP) appliance in Malaysia which allows users to defend against sophisticated network malwares from the point of entry, through propagation, to post-infection remediation.

Expanding on Sourcefire’s AMP offering portfolio, this new dedicated appliance is built on the industry-leading FirePOWER™ platform and provides increased deployment flexibility for organizations needing immediate protection against advanced malware.

Ivan Wen, the Country Manager of Sourcefire Malaysia shares that enterprises’ networks are constantly evolving and expanding to accommodate business needs. And, attackers are taking advantage of any gaps to permeate a network and accomplish their mission.

Get more details.

RSA CONFERENCE, SAN FRANCISCO/SINGAPORE - February 26, 2013 – McAfee Sets a New Standard for Comprehensive Malware Protection

McAfee announced that is has acquired the ValidEdge sandboxing technology that identifies sophisticated, hard-to-detect malware, to broaden its anti-malware portfolio and further strengthen the McAfee Security Connected approach. McAfee also announced more than 30 malware-focused product enhancements that will extend the company’s lead in comprehensive malware protection.

The acquired technology provides advanced threat detection by running suspected malware in a “sandbox” and learning what impact a suspected malware sample will have on an endpoint. This new technology further strengthens McAfee’s current anti-malware offerings that have been proven as best in class at identifying day zero attacks.

Get more details.

OAKDALE, Minn., Feb 26, 2013 - Imation: 18% Drop In Confidence of Corporate Data Security (US Market Survey)

Imation today revealed the results of a recent online survey of 500 IT decision makers in the U.S., Canada, Germany and the U.K., conducted in January, 2013 by Harris Interactive on behalf of Imation. According to the survey, IT decision makers are significantly less confident in the security of data accessed by employees on the road or at home, despite the fact that mobile device security policies are widely in place and enforced.

Reason for the drop ? - Rising concerns in terms of mobile workers data security risks.Compounding the confidence gap, the survey found that across all countries surveyed, at least 20 percent of employees, on average, worked remotely in 2012, and IT decision makers expect that figure to increase to at least 25 percent in 2013. This is in line with IDC’s prediction that the world’s mobile worker population will reach 1.3 billion by 2015 – representing 37.2 percent of the total workforce.

Get more details.

Feb 26, 2013 - Remotium Named most innovative company at RSA Conference 2013

Remotium won the award - at RSA Conference - based on its potential to impact the broad and pressing enterprise BYOD challenge through a data management approach,all while still enabling employees to comfortably use their own preferred devices.

Remotium solves a host of security problems by using a unique virtual-instance technology that runs mobile applications on public or private clouds and streams the visualization elements to the mobile devices.



Feb 25, 2013 - Blue Coat Systems Releases 2013 Mobile Malware Report

The key findings of Blue Coat Systems 2013 Mobile Malware Report are:
  1. Mobile threats are still largely mischiefware – they have not yet broken the device’s security model but are instead more focused on for-pay texting scams or stealing personal information.
  2. The most successful mobile malware tactics, including scams, spam and phishing, are classics that dominated the threat landscape when malware first moved to the web. These device-agnostic, easy-to-deploy attacks provide a natural crossover point for cybercriminals that are interested in launching attacks against mobile devices.
  3. Pornography proves to be the great weakness for mobile users. While mobile users don’t go to pornography sites often, when they do, the risk of finding malicious content is nearly three times as high as any other category.
  4. While relatively small compared to desktops threats, the mobile threat landscape is mobilizing. Malnets, the infrastructures that successfully drove nearly two thirds of all web-based attacks in 2012, are setting their sights on mobile users. To date, 40 percent of mobile malware blocked by WebPulse has originated from known malnets.
  5. Extending security to mobile devices will be essential for businesses that need to protect their assets as well as their employees. Cybercriminals see the value in these targets as businesses continue to adopt BYOD initiatives, and businesses need to be prepared in 2013.
Get more details.  

Palo Alto Networks - Applications and Threats – Analyzed Together for the First Time

This edition of the Application Usage and Threat Report marks an evolution and an associated name change. For the first time, the report maps application usage and threat activity as seen on enterprise networks between May and December 2012. This report summarizes network traffic assessments performed on more than 3,000 networks, encompassing 1,395 applications, 12.6 petabytes of bandwidth, 5,307 unique threats and 264 million threat logs.

Key findings:
  • High profile sharing applications represent lower than expected threat volume.
  • Exploits target high value, business applications and assets.
  • Custom/unknown applications and malware – low volume but high risk.

Get more details.

Comments

Anonymous said…
This comment has been removed by a blog administrator.