Computer Security Updates Week 3 of Mar 2013

Refer to Computer Security Updates Week 2 of Mar 2013; in which the biggest news was about the findings that Java, Chrome, IE 10 and Firefox were all compromised successfully during PWN2OWN 2013 competition.

For this week, here are the biggest news.
  • FortiBlog reported that Deloitte survey finds breaches across industries.
  • Bit9 enhances protection capabilities by offering detection features.
  • Palo Alto Networks takes major sponsorship role in upcoming Infosecurity World 2013, KL, Malaysia.
  • Kaspersky selected 5 Malaysian students for regional security competition.
  • Sophos reported that Bill Gates's sensitive information published by hackers.
  • Blackberry strategies to co-exists with competitors and the greater mobile ecosystem.
  • Filipino hackers attacked own government's web site.
  • ESET team analyzes Win32/Theola, browser plugins installed by Mebroot for banking fraud operations.
  • Sourcefire publishes security reports; 25 Years of Vulnerabilities: 1988-2012.
  • The consumer banking website of JPMorgan Chase & Co was attacked with denial-of-service.
  • National Intelligence Agency of U.S concludes that cyber security threat is the no.1 threat for U.S.
  • Singapore joins fight against digital crime with new Cyber Security Lab.
  • U.S invites China to hold bilateral talk on cyber security issues.
  • Iran officially blocks unofficial VPN access from its Internet.

FortiBlog, Mar 16,2013 - Deloitte Survey Finds Breaches Across Industries

FortiBlog reported that a mid-February 2013 Deloitte Tech Trends poll of 1,749 business executives found more than one in four report their organizations were the victims of at least one cyber attack in the past year.

Nine percent report multiple breaches, and 17 percent say they are not confident their organizations could detect an attack. The business executives are from industries including financial services, health care, life sciences, retail, public sector, travel, consumer and industrial products, energy and resources, and technology, media and telecom.

The results of the poll, says White, underscore the importance of cyber-intelligence, highlighted in the “No Such Thing as Hacker-Proof” chapter in Deloitte’s 4th Annual Tech Trends Report: Elements of Postdigital. The chapter is co-authored by Kieran Norton and Kelly Bissell, both principals with Deloitte & Touche.

Get more details.

Mar 16, 2013 - Bit9 enhances protection capabilities by offering detection features

According to its blog, advanced threat detection complements our protection capabilities.

The new detection capabilities add insight and another layer of defense to the equation, providing IT teams with instant information about what’s happening in the ecosystem—without polling or scanning.

Get more details.

Kuala Lumpur, 15 March 2013 — Infosecurity World 2013: Palo Alto Networks takes major sponsorship role

ISWec today announced that Palo Alto Networks, the network security company, has become Gold Sponsor of the 2nd Annual Infosecurity World Exhibition and Conference 2013, which will be held on March 20 – 21, 2013 at Putra World Trade Centre, Kuala Lumpur.

Get more details.

ComputerWorld My, Mar 15, 2013 - 5 Malaysian students qualify for regional security competition

ComputerWorld My reported that 5 students from three Malaysian universities have been chosen to compete at Russian security solutions firm Kaspersky Lab's Asia Pacific & MEA Cup 2013, which will be held at National University of Singapore in the city-state from 21 to 23 March 2013.

"This competition, which is themed 'CyberSecurity for the Next Generation,' allows Kaspersky Lab to unearth thinkers who can add to the body of knowledge with input from across cultures. Malaysian universities have an excellent track record and we are excited for this year's representatives to make an impact," said Harry Cheung, Managing Director, APAC, Kaspersky Lab. "Competition is stiff not just for the attractive prize money of US$1,000, US$750 and US$500 for the top three places but also for the opportunity to gain exposure at the international level."

Get more details.

Sophos, Mar 14, 2013 - Bill Gates's sensitive information published by hackers

Sophos's blog reported that Bill Gates is the latest celebrity to have had his personal information published on a website that has exposed the social security numbers, addresses and personal financial information of a number of people in the public eye.

These information were obtained from hackers from credit reporting companies

Get more details.

Waterloo, ON, Mar 14, 2013 – BlackBerry Previews Secure Work Space Technology for Third Party Platforms

Blackberry evangelizes intention to position BlackBerry® Enterprise Service 10 as multi-platform enterprise mobility management solution, it aspires to provide security solution for managing work and personal data on mobile devices to third party platforms such as iOS and Android.

Very interesting move, which is widely seen as a strategy by Blackberry to co-exist with other mobile platforms, enhancing business continuity and keeping up with competition.

Get more details.

TheStar, Mar 14, 2013 - Lahad Datu: Angry Filipino hackers turn on their Government

TheStar reported that Filipino hackers have attacked several Filipino Government websites over the Sabah crisis, accusing President Benigno Aquino III's administration of "mishandling" the matter.

The question to ask is why is it always happening ? Haven't they implemented any security solution ?

Get more details.

Mar 13, 2013 - ESET team analyzes Win32/Theola, browser plugins installed by Mebroot for banking fraud operations.

By the end of January 2013, the countries where Theola is most commonly detected are the Netherlands, Norway, Italy, Denmark and Czech Republic.

Mebroot (Win32/Mebroot.FX) is a bootkit malware; install when the computer is booting up - Win32/Theola.F is a component of Mebroot - serves as Google Chrome plugin based on the NPAPI interface (Netscape Plugin Application Programming Interface).

It is designed to steal sensitive information (passwords, credit card numbers and etc) on affected PC when browsing banking web page via Chrome browser.

Get more details.

KUALA LUMPUR, 13 March 2013 – Sourcefire’s Shocking IT Security Findings

Sourcefire, Inc., a leader in intelligent cybersecurity solutions, today unveiled its latest research statistic findings on IT security vulnerabilities that span from 1988-2012 in a report released to the market, in a bid for businesses to better protect their assets.

The latest analysis of the last 25 Years of Vulnerabilities (1988-2012) by Sourcefie Inc. revealed the most popular vulnerabilities, the vendors and products suffered from the most issues, the browser is the best in terms of vulnerabilities found, and how many 0-days are found in products. While the answers to some of these questions are predictable, others are surprising.

i) Microsoft Windows XP and the Mozilla Firefox browser stand out as the two with the largest number of high-severity vulnerabilities.

ii) Apple iPhone has the most vulnerabilities reported and has seen 210 vulnerabilities while Google Android logs in at 24, Windows Mobile at 14 and BlackBerry at 11.

iii)The "10 worst offenders" from top down were: Microsoft; Apple; Oracle; IBM; Sun (acquired by Oracle); Cisco; Mozilla; Linux; HP; Adobe.

iv) There was peak of 6,612 vulnerabilities in 2006 but the worst year overall for high-severity ones was 2007 at 3,159 out of a total of 6,518.

Get more details.

Reuters, Mar 13, 2013 - Cyber attack stops access to JPMorgan Chase site

Reuters reported that the consumer banking website of JPMorgan Chase & Co was unavailable to some users on Tuesday as the company tried to deal with a denial-of-service cyber attack that slowed access for some customers.

Get more details.

ESET, Mar 12, 2013 - Singapore joins fight against digital crime with new Cyber Security Lab

According to ESET's blog, reports from Asia say that Singapore is to open a new Cyber Security Lab in a bid to combat criminal hacking by training law enforcement officers in the latest anti-cyber crime techniques.

Get more details.

Reuters, Mar 12, 2013 - Cyber attacks is the leading threat against U.S.

Reuters reported that the National Intelligence Agency of U.S concluded to Senate Intelligence Committee that cyber security threats is the no.1 threat for U.S as of Mar 12, 2013.

They expressed concern that computer technology is evolving so quickly it is hard for security experts to keep up.

Get more details.

Reuters, Mar 12, 2013- China says willing to discuss cyber security with the U.S.

Reuters reported that China offered on Tuesday to talk with the United States about cyber security amid an escalating war of words between the two sides on computer hacking, but suspicion is as deep in Beijing as it is in Washington about the accusations and counter-accusations.

On Monday, U.S. National Security Advisor Tom Donilon called on China to acknowledge the scope of the problem and enter a dialogue with the United States on ways to establish acceptable behavior.

China, in response, said it was happy to talk.

Get more details.

Reuters, Mar 10, 2013- Iran blocks use of tool to get around Internet filter

Reuters reported that Iran blocked unofficial VPN access from its Internet - in and out of the country cyberspace.

Get more details.