Computer Security Updates Week 2 of July 2013

Refer to Computer Security Updates Week 5 of June 2013; the biggest news was the announcement by U.S NSA that 54 plots had been foiled thanks to eavesdropping activities by the security agency.

Also, on July 1, 2013, Malaysian domains were compromised by hacker Tiger-m@te, allegedly Bangladeshi origin whose team members consist of hacker aliases: kinG oF coNTrol:Barbaros-DZ:FORTYS3V3N:aBu.HaliL501:W7sH.SyRiA:h311 c0d3:m1I05:j0:l0c@lh0st:Ne0-h4ck3r - supposedly social-politically motivated. Malaysian authority performed formal investigation on the incident but so far, nothing was announced yet.

For this week / last week, here are / were the biggest news.
  • ESET Blog - Lloyds Survey: Cyber Threats are now the third biggest worry for CEOs.
  • CloudFlare: Staying on top of TLS attacks.
  • Sophos Mobile Control newest release supports Windows Phone 8
  • Trend Micro Deep Security 9: Protection for Virtual and Cloud Data Centres in APAC.
  • Versatile Threats: Dangers Posed to any Device.
  • Symantec: Android Vulnerability Allows App Hijacking.
  • Reuters: Hackers in four-year effort to steal South Korea military secrets.
  • Trend Micro Blog: Ubisoft reported compromised attempts

ESET Blog - Jul 12, 2013 - Lloyds Survey: Cyber Threats are now the third biggest worry for CEOs

Cyber risk was ranked 12th in the 2012 report, now it has moved up to 3rd rank.

The report highlighted rising costs of cybercrime.

The report questions whether businesses are spending money wisely, saying that a large percentage of data breaches are caused by employee negligence, an area that should in theory be within the control of that organisation.

Get more details.

CloudFlare Blog - Jul 12, 2013 - Staying on top of TLS attacks

In a nutshell, TLS (Transport Layer Security) attacks are hard nuts to crack because it involves lower level technicality and cryptography complexity - it is often something which many would overlook or ignore.

CloudFlare shared with us that TLS attacks had emerged lately where attackers leverages on the loopholes in the RC4 cipher used by some TLS connections. The flaw is rooted back to the invention of RC4 Keystream technique which uses bit-shifting XOR technique which produces biases - first 256 bytes of the keystream are not completely random and over time a pattern emerges and hence caters for security loopholes.

The ideal solution is to make use of a stronger cipher AES128-GCM; AES with a 128 bit key in Galois/Counter Mode, part of TLSv1.2 which is not widely supported by web browsers.

Nevertheless, CloudFlare has already configured the system ready for performing TLS using cypher AES128-GCM to encrypt data for secure communication.

Get more details.

Kuala Lumpur, Malaysia, July 11, 2013 – Sophos Mobile Control newest release supports Windows Phone 8
Sophos announced Sophos Mobile Control 3.5, the latest version of its award-winning mobile device management (MDM) solution. Available both on-premise and as-a-service, Sophos Mobile Control 3.5 makes it simple for small and mid-market organizations to secure, monitor and control mobile devices. This new release adds support for Windows Phone 8, as well as reporting and simplified administration to make BYOD (bring your own device) policies easy to define, implement and enforce.

Sophos Mobile Control provides the complete security that IT requires to confidently embrace employee device mobility. This latest version delivers Windows Phone 8 support alongside iPhone/iPad and Android, with self-enrollment and self-service capabilities for users, and allows IT to manage the complete device lifecycle as well as loss & theft scenarios.

Also included is an easy-to-use client app, which provides access to compliance status, messages and support information—allowing for comprehensive reporting and giving IT a holistic view of devices.

Get more details.

Symantec - Jul 9, 2013 - Android Vulnerability Allows App Hijacking

A serious Android vulnerability, set to be disclosed at the Blackhat conference, has now been publicly disclosed. The vulnerability allows attackers to inject malicious code into legitimate apps without invalidating the digital signature.

Android applications must be digitally signed. This allows one to ensure the code within the app has not been tampered with and also assures the code was provided by the official publisher. Furthermore, Android utilizes an app-level permission system where each app must declare and receive permission to perform sensitive tasks. Digital signing prevents apps and their accompanying permissions from being hijacked.

This serious Android vulnerability allows an attacker to hide code within a legitimate application and use existing permissions to perform sensitive functions through those apps.

If a malicious app is discovered exploiting this vulnerability, users will be able to protect themselves by installing Norton Mobile Security.

Get more details.

Reuters - Jul 9, 2013 - Hackers in four-year effort to steal South Korea military secrets

Reuters reported that McAfee found evidence of a mysterious group of computer hackers known as New Romanic Cyber Army Team who had spent 4 years spying on the South Korea military.

The hacking gang infected PCs with malware and look for documents of interest and then encrypted the files before delivering them to the hackers' servers.

The hacking operation is called 'Operation Troy' by McAfee.

July 4, 2013 - Trend Micro Deep Security 9: Protection for Virtual and Cloud Data Centres in APAC

Trend Micro™ announced Deep Security 9, specifically designed to maximize the return on investment in virtualization and cloud technologies for large and small enterprises, as well as managed service providers with an infrastructure-as-a-service (IaaS) practice.

Deep Security leverages both agentless and agent-based protection mechanisms to automatically and efficiently secure virtual servers and desktops, and private and public clouds and accelerate ROI. It comprises of anti-malware, web reputation, firewall, intrusion prevention, integrity monitoring and log inspection technologies.

Deep Security 9 also enables cost-effective compliance to many regulations such as PCI DSS 2.0, HIPAA, NIST and SAS 70.

Support for latest VMware releases – vSphere 5.1 and vCloud Networking and Security 5.1 Deep Security 9 will support VMware vSphere® 5.1 and vCloud Networking and Security™ (vCNS). This release will mark the product's 4th generation of integration with VMware products.

Get more details.

Jul 5, 2013 - Versatile Threats: Dangers Posed to any Device

According to Kaspersky Labs research, 34 percent of worldwide Internet users were attacked by malicious programs in 2012. Majority of these attacks were due to zero-day vulnerabilities from Java and Adobe platform.

Kaspersky found these threats becoming more advanced and versatile than ever before.Some trends observed:
  • Malware threats are becoming more platform independent,targeting even MAC OS platform these days.
  • Android mobile platform was the most hit platform in 2012.
  • Phishing is continuing its menace onto mobile platform with increasing success. This is due to mobile app being more reserved in displaying details of the source and the chances of installing a malicious mobile app is higher.
  • Malwares which target children also on the rise.

Get more details.

Trend Micro Blog, July 3, 2013 - Ubisoft reported compromised attempts onto its online systems

Ubisoft reported that unauthorized access attempts were made to some of their online systems.

Some data such as usernames, email addresses and encrypted passwords have been illegally downloaded.

Even though Ubisoft had during that time took mandatory steps to deal with the situation, they had amicably advised users to change their password.

Get more details.