Computer Security Updates Week 3 of July 2013

Refer to Computer Security Updates Week 2 of July 2013; the biggest news was that according to ESET Blog, the Lloyds Survey found that cyber threats are now the third biggest worry for CEOs.

For this week / last week, here are / were the biggest news.
  • Symantec: Google Glass still vulnerable to WiFi hijacking despite QR Photobombing Patch.
  • The high cost of a security breach: averages $649,000.
  • Sophos: US retains spamming crown, Belarus inches toward the top spot.
  • ESET Blog: “Black swan” warning as cybercrime hits half of world stock exchanges.
  • Hitachi Sunway Information Systems (HSIS) partners with e-Lock.
  • Oracle issues 89 security fixes.
  • HP helps enterprises use big data to protect critical information, mitigate risk.
  • VADS teams with Barracuda Networks to provide Managed WAF.
  • Reuters: Microsoft asks U.S. to let it disclose security requests.
  • Trend Micro: File infector EXPIRO hits US, steals FTP credentials.
  • Oracle: IT Security still not protecting the right assets despite increased spending.

Symantec - Jul 19, 2013 - Google Glass Still Vulnerable to WiFi Hijacking Despite QR Photobombing Patch

It was found that malicious HQ codes could send smart-devices to doomed destinations; infecting the devices with malwares or risking compromised - photobombing.

To protect against automated redirection to malicious sites with QR codes, Symantec created the Norton Snap application which scans any URL before the user is redirected to the destination address.

In June 2013, Norton Snap detected that 0.03 percent of QR code URLs were malicious.

Google Glass uses QR codes to configure the device's preferred WiFi access point and hence it could be vulnerable to malicious QR code attacks which target Android devices. Symantec reported that Google is aware of this issue and have already fixed it.

Nevertheless, Glass remains vulnerable to WiFi hijacking.

Get more details.

PETALING JAYA, July 18, 2013 -The high cost of a security breach

$649,000 is the average cost incurred by large companies in the wake of a cyber-attack, according to the 2013 Global Corporate IT Security Risks survey conducted by B2B International, in conjunction with Kaspersky Lab.

In order to get the most accurate picture of costs, B2B included only incidents that had occurred in the previous 12 months; the assessment was based on information about losses sustained as a direct result of security incidents. This comprised two main components:
  • Damage resulting from the incident itself – i.e. losses stemming from critical data leakage, business continuity,and the costs associated with engaging incident remediation specialists;
  • Unplanned ‘response’ costs required to prevent future, similar attacks, including hiring/training staff and hardware, software and other infrastructural updates.

Get more details.

Kuala Lumpur, Malaysia, July 17, 2013 –US Retains Spamming Crown, Belarus Inches Toward the Top Spot

Sophos has published the latest 'Dirty Dozen' of spam relaying countries, covering the second quarter of 2013. As the US retains the top spot among spam-relaying countries, Belarus makes a significant jump into second place. And three new countries enter the top twelve—Ukraine, Kazakhstan and Argentina, while three other countries exit the Dirty Dozen—France, Peru and South Korea.

The report details two categories; spam-relaying by volume and spam-relaying by population -  the latter meant to imply the percentage of spams out of the total population - Belarus emerged as top 10 in both categories, Singapore was pushed into top 10, due to its comparatively smaller population size.

Get more details.

ESET Blog - Jul 18, 2013 - “Black swan” warning as cybercrime hits half of world stock exchanges

It was reported that more than half of securities exchanges around the world faced cyber attacks last year, according to a paper released by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE).

The term “black swan” refers to statistician Nassim Nicholas Taleb’s theory of unpredictable events which have major, sometimes disastrous, effects on systems such as financial markets.

The survey found that 53% had experienced cyber attacks - 93% of senior management understood the risks and had proper disaster recovery protocols in place.

Get more details.

Kuala Lumpur, July 17, 2013 – Hitachi Sunway Information Systems (HSIS) Partners with e-Lock

Hitachi Sunway Information Systems Sdn. Bhd, a leading IT services and solutions provider, today announces its partnership with Malaysian-based information security company, e-Lock Corporation Sdn Bhd, to offer comprehensive enterprise-level web security solutions in the South East Asia (SEA) region.

(L-R:)Cheah Kok Hoong, Group CEO / Director, HSIS;
Dr. Ken Leong, founder and CEO, e-Lockd

The e-Lock partnership is part of HSIS’ strategic plan to strengthen one of its three key business lines - the Infrastructure & Managed Services (IMS) portfolio, that focuses on the provisioning of Systems & Storage, End-to-End Virtualization Solutions, Data Management/Storage, High Availability/Disaster Recovery, ITO Managed Services, Infra/Cloud Security, Data Center Outsourcing & Cloud Services, to corporate enterprises.

Get more details.

Fortinet Blog - Jul 17, 2013 - Oracle Issues 89 Security Fixes

Fortinet reported that Oracle released a whopping 89 fixes to many of their products, 27 of which could allow remote code execution.
  • 6 fixes target Oracle Database, one of which allows remote exploitation without any authentication. CVE-2013-3751 goes into detail about the exploit.
  • 21 fixes target Oracle Fusion Middleware, of which 16 allow remote unauthenticated exploit. Some of these are related to CVE-2013-2461, which affects JRootkit and was related to a series of patches in Oracle’s June patch fixes.
  • Oracle and Sun Systems Products Suite have 16 patches, 8 of which allow remote exploit without authentication.
  • Oracle MySQL has 18 fixes, 2 allowing remote exploit.
Get more details.

Jul 16, 2013 - HP Helps Enterprises Use Big Data to Protect Critical Information, Mitigate Risk

HP today announced updates to its HP ArcSight portfolio, offering enterprises unified security analytics for big data with expanded identity monitoring to accelerate the detection of persistent threats.

HP ArcSight Threat Detector uses experienced-based techniques to identify repeating event patterns, both benign and malicious. It creates rules for future real-time detection of zero-day threats and slow repeating attacks that are designed to deflect typical signature traps.

The threat response process is automated, helping to reduce threat response time without adding cost.

HP ArcSight Identify View v2.5, HP ArcSight Threat Response Manager and HP ArcSight Threat Detector v2.0 are now available worldwide.

Get more details.

KUALA LUMPUR, Malaysia, 16 July 2013 – VADS teams with Barracuda Networks to provide Managed WAF

Barracuda Networks Inc., today announces that it is partnering with leading Malaysian managed IT and business process outsourcing (BPO) service provider VADS Berhad (VADS), to offer the VADS Managed Web Application Firewall (MWAF) for small to large businesses as protection against cyber threats.

Customers will be able to choose between three packages; MWAF Starter (1 web application), MWAF Standard (3 web applications) and MWAF Premium (5 web applications) that can be deployed both on-premise and cloud-based. ). All three packages are offered on a three-year contract basis. MWAF helps customers meet the compliance mandate of PCI DSS and ISO27001.

Get more details.

Reuters - Jul 16, 2013 - Microsoft asks U.S. to let it disclose security requests

Reuters reported that Microsoft Corp said on Tuesday it has written to the U.S. Attorney General to ask for more freedom to disclose how it handles requests for customer data from national security organizations.

In a separate report, CloudFlare wrote that the industry's biggest players are muzzled about the transparency of such incidents. The law requires a total non-disclosure of any information pertaining to consumers' data privacy and protection.

As mitigation strategy, CloudFlare joined forces with more than 40 other companies to make a public appeal to the U.S government calling for greater transparency pertaining to this matter, urging for non-disclosure requirement to be strike off.

Get more details and here.

Trend Micro Blog - Jul 15, 2013 - File Infector EXPIRO Hits US, Steals FTP Credentials

The c&c-powered malware uses Styx as its exploit kit, part of PE_EXPIRO family; file infectors that was first spotted spotted in 2010.

Styx is different from other exploit kits, namely:
  • Multiple Exploit Pages – Styx distributes the malicious script in multiple pages, which are connected by HTTP redirecting
  • Across IFRAME Data Access – Styx accesses data across IFRAMES via JavaScript

The act of distributing malicious script across multiple pages is quite unusual given that most exploit kits only use one page. Additionally, while exploit kits commonly store data in a HTML tag and access it via JavaScript, Styx does it differently. Other exploit kits store it in the same HTML page; Styx puts the tags in another IFRAME. These two techniques could be seen as methods of avoiding detection.

The malware performs information theft - it steals system and user information, such as the Windows product ID, drive volume serial number, Windows version and user login credentials. It also steals stored FTP credentials from the Filezilla FTP client.

About 70% of total infections are within the United States.

Get more details and here.

Jul 15, 2013 - Oracle: IT Security Still Not Protecting the Right Assets Despite Increased Spending

Most IT security resources in today’s enterprise are allocated to protecting network assets, even though the majority of enterprises believe a database security breach would be the greatest risk to their business, according to a new report issued by CSO Custom Solutions Group and sponsored by Oracle.

In the survey with 110 companies from industries including Financial Services, Government, High Tech, more than two thirds of IT security resources remain allocated to protecting the network layer, while less than one third of the staff and budget resources were allocated to protecting core infrastructure such as databases and applications.

When comparing the potential damage caused by breaches, most enterprises believed that a database breach would be the most severe as they contain the most vital and valuable information – intellectual property as well as sensitive customer, employee, and corporate financial data; resulted in an un-balanced and fragmented approach to security.

Get more details.