Computer Security Updates Week 3 of Aug 2013

Refer to Computer Security Updates Week 3 of July 2013; the biggest news was that Oracle issued 89 security fixes.

For this week / last week, here are / were the biggest news.
  • Sophos provides upgrade for its free version of mobile security.
  • Reuters: Hackers switch to new digital currency after Liberty Reserve.
  • Bit9 Blog: Black Hat 2013 and DEF CON 21 Recap.
  • FireEye Blog: The Curious Case of Encoded VB Scripts : APT.NineBlog.
  • Reuters: NSA revelations could hurt collaboration with 'betrayed' hackers.
  • Barracuda integrates eSignature into business workflow platform.
  • Sophos Leader in the 2013 Magic Quadrant for Unified Threat Management.
  • Symantec report finds vulnerabilities up by 16% in first half of 2013
  • Tampering with a car’s brakes and speed by hacking its computers: A new how-to.
  • McAfee online safety program reaches more than 100,000 youth, parents and teachers globally.
  • Yahoo News: Access to Apple developer site partially restored.
  • Solera Networks revolutionizes threat protection by unifying big data security analytics, threat intelligence and security visibility.
  • Reuters: U.S house of rep rejects bid to curb spy agency data collection.
  • CSIS releases first study to connect cybercrime to job loss - cybercrime costs the global economy between $100 billion and $500 billion annually.
  • Kaspersky Lab introduces Mobile Security & BYOD For Dummies.

Kuala Lumpur, August 13, 2013 – Sophos Provides Upgrade for its Free Version of Mobile Security

According to recent industry research, 80 percent of Android apps exhibit at least one risky behavior. An equally alarming industry statistic, users not running the most recent version of Android (comprising more than 90 percent of active users) are vulnerable to known exploits, resulting in a more than 600 percent increase in Android malware infections.

Users not running the most recent version of Android (comprising more than 90 percent of active users) are vulnerable to known exploits, resulting in a more than 600 percent increase in Android malware infections.

In order to keep up with and prevent these risks, Sophos has introduced the latest version of its free Android security app, Sophos Mobile Security 3.0, its full-featured mobile security and anti-virus application.

Get more details.

Reuters - Aug 9, 2013 - Hackers switch to new digital currency after Liberty Reserve

Reuters reported that hackers are switching to Perfect Money to perform money laundering after authority raided Liberty Reserve.

The information was provided by EMC's RSA security division.

It has emerged that law enforcement agencies in the U.S are concerned with the growing threats of usage of digital currencies for money laundering purposes.

Get more details.

Bit9 Blog - Aug 8, 2013 - Black Hat 2013 and DEF CON 21 Recap

These two cons are genereally accepted as the most important for the computer security industry.

The tones and vibes of Black Hat 2013 were on the debates of PRISM and Edware Snowden. Keynote speaker, General Keith Alexander, director of the NSA defended the act, reminded the conference to draw the line between privary and security.

Protecting national security is also relying on threat intelligence capability: collecting and disseminating intelligence to help identify and thwart attacks - it goes by the chinese saying of killing the poison with poisons.

Get more details.

FireEye Blog - Aug 5, 2013 - The Curious Case of Encoded VB Scripts : APT.NineBlog

A malicious document leverages on zero-day CVE-2012-0158 to drop and launch the payload and decoy document.

The payload dw20.exe has a simple function, which is to drop two VB scripts and launch them using Windows script host (wscript.exe).

The threat is CnC-powered which it performs encrypted callback communications over HTTPS.

The encoded VB scripts are not usually detected by anti-virus signatures and the encrypted network traffic evades network-based detection.

Get more details.

Reuters - Aug 3, 2013 - NSA revelations could hurt collaboration with 'betrayed' hackers

Industry experts and hackers were mixed about the recent revelations that NSA had in fact, hired hackers to monitor phone records and Internet activities in the U.S.

To measure the sentiment, Reuters leveraged on two major security events held in Las Vegas: Black Hat and Def Con; the result was mixed feeling.

Get more details.

Aug 2, 2013- Barracuda integrates eSignature into business workflow platform

Barracuda Networks Inc.,today announces that SignNow has become the first eSignature application to be integrated into the business workflow platform MobileIron AppConnect.

SignNow, the leading mobile signing application in the market was recently acquired by Barracuda to strengthen its cloud data storage. Over three million documents have been digitally certified and signed using the SignNow application which is used by over 100,000 small businesses and half of the Fortune 500 companies worldwide. These businesses use SignNow to sign documents, collect signatures and automate business workflows digitally by replacing manual workflows with streamlined mobile methodologies.

MobileIron, is the leader in security and management for mobile apps, documents, and devices. The MobileIron AppConnect technology is used by third-party mobile app developers. These apps allow companies to give their employees the best third-party application experiences with apps that have been enabled with auto-configuration, data containerization and secure tunneling to protect corporate data.

Get more details.

Jul 30, 2013 - Sophos Leader in the 2013 Magic Quadrant for Unified Threat Management

Sophos today announced it has once again been positioned in the “Leaders” quadrant of Gartner, Inc’s 2013 "Magic Quadrant for Unified Threat Management." The quadrant is based on an assessment of a company’s ability to execute and completeness of vision.

Sophos is the only IT security to be positioned as a Leader across three key areas of security: Unified Threat Management (UTM), Mobile Data Protection and Endpoint Protection Platforms.

Sophos delivered numerous industry-first UTM advancements to securely and efficiently meet the needs of the evolving business network. In the last year alone, the company introduced Sophos UTM Connected, the first UTM solution to deliver combined gateway, endpoint and cloud web protection; Sophos UTM 100, a small business UTM that provides enterprise-grade security at a fraction of the cost; Sophos UTM Manager, a free central management tool for service providers that simplifies the process of managing multiple UTM installations; and Sophos Complete MSP Security, the first MSP-focused solution to offer complete protection for networks, endpoints, and mobile devices from a single vendor. Additionally, Sophos continues to advance small and medium-sized branch office security with its award-winning Remote Ethernet Device (RED) appliances.

Get more details.

Jul 29, 2013 - Symantec Report Finds Vulnerabilities Up by 16 Percent in First Half of 2013

The latest Symantec Intelligence Report found the total number of vulnerabilities in the first half of 2013 was up by 16 percent compared to the same time period in 2012. The number of zero day vulnerabilities discovered in the first half of 2013 has already reached a total of 12, compared to only 14 found for the whole of 2012.

In addition, the report also found that small and medium businesses (SMBs) continue to be a target market segment for cybercriminals. The highest ratio of phishing attacks in June 2013 was identified in emails sent to SMB organisations (1-250 employees), with 1 in 325 emails blocked as a phishing scam, compared with 1 in 293 for 2012.

Phishing attacks spoofing financial organisations, including banks, accounted for 69 percent of phishing scams in June. This includes a variety of information and personal details that can be used for identity fraud, and theft of financial details can be quickly turned into large amounts of money, rather than goods which must be laundered first and require more time to process.

Get more details. - Jul 29, 2013 - Tampering with a car’s brakes and speed by hacking its computers: A new how-to

This report follows that there was a proposal of demonstrations by researchers towards compromising the security of two popular automobiles: Toyota Prius and Ford Escape, both 2010 models.

The planned demonstrations consist of remote controlling the brakes of the Prius and disablement of the brakes on Escape when the SUV is driving slowly.

The two researchers, who had received a $80,000 grant from the DARPA Cyber Fast Track program, revealed that hacking these vehicles' ECU is not an easy task. They had to reverse-engineered the vehicles' CAN, or controller area networks, to isolate the code one ECU sends to another when requesting it take some sort of action, such as turning the steering wheel or disengaging the brakes.

Get more details.

SANTA CLARA, CALIF. / SINGAPORE – July 26, 2013 - McAfee Online Safety Program Reaches More than 100,000 Youth, Parents and Teachers Globally

McAfee today announced that it has reached more than 100,000 youth, parents and teachers around the globe with its cyber education program. The McAfee Cares - Online Safety for Kids Program is a free school initiative that utilizes McAfee employees, partners and customers who volunteer to train school-age children and parents on ways to stay safe and secure, as well as maintain good ethics in their online behavior.

According to the 2013 McAfee Digital Deception study, “Exploring the Online Disconnect between Parents and Kids,” about 25 percent of youth spend five to six hours a day online. Eighty-six percent of youth believe that social media sites are safe and are aware that sharing personal details online carry risk, yet they continue to post personal information such as their email addresses and social security numbers.

In South East Asia, the McAfee Online Safety for Kids program has been running for over a year in local schools across Malaysia, Singapore and Malaysia, and has already reached over 15, 000 children to date. The National Infocomm Security Competition (NISEC) in Singapore, surveying both adults and students about cyber security and online habits, conducted a recent study, finding that 37% of the respondents still feel uncomfortable to share files and conduct transactions online, showing that the participants are aware of the dangers on the internet, and that they might be susceptible to attacks. Survey participants also rated scam and fraud, as well as stolen personal information, as the two biggest online threats.

Get more details.

Yahoo News - Jul 26, 2013 - Access to Apple developer site partially restored

Based on a reports by Reuters, Apple Inc has partially restored its main website for developers, eight days after its shut-down as preventive measure to beef up cyber security.

The company had blocked access to the site after an intrusion last week. No other details were made available.

Get more details.

Jul 24, 2013 - Solera Networks Revolutionizes threat protection by unifying big data security analytics, threat intelligence and security visibility

Solera Networks, a Blue Coat company, today introduced the Blue Coat ThreatBLADES™, making it possible for enterprises to protect against and rapidly resolve advanced targeted attacks.

Prior to the introduction of the ThreatBLADES, CISOs had to rely on separate ad hoc detection solutions for advanced threat detection. This approach made it difficult to identify, prioritize and resolve threats in a repeatable and fast way. According to the Ponemon Institute survey of more than 3,500 IT and IT security practitioners, malicious breaches took an average of 80 days to discover and an additional 123 days to resolve.

The Blue Coat ThreatBLADES solve this problem by unifying threat intelligence, big data security analytics and security visibility to protect against zero-day, advance persistent, web and email threats, spear phishing attacks and malicious files and botnets.

Get more details.

Reuters - Jul 24, 2013 - House rejects bid to curb spy agency data collection

Reuters reported that the U.S House of Representatives voted 217-205 to defeat an amendment to the defense appropriations bill that would have limited the National Security Agency's ability to collect electronic information, including phone call records.

Get more details.

Jul 23, 2013 - CSIS Releases First Study to Connect Cybercrime to Job Loss

Today, McAfee has released a first-of-its-kind report quantifying the economic impact of cybercrime.

McAfee engaged one of the world’s preeminent international policy institutions for defense and security, the Center for Strategic and International Studies (CSIS) to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide.

Cybercrime costs the global economy between $100 billion and $500 billion annually, according to the study that acknowledged more data are needed for precise estimates.

The study by the security firm McAfee and the Center for Strategic and International Studies said the US economy alone loses some $100 billion to cybercrime and cyber espionage, including loss of key business data and intellectual property.

For purposes of the research, CSIS classified malicious cyber activity into six areas:
  • The loss of intellectual property
  • Cybercrime
  • The loss of sensitive business information, including possible stock market manipulation
  • Opportunity costs, including service disruptions and reduced trust for online activities
  • The additional cost of securing networks, insurance and recovery from cyber attacks
  • Reputational damage to the hacked company

This report is also the first to connect malicious cyber activity with job loss where it attempts to connect cybercrime to opportunity costs such as high-end manufacturing jobs that moved overseas due to compromised intellectual property incidents.

Get more details.

PETALING JAYA, July 23, 2013 – Kaspersky Lab Introduces Mobile Security & BYOD For Dummies

Kaspersky Lab, the leading developer of secure content and threat management solutions is taking on mobile security and the Bring Your Own Device (BYOD) movement, addressing the benefits and challenges to businesses with its Mobile Security & BYOD For Dummies.

The guide is part of the ‘For Dummies’ series, an extensive series of instructional and reference books for readers with more than 250 million books in print and more than 1,800 titles to date that is known for simplifying even the most complex subjects so that it can be easily grasped.

Written by Georgina Gilmore, Director of Global B2B Customer Marketing, Kaspersky Lab and Peter Beardmore, Senior Director of Product Marketing, Kaspersky Lab, Mobile Security & BYOD For Dummies consists of six concise and information-packed chapters that encompasses general business benefits and challenges, legal considerations and potential challenges & liabilities, HR implications – contracts, policies and training as well as security and IT challenges and solutions.

Get more details.