Computer Security Updates Week 5 of Aug 2013

Refer to Computer Security Updates Week 3 of Aug 2013; the biggest news was that Reuters reported that U.S house of rep rejected bid to curb spy agency data collection.

For this week / last week, here are / were the biggest news.
  • Cellebrite announces UFED Link Analysis for Immediate Critical Mobile Data Visualization.
  • Kaspersky Lab launches Kaspersky Anti-Virus 2014 & Kaspersky Internet Security 2014.
  • McAfee Data Center Suite provides elastic security for hybrid Data Centers.
  • Reuters: Two charged with stealing source code from NY trading firm.
  • Reuters: Web-based apps pose tricky problem for Saudi monitors.
  • Chinese Ransomlock Malware changes Windows login credentials.
  • Sophos brings high performance and simple management to server protection.
  • Yahoo: China probes IBM, Oracle, EMC after Snowden leaks.
  • HP Autonomy Automates and Streamlines Data Protection with Release of LiveVault 7.7.

Malaysia, 29 August 2013 -Cellebrite Announces UFED Link Analysis for Immediate Critical Mobile Data Visualization

Cellebrite, today introduced the latest addition to its UFED Series: UFED Link Analysis. This new product augments existing UFED analytics capabilities, allowing field investigators to rapidly visualize key relationships between suspects and identify important patterns and anomalies based on comprehensive mobile device data.

Law enforcement, military, private, and corporate investigators can use UFED Link Analysis to generate leads in the early hours of an investigation. Whether this brings about more in-depth analysis, a crime prevented, a suspect’s apprehension or a victim’s rescue, visual analytics can shorten investigations and make operational planning faster and more efficient.

Get more details.

Petaling Jaya, 27 August 2013 -Kaspersky Lab launches Kaspersky Anti-Virus 2014 & Kaspersky Internet Security 2014

Kaspersky Lab announces the release of the latest versions of its award-winning security solutions for home computer users. Kaspersky Anti-Virus 2014 and Kaspersky Internet Security 2014 boast enhancements to existing protection technologies, as well as a host of brand new features to ensure the highest levels of security for users’ PCs and their digital valuables.

Several innovative antivirus technologies have been added to Kaspersky Anti-Virus 2014 and Kaspersky Internet Security 2014, which significantly improve user protection. Both products now include Kaspersky Lab’s proprietary ZETA Shield antivirus technology, which performs an in-depth scan of files and applications running on the computer to identify malware that may hide deep within individual components of each program.

Get more details.

VMworld, SAN FRANCISCO / SINGAPORE, —Aug. 27, 2013 – McAfee Data Center Suite Provides Elastic Security For Hybrid Data Centers

Today, McAfee announced a new version of the McAfee Data Center Server Security Suite, its data center security solution.

The new McAfee Data Center Server Security suite allows organizations to:
  • Discover all workloads to provide the security administrator with complete visibility of the security status
  • Protect every physical and virtual machine in the hybrid data center
  • Expand compute capacity securely

Get more details.

Reuters - Aug 26, 2013 - Two charged with stealing source code from NY trading firm

Reuters reported that two men were charged with intelectual properties pertaining to financial trading firms which include trading strategies, valuation algorithms and source code.

Get more details.

Reuters - Aug 22, 2013 - Web-based apps pose tricky problem for Saudi monitors

Reuters reported that Saudi regulator, the Communications and Information Technology Commission (CITC), ruled on March that Skype, Viber and WhatsApp are not compliant with regulations. This was followed by banning of Viber on June 2013.

Get more details.

Aug 22, 2013 - Chinese Ransomlock Malware Changes Windows Login Credentials

Although ransomware has become an international problem, we rarely see Chinese versions. Recently, Symantec Security Response noticed a new type of ransomlock malware that not only originates from China but also uses a new ransom technique to force users into paying to have their computers unlocked.

This threat is written in Easy Programming Language and is spread mostly through a popular Chinese instant messaging provider. Once a computer is compromised, the threat changes the login credentials of the current user and restarts the system using the newly created credentials. The login password is changed to “tan123456789” (this was hardcoded in the sample we acquired) but the malware author may update the threat and change the password. The account name is changed to “contact [IM ACCOUNT USER ID] if you want to know the password” (English translation)so that once the computer has restarted, and the user is unable to log in, they will see the account name/message and contact the user ID in order to get the new password.

If the victim contacts the provided user ID, who is more than likely the malware author, they will see a statement on the profile page asking for approximately 20 Chinese Yuan (US$3.25). The statement says that the login password will be sent as soon as the money is received and that if the malware author is pestered by the user they will be blocked.

Symantec detects this threat as Trojan.Ransomlock.AF. For users already infected with this threat, there are several ways to restore system access:
  1. Use password “tan123456789” to log into the system and reset the password (as mentioned before, this might not always work as the password may be changed by the malware author)
  2. Use another administrator account to log into the system and reset the password
  3. If your current account is not a super administrator account, enter safe mode and log in as super administrator and then reset the password
  4. Use Windows recovery disk to reset the password

Kuala Lumpur, Malaysia, August 21, 2013 – Sophos Brings High Performance and Simple Management to Server Protection

Sophos today announced Sophos Server Protection – an easy to use and flexible server antivirus solution that defends data without sacrificing performance. It is the latest entry in a Sophos arsenal that provides simple, yet complete security for servers, the network and end-user devices.

Increased migration to virtual servers and the ever-growing threat of attack on critical data are presenting new challenges to IT professionals, as they look to maintain high performance and density of servers, without compromising on security. Sophos Server Protection addresses these challenges by integrating agentless antivirus for vShield and full antivirus clients for Windows, Linux, Mac and UNIX into one centrally managed product.

Get more details.

Yahoo - Aug 17, 2013 - China probes IBM, Oracle, EMC after Snowden leaks

It emerged that according to official Shanghai Securities News, China is preparing to investigate IBM, Oracle and EMC over security issues. This is believed to have been triggered by the leaks of Edward Snowden.

Get more details.

PALO ALTO, Calif., Aug. 14, 2013 - HP Autonomy Automates and Streamlines Data Protection with Release of LiveVault 7.7

HP Autonomy today unveiled Autonomy LiveVault 7.7, a comprehensive and easy-to-use cloud-based solution with integrated VMware vSphere support that unifies data protection and recovery across both virtual and physical environments. LiveVault 7.7 provides organizations with a fully managed, secure cloud backup solution that automates, streamlines, and reduces the cost and complexity of enterprise-class data protection.

LiveVault 7.7 brings enterprise-class data protection to the cloud by providing organizations with a single interface from which to manage data protection across both physical and virtual machines. This helps organizations reduce costs, simplify backup management processes, and eliminate the need to have employees trained on multiple products to protect their environments.

Get more details.