Computer Security Updates Week 5 of May 2014

Refer to Computer Security Updates Week 3 of Apr 2014; the biggest news was a report by TheStarOnline about Tabung Haji detected two internal security incidents.

For this week / last week, here are / were the biggest news.
  • PR - Sunnyvale, California - May 28, 2014 - Whitebox Security Crowd-sourcing Accelerates Data Governance & Compliance
  • PR - May 28, 2014- Ubisoft Consulted with Kaspersky Lab to Authenticate Watch Dogs Script
  • Symantec - May 28, 2014- Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom
  • PR - Cyberjaya - May 28, 2014 - USM Won the 2014 F-Secure Inter-varsity IT Security Competition
  • PR - May 27, 2014 - Sophos Mobile Control 4.0 Delivers User-Centric Approach to Protect, Secure and Manage Mobile Devices
  • PR - May 26, 2014 - InfoWatch extends partnership outreach in Malaysia.
  • PR - May 26, 2014 - McAfee: Encrypted passwords are not 100% secure
  • PR - SG, May 23, 2014 - eBay Database Breached via Employee Credentials – CyberArk Comments
  • PR - May 22, 2014 - McAfee: Check for Apps That Use Extensive Data Collection Techniques
  • Symantec - May 20, 2014 - Symantec Research Helps FBI Investigation on Blackshades
  • PR - Germany - May 21, 2014 - LinOTP by LSE is now available with all features as Open Source



PR - Sunnyvale, California - May 28, 2014 - Whitebox Security Crowd-sourcing Accelerates Data Governance & Compliance

Instead of a few IT employees trying to implement and maintain secure data governance across ever-increasing petabytes of data, Whitebox Security has created a system where almost everyone in the organization can play an active role.

Whitebox Security is using crowd-sourced secure data governance to protect and identify unstructured data.

Crowd-sourcing means collective intelligence across the company, contributed by employees.

PR - May 28, 2014- Ubisoft Consulted with Kaspersky Lab to Authenticate Watch Dogs Script

A team of Kaspersky Lab experts were consulted by the developers of the upcoming action-adventure game, Watch Dogs, set for release on May 27 worldwide by Ubisoft, a leading producer, publisher and distributor of interactive entertainment products. The goal of this cooperation was to avoid over-sensationalization or misinterpretation of the cyber-domain, and to make the theoretical cyber-scenarios in the game, both during in-game play and in character/plot developments, as authentic as possible.

Watch Dogs tells the story of Aiden Pearce, a brilliant hacker whose criminal past led to a violent family tragedy. Now on the hunt for those who hurt his family, players will be able to monitor and hack their enemies by manipulating everything connected to the city’s Central Operating System (ctOS). Watch Dogs lets the player use Chicago as their ultimate weapon and exact their own style of revenge.

Details.

Symantec - May 28, 2014- Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom

Symantec has recently detected reports on Apple’s support community and social networks that users in Australia and New Zealand have had their Apple IDs compromised. Apple devices are being remotely locked and held for ransom by someone claiming to be Oleg Pliss, a software engineer at Oracle, who has been randomly chosen to take the fault for the attacks.

Based on initial feedback, a number of Apple IDs have been compromised and used to lock iPhones, iPads, and Macs. It remains unclear exactly how the Apple IDs were compromised, but possible explanations include phishing attempts, weak passwords, or password reuse. A separate breach involving emails and passwords used to login to Apple and iCloud could have facilitated the compromise of the Apple IDs.

Once an Apple ID is compromised, attackers can access the Find My iPhone feature in iCloud. This feature is used to locate your devices if they have an internet connection and turn on the Lost Mode feature. Once Lost Mode is turned on, the attacker can remotely play a sound, lock the device, and display a ransom message.

http://www.symantec.com/connect/blogs/apple-ids-compromised-iphones-ipads-and-macs-locked-held-ransom

PR - Cyberjaya - May 28, 2014 - USM Won the 2014 F-Secure Inter-varsity IT Security Competition

With 255 points ahead, team N2L from University Sains Malaysia (USM) was crowned as the champion for 2014 F-Secure Inter-Varsity IT Security Competition! The competition, initiated by F-Secure and MDeC (Multimedia Development Corporation), was aimed at nurturing local talents and encouraging more Malaysian undergraduates to venture into the field of IT security through education.
During the competition

The competition was graced and officiated by Ms Ng Wan Peng, Chief Operating Officer of Multimedia Development Corporation (MDeC). The panel of judges to this year’s competition included Pn Eneng Faridah Iskandar, Senior Director, Outreach and Engagement Division of MCMC (Malaysian Communications and Multimedia Commission), Jose Cequena, Senior Manager of F-Secure Labs Kuala Lumpur and Chang Kim Meng, Service Manager of F-Secure Labs Kuala Lumpur.

Details.

PR - May 27, 2014 - Sophos Mobile Control 4.0 Delivers User-Centric Approach to Protect, Secure and Manage Mobile Devices

Sophos today announced Sophos Mobile Control (SMC) 4.0, the first Enterprise Mobile Management (EMM) solution to include individual file encryption, integrated AV and web filtering. Available on premise or as-a-service, SMC provides a simple and differentiated approach for small and mid-market organizations to manage and secure mobile devices, content and applications. The new Sophos solution helps IT professionals confidently implement BYOD policies and provides users the flexibility they demand to stay productive and safe. It supports iOS, Android and Windows Phone 8 devices.

Sophos conducted a survey of more than 725 IT professionals on their use and preferences of cloud share services, encryption and mobile devices. The survey showed 84 percent of organisations allow some level of access from company-issued devices to cloud-based file share services such as Dropbox, however 65 percent of respondents do not currently encrypt data between the cloud and mobile devices. Surprisingly only 38 percent feel secure sharing corporate files or collaborating on corporate content between the cloud and mobile devices

Details,infographic.

PR - May 26, 2014 - InfoWatch extends partnership outreach in Malaysia

InfoWatch, a Data Loss Prevention (DLP) solutions provider, extends partnership outreach in Malaysia.

As part of their commitment towards APAC, it will be organizing an intensive technical training towards existing partners in Malaysia. During the training sessions, partners are expected to be trained extensively on InfoWatch Traffic Monitoring Enterprise version 5.0.

Existing partners include Tech Titan.

Details.

PR - May 26, 2014 - McAfee: Encrypted passwords are not 100% secure

As you are most likely aware, very recently it was discovered that eBay suffered a massive security breach, compromising about 150 million users' data, including passwords, email addresses, physical addresses and phone numbers - and since then some of this information has apparently already surfaced for sale.

Although eBay has said that no financial data has been compromised on their main website or subsidiary Paypal’s, vigilance is still important.

Tips:

  • Change your password immediately — While the stolen passwords were encrypted, they can still be exposed through decryption programs. For more information on how to create strong passwords, please visit www.passworday.org
  • Download comprehensive security software — Make sure you have McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service for your PC, Mac and Android devices, or you can download it for free. McAfee SiteAdvisor will not only provide a warning message if you navigate to a risky site, but will also provide site rating icons in your browser search results on your computer, to indicate if a link is safe to click or not
Details.

PR - SG, May 23, 2014 - eBay Database Breached via Employee Credentials – CyberArk Comments

eBay has just announced that one of its databases – which contains customer names, encrypted passwords, email addresses, contact details and dates of birth – was hacked earlier this year and has urged its users to change their passwords. According to a post on eBay’s corporate site, cyber attackers had obtained access to “a small number of employee log-in credentials, allowing unauthorised access to eBay’s corporate network.”

CyberArk gave a nutshell of the incident.

According to eBay, only a small number of employees' logins were affected. It got started when a specific group of employees were exploited into executing malware triggered from links or attachments from emails.

Apparently, CyberArk commented that this group of employees have key access to information of the organization; they had access privileges.

Hence, CyberArk recommends embracing the 'least-privileged' approach and employing controls that prevent sensitive password from being used from potential vulnerable endpoints.

Details.

PR - May 22, 2014 - McAfee: Check for Apps That Use Extensive Data Collection Techniques

New Release of McAfee Mobile Security enables Android users to instantly check for apps that use extensive data collection techniques

According to McAfee’s Consumer Mobile Security Report:
  • 80% of mobile apps today collect information about users
  • 82% know the device ID
  • 57% track people when people use their phones
  • The apps that aggressively and often unnecessarily collect data leverage potentially dangerous ad libraries, and 35% of these apps contain malware

The most worrisome permissions are from apps that read users’ subscriber ID from their smartphones and tablets, anything that gets users’ precise location (as opposed to Wi-Fi network or cell tower), and anything that reads or tracks text messages that can contain private messages and information like online banking transaction authorisations.

Given the above findings, today McAfee, part of Intel Security, announced the latest version of McAfee Mobile Security that now enables consumers to instantly run free privacy and security scans.

These scans allow users to:
  • Identify apps that are oversharing personal information
  • Scans for and removes malware and looks for other security threats
  • Perform these scans as soon as the product is installed
  • Easily remove apps that pose significant risks

Details.

Symantec - May 20, 2014 - Symantec Research Helps FBI Investigation on Blackshades

Today, the FBI announced the arrests of dozens of people suspected of cybercriminal activity related to the Blackshades Remote Access Trojan (RAT). Symantec worked closely with the FBI and provided key information to help their investigation, including details on known command & control (C&C) domains and other intelligence about the cybercriminal infrastructure behind Blackshades.


Blackshades, known as Shades RAT by Symantec, is a popular and dangerous piece of malware that has been used to steal millions of dollars through well-organised attacks. The website selling Blackshades – blackshades.eu – was taken offline as part of the operation.

Details.

PR - Germany - May 21, 2014 - LinOTP by LSE is now available with all features as Open Source

LSE LinOTP - a vendor-independent product for two-factor authentication and one-time password methods (OTP) - will be made available by LSE, Leading Security Experts GmbH, as an open source solution with all current features included.

The currently-separate community edition and commercially-marketed enterprise edition will be merged. LSE will provide LinOTP free of charge as an open source software solution licensed under the AGPLv3 and GPLv2. The complete feature set will be available for download when LinOTP 2.7 is released in the second half of May 2014.

LSE Leading Security Experts GmbH will complement the LinOTP software solution with matching LinOTP support and subscription services as well as professional service offerings. These will include extended levels of quality assurance for updates and patches, the availability of LSE LinOTP Smart Virtual Appliance as a fully-integrated turn-key solution, prioritized hotfixes by our development team, and advisory services on top of the usual standard support and consulting services.

Comments