Computer Security Updates Week 3 of Jul 2014

Refer to Computer Security Updates Week 4 of June 2014; the biggest news was the report on Luuuk banking fraud campaign by Kaspersky.

For this week / last week, here are / were the biggest news.
  • PR - Jul 16, 2014 - McAfee: Most Toxic Superheroes
  • PR - Jul 11, 2014 - Kaspersky: Corporate security forecast: cloudy
  • PR - Jul 9, 2014 - Blue Coat: Rising Malware Threats on Mobile Networks
  • PR - Jul 7, 2014 - AIMS to Provide IBM Managed Security Services in Malaysia
  • PR - Jul 3, 2014 - McAfee Positioned in the Leaders Quadrant for Secure Web Gateway in Gartner’s Latest Magic Quadrant

PR - Jul 16, 2014 - McAfee : Most Toxic Superheroes

As comic fans prepare for the upcoming Comic Con, the premier comic book and popoular arts style convention convention in the world, today McAfee releases its second annual 2014 Most Toxic Superheroes list with Superman emerging at number 1. This is a couple of weeks after Warner Bros. shared the first image of actor Henry Cavill suited as the Man of Steel for the much-anticipated Batman vs. Superman: Dawn of Justice film.

This research is based on which superheroes are kryptonite on the web and result in bad links, including viruses, malware and sites laden with malicious software designed to steal passwords and personal information.

With the excitement for the upcoming Batman vs. Superman: Dawn of Justice film and the many films released in the past few years, it’s no surprise that these superheroes top the list.

PR - Jul 11, 2014 - Kaspersky: Corporate security forecast: cloudy

Although cloud-based file storage services have long been popular among Internet users, the indisputable convenience of such services is to some extent offset by a number of risks. For example, many users follow the advice of gurus and store scans of their passports and other documents in the cloud – though sometimes vulnerabilities in the service jeopardize the security of their personal data.

One possible scenario is cybercriminals gaining control of an employee’s laptop via a Dropbox client installed on it. This could happen when the employee is away from the office. If infected documents are placed in cloud folders, Dropbox will automatically copy them to all devices connected to the corporate network that also run the same service. Dropbox is not unique in this respect – all popular cloud storage applications, including Onedrive (a.k.a. Skydrive), Google Disk, Yandex Disk etc., have automatic synchronization features. This is why Kaspersky Lab experts decided to find out whether cybercriminals actually use these features to distribute malware.


PR - Jul 9, 2014 - Rising Malware Threats on Mobile Networks

Today, Blue Coat releases its 2014 Mobile Malware Report’s findings in Malaysia which reveals a shocking trend that “Malicious Web advertisements has overtaken Pornography to be the #1 mobile content leading to Malware” which is more than tripling (3x) its threat since last year which grew from 5.7% in 2013 to 19.7% in 2014.

With Web ads, ONE in EVERY FIVE times a user is directed to mobile malware.

Briefly, the research report also entails the following key findings:-
  • The security models of phone are not being breached but people are: Despite the proliferation of mobile devices and almost 1.5 billion new ways to steal information, today’s mobile malwares rely on the same socially engineered malware tricks that have been prevalently used for years to attack PCs to trick consumers to click in or take actions that give control to the criminals.
  • Top 3 most prolific mobile malware threats are i)Premium SMS Scam, ii) Poisoned Links and iii) Rogue App
  • User behaviours on mobile and PCs are distinctively different. For instances, social networking has decreased as an activity on PCs, but is now the 3rd popular activity on mobile devices. Online shopping is one of the most popular activities on mobile platforms, but not on PCs.

Ivan Wen, country manager at Blue Coat highlights user behaviour remains as the key in identifying where attacks might occur and understanding how these attacks may evolve. In order to ensure protection of information assets and user privacy, we should consider a ‘Lifecycle Defense’ approach to protect the mobile environments.


PR - Jul 7, 2014 - AIMS to Provide IBM Managed Security Services in Malaysia

The AIMS Group (AIMS) today announces the first strategic alliance with IBM, to roll out IBM’s Managed Security Services (MSS) in Malaysia.

AIMS - which is Southeast Asia’s leading carrier-neutral data services provider, will offer its existing and new customers an enhanced range of high quality, managed security services from IBM, which is the world’s leading computing giant, in this area of enterprise-level IT and security.

This initiative addresses the need to help small and medium companies in Malaysia access enterprise grade security infrastructure services delivered by security experts.

Leveraging the IBM Security Framework, AIMS will offer the new Managed Security Services delivered via a cloud-based Virtual Security Operations Center (VSOC). This platform provides customers full transparency and insight into their environment as well as a view on normal usage patterns.


PR - Jul 3, 2014 - Intel Security (McAfee), Positioned in the Leaders Quadrant for Secure Web Gateway in Gartner’s Latest Magic Quadrant

Today, McAfee, part of Intel Security, has announced that leading research firm Gartner, Inc, has positioned the company in the Leaders quadrant, both in its “Magic Quadrant for Secure Web Gateways (SWG)” as well as in its “Magic Quadrant for Security Information and Event Management (SIEM)”. These results were published on 23rd June and 25th June 2014 respectively.

McAfee’s position in the Leaders quadrant for SWG confirms that Intel Security continues to be a significant solution provider for companies seeking to secure themselves against Web-borne threats.

Under McAfee’s SWG offering, McAfee Web Protection provides advanced security, malware protection, application control, flexible deployment options and a lower total cost of ownership that organizations need in order to take full advantage of the Web without compromising the integrity of their network.