January 2013 – Page 3 – CyberSecurity Institute

Solera Networks Becomes Industry’s First Security Intelligence and Analytics Solution with Common Cr

Posted on January 30, 2013December 30, 2021 by admini

“Government entities holding a wealth of information crucial to the nation’s safety and security have become keenly aware of the critical need for best-of-breed and massively scalable Security Intelligence and Analytics capabilities to prepare for the inevitability of attacks and security breaches,” said Yiannis Vassiliades, VP of Product Management at Solera Networks.

Solera DeepSee delivers security intelligence and advanced threat protection through full network visibility, big data security analytics and comprehensive threat intelligence-essential components required by government agencies facing today’s volatile and constantly evolving threat landscape. … In addition to providing visibility of advanced threats and malware that fly under the radar of traditional security technologies, DeepSee allows organizations to respond to security incidents in real-time-further enabling them to replay and review attacks in full fidelity to answer critical post-breach questions, mitigate risk and further protect the organization from attack.

Link: http://bw.newsblaze.com/story/2013012906123900001.bw/topstory.html

Browser-hijacking malware talks to attackers using SPF email validation protocol | Security – InfoWo

Posted on January 29, 2013December 30, 2021 by admini

The role of the JavaScript code is to display rogue advertisements inside pop-up windows and trick users to click on them, which generates income for the attackers, Katsuki said. Knowing in advance which domain will be generated, the attackers register it and configure its SPF record to contain IP (Internet Protocol) addresses or host names that will be used by the malware to construct new malicious URLs. A domain name owner can specify an SPF policy — a number of IP addresses or host names that are allowed to send emails from that particular domain — inside a DNS TXT or SPF record. Email servers can then perform SPF lookups via DNS in order to check that email messages appearing to have been sent from that domain actually came from an IP address authorized by the domain administrator. If the sender IP address or host specified in an email’s header is not listed in the SPF policy for the corresponding domain name then the email sender’s address was probably spoofed.

Spachanel, the SPF policy for the domain name is not used to validate emails, but to provide a new list of malicious host names to be used by the malware.

That’s because in order to perform SPF lookups, the malware queries a trusted DNS server located on the local network or the Internet service provider’s network. This server then queries other DNS servers up the chain until the request reaches the authoritative DNS server for the domain name, which responds with a TXT or SPF record containing the SPF policy.

Link: http://www.infoworld.com/d/security/browser-hijacking-malware-talks-attackers-using-spf-email-validation-protocol-211660

Enterprises using new tech to deceive hackers

Posted on January 29, 2013December 30, 2021 by admini

This is because the financial sector has always been a favorite target for hackers and will more likely be able to adopt active defense strategies, Eric Chan, regional technical director of Fortinet Southeast Asia and Hong Kong, explained. They also have high IT security budgets and are risk-averse, so they will be likely to consider them, he said.

However, among the enterprises that have the resources to dedicate to robust and complex defenses, there is a gradual move from honeypots to using more sophisticated active defense methods, Steinberg noted. Such methods include developing new technologies that mislead hackers, or coming up with false information to lure hackers down dead ends and away from organization’s critical information, he explained.

Other than in India, the technology, called Intrusion Deception software, has already been adopted by many private and government organizations worldwide, according to David Koretz, vice president and general manager of Mykonos Software, which Juniper Networks had bought for US$80 million in February last year. “In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched…. In real life, almost every government has a traditional military defense like Army, Air Force and Navy, but there is also a secretive, deceptive group of spies and undercover organizations thwarting attacks before they are ever launched,” Koretz said.

Moving forward, Steinberg expects more sophisticated active defense methods to be adopted by organizations and the move away from honeypots. Honeypots are merely “bait”, but enterprises today want to feel like they are able to fight back against hackers instead of passively defending themselves, he said. “they can start with low-interaction honeypots, such as a facade, which is a lightweight form of honeypot and most often implemented as a software emulation of a target service or application.”

In order for companies to effectively adopt active defenses, they should combine the use of both “the bait and the strategy”, Steinberg pointed out. Both honeypots, new technologies to mislead hackers and new strategies should be used together for a complete strategy, he explained.

Link: http://www.zdnet.com/enterprises-using-new-tech-to-deceive-hackers-7000010403/

Cutwail botnet on spam rampage, delivers Cridex worm

Posted on January 27, 2013December 30, 2021 by admini

The victims would be taken to the compromised web site if they clicked on links contained in bogus spam emails such as this one: The majority of computers enslaved in the Cutwail botnet are at this time located in the U.S., India, the Russian Federation and Mexico.

As always, users are advised to keep their OS and software updated, as well as avoid clicking on links contained in unsolicited emails.

Link: http://www.net-security.org/malware_news.php?id=2386

The United States is a hive for botnets

Posted on January 27, 2013December 30, 2021 by admini

Second on the list is, surprisingly, the British Virgin Islands in the Caribbean. Third on the list is The Netherlands with 154, which contributes to a hotspot of botnet command servers in that region of Europe amounting to 270 servers; the most dense of any region in the world.

http://www.neowin.net/news/the-united-states-is-a-hive-for-botnets?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+neowin-main+%28Neowin+News%29

Pandora’s Box – New US Cyber Security Bills Create a Worm Hole in the Internet Galaxy

Posted on January 26, 2013December 30, 2021 by admini

US Representatives Mike Rogers (R-Mich) and Dutch Ruppersberge (D-Md) took the Cyber Intelligence Sharing and Protection Act (CISPA) to the floor last year, despite the threats that President Obama would veto the Bill on the version that it was then. “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security.”

The two Bills are controversial because on one hand, they address an important aspect of security and it is critical that countries work towards securing cyber space through having relevant legislative framework in place but what is also equally important is that considerations such as human rights provisions such as rights to privacy and other issues such as data protection rights be a part of the equation. It is also important that lawmakers remember that the foundation of freedoms and rights is also based on the notion that individuals are protected from arbitrariness otherwise there is a devolution to a Police State. Given the interdependencies of the Internet through its architecture and the series of relationships and transactions, the enforcement of US control over other states through these two Bills means that every Policy made by the global community within Multistakeholder organizations’ like Internet Corporation for Assigned Names and Numbers (ICANN) will be subject to these laws if passed.

Last year the US Government decided to return two domain names, namely Rojadirecta.com and Rojadirecta.org which it improperly seized and held in its possession for well over a year, without so much as an explanation. … The courts in the US disagreed holding that the US government did not have to return the domains and Puerto 80 appealed and then late last year the US Government mysteriously dropped the matter without an explanation.

Even if the Bills were to contain provisions to protect the privacy rights and civil liberties of Americans, there is no guarantee that the rights and protections would extend to non-Americans.

Link: http://www.circleid.com/posts/20130126_pandoras_box_new_us_cyber_security_bills_worm_hole_internet/