admini – Page 64 – CyberSecurity Institute

Botnets now target enterprise apps

Posted on June 22, 2013December 30, 2021 by admini

He explained there was a correlation between applications used for business transactions in more connected locations, which leads to them having a higher chance of being infected.

Singapore for example, was one of the countries with the highest number of infected computers by Citadel, because it was one of the most connected nations worldwide, Poczobutt pointed out.

Moving forward, IT managers should not just respond to the latest botnet attacks but make sure there is a way to tackle attacks used commonly such as SQL injections which steal data from Web-based applications, he noted.

“I think of a botnet as an infrastructure, I can make it perform different attacks and there are different limits to the kinds of specific botnet attacks that can be launched,” Poczobutt noted, adding the constant evolution of botnets is “like a cat and mouse game”.

Link: http://www.zdnet.com/botnets-now-target-enterprise-apps-7000017125/

OWASP PUBLISHED 2013 TOP 10 VULNERABILITIES

Posted on June 16, 2013December 30, 2021 by admini

The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in application security, including 4 consulting companies and 3 tool/SaaS vendors (1 static, 1 dynamic, and 1 with both). The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact estimates.

Looking at the XSS flaws last year was ranked at the second place now it is in the third in the top. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Link: http://www.sectechno.com/2013/06/15/owasp-published-2013-top-10-vulnerabilities/

Varonis welcomes Bank of England’s high levels of concern on cyberattacks

Posted on June 14, 2013December 30, 2021 by admini

David Gibson, vice president with the data governance software specialist, said that Andrew Haldane of the Bank of England is right to be concerned about the issue, as it is clear that cybercriminals are now after any customer data they can extract from financial services institutions like banks, in order to monetise their frauds.

The key question, the Varonis VP went on to say, is that it is clear that consumers value the security of their data very highly – as witnessed by the fact that 97% of survey respondents said they are more willing to do business with a company that protects their data.

“Our survey results (http://www.varonis.com/research/#maturity) suggest that the vast number of breaches occurring on an almost daily basis indicates that businesses – just like individuals – are still struggling to get the basics right when it comes to securing their data,” he said.

“For this reason, all businesses – and not just banks – have a role to play in eradicating their bad digital habits and taking more control of their security by implementing basic security best practices – such as ensuring that staff only have access to the data they need, that all access to all data is monitored, and abuse is investigated,” he added.

Link: http://www.securitypark.co.uk/varonis-welcomes-bank-of-englands-high-levels-of-concern-on-cyberattacks/

MBR-wiping malware targets German victims

Posted on June 13, 2013December 30, 2021 by admini

McAfee’s latest Quarterly Threats Report noted a surge in MBR attacks, where the goal is to infect a machine’s storage system, and from there take control of the entire device.

The German-targeted malware doesn’t stop at wreaking of MBR havoc though: another feature is the backdoor’s capability to lock and unlock a screen. “This locking of screen is definitely a direct copy from ransomware’s playbook, in which the system remains completely or partially inaccessible unless the victim pays for the ransom,” Bermejo said.

Another possible scenario is a version of the MBR exploit that is integrated with the screen blocking routine, which will make the screen locking command easier to execute.

Link: http://www.infosecurity-magazine.com/view/32866/mbrwiping-malware-targets-german-victims

Gartner Says by 2019, 90 Percent of Organizations Will Have Personal Data on IT Systems They Don’t O

Posted on June 12, 2013December 30, 2021 by admini

Many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider,” said Mr. Such decisions are easier if employee performance information is stored in an HR management system, customer information is stored in a CRM system, and financial and business information is stored in an ERP system. Regardless of the specific privacy standard and cross-border transfer mechanism used, the most difficult challenge for organizations is to make such rules binding on all entities involved, including all employees, and accept liability in cases where employees or customers suffer harm. Given that this information can be accessed from the other end of the world in a fraction of a second, the physical location should be increasingly irrelevant. Yet this physical location is still what many regulators insist on, although the legal location should be most relevant from a regulatory perspective. As an example, personal data might be stored in a data center of a U.S. cloud provider, which is operated by a third-party service provider from India.

This report is part of the Gartner Special Report “The Future of Global Information Security” The special report can be viewed at http://www.gartner.com/technology/research/security-risk-management/ and includes links to reports and commentary that explore the major tectonic forces at play that will change how business use of technology will be dramatically changed by rapid escalations in threat, defense and societal demands.

This summit is the premier gathering for senior IT and business executives across IT security and risk management, including privacy, compliance, business continuity management (BCM), IT disaster recovery and business resiliency. The summit offers five role-based programs that delve into the entire spectrum of IT security and risk, including: network and infrastructure security; identity and access management (IAM); compliance; privacy; fraud; BCM; and resilience.

Link: http://bw.newsblaze.com/release/2013061206482800001.bw/topstory.html

Seculert uses big data security analytics to precisely identify APTs and other malware

Posted on June 11, 2013December 30, 2021 by admini

In last week’s newsletter I wrote about new approaches to IT security that utilize big data and security analytics (see “Security analytics will be the next big thing in IT security”).

What’s unique about Swamp is it is automated malware analysis which allows the malware to evolve over time — minutes, hours, or however long it takes to observe and analyze the software’s behavior. By comparison, a typical sandbox malware inspection environment doesn’t allow the malicious software to run more than a few minutes, so a sandbox solution might overlook malware that doesn’t operate in that time frame.

Using results from Swamp, Seculert infects a lab full of its own devices with malware in order to become a member of various botnets so the company can learn exactly who is controlling each botnet. Seculert applies different methods to intercept the botnet traffic and by that they can detect other members of the botnet and also collect the actual traffic that travels within this botnet.

Seculert customers provide identifying keywords such as their IP ranges or Web interface domains, and that information is used to search the data that was collected from the botnet traffic.

Subscribers to the service upload on an ad hoc or ongoing basis months or even years worth of their gateway traffic log data to Seculert’s elastic big data analysis cloud, where it is analyzed against the malware samples from the Swamp module. In addition, Sense applies a wide variety of methodologies — such as malicious traffic correlation from live botnets, domain/IP reputation, DGA detection (domain generation algorithm), machine learning sets and more — to detect suspicious and malicious activity in these Internet traffic logs.

Whenever Seculert Sense identifies malicious activity in any given log source, it will automatically be able to detect similar activities in other sources, even if the logs originate from different vendors’ products.

They can upload log files from existing secure web gateway or proxy solutions (such as Bluecoat, Squid and more) and Seculert Sense will automatically identify previously undetected malware attacks.

Link: http://m.networkworld.com/newsletters/techexec/2013/060713bestpractices.html?page=1