admini – Page 67 – CyberSecurity Institute

CommonKey Brings Password Management To Small Teams

Posted on May 24, 2013December 30, 2021 by admini

CommonKey has launched as an extension for the Chrome web browser, but the plan is to soon bring it to Firefox, Safari then to iOS and Android as a mobile app. It works a lot like any other password manager available today, except that in its case, a business owner can create an organization and groups within that organization (e.g., PR, marketing, development, sales, etc.) in order to securely share common passwords among the team.

Users establish their own CommonKey accounts, which they can also use for one-click logins to personal services like Facebook, Twitter, email or anything else that’s not work-related. In fact, the service works just fine if you wanted to use it as an individual, and will also soon include a feature that automatically generates strong passwords for you, too.

During its beta period, CommonKey’s service is free, but the plan is to eventually charge companies based on number of employees with access to shared accounts.

Link: http://techcrunch.com/2013/05/24/commonkey-brings-password-management-to-small-teams/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

New Computer Attacks Traced to Iran, Officials Say

Posted on May 24, 2013December 30, 2021 by admini

The Obama administration has been focused on Iran because the attacks have given the Iranian government a way to retaliate for tightened economic sanctions against it, and for the American and Israeli program that aimed similar attacks, using a virus known as Stuxnet, on the Natanz nuclear enrichment plant.

In a letter to the editor of The Times, responding to a May 12 article that reported on the new attacks’ similarity to the Saudi Aramco episode, Alireza Miryousefi, the head of the press office of the Iranian mission to the United Nations, wrote that Iran “never engaged in such attacks against its Persian Gulf neighbors, with which Iran has maintained good neighborly relations.”

American officials have not offered any technical evidence to back up their assertions of Iranian authorship of the latest attacks, but they describe the recent campaign as different from most attacks against American companies — particularly those from China — which quietly siphon off intellectual property for competitive purposes.

The White House would not confirm that Iran was the source, but Laura Lucas, a spokeswoman for the National Security Council, said that “mitigating threats in cyberspace, whether theft of intellectual property or intrusions against our critical infrastructure” was a governmentwide initiative and that the United States would consider “all of the measures at its disposal — from diplomatic to law enforcement to economic — when determining how to protect our nation, allies, partners, and interests in cyberspace.” But Homeland Security was able to issue a broader warning because of an executive order, signed in February, promoting greater information sharing about such threats between the government and private companies that oversee the nation’s critical infrastructure. It said the government was “highly concerned about hostility against critical infrastructure organizations,” and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year.

Government officials also say Iran was the source of a separate continuing campaign of attacks on American financial institutions that began last September and has since taken dozens of American banks intermittently offline, costing millions of dollars.

Link: http://www.nytimes.com/2013/05/25/world/middleeast/new-computer-attacks-come-from-iran-officials-say.html

2013 will see an explosion in malware

Posted on May 24, 2013December 30, 2021 by admini

AV-Test says they expect to see five million new malware samples each month – about double the rate from last year.

“This dramatic development is also forcing the manufacturers of anti-virus software to adopt different strategies, for example whitelisting, an approach that has now been popular for a number of years.” “Instead of sending 100,000 users the identical malware sample, a malware writer generates 10,000 unique samples for 10 users each or even 100,000 completely unique samples.” “In the majority of cases, the malware writers are using the same executable and then, it will automatically be encrypted, packed and scrambled in different ways,” said Marx.

In the back and forth between the bad guys and security companies, attackers must constantly change their strategies if they hope to reach any ripe targets.

Perhaps 60 million new pieces of malware might just be the sign of a job well done, but nonetheless, it’s a scary number.

Link: http://www.itproportal.com/2013/05/24/2013-will-see-an-explosion-in-malware/

Zeus variants are back with a vengeance

Posted on May 24, 2013December 30, 2021 by admini

The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.”

Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites. What was previously put in one folder in Windows’%System% folder is now in to random-named folders in the%Applications Data% folder.

“What we can learn from ZeuS / Zbot’s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these,” the researchers warn and advise: “It is important to be careful in opening email messages or clicking links.

Link: http://www.net-security.org/malware_news.php?id=2504&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Scanner identifies malware strains, could be future of AV

Posted on May 24, 2013December 30, 2021 by admini

So he created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens.

According to the website, Simseer detects malware’s control flow, which changes much less than string signatures or similar features, and polymorphic and metamorphic malware variant usually share the same control flow.

It runs on an Amazon EC2 cluster with a dozen or so virtual servers, and is “fed” by Cesare every night with gigabytes of malware code downloaded from other free sources such as VirusShare.

As said before, it works on any kind of software, and can be used for plagiarism and software theft detection, as well as incident response.

Link: http://www.net-security.org/malware_news.php?id=2505&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO

Posted on May 24, 2013December 30, 2021 by admini

Everybody owns [infrastructure] when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong

Building on the MSS relationship not only allows Foxtel to be more proactive in maintaining its security posture, but supports interactions with executives who are less concerned with technical minutiae but think of IT security in terms of business risk.

Analysis of internal cost-recovery claims is a great way to marry IT-security activity to potential business change: once the IT staff know which business units are paying for what systems and services, it’s much easier to know how any potential security issue will affect which parts of the business. Everybody owns it when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong.”

Shaw has often found it’s easier for an internal security organisation to get leverage with other business units by handballing the bad news to the MSS: “it’s always effective bringing in external parties to talk to your executives,” he laughed. “Your executives are not going to give you budget unless you can marry together the value from MSS, actionable intelligence – unless you can demonstrate the value to the business and where the business is trying to go.

Link: http://www.cso.com.au/article/462775/auscert_2013_visibility_critical_when_selling_it_security_execs_says_foxtel_cso/