Author: admini

Hackers use corporate attacks as staging grounds for other cyber assaults

Posted on by admini

For one thing, any counterstrike against what might be thought to be the lair of the attacker may in reality simply be just another corporate network that’s been compromised. An IT manager that wants to take steps to definitely stop certain actions is proceeding into an area that’s immediately dominated by legal and insurance considerations.

It would be a better world if IT managers could reach out across corporate boundaries and one could tell another about what’s perceived to be an attack based on malware coming from the other’s network and quickly snuff it out. … Instead, it’s the company lawyers that will be needed to try and resolve serious problems that seem to emanate from other corporate networks.

Serge Jorgensen, CTO at Sylint Group, the Sarasota, Fla., firm that provides incident response and remediation services, pointed out that one legal option would be seeking a temporary restraining order (TRO) from a judge against what is seen as the offending entity where the cyber-attack appears to originate.

Link: http://www.networkworld.com/news/2013/030113-rsa-cyberattacks-267279.html

Read more

Hacker raids ABC

Posted on by admini

“As soon as the ABC was made aware of this activity the site was shut down,” Cray said. “This breach originated at an overseas location and an activist has claimed responsibility for it.”

Random checks against user identities listed within the 10 page online database dump returned legitimate matches.

The hacker claiming responsibility said the attack was in response to an interview broadcast on the ABC’s Lateline program with the right-wing Wilders.

Link: http://www.crn.com.au/News/334708,hacker-raids-abc.aspx?utm_source=pcta&utm_medium=web&utm_campaign=networkbar

Read more

New Java 7 security flaws emerge as old one lands in crime kits – java 7, software vulnerabilities,

Posted on by admini

Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook, Apple and Microsoft.

Reports of the new Java flaws come as an exploit for a flaw patched in the Java 7 update 13 on February 1 has found its way into automated exploit kits designed for mass infections.

Security researcher Kafiene, who has closely monitored the development of ransomware and popular exploit kits, on Sunday reported the exploit’s arrival in several crime kits.

Another, Popads, included an additional lure of a self-generated fake Microsoft certificate for a malicious Java applet that is designed to trick users into installing a fake Java security update.

The social engineering is “tricky”, Kafiene notes, but the upshot for potential Windows victims is that they need to click “run” in the security warning to become infected.

Link: http://www.cso.com.au/article/454780/new_java_7_security_flaws_emerge_old_one_lands_crime_kits/

Read more

Fresh evidence on IT security threat

Posted on by admini

HTTP proxy, used both as a security component and to evade controls, exhibited the 7th highest volume of malware logs.

René Bonvanie, chief marketing officer at Palo Alto Networks, said: “Correlating threats with specific applications allows security teams to directly see and control risks in their networks.”

Matt Keil, senior research analyst at Palo Alto Networks and author of the report said:”The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call. These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”

Custom or unknown applications are defined as either TCP or UDP based applications that are custom (internal to the organization), unrecognised commercially available, or a threat.

Link: http://www.iwr.co.uk/information-management-and-technology/3011498/Fresh-evidence-on-IT-security-threat

Read more

New RSA Solutions To Help Bring Faster Incident Response That’s Better Aligned to Business Risk

Posted on by admini

.To achieve these goals security teams must not just employ better security analytics to help identify advanced threats, but also must have the tools and threat intelligence to understand which security alerts represent the highest risk to the business, and what assets require the greatest protection.

RSA’s new solutions are expressly designed to align the efforts of the security and business teams to better protect the critical assets of an organization. Built on the proven architectures of the RSA Archer® Governance, Risk and Compliance (GRC) platform and RSA(®) Data Loss Prevention (DLP) suite, these new solutions combine with the RSA Security Analytics platform to help next generation Security Operations Centers address multiple dimensions of advanced threats.

Along with these new solutions, RSA is also releasing the latest version of RSAArcher(®) Threat Management 4.0 software that is designed to prioritize security projects based on risk and threat scores by aggregating and fusing threat intelligence feeds with vulnerability scan results from multiple sources. “Prioritizing the security alerts that have the most potential risk to the organization is critical in ensuring maximum protection for sensitive assets and information. … We built these new solutions on the proven RSA Archer GRC platform, which not only makes them very functional out-of-the-box but also helps organizations already using RSA Archer technology to extract more value out of their GRC investments.”

The new solutions from RSA can help align the efforts of security and business groups in order to be more efficient and better address the security incidents and threats that have the biggest potential to impact the business.”

Link: http://pn.newsblaze.com/release/2013022505310600027.pnw/topstory.html

Read more

The security threat of evasive malware

Posted on by admini

The report finds that stalling codes are particularly troublesome because they “can no longer be handled by traditional sandboxes (even if the trick is known).”

“Current sandboxes have a lack of visibility into the execution of a malware program,” said Giovanni Vigna, CTO of Lastline. “To detect this new breed of evasive threats, a sandbox needs to have visibility and must be able to do this stealthily.

Link: http://www.net-security.org/malware_news.php?id=2423

Read more