Category: Warnings

In one of the interviews, a chief information officer for a large company, told Hejazi that when he was hired, he laid it out for his bosses. Hejazi said the findings are reminiscent of the troubles that former technology giant Nortel Networks faced when international hackers broke into its corporate computers and accessed information for nearly a decade. The Nortel security breach gave hackers “plenty of time” and “access to everything,” according to 19-year Nortel veteran Brian Shields, who was behind a six-month investigation into the security breach that is believed to have started in 2000, but was only made public in 2012.

Hejazi said that organizations that operate with a “Yes” mentality, or are open to discussions with their staff about how to use technology responsibly, are more secure than companies with rigid security controls. Even an attachment file can directly lead to a security breach, or using free public computers at a conference in another country that has keylogging spyware installed.

Link: http://www.canadianbusiness.com/business-news/canadian-businesses-are-resigning-themselves-to-being-hacked-study/

“You can essentially have the end users interact with a shadow Internet, essentially an Internet experience that is designed by the bad guys,” says Daniel Ingevaldson, chief technology officer for Easy Solutions, a fraud-prevention company that operates extensively in South America. “We haven’t seen anything that sophisticated yet, but I can see a scenario when this attack can be used to implement a server-side or cloud-based man-in-the-middle attack,” Ingevaldson says.

In an analysis of one attack, cloud security firm Zscaler detailed a PAC file that would set a victim’s browser to forward traffic for several Brazilian banking sites and American Express’s site to an attacker-controlled server.

With a PAC file, the attackers can be a lot more choosy, redirecting requests to a group of sites or to one site in particular, says Anup Ghosh, co-founder and CEO of Invincea, a firm which detect and blocks Web and e-mail threats. Preventing PAC files from compromising browsers is not a simple task, as client-side security software will likely find it difficult to detect whether a give PAC file is a valid change or a malicious attack, he adds.

In addition, companies that use a proxy for security or DNS–and so use a proxy auto-configuration file to configure their employees’ browsers–have a good chance of detecting changes that affect their infrastructure.

Link: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240150191/cybercriminals-predicted-to-expand-use-of-browser-proxies.html.html

“You can essentially have the end users interact with a shadow Internet, essentially an Internet experience that is designed by the bad guys,” says Daniel Ingevaldson, chief technology officer for Easy Solutions, a fraud-prevention company that operates extensively in South America. “We haven’t seen anything that sophisticated yet, but I can see a scenario when this attack can be used to implement a server-side or cloud-based man-in-the-middle attack,” Ingevaldson says.

In an analysis of one attack, cloud security firm Zscaler detailed a PAC file that would set a victim’s browser to forward traffic for several Brazilian banking sites and American Express’s site to an attacker-controlled server. With a PAC file, the attackers can be a lot more choosy, redirecting requests to a group of sites or to one site in particular, says Anup Ghosh, co-founder and CEO of Invincea, a firm which detect and blocks Web and e-mail threats.

Preventing PAC files from compromising browsers is not a simple task, as client-side security software will likely find it difficult to detect whether a give PAC file is a valid change or a malicious attack, he adds.

In addition, companies that use a proxy for security or DNS–and so use a proxy auto-configuration file to configure their employees’ browsers–have a good chance of detecting changes that affect their infrastructure.

Link: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240150191/cybercriminals-predicted-to-expand-use-of-browser-proxies.html.html

Using Trend Micro Smart Protection Network™ data, we looked into the most affected countries by this BHEK run and got some interesting results.

For the spam component of this threat, it is also crucial for users and security administrators alike to realize that the usual spam and phishing best practices are not effective to address BHEK spam runs. We previously released our report Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs, which goes into details about our finding regarding the BHEK runs.

Link: http://blog.trendmicro.com/trendlabs-security-intelligence/blackhole-exploit-kit-run-adopts-controversial-java-flaw/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29

Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook, Apple and Microsoft.

Reports of the new Java flaws come as an exploit for a flaw patched in the Java 7 update 13 on February 1 has found its way into automated exploit kits designed for mass infections.

Security researcher Kafiene, who has closely monitored the development of ransomware and popular exploit kits, on Sunday reported the exploit’s arrival in several crime kits.

Another, Popads, included an additional lure of a self-generated fake Microsoft certificate for a malicious Java applet that is designed to trick users into installing a fake Java security update.

The social engineering is “tricky”, Kafiene notes, but the upshot for potential Windows victims is that they need to click “run” in the security warning to become infected.

Link: http://www.cso.com.au/article/454780/new_java_7_security_flaws_emerge_old_one_lands_crime_kits/