CyberSecurity Institute – Page 63 – Security News Curated from across the world

AppRiver Releases Mid-Year Global Threatscape Report

Posted on July 2, 2013December 30, 2021 by admini

vents—Some of the bigger stories surrounding email and web threats over the past six months include malware campaigns leveraging the Boston Marathon bombings, the continuing rise of mobile malware, and DSD: a distraction technique used by cybercriminals as they’re emptying your bank accounts.

“If you notice a deluge of spam in your email inbox, it’s best not to try to monitor your email, but instead go directly to your account(s) activity because the people behind this spam blast have somehow obtained your personal account information and email address,” says Touchette. “In order to hide purchase receipt emails or balance transfer confirmation emails, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood.

As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems, Ruby vulnerabilities, universal plug and play problems, and an Adobe issue with ColdFusion.

Metrics—In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and “drive-by downloads” become more widespread, this data will expose trends and patterns that can help improve security for users.

The Cyber World—This section of the report discusses major cybercrime arrests like that of Hamza Bendelladj for leading a major Zeus botnet, along with Hacktivism activities, and the evolution of cyber espionage from simple murmurings to mainstream conversation with attention-grabbing incidents such as Stuxnet, targeting a very specific system for enriching Uranium in a very specific location, not to mention the talk of cyber exchanges between the U.S. and China.

Link: http://www.heraldonline.com/2013/07/02/4994746/appriver-releases-mid-year-global.html

Combating attacks with collaborative threat intelligence

Posted on July 1, 2013December 30, 2021 by admini

Once an attacker has targeted any member of a collaborative platform, command-and-control servers are easily identified by their IP addresses throughout the network. This means that attackers can no longer benefit from the isolation of their targets; they must use a new IP for each attack that they launch. Instead of being able to launch thousands of attacks from a single IP, they have to pay the cost of acquiring a number of IPs that is proportional to the number of attacks they wish to mount.

Additionally, an attacker’s tools and tactics become much less effective when defenders collaborate to protect themselves from the attacker.

Link: http://www.net-security.org/article.php?id=1857&p=2

Attackers sign malware using crypto certificate stolen from Opera Software

Posted on June 26, 2013December 30, 2021 by admini

Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker. “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware,” Wednesday’s advisory stated. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC, may automatically have received and installed the malicious software.”

Missing details include when the attackers first gained access to the servers, precisely when the stolen digital certificate expired, and whether there’s reason to believe other certificates may also have been obtained. It would also be useful to know how hackers got access to an official Opera digital certificate, which is supposed to cryptographically prove that the software that bears its seal could only have come from the company.

The Opera post urged users to “update to the latest version of Opera as soon as it is available, keep computer software up to date, and to use a reputable antivirus product on their computer.”

At some point soon, though, officials should provide a more thorough account of what happened, who was affected, and what steps have been taken to prevent similar attacks from succeeding in the future.

Link: http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto-certificate-stolen-from-opera-software/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

Mobile malware attacks grow 614% in year to March – study

Posted on June 26, 2013December 30, 2021 by admini

The Juniper Networks Mobile Threats Centre (MTC) identified more than 500 third-party “alternative” app stores globally where our researchers found mobile malware. They are also quite popular for device users who “jailbreak” or root their phones, and are looking for pirated or unsanctioned apps. Of these alternative app stores, three out of five are in China or Russia, markets infamous for malware.

The Juniper Networks Mobile Threats Centre (MTC) is studying the types of permissions users are required to give to apps in order to install them. Building on that research, Juniper found was an increase in the number of permissions required with free applications much more likely to ask for large amounts of information.

Link: http://www.telecompaper.com/news/mobile-malware-attacks-grow-614-in-year-to-march-study–951813

Unified database security software to help prevent intrusions

Posted on June 26, 2013December 30, 2021 by admini

GreenSQL offers a free version of its database security system from its website, with clients receiving the masking, performance management and auditing functions as part of its full service, Maman notes.

The company’s unified database security system was developed, initially, as an open-source project to protect open-source MySQL databases in 2006, with the first release in 2007 of the basic database security solution, he says. In less than three years time, the program was downloaded more than 100 000 times and Maman then founded the company with partners in 2009, which developed the GreenSQL database security system – built anew based on the team’s knowledge of database security in the open-source community.

“The system provides complete compliance with regulations, such as the public company accounting reform Sarbanes-Oxley Act, the administrative simplification standard Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard,” concludes Maman.

* Unified database security software parses the protocols and the syntax of connections into a database to analyse the patterns of activity to monitor and manage access to sensitive information.

* Database Activity Monitoring enables management to see exactly when and which sensitive records their external consultants have been exposed to and what actions they took.

Link: http://www.engineeringnews.co.za/article/protocol-and-syntax-parsing-into-database-provides-security-performance-and-access-management-2013-06-07

Tackling cyber threats will require regional cooperation (AP)

Posted on June 26, 2013December 30, 2021 by admini

James Clapper, the United States’ director of national intelligence, also reports in the “US Intelligence Community’s Worldwide Threat Assessment” of March that there has been a significant increase in state actors’ use of cyber capabilities, and this could possibly lead to an increase in the probabilities of miscalculations, misunderstandings and unintended escalation. The CSIS report suggests that malicious activity in cyberspace, which could inflame existing tensions or increase misperception and miscalculation among governments of the intent and risk of cyber actions, poses the greatest cyber risk to security in Asia. Furthermore, there is no international or regional agreement on clear and harmonised definitions for what constitutes “cyber security”, “cyber attack” or “cyber defence” – lines between cyber crime, cyber espionage and cyber attack are also ambiguous.

In light of these developments, and in addressing non-traditional security issues, the ASEAN Political-Security Community seeks to promote the renunciation of aggression and of the threat or use of force or other actions in any manner inconsistent with international law.

Confidence-building measures and preventative diplomacy, such as exchanges among defence and military officials, can also be enhanced to ensure escalation does not occur between ASEAN member states or between ASEAN member states and third countries.

A joint EU-US Working Group on Cyber Ssecurity and Cyber Crime was created in November 2010, and the European Parliament Committee on Foreign Affairs report of 2012 calls for accelerating cooperation and exchange of information on how to tackle cyber security issues with third countries, such as its proposals to engage the BRICS countries. The Asia-Europe Meeting (ASEM), whose partners include the ASEAN Plus Three, 27 EU members and the European Commission, can also be engaged to explore these issues of common concern in an open and informal fashion in order to complement bilateral and multilateral cooperation efforts.

Cooperation in tackling cross-border cyber threats should also be included within the ASEM 2012-2014 work programme and placed on the agenda of the 10th ASEM summit, which is due to be held in 2014.

In the future, ASEAN member states should agree a common position on shared norms for responsible state behaviour in cyberspace and the applicability of international law for the use of advanced cyber capabilities and techniques.

Link: http://www.nationmultimedia.com/opinion/Tackling-cyber-threats-will-require-regional-coope-30209055.html