CyberSecurity Institute – Page 85 – Security News Curated from across the world

Security Think Tank: Context-aware security saves time

Posted on March 18, 2013December 30, 2021 by admini

Identify areas of intensive data analysis and look for strategic alignments with context-aware devices that can increase reaction times without reducing effectiveness

Thinking back to the origin of the phrase contextual computing, it is important also that these actions be put into the most appropriate human context. It should be a specialist security team or officer running these processes and they need to be made in context – while thinking holistically about the overall needs of the business.

It may well be that more security technology, context-aware or not, is not the biggest requirement for some companies.

Sometimes it is the human context that needs to be improved, from a social-engineering perspective. After all, the supplemental information the software will be looking for is founded on human behavior patterns, from information user behavior and tasks to location, infrastructure and physical conditions.

Link: http://www.computerweekly.com/opinion/Security-Think-Tank-Context-aware-security-saves-time?utm_medium=EM&asrc=EM_ERU_20999938&utm_campaign=20130318_ERU%20Transmission%20for%2003/18/2013%20(UserUniverse:%20635390)_myka-reports@techtarget.com&utm_source=ERU&src=5114873

Cyber attacks on banks resume, targeting Chase

Posted on March 13, 2013December 30, 2021 by admini

Chase was targeted by the latest in a series of denial-of-service attacks, which overwhelm websites with phony requests so that legitimate customers can’t get through.

A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters has been attacking American banks off and on since September. The group, based in the Middle East, says the attacks are retaliation for a video, produced by amateur U.S. filmmakers, that mocks the prophet Muhammad.

In a pastebin.com post, the group threatened to attack U.S. banks on Tuesdays, Wednesdays and Thursdays “because of widespread and organized offends to Islamic spirituals and holy issues.”

The website sitedown.co, which allows Internet users to report crashes of corporate sites, recorded 213 reports of problems with Chase’s website in the 24 hours that ended at 7:40 p.m.

The site showed 917 reports of Chase outages over the last month, compared with 453 at AT&T, 415 at Netflix, 351 at Bank of America and 107 at Wells Fargo.

Link: http://www.latimes.com/business/money/la-fi-mo-bank-cyber-attacks-chase-20130312,0,1903959.story

Australian central bank computers hacked

Posted on March 11, 2013December 30, 2021 by admini

A defence department official cited by the newspaper said “the targeting of high-profile events, such as the G20, by state-sponsored adversaries … is a real and persistent threat”.

In another sophisticated incident the month before, revealed on the central bank’s disclosure log under its freedom of information obligations, “targeted” emails were received regarding its strategic planning for 2012.

“Malicious email was highly targeted, utilising a possibly legitimate external account purporting to be a senior bank staff member,” an official report by the bank’s risk management unit said. “As the email had no attachment, it bypassed existing security controls, allowing users to potentially access the malicious payload via the Internet browsing infrastructure.”

Last year, Chinese telecoms giant Huawei was barred from bidding for contracts on Australia’s ambitious Aus$36 billion (S$46.16 billion) broadband rollout due to fears of cyberattacks.

Link: http://news.asiaone.com/News/Latest%2BNews/Science%2Band%2BTech/Story/A1Story20130311-407662.html

Canadian businesses are resigning themselves to being hacked: study – Canadian Business

Posted on March 10, 2013December 30, 2021 by admini

In one of the interviews, a chief information officer for a large company, told Hejazi that when he was hired, he laid it out for his bosses. Hejazi said the findings are reminiscent of the troubles that former technology giant Nortel Networks faced when international hackers broke into its corporate computers and accessed information for nearly a decade. The Nortel security breach gave hackers “plenty of time” and “access to everything,” according to 19-year Nortel veteran Brian Shields, who was behind a six-month investigation into the security breach that is believed to have started in 2000, but was only made public in 2012.

Hejazi said that organizations that operate with a “Yes” mentality, or are open to discussions with their staff about how to use technology responsibly, are more secure than companies with rigid security controls. Even an attachment file can directly lead to a security breach, or using free public computers at a conference in another country that has keylogging spyware installed.

Link: http://www.canadianbusiness.com/business-news/canadian-businesses-are-resigning-themselves-to-being-hacked-study/

Microsoft Patch Tuesday targets Internet Explorer drive-by attacks – Sharepoint, Microsoft, security

Posted on March 10, 2013December 30, 2021 by admini

“It fixes critical vulnerabilities that could be used for machine takeover in all versions of Internet Explorer from 6 to 10, on all platforms including Windows 8 and Windows RT,” says Qualys CTO Wolfgang Kandek.

It affects Silverlight whether deployed on Windows or Mac OS X operating systems, where it is used to run media applications such as Netflix, Kandek says.

“It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the ‘critical’ rating,” he says.

Three of the bulletins are rated important and include two that could allow data to leak and one that could allow attackers to elevate privileges on an exploited machine. Important bulletins include vulnerabilities that could lead to compromised confidentiality, integrity or availability of user data, or of the integrity or availability of processing resources, Microsoft says.

Link: http://www.arnnet.com.au/article/455814/microsoft_patch_tuesday_targets_internet_explorer_drive-by_attacks/

Does your Incident Response Plan include “The Dark Side of the Internet”?

Posted on March 10, 2013December 30, 2021 by admini

Several weeks prior their client-facing website/application had been “hijacked” and was redirecting clients from certain geographic regions to an overseas site. … Best guess would be a drive-by malware site, although the geographic discrimination is an unusual twist that would have been interesting to understand. In order to ensure that any traces of the compromise were eradicated, the client rebuilt the site at a different hoisting provider on a fresh Content Management System (CMS) install with updated modules/templates. That being said, we had several good data points: an overseas IP address attempting to hit the admin page of the app and the fact that the hacker had signed his website defacement.

One thing many people don’t know about TOR is that it can also be used to connect to “hidden services” on the internet – sometimes referred to as the “darknet”. … It’s not for the faint of heart – and despite the “anonymity” that is provided by TOR, you still find yourself looking over your shoulder when you’re on it.

Part of our client’s continuous improvement process is adding TOR/darknet knowledge to their Computer Security Incident Response Team (CSIRT). Hopefully, they won’t have to exercise the plan anytime soon – but if they have a security incident to respond to their Incident Response Plan now includes a trip to the dark side.

Link: http://www.pivotpointsecurity.com/risky-business/does-your-incident-response-plan-include-the-dark-side-of-the-internet