Archive

Category Archives for "Network World Security"

Banking malware proves tough to repel

Companies are finding it tough to keep out new types of banking malware, which continue to get better following the bar-raising threat known as Zeus.The malicious programs all aim to swiftly and secretly steal credentials for online bank accounts, with some specializing in making large, unauthorized wire transfers from businesses using the ACH (Automated Clearing House) system.A study by the firm SecurityScorecard, which specializes in tracking a company’s risk of intrusion, found more than 4,700 organizations that were infected by some type of advanced banking malware.SecurityScorecard collected the data in part by using sinkholes, or computers that researchers control which are part of a network of infected machines, known as a botnet. An analysis of those sinkholes can lend insight into how many machines may be infected with a particular type of malware.To read this article in full or to leave a comment, please click here

Review: Breakthroughs in endpoint security

Despite advances in malware protection, endpoints get infected every day, even those running some form of anti-virus or other defense that the threat is able to circumvent. In our recent roundup of anti-virus programs, we discovered several new techniques being employed by anti-virus companies to make PCs safer against advanced threats. Even so, many anti-virus companies we talked with acknowledged that their software can’t catch everything, especially within those commonly exploited areas that are tricky to defend.To read this article in full or to leave a comment, please click here(Insider Story)

Review: Breakthroughs in endpoint security

Despite advances in malware protection, endpoints get infected every day, even those running some form of anti-virus or other defense that the threat is able to circumvent. In our recent roundup of anti-virus programs, we discovered several new techniques being employed by anti-virus companies to make PCs safer against advanced threats. Even so, many anti-virus companies we talked with acknowledged that their software can’t catch everything, especially within those commonly exploited areas that are tricky to defend.To read this article in full or to leave a comment, please click here(Insider Story)

Samsung will stop blocking Microsoft software updates ‘within a few days’

Owners of Samsung PCs will begin receiving automatic software updates from Microsoft again soon, after Samsung said it will end its practice of blocking automatic Windows Updates on its computers.“We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days,” Samsung said Friday.It said it was committed to providing “a trustworthy user experience” and that it values its partnership with Microsoft.It’s a quick turnaround from earlier this week, when researcher Patrick Barker reported on an auspiciously named application called “Disable_Windowsupdate.exe” that runs on Samsung PCs as part of the company’s SW Update service. As its name implies, the program disables automatic updates from Microsoft’s software patching service, and requires people to manually install individual patches if they want to update their PC.To read this article in full or to leave a comment, please click here

Software developers are failing to implement crypto correctly, data reveals

Despite a big push over the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures in business applications.The scale of the problem is significant. Cryptographic issues are the second most common type of flaws affecting applications across all industries, according to a report this week by application security firm Veracode.The report is based on static, dynamic and manual vulnerability analysis of over 200,000 commercial and self-developed applications used in corporate environments.To read this article in full or to leave a comment, please click here

Magento e-commerce platform targeted with sneaky code

Attackers are using a sneaky method to steal payment card data from websites using Magento, eBay’s widely used e-commerce platform.Researchers from Sucuri, a company that specializes in securing websites, said the attackers can collect any data submitted by a user to Magento but carefully filters out anything that doesn’t look like credit card data.The attackers are injecting their malicious code into Magento, but it’s still unclear how that process happens, wrote Peter Gramantik, a senior malware researcher with Sucuri.“It seems though that the attacker is exploiting a vulnerability in Magento core or some widely used module/extension,” he wrote.To read this article in full or to leave a comment, please click here

Cisco warns of default SSH keys shipped in three products

Cisco Systems said Thursday it released a patch for three products that shipped with default encryption keys, posing a risk that an attacker with the keys could decrypt data traffic.The products are Cisco’s Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance, it said in an advisory. Versions downloaded before Thursday are vulnerable.Cisco said it “is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.”The three products all shipped with preinstalled encryption keys for SSH (Secure Shell), which is used to remotely log into machines. It’s considered a bad security practice to ship products that all have the same private keys.To read this article in full or to leave a comment, please click here

Cisco warns of default SSH keys shipped in three products

Cisco Systems said Thursday it released a patch for three products that shipped with default encryption keys, posing a risk that an attacker with the keys could decrypt data traffic.The products are Cisco’s Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance, it said in an advisory. Versions downloaded before Thursday are vulnerable.NEW CISCO CEO: Meet the Real Chuck RobbinsTo read this article in full or to leave a comment, please click here

Scott McNealy on privacy: You still don’t have any

Scott McNealy is best known for his role as cofounder and long-serving CEO at Sun Microsystems, but some remember him even better for a few choice comments he made about privacy back in 1999.Consumer privacy issues are a “red herring,” McNealy told a group of reporters that year. “You have zero privacy anyway. Get over it.”The statement seemed shocking all those years ago, but its pertinence has only increased over time. Privacy is the hot-button issue in this era of social profiling and mass surveillance, and concern among consumers is growing—with good reason.To read this article in full or to leave a comment, please click here

OPM’s efforts to fix IT security are criticized by auditor

Efforts to fix cybersecurity problems at the U.S. Office of Personnel Management (OPM) may be doomed because the agency is moving too quickly and ignoring some best practices, an auditor said Thursday.Even before two recently disclosed breaches at OPM, agency director Katherine Archuleta pushed to improve cybersecurity at the agency, which still runs several mainframe systems.But a “massive” agency-wide effort to update decades-old systems is not following proper IT project management procedures, including a cost-benefit analysis, and the agency does not have a firm estimate on the cost of the project, said Patrick McFarland, OPM’s inspector general.To read this article in full or to leave a comment, please click here

Trojan that hides inside images infects healthcare organizations

A computer Trojan that hides its malicious code inside PNG image files counts healthcare organizations in the U.S. among its primary targets.The Stegoloader Trojan uses digital steganography techniques to sneak past computer and network defenses. It originally appeared in 2012, but has seen a resurgence over the past several months.According to a recent report from Dell SecureWorks, the Trojan is designed to steal files, information and passwords from infected systems, but has additional modules that extend its functionality.To read this article in full or to leave a comment, please click here

Florida telemarketer, under FTC watch, suffers data breach

A Florida-based computer tech support call center has suffered a data breach, with customer records being abused by fraudsters trying to get access to online bank accounts.The data breach is the latest problem for Advanced Tech Support, an inbound call center based in Boca Raton, which is run by Inbound Call Experts.Last November, those two companies and others were sued by the Federal Trade Commission in U.S. District Court for the Southern District of Florida, for allegedly duping callers into buying overpriced computer support services and unnecessary security software.To read this article in full or to leave a comment, please click here

Pressure mounts in EU to treat Facebook and Twitter as critical infrastructure

Pressure is mounting in the European Union to subject companies including Google, Twitter, eBay and Facebook to the same critical IT infrastructure security requirements as banks or energy networks.EU lawmakers want providers of essential services in industries including banking, health care, transport and energy to protect their networks from hackers, and to disclose data breaches to the authorities.The European Commission, which proposed the draft Network and Information Security Directive two years ago, also wants it to cover enablers of key Internet services, such as e-commerce platforms, Internet payment gateways, social networks, search engines, cloud computing services and app stores. The European Parliament, however, rejected their inclusion in the critical infrastructure rules last year.To read this article in full or to leave a comment, please click here

Critical flaw in ESET products shows why spy groups are interested in antivirus programs

Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.The discovery of the flaw, which has now been patched, comes on the heels of a report that intelligence agencies from the U.K. and the U.S. are reverse engineering antivirus products in search for vulnerabilities and methods to bypass detection.The vulnerability in ESET products was discovered by Google security engineer Tavis Ormandy and was located in their emulator, the antivirus component responsible for unpacking and executing potentially malicious code inside a safe environment so that it can be scanned.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, June 24

Ford drives into car-sharing spaceAs car-sharing and ride-hailing apps make it ever easier for people, especially the urban young, to shrug off the expense of actually owning a car, at least one automaker wants to get in the driver’s seat and steer the trend in a more favorable direction. Ford is launching a pilot car-sharing program in six U.S. cities and London, CNBC reports, and will let customers who use the carmaker’s financing program rent out their vehicle via the Getaround sharing app.U.S. government is falling behind on application securityU.S. government organizations are struggling when it comes to securing the software they use, according to a report by application security firm Veracode that puts government in dead last place among all sectors. Problems include use of old scripting and programming languages, failure to self-regulate and failure to impose security requirements on software suppliers.To read this article in full or to leave a comment, please click here

Swedish man sentenced for powerful Blackshades malware

The creator of a tool that was used to steal data from a half-million computers will go to prison for close to five years, the U.S. Department of Justice said Tuesday.Alex Yucel, 25, of Sweden, pleaded guilty in February in a New York federal court to one count of distributing malicious software. He was sentenced to four and three-quarter years in prison and must forfeit $200,000, according to a news release.To read this article in full or to leave a comment, please click here

Adobe patches zero-day Flash Player flaw used in targeted attacks

Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group.Over the past several weeks, a hacker group identified as APT3 by security firm FireEye has used the vulnerability to attack organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.The hacking group targeted the companies with generic phishing emails that contained a link to a compromised server, researchers from FireEye said in a blog post Tuesday. The server used JavaScript code to profile potential victims and then served the Flash exploit to the ones meeting attackers’ criteria, the company said.To read this article in full or to leave a comment, please click here

The government is falling behind on application security

Government organizations are struggling when it comes to securing the computer software they use, which could partially explain the large data breaches reported in that sector over the past several years.Three out of four applications used by government organizations are not compliant with one of the primary software security policies and most of the flaws found in them never get fixed, according to a report released Tuesday by U.S.-based application security firm Veracode.The report is based on an analysis of more than 200,000 applications over the past 18 months that are used by organizations in various industries. The tests were performed using Veracode’s cloud-based application security testing platform that uses static analysis, dynamic analysis and manual penetration testing techniques.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, June 23

Privacy group wants Uber probed for data collectionThe Electronic Privacy Information Center has complained to the U.S. Federal Trade Commission about Uber’s new data collection policy: it comes into effect next month and allows the company to access a customer’s location even when the smartphone app is not actively in use, and to access the information from users’ phone address books and send out promotional materials to contacts listed there. The changes “ignore past bad practices of the company involving the misuse of location data, pose a direct risk of consumer harm, and constitute an unfair and deceptive trade practice,” EPIC said in its request for an FTC investigation.To read this article in full or to leave a comment, please click here

RubyGems DNS flaw now patched after second try

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program.RubyGems lets people search for a “gem,” which is a packaging format for Ruby applications and code libraries. Ruby developers publish a gem when an application is ready.Security researchers from Trustwave found a problem with the platform. When people search for a gem, RubyGems uses a DNS (Domain Name System) SRV record request to find a server hosting a particular gem.The request, however, “does not require that DNS replies come from the same security domain as the original gem source,” according to a writeup, which Trustwave plans to release on its blog on Tuesday.To read this article in full or to leave a comment, please click here