STE WILLIAMS

Cologne, Germany – January 21, 2014 – Adblock Plus, the #1 most popular browser extension for blocking annoying online advertisements, today announced that Adblock Plus for Safari is officially available for download worldwide. Mac owners are now free to rejoice in their own ad-free web experience.

With the inclusion of Safari, the Adblock Plus add-on is now available for every major browser: Chrome, Firefox, Internet Explorer, Opera, Safari–and also Android mobile OS.

Adblock Plus lets users choose whether to block all ads or allow certain Acceptable Ads to be whitelisted in order to support free content. In all cases, Adblock Plus blocks annoying banner ads and pop-ups on web pages, video ads on YouTube, and intrusive ads on Facebook.

“Our goal is to make the Internet better for everyone by empowering people to block obnoxious ads while simultaneously encouraging websites to run user-friendly, responsible advertisements instead of intrusive banners, overlays, and pop-ups,” said Till Faida, co-founder of Adblock Plus and the open source project that supports it. “Users can still opt to block all ads, or they can whitelist certain sites that they want to support. We created Adblock Plus to give every user control over which kinds of ads they are willing to accept, and then we block all the rest.”

Faida continued, “The Adblock Plus add-on works on all current versions of Safari and is backwards-compatible to version 6.0 (standard version with OSX Mountain Lion). The current version is a stable beta; it’s been thoroughly tested, but we are still hoping to get valuable user feedback to optimize performance.”

Links:

– Get Adblock Plus for Safari: https://adblockplus.org/en/safari

– Install Adblock Plus for Chrome, Firefox, Internet Explorer, Safari, Opera or Android: www.adblockplus.org

– Download Adblock Plus for Android: https://adblockplus.org/en/android-install

About Adblock Plus

Adblock Plus is a community-driven, open source project to rid the Internet of annoying and intrusive online advertising. Its free web browser extensions (add-ons) put users in control by letting them block or filter which ads they want to see. Users across the world have downloaded Adblock Plus over 250 million times. It has remained the most downloaded and the most used extension almost continuously since November 2006. In 2013 PC Magazine listed the extension as one of the best free Google Chrome extensions, and it received a 2013 About.com readers’ choice award for best privacy/security add-on.

Follow AdBlock Plus on Twitter at @AdBlockPlus and read our blogs at http://adblockplus.org/blog/. For more information, please visit https://eyeo.com/en/press.

Article source: http://www.darkreading.com/applications/adblock-plus-available-for-safari/240165511

Atlanta, January 21, 2014 – Lancope, Inc., a leader in network visibility and security intelligence, today announced the results of a Ponemon Institute report entitled, “Cyber Security Incident Response: Are we as prepared as we think?” Findings show that while security threats are imminent, CEOs and other members of the management team are in the dark about potential cyber-attacks against their companies. The research also shows that, as a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today’s organizations.

Commissioned by Lancope, the Ponemon Institute research surveyed 674 IT and IT security professionals in the United States and the United Kingdom who are involved in their organization’s CSIRT activities. The study concludes with key recommendations for organizations looking to improve their incident response process.

Key findings from the study include:

– Security incidents are imminent– Sixty-eight percent of respondents say their organization experienced a security breach or incident in the past 24 months. Forty-six percent say another incident is imminent and could happen within the next six months.

– Management is largely unaware of cyber security threats – Eighty percent of respondents reported that they don’t frequently communicate with executive management about potential cyber-attacks against their organization.

– Organizations are not measuring the effectiveness of their incident response efforts – Fifty percent of respondents do not have meaningful operational metrics to measure the overall effectiveness of incident response.

– Breaches remain unresolved for an entire month – While most organizations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.

– CSIRTs lack adequate investments– Half of all respondents say that less than 10% of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.

– Network audit trails are the most effective tool for incident response – Eighty percent of respondents say that analysis of audit trails from sources like NetFlow and packet captures is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.

“The findings of our research suggest that companies are not always making the right investments in incident response,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As a result, they may not be as prepared as they should be to respond to security incidents. One recommendation is for organizations to elevate the importance of incident response and make it a critical component of their overall business strategy.”

“If 2013 is any indication, today’s enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation-states, malicious outsiders and determined insiders,” said Mike Potts, president and CEO of Lancope. “Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis.”

Results to be presented at RSA Conference 2014 and via webinar

Dr. Larry Ponemon will join Lancope, The Coca-Cola Company, General Motors and Viewpost executives in an RSA Conference 2014 panel discussionto explore the results of the study and share insights on how to build a great CSIRT with the executive support and respect it needs. The panel, “Why Cyber Incident Response Teams Get No Respect,” will take place on Wednesday, February 26, at 9:20 a.m. U.S. Pacific time in Room 3009at the Moscone Center in San Francisco.

The results will also be presented via a free webinar on January 29, 2014 at 8:00 a.m. U.S. Pacific time. Participants can join Dr. Ponemon and Lancope’s director of security research, Tom Cross, to hear about the key mistakes organizations are making when it comes to incident response, and how the right mix of people, processes and technology can dramatically improve incident response efforts. Those interested can register at: http://www.lancope.com/company-overview/webinar/ponemon-cyber-security-incident-response/.

Further Information

For media inquiries related to the Ponemon Institute incident response study, or to schedule briefings with Lancope and Dr. Larry Ponemon at RSA Conference 2014, please contact Lesley Sullivan or Kendra Dorr at [email protected]. For a full copy of the study, “Cyber Security Incident Response: Are we as prepared as we think?” please visit: http://www.lancope.com/ponemon-incident-response/.

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit http://www.ponemon.org.

About Lancope

Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.

Kendra Dorr

Article source: http://www.darkreading.com/management/lancope-and-ponemon-institute-study-ceos/240165512

TEL-AVIV, Israel, January 21, 2014 /PRNewswire/ —

Today, Aorato launches into the international cybersecurity market with the first context-aware, behavior-based Directory Services Application Firewall (DAF). The company’s solution profiles, then not only learns, but also predicts entities’ behaviors enabling context aware real-time decision making.

Initially coming out of the Cyber Security unit within the Israeli Defense Forces (IDF), historically a source of security technology and innovation, Aorato’s founders Idan Plotnik, CEO, Michael Dolinsky, VP RD and Ohad Plotnik, VP of Professional Services, have spent the last decade in cyber-security.

Previously, co-founding and running Foreity, a Microsoft security subcontractor acquired by a leading IT services firm, and holding the prestigious Microsoft MVP awards for enterprise security, the founders are very much intimate with Directory Services and their cyber-security issues.

Aorato has received approximately $10 million of investments from notable firms and security luminaries including leading global venture capital firm Accel Partners, Mickey Boodaei (co-founder of Imperva and Trusteer), Rakesh Loonkar (co-founder of Trusteer), Innovation Endeavors -VC funded by Eric Schmidt – and Glilot Capital Partners.

“The timing could not be more appropriate to launch Aorato into the cybersecurity market. 2013 showed the world the risks of advanced threats in parallel to the implications of insiders’ access to sensitive corporate data.

Both proved the need for a technology like Aorato to make a difference within the enterprise security posture,” said Idan Plotnik, CEO of Aorato.

Kevin Comolli, the Partner who led the investment for Accel Partners, said:

“Accel is excited to be partnering with a world-class team building a pioneering product. Aorato’s Directory Services Application Firewall is a unique solution for a very important part of enterprise infrastructure, and the founders’

cyber-security expertise is second to none.”

Aorato’s approach is to focus on Microsoft’s Active Directory (AD) services activities by observing the network traffic between AD servers and the active network entities (users, devices etc.). The technology uses the interactions identified in this traffic to create the Organizational Security Graph[TM] (OSG), a model of the observed relationships over time. Aorato monitors AD traffic comparing activities against the OSG model looking for anomalies that could represent attack behavior or security policy violations (e.g., cleartext/simple passwords, AD protocols violations, deleted/disabled users /computers activities etc.). The DAF alerts on suspicious activities inserting them into an Attack TimelineTM, providing security professionals with the needed means to identify the steps in the attack chain from the seemingly harmless individual events.

“In today’s world of persistent threats, malicious insiders, and Single Sign On leveraging account access, paying attention to Directory Services’ activity is key to an organizations’ security. Aorato’s creation of the Directory Services Application Firewall and OSG to focus on Active Directory provides a new level of needed insight within enterprises,” said David Monahan, Research Director, Enterprise Management Associates.

Aorato’s advisory board includes:

– Gil Kilkpatrick: Gil Kilpatrick is a Microsoft MVP for Directory Services

from 2005 and was the Chief Architect of Quest Software for Active Directory and

identity management solutions. Today he is the CTO of ViewDS, an identity solutions

provider. Gil has founded and chaired The Experts Conference, the premier conference

for Microsoft identity and access technologies.

– Harry Sverdlove: Harry Sverdlove is the CTO for Bit9. Prior to joining Bit9

Harry was principal research scientist for McAfee, Inc., where he supervised the

overall architecture of crawlers, spam detectors and link analyzers.

– Prof. Gil David: Prof. Gil David brings to Aorato over 17 years of

governmental, industrial and academic experience in the data analysis and cyber

security fields, both in Israel and the USA.

– Neil W. Book: Neil Book serves as the President CEO of Jet Support Services,

the world’s largest provider of hourly cost maintenance programs for business jets.

Previously, Neil was VP at Juniper Networks, leading their mobile security business

unit.

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato

At the core of Aorato’s founding was the acknowledgement that Active Directory is exposed – by default and by design. Combining the company’s intimate knowledge of Active Directory and cyber-security, Aorato has filled in this blind spot with their Directory Services Application Firewall (DAF). DAF protects Active Directory and leverages its central role in the network to protect organizations from advanced targeted threats. DAF automatically learns the behaviors of all entities engaging directly, or indirectly, with Active Directory. By profiling the entities, DAF builds an interaction graph between all entities in order to detect in real-time suspicious entity behavior. Today, Aorato is a strong financially-backed company and boasts several enterprise customers.

About Accel Partners

Founded in 1983, Accel Partners has a long history of partnering with outstanding entrepreneurs and management teams to build world-class businesses.

Accel today invests globally using dedicated teams and market-specific strategies for local geographies, with offices in Palo Alto, London, New York City and Bangalore, as well as in China via its partnership with IDG-Accel.

Accel has invested in over 500 companies, many of which have defined their categories, including Angry Birds (Rovio), Atlassian, Cloudera, ComScore, Dropbox, Facebook, Groupon, Imperva, Kayak, Playfish, QlikTech, Spotify, Supercell, and Wonga. For more information, visit the Accel Partners web site at http://www.accel.com find us on Facebook at http://www.facebook.com/accel.

Article source: http://www.darkreading.com/perimeter/israeli-cybersecurity-start-up-aorato-em/240165493

If you follow news on cyber security, you might be led to think PCs and endpoints have become increasingly vulnerable. News today describes more complex attacks, from more sophisticated attackers, than ever. But there is good news too. In 2014, the PC you unbox and provision on your network is likely to be a better machine, better able to withstand attack, more resilient than a PC of just a few years ago.

Those improvements are the result of efforts and investments in security assurance from OSVs, ISVs, OEMs and hardware suppliers. Let’s take BIOS, for example. BIOS isn’t often fodder for headlines, but it matters. BIOS is the low level firmware that controls machine operations before the OS takes control. Even less visible is the BIOS’s contribution to system security in testing, verifying and authenticating the hardware to ensure it has not been compromised.

When BIOS was developed back in the 1970s, security goals were secondary. BIOS performed powerful but rudimentary startup and initialization functions. Modern BIOS has evolved into a more powerful interface properly known as Unified Extensible Firmware Interface (UEFI), with an industry standard setting organization (the UEFI Forum) supporting an ecosystem of hardware developers and implementers.

UEFI’s most recent specification (UEFI 2.3.1) addresses resiliency and security features with the addition of Secure Boot. Secure Boot helps firmware, OS and hardware providers validate that each stage of system startup is loading authorized code. This approach helps impede malware, such as a rootkit that can replace the boot loader – even before the full defenses of the operating system and security software are up and running. UEFI Secure Boot can block unauthorized executables and drivers from loading into the system. If unauthorized software tries to load, UEFI halts the boot sequence. UEFI has worked hand-in-hand with industry-leading vendors to ensure wide-spread compatibility and adoption of Secure Boot.

These types of defenses get built into many modern PCs without your even having to worry about it. How does change like this happen? It’s a great case study in technology leaders and competitors working together for the common good.

Over the past few years, the collaboration has extended. The National Institute of Standards and Technology (NIST) plays a key role in helping government-run IT organizations sort through emerging technology standards and helps government buyers understand what to look for as consumers of new technology.

In 2011 NIST published guidelines for enterprise-class platforms, specifying BIOS security features and best practices for BIOS implementation and configuration. While the guidance is primarily targeted and written for the benefit of government agencies, they are widely adopted by the private sector as well. You don’t need to become an expert in assembly language to take advantage of these recommendations; they’ve been documented in a NIST Special Publication (NIST SP800-147) easily available on the NIST website.

There is much more to the story of how resiliency has been engineered into system defense, including the role of TPMs and detail about how modern operating systems help secure the boot process. We can’t cover it all here, but if you are interested in finding out more take a look at some of these sites – or continue the conversation with a comment here.

UEFI Secure Boot In Modern Computer Security Solutions

BIOS Protection Guidelines

Follow me on Twitter: @TomQuillin

Article source: http://www.darkreading.com/threat-intelligence/machine-resiliency-as-a-defense/240165535

A team of at least two developers created the point-of-sale malware used to hack Target, Neiman Marcus, and likely other retailers in the United States, Australia, and Canada.

So said information security intelligence firm IntelCrawler Friday in a report that named a 17-year-old Russian teenager, who used the online handle “ree[4]” (a.k.a. ree4), suspected of being the author of the BlackPOS — for point-of-sale — malware. The malware is also known as Kaptoxa, or “potato” in Russian.

But security journalist Brian Krebs, who broke the news of the Target breach in December, questioned IntelCrawler’s findings. Subsequently, the intelligence firm updated its research, naming instead a second teenage suspect, who it said shared the ree4 handle with the first suspect. “Intelcrawler apparently just changed its mind about the guy responsible for the Target POS malware,” Krebs tweeted Monday. “Now they have the right guy.”

Read the full article here.

Have a comment on this story? Please click “Discuss” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/target-neiman-marcus-malware-creators-id/240165558

January 21, 2014 SCOTTSDALE, AZ – Lumension, a global leader in endpoint management and security and Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions today announced a strategic partnership to provide joint customers with comprehensive vulnerability assessment and patch management solutions.

Under the agreement, Lumension will exclusively offer QualysGuard Vulnerability Management (VM) to current Lumension Scan customers and provide additional support in transitioning those customers to QualysGuard VM as Lumension will End-of-Life its Lumension Scan product effective April 25, 2014. QualysGuard VM automatically detects vulnerabilities across the organization which is a strong complement to Lumension Patch and Remediation, which, under the partnership, will be integrated with QualysGuard VM to help customers effectively apply and validate patches on their endpoint.

“Lumension selected Qualys for this very important technology transition because we believe they could best meet the extensive criteria required by our Scan customers’ need for a strong scan solution,” said Rich Hlavka, Senior Vice President, Business Development, Lumension. “We are also very excited about the integration of our core Lumension Patch and Remediation technology into QualysGuard as our joint customers will enjoy a comprehensive vulnerability management solution.”

“To keep up with business demands, organizations are seeing a proliferation of end point devices that they must secure against an ever-changing landscape of possible threats,” said Philippe Courtot, chairman and CEO for Qualys. “We are pleased to partner with Lumension to offer a powerful integrated vulnerability management solution helping businesses and government agencies easily and cost effectively manage the security of their endpoint devices to keep IT assets and data across their organizations secure and compliant.”

QualysGuard VM has received numerous awards and industry analyst accolades for market leadership, including: The Frost Sullivan Global Market Share Leadership Award for Vulnerability Management for the third consecutive year, the 2013 SC Magazine Award for Best Vulnerability Management Tool for the fifth year, and #1 ranking in Device Vulnerability Assessment Worldwide by IDC for the fifth consecutive year.

Lumension Patch and Remediation is the world’s leading patch management solution, and is available as capability on the Lumension Endpoint Management and Security Suite. With Lumension Patch and Remediation, IT administrators can automatically identify and patch vulnerabilities across heterogeneous operating systems, Microsoft and non-Microsoft applications, and endpoint configurations – all of which is seamlessly managed through a single console.

###

About QualysGuard Vulnerability Management

Delivered as part of the QualysGuard Cloud Platform, QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.

About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit http://www.qualys.com.

About Lumension

Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24×7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Texas, Utah, Florida, Ireland, Luxembourg, the United Kingdom, Australia and Singapore. Lumension: IT Secured. Success Optimized.trade More information can be found at lumension.com.

Article source: http://www.darkreading.com/management/qualys-announces-partnership-with-lumens/240165523

WASHINGTON, D.C. — Jan. 21, 2014 — Virtru, a company dedicated to making it simple to keep private communications private, today announced the availability of the Virtru encrypted email and privacy service, the first solution to make sophisticated encryption and digital privacy technologies easy-to-use and available to everyone. Virtru allows anyone to secure their private communications by using popular email services and clients they are already familiar with including Gmail, Yahoo, Outlook and Mac Mail — seamlessly securing email across desktops, phones and tablets.

Until now, individuals have had no control over messages sent to others via email. When a user sends a sensitive email there’s no mechanism to prevent unwanted forwards or unintended recipients seeing something they shouldn’t on an email chain. Virtru combines rock-solid encryption with privacy features that give individuals back control of their private communications and data. With Virtru, the sender can revoke an email at any time, rendering the message immediately unreadable. The sender can also restrict whether recipients are allowed to forward the message and give particularly sensitive emails an expiration date. Every message sent with Virtru is encrypted while in transit and stored in a format that prevents third-parties from spying on a sender’s private messages.

Virtru was founded on the belief that people have a fundamental right to privacy and that exercising this right should be easy and available to everyone. Virtru makes this possible by building on the Trusted Data Format (TDF), an open-source technology invented by company co-founder Will Ackerly, a former cloud security architect at the National Security Agency (NSA). Virtru’s data-centric approach encloses an email message or any attachment in its own secure envelope that can only be opened by its intended recipient. Virtru complements the TDF technology with patented encryption-key management that makes it possible to control the fate of an email and its attachments even after it has left the sender’s outbox. Virtru never has access to the email content, but rather manages access to the key required to read the content.

See video overview here: http://www.youtube.com/watch?v=sErf3VCeaHE

“Highly trained engineers and security experts have been encrypting email for years,” said Will Ackerly, Co-Founder and CTO of Virtru. “Virtru thinks everyone deserves real privacy and control over their data, even after hitting the send button. This means masking the complexity of encryption and making it dead simple for the everyday user. With Virtru, users gain confidence knowing that only intended recipients have access to messages and that their information is protected from third-parties like advertisers, governments, criminals and Internet Service Providers.”

Email users are frustrated by the inability to recall an email sent in error or control who sees an email once it has been forwarded. The control, convenience and simplicity of the Virtru solution is a revolutionary approach to consumer privacy, data encryption and security that will forever change how people interact with their digital content.

Consumer awareness of data protection and digital privacy is at an all-time high. The results of new research from Harris Interactive, also announced today, found that more than 70% of Americans online are concerned about the privacy of their email communication, and an even higher percentage have not yet taken steps to secure their email because they don’t know how. Americans worry about being targeted by advertisers based on the content of their private emails (83 percent), as well as messages being read by unintended recipients (75 percent). Virtru has responded, providing digital privacy and security without hassle. 77% of those polled said they would find the privacy control features offered by Virtru useful.

“Most email users have nothing to hide, but everything to protect,” said John Ackerly, Co-Founder and CEO of Virtru. “Until now, true email privacy protection has not been available to the average user because it required considerable expertise on the part of both sender and receiver. Virtru has changed all that. We are excited to release our innovation into the marketplace, to empower individuals to protect their digital communications on their own terms, and to share with confidence.”

The Washington D.C.-based startup has raised $4 million in angel funding to bring its Virtru email privacy solution to market. In coming months, Virtru will extend its product suite beyond email to allow users to control their texts, posts, Tweets, and other digital communications. Additionally, Virtru will be introducing solutions aimed at small businesses and enterprises later this year.

About Virtru

Virtru is the first company to make email privacy accessible to everyone. With a single plug-in, Virtru empowers individuals and business to control who receives, reviews and retains their digital information — wherever it travels, throughout its lifespan. The company has set a new standard for digital privacy based on the Trusted Data Format (TDF), created by Virtru Co-founder Will Ackerly and used by the intelligence community to secure some of the nation’s most sensitive data. Virtru requires no special skills or knowledge, supports all popular email and file types, and can be used on a PC, Mac or mobile device. To learn more about the company, go to http://www.virtru.com/and follow Virtru on Twitter @virtruprivacy.

Article source: http://www.darkreading.com/authentication/new-encrypted-email-and-privacy-service/240165560

SplashData has announced its annual list of the 25 most common passwords found on the Internet. For the first time since SplashData began compiling its annual list, “password” has lost its title as the most common and therefore Worst Password, and two-time runner-up “123456” took the dubious honor. “Password” fell to #2.

According to SplashData, this year’s list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe’s well publicized security breach.

“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” says Morgan Slain, CEO of SplashData.

SplashData’s list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords. Some other passwords in the Top Ten include “qwerty,” “abc123,” “111111,” and “iloveyou.”

“Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies,” Slain said. For example, new to this year’s list are simple and easily guessable passwords like “1234” at #16, “12345” at #20, and “000000” at #25.

SplashData, provider of the SplashID Safe line of password management applications, releases its annual list in an effort to encourage the adoption of stronger passwords. “As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

Presenting SplashData’s “Worst Passwords of 2013” (including Rank and Change from 2012):

1. 123456 (Up 1)

2. password (Down 1)

3. 12345678 (Unchanged)

4. qwerty (Up 1)

5. abc123 (Down 1)

6. 123456789 (New)

7. 111111 (Up 2)

8. 1234567 (Up 5)

9. iloveyou (Up 2)

10. adobe123 (New)

11. 123123 (Up 5)

12. admin (New)

13. 1234567890 (New)

14. letmein (Down 7)

15. photoshop (New)

16. 1234 (New)

17. monkey (Down 11)

18. shadow (Unchanged)

19. sunshine (Down 5)

20. 12345 (New)

21. password1 (Up 4)

22. princess (New)

23. azerty (New)

24. trustno1 (Down 12)

25. 000000 (New)

SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

SplashData suggests making passwords more secure with these tips:

Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like “dr4mat1c” can be vulnerable to attackers’ increasingly sophisticated technology, and random combinations like “j%7KyPx$” can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases — short words with spaces or other characters separating them. It’s best to use random words rather than common phrases. For example, “cakes years birthday” or “smiles_light_skip?”

Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.

Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10 year history and over 1 million users. SplashID Safe has versions available for Windows and Mac as well as smartphones and tablet devices.

About SplashData:

SplashData has been a leading provider of password management applications for over 10 years. SplashID Safe (www.splashid.com) has grown to be most trusted multiplatform password solution for both the consumer and enterprise markets with over 1 million users worldwide. SplashID Safe’s popularity continues to rise as the number of user names, passwords, and account numbers most people have to remember is rapidly multiplying. At the same time, the risk of this kind of sensitive information falling into the wrong hands has never been greater. SplashID Safe helps solve this dilemma by creating an encrypted digital safe available on smartphones, computers, USB keys, or online, offering the peace of mind of being able to access critical information whenever needed while maintaining the security of 256-bit encryption.

SplashData was founded in 2000 and is based in Los Gatos, CA.

Article source: http://www.darkreading.com/end-user/password-unseated-by-123456-on-splashdat/240165561

SAN FRANCISCO, CA – January 20, 2014 – Bluebox Security, a stealth mobile security company, today announced it has closed an $18 million Series B funding round. Participants in the round include Tenaya Capital as well as existing investors Andreessen Horowitz, Sun Microsystems Co-founder Andreas Bechtolsheim, and SV Angel. Brian Melton from Tenaya Capital will join the company’s board of directors. The capital will be used to scale sales and marketing to meet increasing market demand.

The new funding comes just ahead of launch and brings the company’s total amount raised to $27.5 million. Bluebox previously closed a $9.5 million Series A round in July 2012.

“Existing mobile security solutions are modeled on an outdated perspective of mobile use that does not meet current demand,” said Brian Melton, Managing Director, Tenaya Capital. “As companies give employees more access to corporate information via mobile devices, they need a solution that meets the needs of both the business and employees. The strong endorsement across Bluebox’s beta customers validates that Bluebox has developed an innovative mobile security solution that enterprises want.”

Results from Forrester’s Forrsights Workforce Employee Survey, Q4 2012 indicate that at least 85% of employees use phone/tablet applications and web-based services for both personal and work-related activities – putting corporate information security under serious threat.

“The BYOD movement has ushered in a new era–enterprises no longer control or manage the devices and services employees bring into the organization–fundamentally changing the way organizations must address security,” said Scott Weiss, Partner, Andreessen Horowitz. “Boasting an exceptional team of veteran entrepreneurs with deep roots in information security, Bluebox is well positioned to quickly become the leader in this new frontier of mobile security.”

“Many companies have invested in mobile security solutions that focus on the device, but don’t address the core issue of mobile security,” said Caleb Sima, CEO and Co-Founder, Bluebox Security. “We founded Bluebox with a unique approach to mobile security that focuses on what really matters–data. We welcome Tenaya Capital to our team of investors and are excited to have their support as we work to change how mobile security is done today.”

Tenaya Capital has backed technology leaders such as New Relic, Kayak, Zappos and Palo Alto Networks. Andreessen Horowitz has also backed disruptive companies such as Facebook, Skype, GitHub and Instagram.

Blog post”Address Three Key Management Concerns To Win Internal Support For BYOT Initiatives”, Katayan Gupta, Forrester Research, Inc., September 30, 2013

Additional Resources

● Follow Bluebox on Twitter @BlueboxSec

● Subscribe to the Bluebox blog

About Bluebox

Bluebox Security is a stealth startup focused on enterprise mobile security. Backed by Andreessen Horowitz, Tenaya Capital, Sun Microsystems co-founder, Andreas Bechtolsheim, SV Angel and Google Board member Ram Shriram, Bluebox Security is headquartered in San Francisco. For more information visit www.bluebox.com.

Article source: http://www.darkreading.com/mobile/bluebox-security-closes-18-million-serie/240165562

Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users.

In fact, it was somewhat more than that: it was one of those “undelivered courier item” emails linking to a dodgy web server that guessed whether you were running Windows or OS X, and targeted you accordingly.

You’re probably familiar with “undelivered item” scams.

The idea is surprisingly simple: you receive an email that claims to be a courier company that is having trouble delivering your article.

In the email is a link to, or an attachment containing, what purports to be a tracking note for the item.

You are invited to review the relevant document and respond so that delivery can be completed.

We’ve seen a wide variety of courier brands “borrowed” for this purpose, including DHL, the UK’s Royal Mail and even, in one bewildering case, a made-up courier company called TNS24, with its very own website, featuring its very own amusingly ill-Photoshopped planes, ships and automobiles.

But a competently-executed courier scam can be fairly convincing, especially if the criminals behind it know enough about you to create what becomes a targeted attack.

Even a modest amount of detail (if that is not an oxymoron) can do the trick.

For example, the crooks will sound a lot more believable if they know your address and phone number; are aware of what you do in your job; and have a general idea about some of the projects you are working on right now.

Of course, if you open the attachment or click on the link in one of these scams, you are immediately put into harm’s way: the attachment might try to trigger an exploit in your unpatched copy of Word, for instance, or the link might attack an unpatched Java plugin in your browser.

Here’s what the emails looked like in this attack, with some details changed or redacted for safety:

We wish to inform you that we have a pending parcel for the past 10 days bearing your name Mr. Jonathan Sidebottom,with parcel number (MV-45-QA566). The parcel was sent for delivery on the below mentioned address but nobody was there to receive it. Your parcel content has a set of engineering documents, which was discovered during our security checks of parcels brought into our head office. So, we are sending you a scanned copy of that parcel. Give your positive response, if it belongs to you.

If you are a native speaker of English, you will notice that the wording of the email is clumsy and unidiomatic, and if you were to receive a message like this you might well be suspicious on those grounds alone.

But if Mr Sidebottom really is in the engineering business, and regularly deals with inbound documents from courier companies around the world, an email of this sort could easily pass muster.

The link, of course, doesn’t really lead to fedex.com.ch, but instead takes you to a domain name that is controlled by the attackers.

If you are on a mobile device, the server delivers an error message.

If you are using a desktop browser that isn’t Safari, you receive a ZIP file containing a Windows program detected by Sophos Anti-Virus as Mal/VBCheMan-C, a vague relative of the Zbot or Zeus malware.

But if you are using Safari, you receive Mac malware, delivered as an Application bundle packaged inside a ZIP file.

By default, on OS X 10.9.1 (the latest update to Mavericks, Apple’s most recent operating system version), Safari directly downloads the file, showing you an empty Safari window with the icon of the downloaded file in the Dock at the bottom of the screen:

Clicking on the download button shows you what looks like a PDF file:

There is no PDF file, as a visit to the Terminal windows quickly reveals.

Safari has automatically unzipped the download, producing an Application bundle (actually just a subdirectory tree with a special structure) that has deliberately been given a PDF icon:

As you can imagine, the temptation is to click on what looks like a PDF file to see what it contains.

OS X does try to advise you that you aren’t opening a document, although you can argue that the warning would be more compelling if it explicitly said that you were about to “run a software program”, rather than merely to “open” the file:

Note that you don’t get a warning about the App being from an “unknown developer” because it is digitally signed, something that happens surprisingly often with modern malware.

→ The quantity of digitally-signed malware in circulation prompted Microsoft, which sees a lot more malware than Apple, to publish a recent blog post with the uncompromising title “Be a real security pro – Keep your private keys private.” In that article, Microsoft documents a malware family it calls “Winwebsec” of which it has more than 15,000 digitally-signed samples, signed with 12 different stolen keys.

If you do click the [Open] button, nothing seems to happen: you end up back at the desktop with your email software open and an empty Safari window in front of it.

But a trip back to the Terminal shows that what looked like a PDF file is now running in the background as a process named foung:

As it happens, foung, like its counterpart delivered to Windows computers, is a bot, short for “robot malware”, detected by Sophos Anti-Virus as OSX/LaoShu-A.

LaoShu-A as good as hands control of your Mac over to the attackers, but its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet.

(You will often hear the term RAT, or Remote Access Trojan, rather than the more common term bot, used to describe this sort of malware.)

In other words, the attackers seem more concerned with digging around on your computer for what they can steal than with abusing your computer and your internet connection to aid and abet other cybercriminal activities.

Amongst other things, LaoShu-A contains code to:

• Search for files with extensions such as DOC, DOCX, XLS, XLSX, PPT and PPTX.
• ZIP those files.
• Upload (exfiltrate) them to a server operated by the attackers.

However, this RAT also knows how to:

• Download new files.
• Run arbitrary shell commands.

For example, during our tests, LaoShu-A downloaded a second application that took a screenshot with OS X’s built-in screencapture command, and tried to exfiltrate the image it had just grabbed.

But the behaviour of that second application can be varied by the attackers at any time, which is why, in our recent podcast, Understanding botnets, SophosLabs expert James Wyke warned as follows:

Without analysing the full network capture of the entire interchange between a bot and the person controlling it, you can’t say for sure exactly what that bot might have done… [it] might go and download some completely different piece of malware which carries out a completely different set of functionality.

James went on to recommend:

Be more suspicious of things you get in e-mail. E-mail is still one of the most common ways people get infected, and it is predominantly through social engineering attacks… So when you receive an e-mail from someone you’ve never heard of before, or you’ve never communicated with before, and there’s some interesting attachment to the e-mail or [a link to click], …don’t do that! That’s one of the that most common ways people get infected.

(Audio player not working? Listen on Soundcloud.)

Let’s hope this malware reminds OS X users of a few simple truths that some Mac fans still seem willing to ignore:

• Mac malware is unusual, but not impossible.
• Data thieves are interested in what Mac users have on their computers.
• Malware writers can often get their hands on digital certificates to give software to give it a veneer of respectability and to bypass operating system warnings.
• Mac malware doesn’t have to ask for a password before running.
• Mac malware can run directly from a download without an installation step.
• Bots and RATs are particularly pernicious because they can update and adapt their behaviour after you are infected.

As always, prevention is better than cure.

And that “undelivered courier item” almost certainly doesn’t exist.

Follow @duckblog

Free: Sophos Anti-Virus for Mac Home Edition

Sophos for Mac stops threats for Windows and Mac alike, protecting you and those you share files with.

Choose from blocking viruses in real time (on-access protection), scanning at scheduled times, or running a check whenever you want.

Free download, no registration required, no expiry date.

Image of forklift courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/HKJ6xF6T2Ik/