STE WILLIAMS

There was more bot-driven, fraudulent activity on the Web in the U.S. last quarter than there was human traffic, according to a report posted last week.

According to Solve Media’s Q3 bot report, fraudulent activity accounted for 51% of U.S. Web traffic in the third quarter — the first time it has surpassed everyday traffic generated by humans.

The problem is even bigger in other regions of the globe, according to Solve Media. Estonia (83%), Singapore (79%), and China (77%) had the highest levels of fraudulent Web activity overall, according to the study. Suspicious mobile activity in the United States also increased, up from 22% in Q2 to 27%.

Solve Media, which monitors bot traffic as part of its security and digital advertising services, said the growth of fraudulent traffic may change the way online advertisers and commercial organizations approach the Web.

“Today’s data is a wake up call for unprotected US publishers and advertisers alike — as an industry, we can no longer deny that bot traffic is eating away at the overall quality and effectiveness of our collective saleable audience,” says Chris Wysopal, CTO at Veracode and member of Solve Media’s Security Council.

“Think of it this way — a premium could be charged by publishers who commit to ensuring human verification of audiences,” Wysopal says. “That level of security and guaranteed performance is where publishers should focus first as they attempt to create and sell new advertising products to brands.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/applications/fraudulent-bot-traffic-surpasses-human-t/240164967

San Mateo, Calif. – Dec. 20, 2013 – AlienVault, the leading provider of Unified Security Managementtrade (USM) solutions and crowd-sourced threat intelligence, today announced that Intel Capital has joined its Series D funding round, closing the round at $30 million. AlienVault’s Series D round was first announced in September, and led by GGV Capital, with strong participation from Trident Capital, Kleiner Perkins Caufield Byers (KPCB), Sigma West, Adara Venture Partners, Top Tier Capital and Correlation Ventures.

“AlienVault’ s USM platform targeted at small and medium businesses provides a comprehensive yet affordable security solution,” said Maurits Tichelman, GM of Intel’s Reseller Channel Organization. “We look forward to introducing AlienVault to our global network of 150,000 Intel Technology Providers who can provide unique key services, a Managed Security Service Platform, and distribution of the AlienVault Security offering to their customer base.”

“This is a great strategic extension of our Series D round,” said Barmak Meftah, president and CEO of AlienVault. “Intel Capital brings with it knowledgeable insights and a robust network of technology innovators and channel partners that will enable AlienVault to reach the broad mid-market even more quickly and innovate in ways that make threat prevention, detection and response easier to afford and achieve.”

“GGV Capital welcomes Intel Capital’s investment in AlienVault in the Series D round,” said Glenn Solomon, partner at GGV Capital and member of AlienVault’s Board of Directors. “AlienVault has been growing rapidly and has the opportunity to scale meaningfully in the future. GGV Capital’s focus on supporting companies in the expansion phase, and Intel Capital’s shared emphasis on helping start-ups scale their businesses and build strong channel relationships, will serve AlienVault well, as the company amplifies its reach to the mid-market, and leads the industry toward a better threat sharing paradigm.”

“AlienVault has seen tremendous growth over the last five years,” said J. Alberto Ypez, AlienVault’s Chairman of the Board of Directors and Managing Director at Trident Capital. “As AlienVault continues to expand its reach to the mid-market and build upon its global presence, Intel’s channel partners and robust network of technology innovators will further open doors for the growing security company.”

With the Series D funding, AlienVault will continue to scale the company’s global sales and marketing programs. It will also enable the company to increase investments in product innovation and expand its OTX platform, the largest crowd-sourced repository for threat information around the world, counting more than 8,000 contributors from 140 countries, and growing rapidly.

Additional Resources:

Learn more about AlienVault

Learn more about USM and OTX

Learn more about Intel Capital

Subscribe to AlienVault’s blogs

Follow AlienVault on Twitter @alienvault

About Intel Capital

Intel Capital, Intel’s global investment and MA organization, makes equity investments in innovative technology start-ups and companies worldwide. Intel Capital invests in a broad range of companies offering hardware, software, and services targeting enterprise, mobility, consumer Internet, digital media and semiconductor manufacturing. Since 1991, Intel Capital has invested more than US$11 billion in over 1,322 companies in 54 countries. In that timeframe, 204 portfolio companies have gone public on various exchanges around the world and 336 were acquired or participated in a merger. In 2012, Intel Capital invested US$352 million in 150 investments with approximately 57% of funds invested outside North America. For more information on Intel Capital and its differentiated advantages, visitwww.intelcapital.com or follow @Intelcapital.

About AlienVault

AlienVault’s Unified Security Managementtrade solution (USM) provides a fast and cost-effective way for organizations with limited security staff and budget to address compliance and threat management needs. With all of the essential security controls built-in, USM puts enterprise-class security visibility within fast and easy reach of smaller security teams who need to do more with less. AlienVault’s Open Threat Exchangetrade is an open and collaborative initiative for security professionals to connect with their peers, and learn about the latest threats and defensive tactics from industry experts and security researchers. AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital, Kleiner Perkins Caufield Byers, GGV Capital, Sigma West, Intel Capital, Adara Venture Partners, Top Tier Capital and Correlation Ventures. For more information visit www.AlienVault.com or follow us on Twitter

Article source: http://www.darkreading.com/management/intel-capital-invests-in-alienvault-clos/240164970

WATERLOO, ON – BlackBerry (NASDAQ: BBRY; TSX: BB) today announced that BBMtrade, a leading mobile messaging platform, is used by more than 85% of BlackBerry Enterprise Server (BES) enabled organizations running BlackBerry smartphones, an end-to-end solution that allows logging, archiving and auditing of BBM conversations and aids in meeting compliance requirements in regulated industries.

Administrators can ensure that data is secure, whether in-transit or at-rest. Data in transit can be encrypted end-to-end within the organization and only BlackBerry provides a root of trust with a security model that runs from the CPU through the OS, file system and the applications level, all built by BlackBerry. End-to-end encryption for BBM use within the organization is available today on BlackBerry OS and will become available this spring for BlackBerry 10 users in regulated environments.

“While BBM among business customers may have started organically, we know organizations choose BBM today to improve communications and collaboration. Employees get an amazing messaging experience that gives them immediate, active conversations with their peers, which helps drive better communications and collaboration, and improves mobile productivity,” said Andrew Bocking, Executive Vice President of BBM at BlackBerry. “Organizations in regulated industries that need to meet compliance requirements can use BBM on BlackBerry smartphones with BES, which provides them with the ability to track and log BBM communications.”

“Mobile instant messaging in the enterprise as a priority application has to be implemented with a view to meeting compliance, privacy and security standards,” said IDC analyst John Jackson. “BBM for use in regulated environments on BlackBerry has been designed to meet these demands.”

“We are an organization with confidential information that needs to be shared reliably, securely and immediately, and we rely on BBM to make this happen,” said Bruce Bowser, President, AMJ Campbell Inc.

“Our teams need the ability to share important information through an instant and trusted channel. We choose BBM for our team mobile messaging communications,” said Nigel Carpenter, CIO, Canadian Diabetes Association. “BBM is also our go to for emergency situations where email would be unreliable and is integrated into our business continuity plan.”

Enterprise customers with BlackBerry smartphones can take advantage of key BBM and BlackBerry features to help drive collaboration and productivity, such as:

BBM Voice – High quality calling that avoids long distance charges*

BBM Video and Screen Sharing on BlackBerry 10 smartphones – Chat face-to-face, or collaborate by sharing docs or files from your display

BBM Groups – Up to 30 people can collaborate, share schedules, lists, calendars and photos

Private BBM Channels – Invite-only BBM Channels for chats, commenting and broadcasting information to a targeted community of employees

BlackBerry Keyboard – Enjoy the speed, accuracy and confidence that a BlackBerry keyboard brings while connecting with BBM Contacts

“Being able to communicate with our colleagues at the race track with the immediacy of BBM allows us to drive important decisions with the best information no matter where in the world we are,” said Toto Wolff, Executive Director, Business at MERCEDES AMG PETRONAS Formula One Team.

“BBM plays an instrumental role in our sales team’s ability to collaborate with one another regardless of location. We have used BBM for years to share documents, photos and instant chat with one another to help create efficiencies throughout our organization. But more importantly, it allows the sales team to communicate with customers and partners and answer their questions in near real-time, which go a long way in forging those important relationships,” said Jeff Goldstein, VP and General Manager at NetApp Canada.

“I have been an avid user of BBM since the beginning. Being able to communicate with friends, family and clients across the globe allows me to keep on top of everything no matter where I am,” said James Dodds, Vice President, TD Bank Group.

“With BBM, the efficiency and reliability of communication with my executive team has significantly increased and we are able to make better decisions, faster,” said Francois Boisvert, VP, Consulting Services at Macadamian.

Businesses see the benefits of choosing a trusted, secure solution like BES and BBM to ensure they have empowered employees and maintained a level of responsibility to the organization or industry.

Useful Links

BBM.com – FAQs, How-Tos, Download tips, contests and more

Inside BlackBerry Blog – BBM posts

BBM Knowledge Base Articles

About BBM

Introduced in 2005, BBM set the standard for mobile messaging and continues to drive innovation in messaging and private social networking. Today, BBM is one of the largest private social mobile networks, driving real, active conversations. Customers love BBM for its privacy, controls and immediacy with Delivered and Read statuses and message-in-progress notices.

About BlackBerry

A global leader in wireless innovation, BlackBerry revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Asia Pacific and Latin America. BlackBerry is listed on the NASDAQ Stock Market (NASDAQ: BBRY) and the Toronto Stock Exchange (TSX: BB). For more information, visit www.blackberry.com.

*BBM Voice offered over cellular on BlackBerry 10 devices. BBM Voice offers over Wi-Fi and cellular on BBOS devices.

Article source: http://www.darkreading.com/mobile/blackberry-announces-bbm-regulated-for-b/240164971

ONTARIO, Calif., Dec. 20, 2013 /PRNewswire/ — With more than 40 million credit cards potentially affected by the security breach at Target, credit union officials say it’s time for federal and state officials to take action to prevent the cost of such breaches from being passed along to consumers and the financial services industry.

“When retailers have security breaches in their credit card information, they see it merely as an inconvenience, but there’s also a significant financial impact on consumers and financial institutions,” said Diana Dykstra, president and CEO of the California and Nevada Credit Union Leagues. “Every consumer now has to keep an eye on their credit information, and there likely will be headaches for both consumers and the financial services industry, with the potential need to replace millions of cards. It’s an embarrassment for a retailer, but the breach costs fall on the shoulders of consumers and their financial institutions, like credit unions.”

Dykstra says each card costs credit unions $5-$10 to reissue and deliver. This expense is greatly exacerbated by the immense cost incurred by credit unions to reimburse their members who have lost funds due to fraudulent transactions.

“California and Nevada credit unions have been inundated by thousands of calls from members concerned about their credit information in the wake of the Target incident,” she added.

The card data breach at Target should prompt the public and lawmakers to engage in a dialogue about the antiquated magnetic strip card technology. Today’s dialogue around card security should emphasize the need of retailers and financial institutions in the United States to adopt the more secure chip and pin card technology. Chip and pin card technology is already widely used in other countries and has proven to be far less vulnerable to security breaches.

“It’s time to make sure retailers tighten the security of their systems,”

Dykstra said. “A powerful incentive would be to hold them responsible for the cost of these breaches instead of consumers and financial institutions. This is a bipartisan issue our state and federal elected officials need to address.”

For more information, go to www.WeOwnOurBank.com.

Article source: http://www.darkreading.com/attacks-breaches/credit-unions-targets-credit-card-breach/240164974

SANTA CLARA, CA (PRWEB) — December 23, 2013 — Call it a victory for strategic vs. ‘check off the boxes’ tactical IT security and compliance. Today, eGestalt Technologies announced it has added a risk management module, Aegify Risk Manager, that can be deployed with the award-winning company’s cloud-based SaaS Aegify Security Posture Management (SPM) and Compliance solutions to enable an enterprise to strategically identify business-critical assets, continually assess the assets’ security vulnerability, and, if necessary, fix security loop-holes and remediate based upon a rational, prioritized risk-benefit analysis achieved via rules and automated data inputs and assessments.

“Whether in healthcare, financial services, retail, e-commerce, or government markets, today’s small, medium and large enterprises face security threats and must meet compliance obligations under HIPAA, HITECH, SOX, PCI-DSS, GLBA, FISMA – or else face significant fines,” said Michael Osterman of Osterman Research. “With eGestalt adding a risk management service module to its cloud-based SaaS Aegify SPM and Compliance solutions, an enterprise can cost-effectively achieve automated, 24/7 IT security monitoring and achieve compliance in a strategic manner that allows the head of IT to readily justify security expenditures to the CEO. This is an important aid in helping senior decision makers to determine how IT security affects business and the bottom line.”

eGestalt offers its comprehensive, unified, continuous end-to-end automated IT security, compliance and risk management Aegify solution to managed service providers (MSPs) and value-added resellers (VARs).

Anupam Sahai, co-founder and president, eGestalt Technologies, said: “The Aegify Risk Manager represents a complete risk management solution that is cost-effective, completely automated, and integrated with the Aegify security and compliance management services. The Risk Manager leverages an expert system-based approach saving time and resources, while obviating the need of being an expert in the field.”

Aegify Security, Compliance and Risk Management Features Benefits

Aegify enables complete work flow automation to comprehensively address and manage business security, compliance and risk needs. Aegify Risk Manager features:

o Continuous Compliance Management Extensible with Built-in Frameworks — Supports HIPAA Omnibus, GLBA, SANS20 and many other regulations.

o Continuous Security Posture Management – Enables IT asset discovery, vulnerability analysis and remediation

o Continuous Advanced Risk Management – Prioritizes security and compliance gaps using advanced expert systems-based approach that automates mapping of security posture to compliance controls. Built-In Risk Profile Database leverages industry best practices in risk management for organization risk score calculation within minutes and in real-time.

o Built-In Knowledge Base demystifies standards, while Policies Templates and Contracts can be easily customized with easy access to industry based practices

“As a practicing physician and one of the principals of a medical practice group, I’m focused primarily on the quality of patient care, and while I recognize IT security and compliance is a necessity to protect patient data, IT security and compliance has been a kind of ‘black box’ to me and I have it managed by one of my office managers,” said Dr. Steven Krems, a principal of Access Medical Group in Marina del Rey, Calif., which has for 20 consecutive years served the Los Angeles Clippers of the National Basketball Association. “With a cost-effective and transparent IT security, compliance and risk management offering made available by eGestalt, I like that my IT manager can readily explain to me specifics as to why monies need to be allocated to protect patient data and achieve compliancy.”

Aegify Pricing

Aegify modules are available via managed service providers and VARs, with eGestalt establishing a suggested retail price starting from $1,200/year to $9,000/year and higher depending on service edition and service levels. The eGestalt solution fits a ‘pay as you grow’ business model.

For information about pricing and how to become a channel partner to sell any or all of the Aegify solutions, send an email to: [email protected]

About eGestalt:

Launched in 2009, eGestalt Technologies is a leading provider of Cloud-based software-as-a-service (SaaS) solutions for business IT security monitoring, vulnerability analysis, asset and risk management, penetration testing and compliance management. The company’s flagship product Aegify is the world-first, software only solution for integrated security posture management (SPM), compliance management and risk management and eGestalt is completely channel-focused. Headquartered in Santa Clara, Calif., eGestalt has offices in the United States, Asia-Pacific and Middle East. eGestalt was named a 2013 ‘Emerging Vendor’ by CRN and UBM Channel and Winner of TiE50 2013, a prestigious award for enterprising technology startups worldwide.

Article source: http://www.darkreading.com/management/egestalt-to-launch-new-risk-management-m/240164972

WASHINGTON, D.C. – December 17, 2013 – Silent Circle, the global encrypted communications firm revolutionizing mobile device privacy and security for organizations and individuals alike, today announced the availability of its Silent Contacts app for Android via Google Play. Silent Contacts is a companion application free for Silent Circle subscribers that gives Silent Phone and Silent Text users an encrypted address book and full control of their call logs and contacts without compromising privacy. Silent Circle’s Android users now have the ability to communicate privately via secure voice, video, text and file transfers while protecting the integrity of their contacts.

Silent Contacts for Android’s key features include:

Encrypted storage of your Silent Circle contacts

Control over who can see your contacts’ information

Import existing contacts from legacy address book into Silent Contacts

Export contacts and share with other devices

Uses Silent KeyManager to securely store your encryption keys

Encrypted password protection for your Silent Phone application

“Silent Contacts for Android was developed as an enhancement to our current suite of services to ensure our Android customers are provided with the best possible options for added reliability and privacy controls,” said Silent Circle CTO and co-founder Jon Callas. “In 2014, we will look to expand our Silent Contacts platform with more robust features that further strengthen privacy protection for iOS users of our services.”

Silent Contacts for Android complements Silent Circle’s private communications services including Silent Phone Silent Text applications for secure mobile voice, video calling, text messaging and file transfers by offering additional privacy and security for Silent Circle’s subscribers.

About Silent Circle’s private communications services:

Silent Phone: Encrypted mobile VoIP calling with ability to seamlessly switch to high-quality, secure video calls, on-demand. Currently available for iOS and Android, it can be used with Wi-Fi, 3G or 4G LTE cellular anywhere in the world.

Out-Circle Access: Enables calls between one Silent Phone subscriber and a non-subscriber.*

Silent Text: Encrypted text messaging with support for almost any attachment up to 100MB and “Burn Notice” feature for permanently deleting messages from senders’ and receivers’ device registries. Messages can include map locations and multimedia recorded in the app. Currently available for iOS and Android.

Silent Phone for Desktop: Encrypted VoIP audio and video calls and conferencing from Windows laptops and desktops through Silent Circle’s custom HD network. Compatible with Silent Phone. Currently available for Windows PC’s.

*Currently limited to PSTN calls in U.S., Canada and Puerto Rico.

ABOUT SILENT CIRCLE

Silent Circle is a global encrypted communications service headquartered in Washington D.C. providing a revolutionary peer-to-peer platform for encrypted voice, video, text and file transfer on mobile devices via a secure, proprietary network, software and mobile apps. Silent Circle was co-founded by Mike Janke, former Navy SEAL and best-selling author and Phil Zimmermann, the world famous Silicon Valley creator of Internet encryption for voice and data and 2012 inductee into the Internet Hall of Fame. For more on Silent Circle, go to: https://www.silentcircle.com

Article source: http://www.darkreading.com/mobile/silent-circle-announces-silent-contacts/240164975

DALLAS, Dec. 17, 2013 /PRNewswire/ — ATT* today announced the availability of a new application programming interface (API) toolkit that can help businesses make mobile transactions safer and easier for ATT mobile subscribers. The toolkit allows businesses to automate fraud avoidance queries and the completion of basic forms for subscribers during transactions.

Security is a major concern among people who want to use their phones for mobile banking and m-commerce. According to a Federal Reserve Bank survey, while nearly half of smartphone owners in the U.S. have used mobile banking in the past 12 months, concerns about the security of the technology were the second most common reason given for not using mobile banking.1

When an ATT mobile subscriber uses their mobile device to transact business with a merchant that is using the toolkit, the service automatically and almost instantly performs a fraud avoidance query to confirm that the device being used by the subscriber is authenticated to ATT’s mobile network. If confirmed, the mobile user can opt-in to a feature that allows automatic population of electronic forms with basic information such as name, address, phone and email information. This feature simplifies the registration process and can reduce drop-off rates for new customers. The service completes these tasks in seconds.

“As consumers use their mobile devices for more and more aspects of daily life, including online banking and m-commerce, they want assurances that these services are as secure as possible,” said Laura Merling, Vice President of Ecosystem Development and Platform Solutions, ATT. “Tapping into the intelligence of the ATT network as a trusted authenticator for mobile identity not only makes these services more secure, but also easier to use. We see this as the opportunity to realize one of the biggest promises of APIs for businesses.”

Businesses interested in using the toolkit can contact the ATT Enterprise API Program.

ATT’s Outstanding Network

The great performance of ATT’s fastest and most reliable 4G LTE network** continues to be validated by independent third-party testing:

— ATT now has the most reliable 4G LTE network according to our analysis

of data from Nielsen.2

— Meanwhile, our 4G LTE service was recognized as having faster average

download and upload speeds than any of our competitors in

PCWorld/TechHive’s most recent 20-market speed tests – the second

consecutive year that ATT has ranked 1st overall. PCWorld/TechHive also

ranked ATT’s as the fastest combination of 3G and 4G services in the 20

cities it tested.3

— And ATT was named America’s fastest 4G LTE network in PC Magazine’s

2013 Fastest Mobile Networks 30-market study – and also swept the top

rankings in all six U.S. regions from coast to coast: Northeast,

Southeast, North-Central, South-Central, Northwest and Southwest.4 In addition, RootMetrics has awarded ATT for strongest overall call, text, and data performance in multiple markets in the most recent 2013 testing.5

1Board of Governors of the Federal Reserve System, March 2013, ‘Consumers and Mobile Financial Services 2013’

http://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-services-report-201303.pdf

*ATT products and services are provided or offered by subsidiaries and affiliates of ATT Inc. under the ATT brand and not by ATT Inc.

**4G LTE speed claim based on national carriers’ average 4G LTE download speeds.

2 ATT’s 4G LTE Reliability claim based on analysis of data network connection and data transaction success rates reported by Nielsen during network tests conducted across 225 markets from Nov. 2012 to Nov. 2013, and compares carriers with nationwide 4G LTE networks.

3 PCWorld/TechHive, May 23, 2013, “ATT clocks best overall speeds with 3G/4G combo”

4 PC Magazine, June 17, 2013;

http://www.pcmag.com/article2/0,2817,2420333,00.asp

5 Based on the most recent RootScore Report for each of the 125 U.S. markets tested in 2013. Performance rankings of 4 national mobile networks rely on scores calculated from random samples. Visit rootmetrics.com for more details.

Your experience may vary. The RootMetrics award is not an endorsement of ATT.

About ATT

ATT Inc. (NYSE:T) is a premier communications holding company and one of the most honored companies in the world. Its subsidiaries and affiliates – ATT operating companies – are the providers of ATT services in the United States and internationally. With a powerful array of network resources that includes the nation’s fastest and most reliable 4G LTE network, ATT is a leading provider of wireless, Wi-Fi, high speed Internet, voice and cloud-based services. A leader in mobile Internet, ATT also offers the best wireless coverage worldwide of any U.S. carrier, offering the most wireless phones that work in the most countries. It also offers advanced TV service with the ATT U-verse brand. The company’s suite of IP-based business communications services is one of the most advanced in the world.

Article source: http://www.darkreading.com/mobile/att-helps-businesses-improve-mobile-tran/240164976

MILPITAS, Calif., December 19, 2013–FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced that FireEye Labs discovered more zero-day advanced attacks than any security company in 2013. The attacks include:

Operation DeputyDog (CVE-2013-3893)

Operation Ephemeral Hydra (CVE-2013-3918)

Council of Foreign Relations watering hole attack (CVE-2012-4792)

Department of Labor watering hole attack (CVE-2013-1347)

Zero-day attacks exploit previously unknown vulnerabilities in widely deployed software programs, such as Microsoft Internet Explorer or Adobe Acrobat. These advanced attacks exploit the vulnerability to alter the targeted program so that subsequent malicious behavior is extremely difficult to detect.

“Today’s advanced attacks require a fundamentally different approach to security,” said David DeWalt, FireEye CEO. “By combining the threat intelligence gathered from more than 2 million virtual machines, industry-leading cyber threat research, and the expertise of some of the most experienced incident response and forensic experts in the field, FireEye helps our customers stay ahead of cyber attacks.”

The FireEye Labs research team is led by senior director of research, Zheng Bu, and the FireEye Labs field team is led by Bill Hau, vice president of professional services.

Today, FireEye Labs employs security researchers in locations around the world, including Milpitas, CA, Reston, VA as well as Singapore, Bangalore, India, and Cork, Ireland.

FireEye Services, which is now a part of FireEye Labs, has security experts in five major geographic theaters to collect and disseminate threat intelligence, while advising clients on incident response, digital forensics, and overall security risk management.

FireEye Labs leverages threat intelligence from over 2 million of virtual machines communicating into the FireEye Dynamic Threat Intelligencetrade (DTI) cloud. This enables FireEye Labs to observe attack patterns and provide accurate and timely intelligence to better protect customers’ networks. With unprecedented insight into advanced persistent threats (APTs), the FireEye APT Discovery Centertrade catalogs and analyzes hundreds of current and past APT campaigns and updates threat detection algorithms frequently. The APT Discovery Center characterizes APT attacks by technical footprint, geography, and target industry to help security teams, law enforcement, and governments improve security defenses.

Some of the major accomplishments of this combined team in 2013 include:

Building the FireEye Zero-Day Discovery Center that uncovered 11 zero-day vulnerabilities exploited in targeted attacks.

Finding two major vulnerabilities in Google’s Androidtrade mobile operating system.

Uncovering the 14 most common sandbox evasion methods.

Cataloging 160 APT campaigns across 25 million attack events.

Leveraging next-generation analytics that helped identify high-profile advance campaigns such as Operation DeputyDog and Operation Ephemeral Hydra.

Establishing Cyber Forensic Labs in five major locations across the globe to support customers with evidence acquisition, chain of custody, and investigations as necessary.

FireEye Services is comprised of a team of experts who investigate breaches for some of the world’s largest enterprises and governments. This team is available to support and manage all aspects of security research and provide risk management expertise. Advanced services available to customers include global incident response, digital forensics, penetration testing, red carpet services, APT Health Checks, incident response planning, and advanced threat risk assessments.

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,300 customers across more than 40 countries, including over 100 of the Fortune 500.

Article source: http://www.darkreading.com/vulnerability/fireeye-releases-2013-lab-performance-st/240164977

A California senator plans to introduce new legislation in order to combat the rise in smartphone thefts across cities within the state.

Senator Mark Leno and San Francisco District Attorney George Gascón hope to make California the first US state to require smartphone manufacturers to incorporate a ‘kill switch‘, a remote-controlled security feature, which would make lost or stolen devices inoperable.

Senator Leno announced the proposed new bill on Thursday, saying that:

One of the top catalysts for street crime in many California cities is smartphone theft, and these crimes are becoming increasingly violent. We cannot continue to ignore our ability to utilize existing technology to stop cell phone thieves in their tracks. It is time to act on this serious public safety threat to our communities.

The Federal Communications Commission reports that mobile phone theft constitutes 30-40% of all robberies across the United States, a crime that cost US citizens $30 billion in 2012.

In the Senator’s own state of California such thefts are even more prevalent, accounting for over 50% of street robberies, Los Angeles alone has seen a 12% increase in smartphone thefts over the last year.

If the kill switch legislation is passed, carriers will be able to remotely send a message to any device that has been reported as either lost or stolen. That message would trigger the device to ‘brick’ itself, effectively making it useless, and a far less appealing option for would-be thieves.

With a few exceptions, most phones do not offer any form of remote deactivation at this time which makes them especially appealing to thieves who can snatch and sell them on in a very short period of time.

One manufacturer that does offer deactivation is Apple, though Gascón would like to see such a feature become the default rather than an option:

Apple should be commended for leading the way and making efforts to safeguard their customers, but it is still too early to tell how effective their solution will be. Until Activation Lock is fully opt-out, it appears many iPhone owners will not have the solution enabled. This leaves iPhone users at risk as thieves cannot distinguish between those devices that have the feature enabled and those that do not.

Gascón, along with New York Attorney General Eric Schneiderman, have asked mobile phone manufacturers to propose methods of curtailing the theft of smartphones. Having presented the tech companies with a June 2014 deadline, Gascón said:

I appreciate the efforts that many of the manufacturers are making, but the deadline we agreed upon is rapidly approaching and most do not have a technological solution in place. Californians continue to be victimized at an alarming rate, and this legislation will compel the industry to make the safety of their customers a priority.

The bill will be formally introduced in January 2014.

Naked Security readers who wish to protect their Android devices in case of loss or theft can install Sophos’s free Antivirus and Security app which includes the following features:

• Supports remote commands for Wipe, Lock, Alarm, Locate, Reset passcode and Message to finder
• Reporting of the device location before the battery runs out
• Notification if the SIM card is replaced

Follow @Security_FAQs

Follow @NakedSecurity

Image of block of wood phone courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/5pG9WH4YdhQ/

Tags: 5-minute fix, 60 Sec Security, 60 Second Security, 60 Seconds, 60SS, acoustics, Android, breach, bust, carderplanet, carding, children online, credit card, Cryptography, CVV, Cybercrime, data leakage, five minute fix, Hacker, ios, israel, key recovery, OS X, parental control, Roman Vega, RSA, target, Vega, Windows 7, Windows 8

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/T3SWZn8C5lQ/