STE WILLIAMS

Friday afternoon fun

Vigilant Naked Security reader Betty Kann has alerted us to an online service that she felt security-conscious sysadmins ought to be made aware of.

We thought so too, but ended up on the horns of a “disclosurelemma,” where warning administrators in case their users access the service and thus trivialise computer security might cause users to access the service and thus trivialise computer security.

Created by an advertising agency in Boulder, Colorado, the website, called Happy Hour Virus, lets you deliberately simulate a security problem in order to leave work early.

“We expect this problem to peak on Friday afternoons,” said David Ullard, the CYO of Boulder-based productivity and workplace security action group Boulder Online Regulators of Interactive Network Games. “This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser.”

Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default.

HTTP over port 80 is used by hundreds, if not thousands, of American business users every year for online activities as diverse as finding recipes, making contact with people they didn’t like at school but suddenly want to be friends with 23 years later, and looking up the latest dollar value of Bitcoins.

The work-avoidance simulations used by Happy Hour Virus are as follows.

Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don’t get viruses and thus cannot actually crash at all:

Linux users get to simulate what happens when they accidentally mix the experimental open source kernel drivers for their oddball graphics card with the proprietary window manager support modules provided by the card vendor:

And Windows users get what actually turns out to be an anachronism – an old-school Blue Screen of Death in the wrong font:

With nearly 102.6% of IT administrators already having moved their entire business away from Windows XP onto Windows 8, months before Microsoft’s offical deadline, we’re surprised that the Happy Hour Virus didn’t go for a more modern look:

Administrators who want to have something to do while everyone else has ducked out early thanks to the Happy Hour virus may want to ask their Change Control Committee (those who aren’t already in the pub, at any rate) for a ruling on the following:

• Blocking outbound access to any port with an “8” in it.
• Removing all web browsers except Lynx to prevent bogus graphics from appearing.
• Sending out an email to all staff saying, “Do NOT UNDER ANY CIRCUMSTANCES visit the website called happyhourvirus.com.”

Have a good weekend!

Follow @duckblog

PS. Just in case, we’d better say it. Yes, this is a joke.

PPS. Macs can get viruses, though admittedly less commonly than Windows computers, so you may as well try our free Sophos Anti-Virus for Mac Home Edition.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/6Zu_Yp5Q_Uw/

5 ways to prepare your advertising infrastructure for disaster

Vid Google has fixed a “high impact” security bug in Gmail’s password reset system that could have left any account wide open to a crafty hijacker.

The flaw, spotted by security researcher Oren Hafif, was exploited by sending a spoofed email that reminds the Gmail user that it’s time to reset their password. Clicking on the link sends the user to a website that masquerades as a Google page and asks for the user for a new password. That hacker-controlled site also initiates a cross-site request forgery attack via XSS that tricks Google into handing over the victim’s login cookie.

“I want you to be honest and agree that if Google says that ‘you’ve confirmed ownership’ of your Google Account, and asks you to choose a new password you will not do so? At least your auntie would!” Hafif said in a blog post explaining the attack.

The spoof site can shift the user to a secure Google web page, but by this point, the attacker will have harvested the username, new password and the login cookie for the account. Once inside, they would also get free rein to change passwords on other services associated with that Gmail email address.

Hafif says he alerted Google to the issue and the Chocolate Factory fixed it within 10 days and confirmed he will receive a payment under its bug bounty program, although Google isn’t saying how much it is giving him.

Youtube video of the Gmail exploit

Hafif, who’ll earn a bounty for reporting the flaw, has also uploaded a video, see above, showing how the attack takes place, backed by some Euro happy house (Can’t slow down by Nicco and Bastian Bates, ahem) that will have you reaching for the glowsticks and green lasers and gurning in sympathy. ®

Quick guide to disaster recovery in the cloud

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/22/researcher_earns_payday_for_fixing_high_impact_gmail_password_flaw/

$750 – that is the amount of money it cost a police department in Massachusetts to get access to their computer files back. The culprit of this kidnap and ransom was the now-infamous CryptoLocker, which locked both images and Microsoft Word documents on the department’s computer system.

While precise statistics are hard to come by, researchers at Symantec say they are seeing hundreds of thousands of spam emails a day distributing the threat, with hundreds of infections per day. Ransomware scams are still in vogue, but where CryptoLocker makes its mark is its use of asymmetric encryption– and don’t be surprised if security vendors are not the only ones taking notice. Other attackers will move in this direction as well.

“It’s not a revolution, but a natural evolution,” says Lance James, head of intelligence at Vigilant by Deloitte. “Putting it bluntly, I think we expected this sooner, and should be surprised it took so long. Yes, others will move in this direction, or they will sell CryptoLocker base code to enable the development of related ransomware, thus spawning in the underground a new widespread standard, if you will, for ransomware.”

Unlike other ransomware, CryptoLocker’s authors have properly implemented an asymmetric system (2048 bit RSA) and 256 bit AES-CBC using the native Microsoft Windows crypto system, which is the basis for legitimate tools such as Bitlocker, he explains.

“Most encryption uses a symmetric (one key) key system, or simply locks access to the files but does not fully encrypt the data,” says James. “A reverse engineer can simply build tools that recover the key, or leverage knowledge of how the software works to unlock the files. Encryption mechanisms found in other ransomware are of a homebrew variety; they include errors and vulnerabilities that reversers and Infosec professionals can identify, thereby enabling the creation of workarounds to neutralize the intent of the ransomeware.”

Once on the system, the malware can encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also be infected as well. CryptoLocker then connects to the attackers’ command and control server to put the asymmetric private encryption key “out of the victim’s reach,” according to a warning from US-CERT.

“I wouldn’t say it is necessarily any more sophisticated, but perhaps just better executed,” notes Chet Wisniewski, senior security advisor at Sophos. “They aren’t pretending to be the cops, they are simply encrypting your files, demanding money and mostly honoring their end of the bargain. Simple, straight to the point extortion.”

Ransomware that was popular early in the year didn’t even perform encryption, it just locked the screen with a “scary law enforcement message and demanded money,” he adds.

Ransomware can be a very profitable type of operation. In a paper released last year, Symantec estimated that one particular group was extorting nearly $400,000 a month from victims.

Ransomware attacks have been on the uptick for the past several quarters. According to McAfee’s third quarter threat report, there were more than 312,000 new, unique samples detected during the quarter – less than the previous quarter but still the second-highest figure the firm has seen.

“Ransomware is not new, but evidently its creators are making money from it, and that is the key to its persistence,” observes Roger Thompson, chief emerging threat researcher at ICSA Labs. “In fact, it seems to have replaced fake antivirus (AV) as a common form of monetization. I can’t remember the last time I saw a fake AV. You’d think that the interaction required to pass money would get more people caught, but I suspect it is a function of small amounts combined with multiple jurisdictions. In other words, it seems too much trouble for the police to be bothered.”

The good news, Wisniewski notes, is that there are a number of precautions for businesses and home users to take.

“Keep your anti-virus up to date and be sure not to allow EXE files to come in as email attachments,” he says. “Block EXE files inside of archives like ZIP and RAR at the mail gateway. Cryptolocker is primarily being installed through existing Zeus/ZBot infections and Zeus comes in through email and drive-by installs on booby-trapped websites. Do your backups. Don’t pay the crooks or depend on their honesty to decrypt your files. Ensure the important information in your organization is backed up regularly.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/cryptolocker-may-herald-rise-of-more-sop/240164235

Police in the US state of Texas were trying to hunt down two men they thought might have been behind thefts from 17 cars in one community on Sunday.

Police in Rosenberg, Texas said that Damian and Rolando Lozano were behind the crimes.

They managed to apprehend Damian Lozano, but Rolando remained at large.

So the police took to their Facebook page, posting Rolando Lozano’s picture to see if the public could help track him down.

The wanted man himself replied.

f*** all yall hoes, im innocent, catch me if u can muthasuckas

Stop me if you’ve heard this one before.

Oh, wait, you have heard this one before, at least if you read about the burglars who notified the Brooklyn police about their crime spree via Facebook status updates, or the burglar who opened up a stolen laptop and uploaded his picture onto his victim’s Facebook account.

Those crooks found out that police know how to use social media.

Mr. Lozano discovered that too, within 15 minutes.

Or, as police responded to his “catch me if u can” invitation, “Request granted”!

The post in its entirety:

Request Granted – SHARE THIS POST

Not 15 minutes after Rolando Lozano “taunted” law enforcement and the community as a whole, on our own Facebook site, your Rosenberg Police Officers (detectives and patrol alike) located Rolando hiding out at a family member’s home, where he was Captured.

Rolando is one of two alleged suspects in the Seaborne Meadow’s Burglary of Motor Vehicles case, where at least ### 17 ### of your vehicles were burglarized.

Both brothers, Damian and Rolando are now behind bars. And… in a bizarre twist, the resident of the home he was hiding out in, also had a warrant.

This is just another example on how Policing With Us, Works!!!

They even posted a photo of the event:

According to comments left by the police department, they may have nabbed Lozano as quickly as 5 minutes after he posted.

Did the police have such stunningly fast computer forensics on hand that they managed to track down their man within 5 minutes of his post?

Nope. According to a followup post, Rosenberg Police said that it was tips from the community that helped them to trace him to a relative’s house.

There are so many things to like about this story.

First, it doesn’t involve a mob ganging up on an accused person who is, of course, innocent until proved guilty. Instead, the community took their input to where they should in such cases: the police department.

Second, Rosenberg Police have the best Facebook page I’ve ever seen for a government outfit.

They’re such a cheery bunch, one fan complained that she was nearly overwhelmed with the urge to step out of her car, in traffic, to high-five the driver of a police vehicle.

The “official” police response:

Give us a high five next time…just warn the officer as you are running up to them like a crazy woman…lol

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1-h_9xVQh-U/

5 ways to reduce advertising network latency

Tons of internet traffic is being deliberately diverted through locations including Belarus and Iceland, and intercepted by crooks or worse, security experts fear.

Network intelligence firm Renesys warns that victims including financial institutions, VoIP providers, and governments have been targeted by the man-in-the-middle attacks. It reckons the diversions are malicious, and probably pulled off by manipulating BGP routing tables.

BGP (Border Gateway Protocol) is a core routing protocol that maps out the connections for internet traffic to flow through, from source to destination. As things stand, BGP has no built-in security. Routers may accept dodgy connection routes advertised by peers, internet exchanges or transit suppliers.

These suspect routes, once accepted, can have local, regional or global effects. Routers look for the shortest logical path (the least number of hops, in other words) and place blind trust in any path that’s advertised. And the shortest logical path can take weird and wonderful physical geographical routes.

In 2008, changes by Pakistan Telecom intended to restrict access to YouTube solely within the country had the affect of briefly diverting ALL YouTube traffic into a global blackhole, rendering the site unreachable for hours. Two years later, China Telecom rerouted up to 15 per cent of the world’s internet destinations on two brief occasions, after advertising false BGP route information that directed traffic through its networks.

The Pakistan YouTube hijack was accidental, but security researchers have since demonstrated how the same techniques might be used to highjack or otherwise interfere with internet traffic. Renesys reckons this is just what’s been happening in cases it has monitored this year:

For years, we’ve observed that there was potential for someone to weaponize the classic Pakistan-and-YouTube-style route hijack. Why settle for simple denial of service, when you can instead steal a victim’s traffic, take a few milliseconds to inspect or modify it, and then pass it along to the intended recipient?

This year, that potential has become reality. We have actually observed live Man-In-the-Middle (MITM) hijacks on more than 60 days so far this year. About 1,500 individual IP blocks have been hijacked, in events lasting from minutes to days, by attackers working from various countries.

Done correctly, such an attack would be undetectable to a casual inspection and was even avoid introducing noticeable latency in a connection. But Renesys is monitoring BGP connections in real time from multiple locations worldwide and this monitoring has flagged up some highly suspicious and as yet unexplained behaviors that started in February:

In February 2013, we observed a sequence of events, lasting from just a few minutes to several hours in duration, in which global traffic was redirected to Belarusian ISP GlobalOneBel. These redirections took place on an almost daily basis throughout February, with the set of victim networks changing daily. Victims whose traffic was diverted varied by day, and included major financial institutions, governments, and network service providers. Affected countries included the US, South Korea, Germany, the Czech Republic, Lithuania, Libya, and Iran.

The Belarus traffic diversions stopped in March. They restarted briefly in May, using a different customer of BelTelecom as the source, and then ended for several months. Within the same hour as the final Belarus hijack of May, however, we saw a first BGP hijack lasting only five minutes from a completely new source: Nyherji hf (AS29689), a small Icelandic provider.

The Icelandic traffic hijack was repeated after two months of inactivity by another but different source within the country, Opin Kerfi (AS48685) which “began announcing origination routes for 597 IP networks owned by one of the largest facilities-based providers of managed services in the US, a large VoIP provider”.

All this was weird not to say suspicious. “On a normal day, Opin Kerfi normally originates only three IP networks, and has no downstream AS customers,” Jim Cowie, Renesys CTO and co-founder, notes.

Síminn, which provides internet backbone services in Iceland, told Renesys that the redirections to Iceland were the result of a software bug that resolved itself when a patch was applied. Renesys’ Cowie claims this explanation is implausible, especially in the absence of supporting details, which he claims were repeatedly requested but never delivered. “We believe it’s unlikely that a single router vendor bug can account for the 2013 worldwide uptick in route hijacking with traffic redirection,” Cowie writes.

We contacted Síminn to ask if it had any comment on Renesys research but have yet to hear back from the Icelandic outfit. We’ll update this story as and when we hear anything more that sheds light on the mystery web redirection attack.

Renesys concludes that although it’s quite sure routes were hijacked on multiple occasions it’s still unclear about the motive of the attacks much less who might be behind them.

Various providers’ BGP routes were hijacked, and as a result, some portion of their Internet traffic was misdirected to flow through Belarusian and Icelandic ISPs. We have BGP routing data that show the second-by-second evolution of 21 Belarusian events in February and May 2013, and 17 Icelandic events in July-August 2013.

We have active measurements that verify that during the period when BGP routes were hijacked in each case, traffic redirection was taking place through Belarusian and Icelandic routers. These facts are not in doubt; they are well-supported by the data.

What’s not known is the exact mechanism, motivation, or actors.

Renesys conclusions means that Man-In-the-Middle BGP route hijacking has evolved from a longstanding theoretical concern, discussed at hacker conferences such as Black Hat and among network engineers, to something that happens fairly regularly and carries a severe risk of traffic interception.

“Everyone on the internet – certainly the largest global carriers, certainly any bank or credit card processing company or government agency – should now be monitoring the global routing of their advertised IP prefixes,” Renesys concludes. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/22/net_traffic_redirection_attacks/

5 ways to reduce advertising network latency

The delayed launch of the national Computer Emergency Response Team (CERT) is getting back on track with the appointment of its new director, Chris Gibson. This comes after the project was delayed until next year.

The organisation was due to be up and running this year but recruitment and other issues meant its launch was put back until early 2014.

CERT-UK, a pillar of the government’s £650m National Cyber Security Strategy, is designed to co-ordinate responses to online attacks on a national level.

However things are finally moving along with the announcement of Gibson’s appointment as the director CERT-UK. Gibson joins the government having previously been director of e-Crime at Citigroup and after serving for the last two years as chair of the international Forum of Incident Response and Security Teams.

In a statement, Francis Maude, the minister for Cabinet Office, said: “Chris Gibson brings with him a wealth of experience in cyber incident response in the private sector, both in the UK and internationally. His first-hand knowledge and understanding of cyber security will be invaluable as he leads the national CERT.

“We set out in our national Cyber Security Strategy the importance of strengthening our response to cyber incidents. By establishing CERT-UK we will build on and complement our existing CERT structures. This will help improve national co-ordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security. CERT-UK will be the expert single point of contact for other national CERTs around the globe,” he added.

Gibson said: “I am delighted to join CERT-UK as we enter this exciting phase, with implementation underway and the leadership team now being appointed I am looking forward to the task of bringing together Government, industry, law enforcement and academia to establish the CERT as a team of professionals forming a world-class response to cyber threats to the UK.”

Idea from industry

The UK has had industry-specific CERTs for years (such as Janet CSIRT for university networks, and comparable organisations within government and for the UK defence forces) but has been slow to set up a national CERT, designed to co-ordinate response across all public and private sectors. CERT-UK will provide a comparable function to US-CERT, which has been operating for 10 years since 2003.

A Cabinet Office spokesperson explained that it is hoped that CERT-UK will be up and running early next year, once suitable accommodation is secured and a team is recruited. “In December 2012 HMG announced its intention to move towards a National Computer Emergency Response Team. This decision followed lessons learned from the Olympics which have informed our Cyber Security National Incident Management policy,” it said.

“The new CERT will build on and complement existing structures within government, extending beyond government to industry and academia to provide a core incident management response for the benefit of the UK as a whole. Currently, the design of the new national CERT is complete and the implementation is underway with a particular focus on securing appropriate accommodation, technology and staff. We are continuing to consult with a wide range of stakeholders and are working to ensure CERT-UK is operational early next year.”

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/22/uk_cert_analysis/

Cybersecurity insurance has long been touted as a way that companies could offset the risk of online attacks and data loss, but insurers continue to lack the data necessary to create a competitive and sustainable market.

The increasing availability of threat intelligence, however, could allow insurers to better gauge the risk that potential customers may face online. An analysis of external data that indicates whether a business may be compromised, for example, has detected significant differences between the security posture of companies in different industries, according to a recent report by security-ratings firm BitSight. The financial, retail, and power industries all have fewer compromises and security alerts than the software and technology industry, the firm found.

Such data could help insurers improve their risk picture, says Stephen Boyer, co-founder and chief technology officer for BitSight.

“If they can get good proxies for how an organization is managing risk over time, then they can do a better job at modeling that risk,” Boyer says. “Right now, they don’t have any of that — they basically only have questionnaires.”

Cyberinsurance has grown more popular in recent years. A recent Ponemon Institute survey found that 31 percent of companies had a cybersecurity insurance policy in place, while another 39 percent of companies plan to buy a cybersecurity policy.

The lack of security data, however, is hampering the adoption of cyberinsurance, according to the study. Companies that do not plan to adopt policies list a variety of reasons all linked to the uncertainty in measuring risks, citing expensive premiums, too many exclusions, and not appreciably different coverage than their property and casualty insurance, the Ponemon survey found.

[Liberty Mutual says it isn’t liable to pay cyberinsurance claims filed by grocery chain Schnucks. See cyberInsurer Sues Grocery Client, Says It Won’t Pay Breach Claims.]

Insurers need to find ways of gathering concrete data on the risk, says Andrew Braunberg, research director of for security consultancy NSSLabs.

“The degree to which the insurance companies currently look at the technical controls you have in place to determine the premium for these policies, they are not very sophisticated on how they figure that out. They don’t have good data,” he says.

NSSLabs focuses on helping companies measure their internal controls to gather a better risk picture, while BitSight and other threat-intelligence firms focus on externally available information that could indicate whether a company has been breached.

Yet companies themselves often do not have their own data or are unwilling to give guidance on their cyber-risk. Only 1 percent of Fortune 1000 companies disclosed an actual breach of cybersecurity in their financial filings to the Securities and Exchange Commission (SEC), according to a survey by Willis, a global insurance broker. Seventeen percent of the Fortune 1000 did not disclose any information about their cyber-risk, the company found.

Many companies continue to lack the capabilities necessary to discover attacks within their networks, Ash Raghavan, principal for insurance in the security and privacy practice at accounting firm Deloitte, said in an e-mail interview.

“They often lack the maturity or means to gather information that resides within their own realms, and the completeness and accuracy of the available data is unclear,” he says.

Some relief may be found in the Cybersecurity Framework, a set of voluntary best practices created by the National Institute of Standards and Technology (NIST) to help companies in securing their systems. While the framework will be finalized next year, many proponents have called for incentives to convince companies to adopt the guidelines. Lower insurance polices could be one such benefit, says NSSLabs’ Braunberg.

“If the insurance companies bought into the framework, it might help them to incentivize companies to adopt the framework by requiring policy holders to implement the best practices,” he says.

Yet today’s threat intelligence providers need to develop a more mature and consistent set of risk metrics before they will truly be of use to insurers, says Deloitte’s Raghavan. In addition, general threat intelligence is far less useful than information that may apply to companies in a certain geography or sector, he says.

Finally, threat intelligence will never be sufficient for insurance companies to gauge risk because intelligence sources generally detect attacks after they have already happened, he says.

“The threat landscape evolves quickly,” Raghavan says. “This volatility suggests that today’s threat intelligence may not provide a sufficient basis for insurers to understand how to price their products over the long term, even if the scope of insurance is quite narrow.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/threat-intelligence/threat-intel-to-deliver-some-benefits-to/240164215

Bracknell, Nov 22, 2013.

Panda Security, The Cloud Security Company, today announced general availability on Google Play of version 1.1 of Panda Mobile Security, its solution for protecting mobile devices running Android.

Among other features, this new release includes geolocation and anti-theft protection, allowing users to remotely locate, lock and erase the contents of their devices if lost or stolen:

• Device locator. Tracks and displays on a map lost or stolen tablets or smartphones.

• Remote lock. Locks the device to prevent others from using it.

• Remote wipe. Erases all data on the device, preventing access to all the information stored on it or on its SD memory cards.

Optimized Display on Tablets

Additionally, the new version of Panda Mobile Security boasts an improved interface specifically optimized for Android tablets. Also, the option to send questions and suggestions to technical support has been enhanced as well.

“Panda Mobile Security 1.1 ensures maximum protection for Android devices thanks to a range of new features: geolocation, anti-theft, improved antivirus protection and privacy auditor. According to data published by the prestigious laboratory AV-TEST, by June 2013 there were already over 900,000 different strains of malware for Android in circulation. In this scenario it is essential to have a security solution that provides complete protection for this platform”, said Herv Lambert, Retail Product Marketing Manager at Panda Security.

Key Features

• Antivirus protection: Scans newly installed apps on demand and before they are first used. Also scans memory card content.

• Protection against downloaded threats: Scans apps and app updates for threats and unwanted apps, without affecting device performance.

• SD card scan: Automatically scans SD memory cards for potential threats.

• Privacy auditor: Checks and displays the access permissions of installed apps.

• Process manager (task killer): Analyzes the activity of the apps installed on the device, and reports on their size, CPU utilization and memory usage, with the option to block them if necessary.

• Remote locator: Tracks and maps the location of lost or stolen devices (tablets or smartphones) in real time.

• Remote lock. Instantly locks lost or stolen devices to prevent others from using them or accessing personal information, even if the SIM card is removed.

• Remote wipe: Erases all data on the device, preventing access to all the information stored on it or on its SD memory card.

Every day, PandaLabs, Panda Security’s malware analysis and detection laboratory receives some 206,000 new files to analyze. Of these, around 74,000 are new malware strains that the company’s Collective Intelligence system can analyze, classify and remedy automatically in 99.6 percent of all cases. “Additionally, our Collective Intelligence system gathers information on malware from the worldwide Panda community to continuously improve protection levels for all our users. All our solutions benefit from this vast source of knowledge and experience, offering users a much faster response to the new malware detected every day, regardless of the platform,” concluded Lambert.

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 56 offices throughout the globe with US headquarters in Florida and European headquarters in Spain

Panda Security collaborates with The Stella Project, a program aimed at promoting the incorporation into the community and workplace of people with Down syndrome and other intellectual disabilities, as part of its Corporate Social Responsibility policy.

For more information, please visit http://www.pandasecurity.com

Article source: http://www.darkreading.com/mobile/panda-mobile-security-adds-anti-theft-pr/240164220

(Los Angeles, CA – November 20, 2013) Lieberman Software Corporation, the market leader in Privileged Identity Management solutions, and Securonix, the leader in security intelligence software solutions, have partnered to provide an integration which helps IT Security and Compliance professionals to more closely monitor and analyze insider threats based on privileged user activities across the enterprise.

This innovative joint integration enables the Securonix Security Intelligence Platform to consume Lieberman Software’s award-winning Enterprise Random Password Managertrade (ERPM) Privileged Identity Management (PIM) events in real-time for automated detection of anomalous user or account behavior, as well as advanced privileged identity analytics.

Lieberman Software – Securonix Integration Details

• ERPM events are continuously streamed to Securonix

• Securonix establishes identity context for privileged accounts, including the identification of shared and service accounts

• Advanced analytics are applied to identify privileged account anomalies, including

− Peer Group Analysis to identify any anomalies with respect to peer accounts

− Behavior Analysis to identify abnormal or suspicious behavior

− Specific policy-based violations based on known threats or compliance requirements

• Identity, behavior, and policy driven threat and risk events are automatically scored and prioritized for each monitored account

“We are pleased to continue to lead the emerging identity analytics market by providing advanced risk analytics for privileged identities,” said Sachin Nayyar, CEO of Securonix. “Lieberman Software is a pioneer and market leader in PIM, and this joint integration enables a new continuous monitoring and analytic capability for managing the risk of the insider threat.”

“Privileged account access and activity is one of the high-risk areas identified by Risk, Compliance and IT Audit professionals, as these accounts hold the keys to accessing the most critical enterprise computing and information assets,” said Richard Weeks, VP of Alliances at Lieberman Software. “The fact that at most times these accounts lack identity context, as well as highly focused monitoring in the enterprise environment, means that the keys to the kingdom are often left unscrutinized. By combining our best-of-breed privileged identity access control with Securonix’ advanced risk and threat analytics, we deliver real value to our joint customers and raise the bar on privileged monitoring, anomaly detection and IT risk management.”

The integration, available immediately, is provided at no charge to prospects and existing customers.

About Securonix

Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior Securonix is able to automatically and accurately detect the most advanced data security and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around threat detection and monitoring, high privileged activity monitoring, enterprise and web fraud detection, application risk monitoring, and access risk management. For more information visit www.securonix.com.

About Lieberman Software Corporation

Lieberman Software provides privileged identity management and security management products to more than 1200 customers worldwide, including nearly half of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged account management space, and its products continue to lead the market. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.

Article source: http://www.darkreading.com/end-user/lieberman-software-and-securonix-partner/240164205

OAKBROOK TERRACE, Ill., and ZURICH, Switzerland, Nov. 19, 2013 — VASCO Data Security International, Inc. (Nasdaq: VDSI; www.vasco.com), a leading software security company specializing in authentication products and services, today announced the launch of DIGIPASS 760, a visual transaction signing solution. DIGIPASS 760 is the first successful integration of Cronto’s patented solution into VASCO’s DIGIPASS product line.

DIGIPASS 760 is an innovative authentication device targeted towards banks, enabling them to establish a secure optical communication channel with the client. The solution works with the CrontoSign technology whereby a graphical cryptogram consisting of a matrix of colored dots is displayed on the bank’s website.

Account holders enter their transaction details on the bank’s website. These details are then encrypted and presented as a graphical cryptogram on the user’s computer or tablet. Users simply “scan” this image with the DIGIPASS 760’s built-in camera. The DIGIPASS 760 instantly captures and decrypts the colored cryptogram and the transaction details are presented on the DIGIPASS color display for user verification. A signature is then generated on the DIGIPASS 760 which the user enters on the bank’s website to confirm the transaction.

The solution offers an ultimate user convenience as what you see, is what you sign. User interaction is reduced since the encrypted data from the PC display are automatically transferred to DIGIPASS 760. The innovative transaction signing solution is also future-proof as it provides banks with an option to create their own text or messaging on the display allowing them to add different applications and adapt to the threats and business requirements of tomorrow.

“We are very excited to introduce DIGIPASS 760, the first complete integration of Cronto’s technology in the DIGIPASS portfolio,” says Jan Valcke, President and COO of VASCO Data Security. “DIGIPASS 760 is a high-level transaction signing solution helping banks to mitigate attacks poised by malware or through social engineering specifically targeted at online banking. The solution excels in user-friendliness, as transaction data are automatically captured by the device and clearly displayed for verification. DIGIPASS 760 meets the highest demands for security in online and mobile banking.”

DIGIPASS 760 will be showcased at Cartes on November 19, 20 and 21 in the Paris-Nord Villepinte Exhibition Center (hall 4, booth nr J 027).

More information on DIGIPASS 760 can be found on VASCO’s website: www.vasco.com/DIGIPASS_760

About VASCO

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as a global software company for Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, including approximately 1,700 international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

Article source: http://www.darkreading.com/privacy/vasco-announces-first-digipass-that-inco/240164221