STE WILLIAMS

A global Internet-scanning project focused on finding SCADA/ICS equipment and systems accessible via the public Internet is discovering some 2,000 to 8,000 new exposed devices each day.

Project SHINE, which has been gathering data on SCADA/ICS devices from SHODAN for a year-and-a-half, has identified more than 1 million unique IP addresses thus far, according to Bob Radvanovsky, one of the researchers behind it. “I would say one-fourth or one-third of them are devices that could be vulnerable to malware attacks … and buffer overflows, cross-site scripting, things of that nature,” he says. “[And] we feel the majority are misconfigured or improperly configured.”

This has been a common theme among other global scanning projects searching for exposed devices on the Internet. Many of these devices discovered — everything from home routers to servers — contain default backdoor-type access by their vendors for internal ease of use and access, including default passwords or major security holes. And the sites running these products typically are unaware of these holes or the potential dangers associated with these devices sitting exposed on the Net. They often don’t even know the devices are Internet-accessible.

But locking down or securing these vulnerable devices on the Internet has been much harder than finding them. The well-publicized scanning projects by renowned researcher HD Moore haven’t yielded the expected fixes. Moore says Universal Plug and Play (UPnP) devices, for example, still remain exposed on the Net despite his discovery and disclosure of some 40 to 50 million networked devices in harm’s way via flaws in the pervasive UPnP protocol, which is enabled by default in most printers, routers, network-attached storage, IP cameras, media players, smart TVs, and even video game consoles.

Moore is one of the pioneers of this practice and, most recently, led his company, Rapid7, in forming a community Internet-scanning initiative called Project Sonar. The goal is to provide a way for researchers to share their data as well as to educate vendors whose products are discovered via scans — and to raise public awareness of the vulnerability of this Internet-facing equipment.

[‘Project Sonar’ community initiative launched for sharing Internet-scanning data, tools, and analysis. See Researchers Unite To #ScanAllTheThings.]

Project SHINE has no plans to join up with Project Sonar, says Radvanovsky, who has found via the scans both traditional SCADA/ICS devices and software such as programmable logic controllers (PLCs), remote terminal units (RTUs), sensors, SCADA human machine interface (HMI) servers, and DCS, as well as relative outliers such as medical devices, traffic management systems, automotive control systems, traffic light control systems, HVAC systems, power regulators, CCTV and webcams, serial port servers, and data radios.

Radvanovsky runs the project out of his basement, and he and colleague Jake Brodsky use the online search engine SHODAN combined with their own tools to identify SCADA-specific equipment. The researchers crafted their own search terms to find those types of devices among the devices mapped in the SHODAN database. “We created our custom app that harvests data from the [SHODAN] search engine,” he says. “They are all flat files right now, but we are going to need to convert to a SQL database — there’s that much data.”

Much of the equipment Project SHINE has found are embedded devices, as well as Web interfaces for managing devices, for instance. “We’ve had some oddball scans…[control systems for] mining trucks, for example, which aren’t your typical SCADA systems,” Radvanovsky says.

In one case, Radvanovsky says he found an HVAC system in a building in Florida and discovered that the exposed interface could actually let someone alter the temperature settings of the system remotely via the Internet. “It was 92 degrees outside, and it was a comfortable 78 inside, and we could change” the temperature through the management interface, he says.

Rapid7’s Moore, who is also the creator of Metasploit, says the SHINE Project can help determine the state of SCADA equipment on the Internet. “The SHINE project can definitely improve our understanding of vulnerabilities in Internet-facing SCADA equipment. At the moment, it isn’t clear what type industries are most exposed, what vendors are better or worse than others, and or whether there are classes of vulnerabilities that span a large portion of SCADA infrastructure,” Moore says. “We are seeing security researchers continue to focus on embedded systems, both SCADA and otherwise, and so far, the results have been frightening. The security of your average smartphone is decades ahead of the embedded platforms used by ICS and SCADA equipment.”

Moore says Sonar’s initial focus is on making data, tools, and methods available to more researchers and vendors. Rapid7 is also exploring ways to classify devices and industry sectors that are vulnerable on the Net.

Project SHINE, meanwhile, has spotted products of some big-name vendors, including Allen-Bradley, Caterpillar, Emerson, Honeywell, Mitsubishi, Phillips, Rockwell, Schneider, and Siemens. Most systems were discovered via Web, telnet, and FTP interfaces, with a growing number SNMP interfaces exposed as well.

“One word: astonishing,” Radvanovsky says of what his research says about the state of SCADA/ICS security. “The asset owners of legacy infrastructure organizations do the bare minimum necessary [security-wise] to keep their environment operating,” he says.

“Project SHINE more than anything else is about awareness. We want to make sure industry and government alike know … We are constantly finding new devices. What does that tell you?” he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/project-shine-illuminates-sad-state-of-s/240162739

If there was ever a riddle asking the listener to name something that has gotten bigger and shorter at the same time, distributed denial-of-service attacks (DDoS) would be an acceptable answer.

According to a new report from Arbor Networks on the third quarter of 2013, the average size of attacks now stands at 2.64 Gbps (gigabits per second) for the year, an increase of 78 percent from 2012. There has been a massive growth in the number of attacks monitored by the firm that are over 20 Gbps, to the tune of a 350 percent increase so far this year.

Meanwhile, the length of the vast majority of attacks (87 percent) has gone down to less than an hour.

“Shorter duration attacks are not inherently harder to detect but they can be harder to mitigate,” says Gary Sockrider, solutions architect for the Americas, Arbor Networks. “Many organizations today rely on network or cloud-based mitigation of DDoS attacks. Because they rely on rerouting attack traffic to scrubbing centers there is a small delay in mitigation while routing or domain name changes propagate.”

“Ideally you want to have mitigation capabilities on your own network that can react immediately without the need for redirection,” he continues. “I think it’s safe to say that if you have absolutely no mitigation capabilities, then shorter attacks are better. However, if your only protection has inherent delays, then shorter attacks potentially cannot be stopped.”

Barrett Lyon, founder of DDoS mitigation firm Prolexic Technologies and now CTO of Defense.net, says that shorter DDoS attacks also have the added benefit of minimizing an attacker’s exposure.

“The longer it runs the more things are obviously clogged up and the more reactive network engineers become,” he observes. “When network engineers start researching a problem like that – congestion in their network or why is this computer slow – it exposes the botnet and makes it much vulnerable than it would be otherwise. So if it’s a short attack but big, [attackers] can kind of quickly see and size up their target. They can quickly determine…what’s the best bang-for-the-buck when it comes to attacking.”

There has been a clear trend during the past several years of increasing attack sizes, Sockrider says.

“I believe there [is] a combination of factors enabling this trend,” he says. “First, there is increased availability of simple to use tools for carrying out attacks with little skill or knowledge. Second, there is a growing proliferation of DDoS for hire services that are quite inexpensive. Third, increasingly powerful workstations and servers that get compromised also have significantly faster connections to the internet from which to generate attacks.”

The largest monitored and verified attack size during the quarter was 191 Gbps, according to the firm. Fifty-four percent of attacks this year are more than 1Gbps, up from 33 percent in 2012. Some 37 percent so far this year are between 2Gbps and 10Gbps.

There has also been a general trend of attacks moving to the application layer. In fact, while volumetric attacks are still common, they are now frequently combined with application layer and state exhaustion attacks, Sockrider says.

In some cases, DDoS attacks have served as diversions meant to draw attention from other activities, such as bank fraud. For example, a report published in April by Dell SecureWorks noted how DDoS attacks were launched after fraudulent wire and ACH (automatic clearing house) transfers.

“Most people that follow DDoS trends are aware of the really high-profile attacks against government and financial institutions, but in reality the most common targets are actually business and e-commerce sites,” Sockrider says. “We’re also seeing increased attacks in the online gaming industry, where attacks are waged for competitive advantage. Additionally, some organizations are taking collateral damage because they reside in a data center and they happen to share infrastructure with a high-profile target. The bottom line is that in the current environment, every organization is a potential target.”

*This story was updated with additional commentary.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message

Article source: http://www.darkreading.com/attacks-breaches/ddos-attacks-grow-shorter-but-pack-more/240162741

Supercharge your infrastructure

The mobile malware landscape is changing. Standardisation might be a good thing for building ecosystems and making phones more useful, but the emergence of Android and iOS as leaders in the operating-system wars makes life easier for those who would target the data on your corporate devices.

It also means there is more to steal, with the ability to generate revenue through reversed billed text, calls to premium-rate numbers and banking on mobile devices.

It is common practice to prohibit user-bought laptops from the corporate network and most employees accept this, yet the rules are different for phones.

Secret agents

According to security researchers, back-door Trojans, which steal data without the victim’s knowledge, and malware that goes after banking login information made up the largest portion of all new mobile malware families in Q2 2013, adding 17,000 strains to their database.

We have recently seen a number of spy-phone Trojans. They include Android Backflash, which installs an icon that looks like Adobe flash and opens a back door, and the BadNews bug, which was found in 32 different apps on Google Play.

This installed a downloader, which in turn called in a premium SMS dialler. Estimates range between two and nine million infections.

Mobile malware is no longer a threat that is still over the horizon. And it is not just spammers and crooks who are out to get you.

Knowing what you are fighting is an important part of protection, says Charles Brookson of mobile consultancy Azenby.

Brookson designed the A5/1 and subsequent encryption standards for GSM. He heads the security group of the European Telecommunications Standards Institute and the GSM Association security group, so he is not just a person who knows about mobile security but one who draws up the rules.

Hell hath no fury

Brookson points out that falling foul of general malware is very different to being targeted by a rival, jealous spouses or governments.

The three ‘E’s of mobile data security are engineering, enforcement and education. Perhaps the most common type of engineering solution is the secure container. This takes the form of a sand-boxed run-time environment, often based on the NSA-derived Security-Enhanced Linux.

Daniel Brodie of Lacoon Mobile Security explains: “This is done by encrypting the data on the phone and providing additional data security features, such as copy-paste data loss prevention.

“A common scenario is for secure containers to enable companies to perform a remote-wipe only on an ex-employee’s business data, rather than removing all mobile data, thus relieving the anguish (and possibly also the legal ramifications) of deleting the employee’s personal photographs as well.“

The secure container can be on a standard phone. The US security firm General Dynamics bought the company OK Labs for its security container, which it runs on LG phones sold to the US marines.

The recent vulnerability in the Exynos5 chipset in the drivers used by the camera and multimedia devices creates a hidden Suid (set owner user ID) binary and uses it for privileged operations, such as reading the mobile logs. The file is placed in an execute-only directory, which allows it to remain hidden from most root detectors.

The spy-phone listens to events in the Android debug bridge logs. These logs, and their corresponding access permissions, differ between Android versions. For versions 2.3 or less, it is possible to simply use the logging permissions.

For Android version 4.0 and higher, root permissions are required to view the logs. The spy-phone waits for a log event that signifies that the user is reading an email; by dumping the heap it can work out the email structure and send the mail on to whoever is doing the spying.

This of course needs both a very determined attack and a set of circumstances, but the engineering lesson here is to keep operating systems up to date.

Down to earth

The main reason most security professionals praise BlackBerry’s security is its end-to-end service. Keeping control of the servers is as important as keeping control of the device.

It is not just the data on the device that companies need to worry about. According to Brookson, mail should be hosted on a server at the company premises.

This might be hugely unfashionable in the era of the cloud. But really, if your users are backing up their most sensitive data over the air, you should know where they are backing it up to.

And don’t forget voice. Many companies have to record calls for regulatory reasons. In the UK this is mandated by the Financial Conduct Authority, which was set up in the fallout of the bank mis-selling scandal.

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/16/feature_mobile_security_malware/

SAN FRANCISCO, Calif., October 16, 2013 – Mocana, the app security leader, issued a security advisory and announced an update to its NanoCryptotrade embedded security engine software (www.mocana.com/nanocrypto) that removes the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm, an algorithm that was previously promoted as a cryptographically secure key generation method by the National Institute of Standards and Technology (NIST). Mocana’s action is the result of recent Edward Snowden document revelations that the Dual_EC_DRBG algorithm contains a vulnerability that likely enables US intelligence agencies to easily decrypt communications protected with the algorithm. The algorithm was designated as a standard (SP 800-90A) by NIST in 2006, at least in part because of endorsement and promotion by the NSA. Earlier this month, NIST warned against using Dual_EC_DRBG until scientists determine the full extent of the algorithm’s weaknesses.

“By default, Mocana’s NanoCrypto product uses FIPS 186 pseudorandom number generation, but the Dual_EC_DRBG algorithm was available as an option. We have decided to remove the Dual_EC_DRBG libraries from NanoCrypto entirely to protect our customers,” said Kurt Stammberger, CISSP, vice president of market development at Mocana. “We recommend that our customers review their previous software builds to make sure they did not enable this algorithm.”

The Dual_EC_DRBG algorithm was one of three random number generators made available to developers in the previous versions of the NanoCrypto product. Mocana’s NanoCrypto software is one of the world’s most popular security engines for cellular handset makers and embedded device manufacturers of all kinds, with tens of millions of installations worldwide.

“Many embedded devices, like those in smart grid, industrial automation, medical and automotive applications, are not easy to update or patch, so NSA’s actions are going to impose a non-trivial cost on some device manufacturers as they endeavor to update devices already in the field,” Stammberger added.

Mobile, app and device developers that would like more information about the new version of NanoCrypto (5.8) should email [email protected] or visit the NanoCrypto product page at https://www.mocana.com/nanocrypto/. A copy of the Mocana security advisory is also available there.

About Mocana

Mocana unlocks the extended enterprise and simplifies wide-scale mobile deployments by securing apps automatically, in seconds. The company’s Mobile Application Protection (MAP) app-shielding solution, distributed globally by SAP, mitigates the complexities of mobile management, while freeing developers from difficult and expensive security coding. Launched in 2004 and recognized by the World Economic Forum as a 2012 Technology Pioneer, Mocana is the app security expert, with deep expertise born from a decade of experience securing mission- and life-critical embedded devices across the Internet of Things: from mobile handsets to medical devices to aerospace and defense; from datacom to retail POS to smart grid and industrial automation. More information is available at www.mocana.com.

Article source: http://www.darkreading.com/applications/mocana-purges-nsa-compromised-key-genera/240162717

SAN DIEGO, Oct. 16, 2013 /PRNewswire/ — ESET, the global leader in proactive digital protection with a record of 10 consecutive years winning the prestigious

VB100 awards with the company’s flagship ESET NOD32 security products, today announced the launch of the seventh generation of its flagship consumer products, ESET NOD32 Antivirus and ESET Smart Security. New features and core technology enhancements, including Exploit Blocker, Advanced Memory Scanner, Vulnerability Shield and ESET Social Media Scanner, promote a more enjoyable online experience, while delivering powerful protection against viruses, hacking, and a host of malware threats.

(Logo: http://photos.prnewswire.com/prnh/20121109/SF09648LOGO )

“At ESET, we create security products that help people use their technology safely, creatively, and with confidence,” said Andrew Lee, CEO, ESET North America. “Our powerful new products open up areas of the Internet for protected exploration and discovery while maintaining an extremely light system footprint.

Combining product innovation with user enhancements, we deliver even greater protection from threats, while putting a best-in-class defense in place against viruses and undiscovered malware.”

Version 7 of the flagship products feature a powerful set of new technologies that work together to deliver unparalleled protection. Security enhancements include the ability to scan social media profiles for malware, protection for your personal network, and the addition of web services that provide cybersecurity training, education and innovative anti-theft tools.

Exploit Blocker (patent pending)

The all-new Exploit Blocker protects ESET users from advanced and targeted attacks designed to evade antivirus detection. The blocker targets the most prevalent attack vectors, including web browsers, PDF readers, e-mail clients, and Microsoft Office. It also provides protection against new and undiscovered malware, also known as zero day threats.

Advanced Memory Scanner

The Advanced Memory Scanner stops heavily-encrypted threats designed to avoid detection. Advanced Memory Scanner extends the Host-based Intrusion-Prevention System (HIPS) technology which monitors process behavior and performs in-depth, real-time memory scanning. This improves detection of malware and enables effective infection-prevention, even when malware is specifically written to trick the target device’s emulator/unpacking capabilities. With improved capabilities to analyze decrypted or “stripped” files directly in memory, the software can effectively prevent new and unknown malware attacks without having to rely on pre-existing profiles.

Vulnerability Shield

The Vulnerability Shield acts as an extension of Personal Firewall in ESET Smart Security. It operates on the network level and protects by blocking attacks attempting to exploit network vulnerabilities.

Social Media Scanning

There is a noticeable rise in the number of cyber threats on popular social media platforms. Version 7 of ESET NOD32 Antivirus and Smart Security offer improved social media scanning to protect users and their friends. After making more than 11 million Facebook scans of more than seven billion links, videos, pictures, wall posts, messages and other objects, ESET detected more than one million malicious objects for a 4.2 percent detection rate.

In addition to scanning Facebook profiles for malware, the new social media scanner also extends protection to the user’s Twitter account. It monitors and protects the user and their friends’ social network accounts from threats, allowing the user to choose from on-demand and automatic scans for malware detection. If any potentially harmful content is identified, it will be flagged by the Social Media Scanner and the user will be notified. The Security Center displays the current privacy level on Facebook and Twitter, with suggestions for changes to improve privacy settings. All these improvements are part of the my.eset.com web interface. By creating an account at my.eset.com, the user can manage the protection of their social media profiles and protect an unlimited number of accounts, including those of friends and family.

Improved Anti-Theft Tools

According to a recent Kensington study, a laptop is stolen every 53 seconds, putting the sensitive, personal information on the device and the owner at risk.

With the new ESET Anti-Theft feature, users can designate their laptop as missing and initiate automatic monitoring. Using available Wi-Fi networks, ESET Anti-Theft displays the location of the missing device on a map available through the my.eset.com interface. Owners can send one-way messages to the laptop in order to increase the chance of successfully retrieving it. In addition, the new Laptop Activity Watch function will take photos via the laptop’s built-in camera, as well as capture snapshots of the missing laptop’s screen. ESET saves the photos to the new and improved my.eset.com interface.

Cleaner Module

ESET Research and Development teams have paid close attention not only to detection, but also to malware cleaning. The Cleaner Module has been improved specifically to address the removal of rootkits and a specialized cleaner has been added to help with the most resistant malware.

Cybersecurity Training

ESET provides a series of complimentary cybersecurity training modules to all ESET customers. The educational series features real-world cybercrime scenarios presented in an approachable and easy-to-understand format. ESET customers can take advantage of the learning offered by ESET by logging onto http://www.eset.com/us/download/training/.

Availability

ESET NOD32 Antivirus and ESET Smart Security are officially certified for Windows 8 and Windows 8.1 operating systems and are currently available to the general public. To download the new Version 7 products and to find out more about the new core technology features, visit ESET NOD32 Antivirus and ESET Smart Security product pages.

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning ESET NOD32 technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32 Antivirus, ESET Smart Security, ESET Cyber Security (solution for Mac), ESET Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

Article source: http://www.darkreading.com/end-user/eset-releases-version-7-of-eset-nod32-an/240162703

CounterTack today announced it has closed a $12 million Series B round of funding, supported by Goldman Sachs, Fairhaven Capital and a group of private investors. The funding will help CounterTack to support its accelerated go-to-market strategy and global expansion in the endpoint threat detection and response market.

“We are excited about our series B which includes Goldman Sachs, Fairhaven Capital and our private investors,” said Neal Creighton, CEO of CounterTack. “The market has shown tremendous interest in our approach to securing enterprise endpoints and defending against highly targeted and persistent attacks. As a result of our momentum, we are currently oversubscribed, with the potential for CounterTack to receive additional funding in this round.”

CounterTack’s Sentinel and Scout solutions provide real-time threat detection and visibility into attacker behaviors. This visibility enables CounterTack to rapidly detect and analyze threats on individual endpoints throughout a customer’s organization, and correlate threats enterprise-wide, to identify attack characteristics and motives to better defend against them.

“We are seeing an explosive opportunity in the endpoint security market worldwide,” said Mark Hatfield, partner at Fairhaven Capital. “CounterTack’s innovative approach to detecting and analyzing threats on desktop, laptop and server endpoints positions the company to become the next meaningful security technology to the global enterprise. As the threat landscape has evolved, so has CounterTack, keeping the company and its customers ahead of persistent attackers.”

CounterTack continues to gain international attention for its Scout and Sentinel products. In August 2013, the company announced a new partnership with SK Infosec, a large South Korean information security provider. Under the partnership agreement, CounterTack’s Sentinel will play a critical role in countering the ongoing cyber attacks that South Korean organizations face everyday.

Article source: http://www.darkreading.com/vulnerability/countertack-announces-12m-series-b-round/240162718

BURLINGTON, MASSACHUSETTS–(Marketwired – Oct. 16, 2013) – Klocwork(R) Inc., a global leader in software development tools for creating secure code, today announced that it continues to grow the list of worldwide automotive suppliers and manufacturers who are deploying its Insight(TM) source code analysis toolset to ensure the security and reliability of complex new automotive electronic systems.

According to a recent report by Ward Automotive, there are over 1 Billion vehicles in operation worldwide, and it is forecasted that by 2035 that number will exceed 1.7B. Many vehicles now have more than 100 Million lines of software code in their on board systems, and as the sophistication of those systems continues to grow, the complexity and amount of code will only grow as well. The explosion of consumer electronics use in society has sensitized customers to the threat of viruses, identify theft and other cyber crimes, and many fear their automobile is the next target for malicious attack.

With components coming from varied suppliers to provide the latest in navigation, infotainment, and communications features, along with advanced fuel management, braking and drive train technologies, security is increasingly paramount. Manufacturers and suppliers are now demanding software development tools that enable them to find and fix security vulnerabilities and code defects in the most automated and efficient way possible, and to ensure they remain compliant with the most current industry standards in the process. Being front page news about the latest automotive software security breach can be catastrophic to their brand and their bottom line.

Klocwork Insight continues to be the tool of choice for these developers. It provides them with advanced code analysis, including deep data flow and structural analysis, right at their desktop as they write their code. Insight supports MISRA C and C++ coding standards and has received both ISO 26262 and IEC 61508 certifications. Leveraging these capabilities, Insight empowers developers themselves to find and fix any security vulnerabilities, code defects or compliance violations prior to code check-in, creating unmatched development efficiency and reducing project time and costs dramatically.

“Application security requirements in the automotive world will soon rival those in Military/Aerospace and other similar industries. As the number of automated vehicles on the roads increases, the potential for widespread havoc that can be created by agents that want to do evil will increase. More intelligent vehicles means more software in those vehicles. The number of suppliers to the auto manufacturers will continue to grow as the demand for more consumer convenience grows. A perfect security storm is developing and it needs to be addressed urgently. Klocwork continues to lead the way in providing customers with the software tools and the standards support they need to produce these compelling new applications with the confidence that they are protected and dependable,” said Gwyn Fisher, Klocwork Chief Technology Officer.

About Klocwork

In the world of AppSec, developers and the firms that employ them demand tools that provide a competitive edge. Klocwork meets these demands with compelling desktop tools that enable developers to produce secure, reliable software more easily and quickly. Klocwork’s unique SCA tool provides accurate, reliable analysis as developers write their code, identifying potential security vulnerabilities and reliability issues before they are submitted to the software build. Additional desktop tools simplify code review, refactoring and architectural analysis. Over 1,100 customers, including the biggest brands in the automotive, mobile device, consumer electronics, medical technologies, telecom, gaming, military and aerospace sectors rely on these tools everyday to make their software more secure and reliable. Creating applications they are proud of. Find out more at www.klocwork.com.

Klocwork is a registered trademark of Klocwork Inc. in the United States and other countries. All other names are trademarks or registered trademarks of their respective companies.

Article source: http://www.darkreading.com/applications/klocwork-insight-helps-automotive-indust/240162719

SAN JOSE, Calif. – Malwarebytes, a leading provider of anti-malware solutions, today launched a free mobile security application for Android devices. Malwarebytes Anti-Malware Mobile, available on Google Play, protects Android phones and tablets from malware, infected apps and unauthorized surveillance. Unlike most security apps that come overloaded with phone location features already found in Android’s Device Manager, Malwarebytes Anti-Malware Mobile is “lean,” and provides only the necessary security features to weed out malicious software without impacting your device’s performance.

“Since computer software has been around, people have been finding ways to attack it by through vulnerabilities or through targeting users,” said Marcin Kleczynski, CEO of Malwarebytes. “The Android mobile operating system is no different. Its success in the consumer space–and its openness–has made it a huge target for malware authors.”

What makes Malwarebytes Anti-Malware Mobile stand out is what goes on behind the scenes. Similar to Malwarebytes’ line of signature PC products, Malwarebytes Anti-Malware Mobile is powered by an advanced custom-built detection engine that eliminates spyware, Trojans and other malware in real-time to ensure your personal identity and data are protected.

In addition to updating the protection database automatically, Malwarebytes Anti-Malware Mobile proactively scans third-party applications and files for malware and spyware, and comes equipped with a number of features that identify and close potential security vulnerabilities.

Additional security features found in Malwarebytes Anti-Malware Mobile include:

Privacy Manager, which collects and categorizes what personal information is being accessed from third-party apps and breaks down access privileges in detail, so you can track what apps are using unauthorized personal data or costing you money by employing premium services without your knowledge.

Security Audit, which flags security vulnerabilities, like GPS tracking and unsecured WiFi, and suggests steps to close them.

Application Manager, which identifies what applications are currently running or installed and their CPU usage so you can terminate non-essential operations to conserve battery life and system resources, and to identify unauthorized applications.

For a complete feature list, visit www.malwarebytes.org/products/mobile/.

Malwarebytes Anti-Malware Mobile is available for free, and compatible with Android 2.3 or later. To download the app, visit Google Play.

About Malwarebytes

Malwarebytes provides software designed to protect consumers and businesses against malicious threats that consistently escape detection by other antivirus solutions. Malwarebytes Anti-Malware Pro, the company’s flagship product, employs a highly advanced behavior-based detection engine that has removed more than 5 billion malicious threats from computers worldwide. Founded in 2008, the self-funded company is headquartered in California, operates offices in Europe, and employs a global team of researchers and experts. For more information, please visit us at www.malwarebytes.org.

Article source: http://www.darkreading.com/mobile/malwarebytes-launches-android-app-to-tac/240162711

Zurich, Switzerland – October 16, 2013 – Akamai, a leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released its Second Quarter, 2013 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platformtrade, the report provides insights into key global statistics such as network connectivity and connection speeds, attack traffic, and broadband adoption and availability, among many others.

The Second Quarter, 2013 State of the Internet Report includes insights into attacks for which a group calling itself Syrian Electronic Army has claimed responsibilities, as well as observations on Akamai traffic activity due to Internet disruptions in Sudan and Syria. The report also reviews mobile browser usage by network type based on data from Akamai IO.

European Highlights from Akamai’s Second Quarter, 2013 State of the Internet Report:

Average and Peak Connection Speeds: impressive year-over-year gains observed in Europe

The global average connection speed increased in the second quarter of 2013, growing 5.2 percent quarter-over-quarter to 3.3 Mbps. Quarter-over-quarter growth was seen in nine of the top 10 countries/regions, with the largest increases being observed among European countries; the United Kingdom, Belgium, Ireland, Spain, France and Italy all demonstrated more than 10% growth in average connection speed quarter-over-quarter.

With a strong 9.1 percent increase over the prior quarter, Switzerland (ranked #3 globally) remained the European country with the highest average connection speed at 11 Mbps. This quarter the Netherlands (10.1 Mbps) joined Switzerland as the only other European country to achieve an average connection speed above the 10 Mbps ‘high broadband’ threshold, thanks to a 6.2 percent quarter-over-quarter increase.

Examining year-over-year changes, the United Kingdom achieved the largest gain at 48% (to 8.4 Mbps) while Sweden followed close behind with 44% yearly growth (to 8.4 Mbps). Three additional countries achieved significant year-on-year increases in excess of 30%: Czech Republic (up 36% to 9.8 Mbps); Norway (up 34% to 7.4 Mbps); and Switzerland (up 31%). A further 11 countries grew more than 20% from the second quarter of 2012: Belgium and Ireland (up 29%); Austria (up 28%); the Netherlands, Germany, Poland and Spain (up 27%); Finland (up 24%); Italy and France (up 23%); and Denmark (up 21%).

At 47.5 Mbps, Romania’s second quarter average peak connection speed tops the European leader board, followed by Switzerland (41.4 Mbps), Belgium (39.9 Mbps), the Netherlands (38.8 Mbps) and the United Kingdom (37.1 Mbps). Year-over-year changes to European average peak connection speeds demonstrate further impressive increases: the United Kingdom achieved a 52% growth while another three countries grew by more than 40% over the same period (Norway, Sweden, and Austria). An additional 12 countries saw average peak speeds increase by 30% or more year-over-year.

Overall, the strong growth rates in average peak connection speeds point to ongoing improvements in the quality of Internet connectivity and the availability/affordability of high speed Internet services available within the European region.

Internet Penetration:

More than 752 million unique IPv4 addresses from 242 countries/regions connected to the Akamai Intelligent Platform, an increase of 2% over the previous quarter and 13% over the second quarter of 2012. Since a single IP address can represent multiple individuals in some cases – such as when users access the Web through a firewall or proxy server – Akamai estimates the total number of unique Web users connecting to its platform during the quarter to be well over one billion.

The global number of unique IP addresses seen by the Akamai Intelligent Platform grew by almost 19 million during the quarter; just over 75% of countries in the world had higher unique IP address counts compared to the second quarter of 2012.

Among European countries appearing in the top 10 countries listing, yearly growth ranged from 12% in Italy (ranked #9 globally) to 9.6 percent in the UK (ranked #6), 5.3 percent in Germany (ranked #4) and 3.8 percent in France (ranked #7).

“The Second Quarter, 2013 State of the Internet Report notes some significant milestones and trends, including the fact that half of all connections to Akamai occurred at speeds of 4 Mbps or higher, a 25% increase since the first quarter of 2012,” said David Belson, the report’s editor. “We also saw a decline in the number of countries/regions with average connection speeds of 1 Mbps or less – down to 11 from 14 in the last quarter – likely indicative of improved broadband connectivity across some of the slowest geographies. These positive trends bode well for the continued increase and adoption of broadband connectivity around the world.”

Attack Traffic and Top Ports Attacked: attack traffic originating from Europe declines by 9%age points

Akamai maintains a distributed set of unadvertised agents deployed across the Internet that log connection attempts, which the company classifies as attack traffic. Based on data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates as well as the top ports targeted by these attacks. It is important to note, however, that the originating country identified by the source IP address may not represent that nation in which the attacker resides. For example, an individual in the United States may be launching attacks from compromised systems anywhere in the world.

In the second quarter Indonesia pushed China out of the top spot, nearly doubling its first-quarter traffic from 21% to 38%. China moved to second position, originating 33% of all attack traffic observed while the United States remained in third position. Together, Indonesia and China originated more than half of the total observed attack traffic.

This quarter, Europe accounted for just over 10% of all observed attack traffic. This represents a fall of nearly 9%age points quarter-over-quarter.

For the first time since the inaugural State of the Internet Report (first quarter of 2008), Port 445 (Microsoft DS) was not the most targeted port for attacks, dropping to third place at 15% behind Port 443 (SSL [HTTPS]) at 17% and Port 80 (WWW [HTTP] at 24%.

Observations on DDoS Attacks: number of attacks increases by 54% this quarter

In addition to observations on attack traffic, the State of the Internet Report includes insight into distributed denial of service (DDoS) attacks based on reports from Akamai customers. In the second quarter of 2013, Akamai customers reported 318 attacks, a 54% increase over the 208 reported in the first quarter. At 134 reported attacks, the Enterprise sector continued to be the leading target of DDoS attacks, followed by Commerce (91), Media Entertainment (53), High Tech (23) and Public Sector (17).

During the quarter, a group calling themselves the Syrian Electronic Army (SEA) claimed responsibility for several attacks against news and media companies during the second quarter of 2013. The attacks all employed similar spear-fishing tactics in which internal email accounts were compromised and leveraged to collect credentials to gain access to targets’ Twitter feeds, RSS feeds and other sensitive information.

European High Broadband Connectivity: Switzerland leads the region in high broadband ( 10 Mbps) adoption

European high broadband (10 Mbps) adoption continued apace in this quarter. Switzerland led the way with 37% of all connections at speed above 10 Mbps, followed by the Netherlands (31 percent) and Czech Republic (27 percent). Extremely strong year-over-year increases were observed in a number of European countries, with the United Kingdom up 200% and Ireland up 93%, while the Czech Republic, Belgium, Sweden, Germany, Poland, Spain and France saw high broadband adoption rates increase by 70% or more from the second quarter of 2012.

Mobile Connectivity: data traffic grows 14% in the quarter

During the second quarter of 2013, average connection speeds on surveyed mobile network operators ranged from a high of 9.7 Mbps to a low of 0.5 Mbps. Eleven operators demonstrated average connection speeds in the broadband (4 Mbps) range and 62 operators showed average connection speeds above 1 Mbps. Data collected by Ericsson shows that the volume of mobile data traffic grew 14% during the quarter and nearly doubled year-over-year.

Based on data derived from Akamai IO for the second quarter of 2013, mobile devices on cellular networks using the Android Webkit accounted for slightly less than 38% of requests while Apple Mobile Safari saw nearly 34% of requests. In measuring mobile devices across all network types, Apple Mobile Safari accounted for just over 54% of usage while Android Webkit was responsible for 27.6 percent.

In Europe, a mobile operator from the Czech Republic led the way with the fastest average connection speed of 6.4 Mbps, while a Greek operator achieved the highest average peak connection speed of 54.9 Mbps.

UK Country Highlights

UK Unique IPv4 addresses up 9.6% year on year to 29,131,348

48% year-on-year increase to 8.4Mbps of EMEA Average connection speed (5th in EMEA, 10th globally)

52% year-on-year increase to 37.1Mbps of EMEA Average Peak Connection Speeds (7th in EMEA, 14th globally)

200% year-on-year increase in high broadband (10Mbps) penetration to 23% (6th in EMEA, 12th globally)

75% of broadband connections in the UK measured above 4Mbps – a 33% increase year on year (9th in EMEA, 16th globally)

0.5% of global attack traffic appeared to originate in the UK

About the Akamai State of the Internet Report

Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity, and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. To learn more, and to access the archive of past reports, please visit www.akamai.com/stateoftheinternet.

To download the figures from the Second Quarter, 2013 State of the Internet Report, please visit http://wwwns.akamai.com/soti/soti_q213_figures.zip.

About Akamai

Akamai is a leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platformtrade providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Article source: http://www.darkreading.com/perimeter/akamai-releases-second-quarter-2013-stat/240162720

CAMPBELL, Calif. October 15, 2013–ForeScout Technologies, Inc., a leading provider of pervasive network security solutions for Fortune 1000 enterprises and government organizations, today announced the ControlFabrictrade platform to enable IT security products to dynamically share information and allow enterprises to more rapidly respond to a range of enterprise security and operational issues. The platform features new interfaces that open ForeScout CounterACTtrade to developers, customers and system integrators, allowing them to flexibly integrate CounterACT with other security and management systems.

“You can’t manage what you can’t measure. IT organizations must understand network users, devices, configurations, applications and activities at all times to manage risk and efficiently prevent, detect and respond to incidents. Unfortunately, the common defense-in-depth approach often yields silos of tools and plenty of data, which leave the security team to try and connect the dots,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “ForeScout’s ControlFabric platform represents a flexible approach to gain the context and policies necessary to advance endpoint compliance, continuous monitoring and security analytics.”

Enterprises are challenged with supporting business agility while managing security risks due to greater network, device, access and threat complexity. Exacerbating this situation is the proliferation of BYOD device use as well as increased exposure to rogue devices, non-compliant systems and targeted attacks. To optimize IT resources and responsiveness, organizations require real-time operational insight and efficient means to resolve security problems and contain incidents.

ForeScout ControlFabric is an open platform that enables ForeScout CounterACT and other IT solutions to exchange information and mitigate a wide variety of network and endpoint security concerns. The platform helps enterprises to advance situational awareness by leveraging infrastructure data and to improve the security posture by applying policy-based controls to expedite remediation actions. It also saves time and money through the automation of routine activities. ForeScout CounterACT is a proven, enterprise-scale network security solution that provides visibility of all network users, endpoints and applications in real time. CounterACT shares this intelligence with other security and management systems that interoperate through ForeScout’s ControlFabric Interface, and it receives information from these systems to trigger security policies. This allows enterprises to apply broader network-based controls by leveraging existing IT security and management tools that heretofore have been limited to analyzing, alerting and reporting information (e.g. SIEM, VA and ATP).

“IT organizations require defenses that not only interoperate with each other but also provide more value than the individual solutions deliver on their own. It’s about maximizing their ROI in people, process and tools,” said Gord Boyce, CEO of ForeScout. “Developed and proven over the last few years, the ForeScout ControlFabric platform allows customers to mobilize their enterprise tools and operational data in truly creative ways that dramatically improve visibility, risk management and productivity.”

The ControlFabric platform includes base integrations in the form of CounterACT plug-ins that work with popular network infrastructure, endpoints, directories, systems management, such as Microsoft SCCM, and endpoint security software, such as antivirus. This out-of-the-box interoperability allows ForeScout’s customers to find security gaps and address unauthorized network access and data leakage, bring your own device (BYOD) risks, endpoint compliance violations and advanced persistent threats (APTs).

ControlFabric extended integrations, developed and supported by ForeScout, bring additional value to the CounterACT appliance and are available as licensed plug-ins for:

Mobile Device Management (MDM) – to help automate the enrollment of new mobile devices in the MDM system and to ensure that only authorized and compliant devices can connect to the network. Modules for AirWatch, Citrix, Fiberlink, MobileIron and SAP Afaria are available

Advanced Threat Detection (ATD) – to enable IT security managers to quickly quarantine devices that are identified as infected and exfiltrating data. Support for FireEye is available with a module for McAfee’s new Advanced Threat Defense and others planned

Security Information and Event Management (SIEM) – to bring real-time endpoint security posture details into SIEM tools and to allow them to be able to isolate or remediate endpoint security faults. SIEM modules are available for HP ArcSight, IBM QRadar, McAfee Enterprise Security Manager, RSA Envision, Splunk Enterprise and Tibco LogLogic

Endpoint Protection – provides complete awareness and control of host-based defenses of both managed and unmanaged devices. The integration module for McAfee ePolicy Orchestrator software informs the McAfee ePolicy Orchestrator of unmanaged systems and helps it initiate automated remediation of security faults by either quarantining the endpoint or remediating the configuration problem on the endpoint

Vulnerability assessment (VA) – will trigger a scan of new devices the moment they join the network plus add the ability to preform a remediation action, such as quarantining an endpoint and/or initiating a software update, as soon as the VA product identifies a serious vulnerability. The integration module currently supports Tenable Nessus, with support for McAfee Vulnerability Manager and Qualys planned

In addition, ForeScout has made the ControlFabric platform more extensible for developers, system integrators and customers through the new ControlFabric Interface. This set of standards-based integration mechanisms allows disparate security and management systems to communicate bi-directionally with the platform and, ultimately, the CounterACT network security appliance. The ControlFabric Interface currently employs LDAP, SYSLOG, SQL, Web Services API and other standards with more integration options planned.

Availability, Pricing and New Partner Program

The ForeScout ControlFabric platform and its components are immediately available. A new ControlFabric Integration Module, which runs on the ForeScout CounterACT appliance, provides additional interfaces for third-party product integration. The ControlFabric Integration Module pricing starts at U.S. $3,600 Manufacturer’s Suggested Retail Price (MSRP).

To accelerate the development of third-party integrations, ForeScout has introduced the ControlFabric Technology Partner Program. To see a list of leading IT infrastructure vendors supporting the program and to obtain more information on program requirements and advantages, see today’s announcement at http://www.forescout.com/press-release/forescout-introduces-controlfabric-technology-partner-program/.

Relevant Links

ForeScout ControlFabric Platform Brochure

ForeScout Blog

ForeScout Facebook

ForeScout Twitter

Tweet This: ForeScout’s new ControlFabric platform fosters interoperability and enables continuous monitoring and mitigation http://bit.ly/19zHhCs

About ForeScout Technologies, Inc.

ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyberattacks. The company’s CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based mitigation of security issues. ForeScout’s open ControlFabric platform allows a broad range of IT security products and management systems to share information and automate remediation actions. Because ForeScout’s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide. Learn more at: www.forescout.com.

Article source: http://www.darkreading.com/management/forescout-introduces-the-controlfabric-p/240162728