STE WILLIAMS

Adobe’s Patch Tuesday fixes are out.

This is business as usual, promised long in advance and expected toay, so there isn’t anything in it related to the company’s recent network intrusion woes. (We hope!)

There’s a RoboHelp update, discussed in APSB13-24, and fixes for Version XI of Acrobat and Reader, discussed in APSB13-25.

The RoboHelp bug allows potential RCE, or Remote Code Execution, so you definitely want the APSB13-24 patch if you’re a RoboHelp user.

The Reader XI and Acrobat XI vulnerability is a little different, and it’s just the sort of bug that Adobe could have done without right now, because it’s what is known as a regression.

If you’re on Reader X or Acrobat X, you’re not affected and can stand down from high alert. For now, anyway.

In programming, a regression is when you make new changes that inadvertently counteract various previous changes and, hey presto, a bug that you thought you’d got rid of returns.

If you like, a regression is a sort of anti-patch, where you repeat a mistake you fixed already.

Adobe isn’t giving a lot of detail away, but does say:

This update resolves a regression that permitted the launch of javacript scheme URIs when viewing a PDF in a browser (CVE-2013-5325).

The scheme in a URI is the part at the beginning, like http://, or mailto:, that tells your browser how to get to the resource you’ve just specified.

Until fairly recently, most browsers allowed you to go the address bar and run JavaScript directly, by prefixing it with the scheme identifier javascript:, for example like this:

The hazards quickly became obvious once scammers starting luring you into “pasting the following web address into the address bar,” but including a JavaScript-based URL, not one that used HTTP.

→ There are hundreds of different legal URL schemes, from aaa: (a protocol to do with login, dealing with authentication, authorisation and accounting) to z39.50: (a search and indexing protocol that was made pointless by the web).

JavaScript-based URLs are now considered harmful in your browser’s address bar, and so browsers simply ignore them.

So will your Adobe PDF plugin, once you’ve updated.

Should you patch Reader and Acrobat?

And that raises an interesting question: should you apply this patch?

After all, some of you might be feeling a bit cagey about accepting Adobe’s patches right now.

The company just admitted that hackers were able to break in and exfiltrate 40GB of product source code from the corporate network, almost certainly including Acrobat.

What if the crooks were also able to make commits? (That’s where you save back changes so they can be compiled into the next build.)

If they did so, and their changes weren’t spotted, malicious modifications could now be part of an official release.

My own opinion is that this is highly unlikely, not least because modern software engineering tools make it comparatively easy to track the changes to the source code files in a product between builds.

Easy for me to say, of course – as an OS X user my PDF needs are met without having Reader or Acrobat installed, so a botched release wouldn’t affect me directly.

Nevertheless, remember that this patch deals with fixing a regression – “repatching” a previous patch – rather than with a shepherding in a huge raft of changes throughout the product.

So it’s reasonable to assume that if Adobe’s recent unauthorised visitors really had made any malware-related modifications, they’d surely have been spotted before release.

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Kai837pPfgQ/

Email delivery: Hate phishing emails? You’ll love DMARC

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.

A team of hacktivists calling themselves KDMS have claimed credit for the hacks.

Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”

A blog post by Cluley – featuring a screen-shot of the AVG defacement – can be found here.

Security experts were quick to discover that all three victims use hosting biz Network Solutions as their DNS provider. Hackers may have exploited security shortcomings at Network Solutions to alter DNS records and so gain control of their targets’ domains.

The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.

LeaseWeb’s statement on the attack can be found here.

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause. The hosting firm is seeking to play down the significance of the attack, which it characterises as regrettable but superficial and quickly resolved.

Update

A spokeswoman for AVG said: “AVG can confirm today that it has had a select number of online properties defaced as a result of our DNS provider being compromised. A number of other companies appear to have been similarly targeted. The situation is being monitored and assessed. Customers are our priority and AVG is working hard to resume normal service levels to its customer base.”

An Avira spokesperson said: “Today we have experienced a major disruption in our DNS service. It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our internet service provider, Network Solutions.”

El Reg has also contacted Network Solutions for comment, but they had not responded at the time of publication. We’ll update if we hear more. ®

Bootnote

Thanks to Reg reader Kevin G, who was the first to advise us that AVG website visitors were getting their surfing sessions hijacked, as well as correctly diagnosing the DNS chicanery behind the attack.

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/08/dns_hijack_attack_spree/

Email delivery: Hate phishing emails? You’ll love DMARC

Microsoft’s first ever bug bounty programme has resulted in payouts totalling $28,000 to security researchers who found flaws in the preview release of Internet Explorer 11.

Redmond offers a maximum reward of $11,000 to researchers who found security vulnerabilities in pre-release versions of IE 11 during the period of the bug bounty programme, which ran for a month from 26 June. In the event Microsoft paid out $28k to six researchers who collectively reported 15 different bugs.

An honours roll page credits James Forshaw of Context Security as the most prolific of these researchers. Forshaw earned $9,400 for his efforts in discovering design level vulnerabilities and other security bugs in IE11.

Google engineers Ivan Fratric and Fermin J Serna received $1,100 and $500, respectively, for uncovering lesser flaws. Both these bounties were donated to charity.

Bug bounty programmes have become commonplace across the IT industry over recent years. The schemes motivate researchers to report flaws to vendors, rather than selling details of bugs to TippingPoint’s Zero Day Initiative or hawking them through exploit brokers or vulnerability marketplaces. Google’s bug bounties are the best known and most financially generous.

The IE 11 bug-hunting season has closed but Microsoft is still offering a rather more generous $100,000 for “truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview)”. And this can be topped up by a reward of up to $50,000 for ideas on how to defend against identified attacks. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/08/ms_bug_bounty/

[The following is excerpted from “Monitoring Security In Cloud Environments,” a new report posted this week on Dark Reading’s Security Monitoring Tech Center.]

The cloud is no longer outlying technology. Indeed, any organization that isn’t using cloud computing technology is probably considering it. The benefits can be enormous: flexible, on-demand access to superior resources — but only when and where needed — usually with lower unit costs and reduced complexity.

But concerns over the security of data held in the cloud remain a barrier to adoption. The news of PRISM, a surveillance program that gives the National Security Agency access to users’ data held by major websites, has further increased cloud paranoia and fears over data privacy. Forrester Research estimates that the impact of PRISM on the cloud computing industry could be as much as $180 billion.

PRISM aside, security has lagged behind advances in other cloud features, even though numerous laws and industry standards mandate the safeguarding of information. Issues such as reliability, uptime and disaster recovery have seen significant improvement, but initiatives to address monitoring, auditing and corporate governance have been less noticeable. For example, security monitoring is far less developed than operational performance monitoring.

The perceived loss of visibility into events is a resistance point for many administrators because they can’t see what’s happening or whether safeguards are working. Understandably, many administrators question how they can achieve an adequate level of security monitoring for data in the cloud comparable to that of data stored on-premises when a third party owns the hardware and network.

Despite these reservations, the pressure to adopt some form of cloud computing technology often becomes overwhelming. Given the exponential increase in data and the number and variety of connected users and devices in use today, often the only way to meet customers’, employees’ and partners’ expectations of personalization and access to real-time information is by harnessing cloud services.

A first step is to decide which type of cloud environment best suits the organization’s security requirements and capabilities. To ensure that data is correctly protected in cloud environments, organizations need to understand what data is going to be cloud-based, how access to it can be monitored, what types of vulnerabilities exist and how to demonstrate that controls are in place to meet regulatory obligations.

Cloud computing can ease certain security issues while increasing others, but it will never eliminate the need to follow traditional security principles — data in the cloud still needs the same treatment as that located on-premises.

Classifying data assets is essential to knowing what level of security is required in the cloud, so it’s worth revisiting and updating security policies so that they reflect changes made to the existing infrastructure to incorporate cloud technologies.

For detailed descriptions of cloud monitoring technologies — and some strategies for building cloud environments that improve security visibility — download the free report.

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/cloud/monitoring-security-in-cloud-environment/240162352

SAN DIEGO, Calif. – October 8, 2013 – BeyondTrust, the security industry’s only provider of Context-Aware Security Intelligence, today announced that Retina Network Security Scanner, the industry’s most mature and effective vulnerability scanner, is now available with unlimited scanning and reporting for just $1200 for a full-year subscription. Customers will now have the ability to target an unlimited number of assets within their IT infrastructure, including critical network devices, virtual systems and databases, with no restrictions.

With this latest development, BeyondTrust offers organizations the most flexible and scalable vulnerability assessment solution on the market to efficiently identify IT exposures and prioritize remediation company-wide. Retina Network Security Scanner is simple to install and easy to use, and with the fastest scanning engine available today identifies vulnerabilities including missing patches and configuration weaknesses.

As part of this unprecedented package, BeyondTrust is also offering its reporting compliance pack, so organizations can easily test and provide the necessary documentation for SCAP, SOX, HIPAA, PCI, and ISO among other industry-specific regulatory requirements. Retina Network Security Scanner is immediately available for purchase. For more information, please visit: go.beyondtrust.com/rnssu

“With exploits and targeted attacks appearing faster than ever before, vulnerability scanners are an absolute must-have for any size organization and cost should never be a barrier,” said Marc Maiffret, chief technology officer at BeyondTrust. “Retina Network Security Solution empowers organizations to identify risks and learn how to remediate them, dramatically reducing the internal and external attack surface of their environments.”

Retina Network Security Scanner is already in use by over 10,000 organizations worldwide and includes targeted scan profiles for security, compliance and systems administrators responsible for today’s dynamic IT environment. Retina provides cost-effective security risk assessment, as well as enables security best practices, policy enforcement, and regulatory audits. Now, IT professionals responsible for such critical areas as servers, desktops, virtualization and databases can quickly and easily assess their focus area for vulnerabilities.

Learn more about the entire family of Retina vulnerability management solutions during this two-minute video: https://vimeo.com/76358645

About BeyondTrust

BeyondTrust is the leading security solution vendor providing Context-Aware Security Intelligence, giving customers the visibility and controls necessary to reduce their IT security risks, while at the same time simplifying their compliance reporting.

BeyondTrust offers consistent policy-driven vulnerability and privilege management, role-based access control, monitoring, logging, auditing and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, mobile and cloud environments.

With more than 25 years of global success, BeyondTrust is the pioneer of both Threat Management and Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world’s 10 largest banks, eight of the world’s 10 largest aerospace and defense firms, and 7 of the 10 largest U.S. pharmaceutical companies, as well as renowned universities across the globe.

Article source: http://www.darkreading.com/intrusion-prevention/beyondtrust-releases-network-security-sc/240162384

SUNNYVALE, Calif., Oct. 8, 2013 — Fujitsu Computer Products of America today announced the introduction of iNetSec Smart Finder, the internal network security appliance that offers wired and wireless device discovery, classification and management, and Layer 7 application control. Smart Finder enables IT administrators to monitor and prevent future threats from the inside of an organization. Smart Finder has been available in Japan for three years and has been the fastest growing product in the market for the past two years, according to total Network Security Business 2012-2013 sales data from Fuji Chimera Research Institute, Inc.

In today’s mobile economy, security has become vital for businesses and organizations as more and more employees are using personal devices in the office. BYOD (bring your own device) and mobile device management are no longer new trends but rather common practice, and with an increasing variety of IP-based equipment sending data over networks, companies need to ensure that they have solutions in place so that their internal data is managed and secure.

“The shift toward a BYOD culture in today’s workplace has resulted in employees bringing more and more personal devices and personal applications to the office to meet their specific needs and increase productivity,” said Avni Rambhia, Digital Media Industry Manager at Frost Sullivan. “This increase in non-company owned laptops, tablets and smartphones also brings with it a variety of security threats, such as malware and botnets, that put businesses at risk. To best secure their networks and proprietary information, companies must protect themselves not just against external threats, but also from internal threats.”

Smart Finder incorporates both NAC (network access control) and IPS (intrusion prevention system) features into a hybrid product that is ideal for companies that do not need products with full-blown NAC and IPS capabilities but want or need elements of each.

“Many companies need a way to secure their networks from the inside out without the headache of high costs or extreme technical complexity,” said Carmine Clementelli, Product Manager, Fujitsu Computer Products of America, Inc. “Smart Finder has a unique blend of essential NAC and IPS features, is easy to use, and fits the budget and technical know-how of a wide range of companies.”

Key features of iNetSec Smart Finder include:

– Endpoint Visibility Device Discovery – this access control functionality recognizes all devices on a business network, both wired and wireless – from laptops and mobile phones to tablets and printers – so companies can prevent illegal access and minimize threats.

– Threat Prevention Security – the Layer 7 IPS functionality gives control over application usage within the company’s network, in order to prevent hazardous activities internally.

– Non-Intrusive Device Detection – this approach ensures there is no network disruption while conducting device monitoring:

o Out of band technology does not reduce network performance

o Agentless technology means there is no software to install on devices and no software updates to manage on diverse devices

– Simple Deployment – deploy in both single-site and multi-site environments – the installation process typically takes less than 2 hours.

– Centralized Web-Based Policy Management – stay organized and coordinated with your device management:

o Authorization workflow and device registration process

o Device classification on the network

o Automated new device approval process

o Whitelist/blacklist security policy management

o Create network access policies by group segments

– Reporting, Analytics, and Alerts – use simple dashboard reporting tools to use your time effectively and efficiently.

– Affordable Pricing – starting at $6,995, Smart Finder enables companies to strengthen the security of their networks without breaking the bank.

– Scalability – support growing infrastructures and multi segment networks with 3,000 endpoints available per single appliance.

“In our environment, security is the utmost concern,” said Gabrial Singh, Vice President, Physical and Logical Security at Omnipro Technologies. “Smart Finder provides administrators with centralized control over all devices, applications, and activity across the company’s network. This is one of the most innovative products that we’ve seen on the market in the BYOD space.”

Pricing and Availability

iNetSec Smart Finder starts at $6,995 and is now available through authorized resellers. For more information about iNetSec Smart Finder, please visit http://www.inetsecsmartfinder.com.

About Fujitsu Computer Products of America, Inc.

Fujitsu Computer Products of America, Inc. is an established leader in the document imaging industry, delivering innovative scanning and internal network security solutions and services that enable our customers to solve critical business issues and streamline operations. With a technology portfolio that also includes best in class network security appliance solutions, Fujitsu looks to provide organizations with an easy way to monitor and prevent threats from the inside out. For more information about Fujitsu document imaging, visit http://us.fujitsu.com/fcpa, and for network security solutions and services, visit www.inetsecsmartfinder.com.

Article source: http://www.darkreading.com/management/fujitsu-computer-products-of-america-lau/240162402

GOTHENBURG, Sweden, October 8, 2013 /PRNewswire/ —

The biometric smart card launched by UINT Mereal Biometrics is a multi-application smart card using Fingerprint Cards’ (FPC) embedded fingerprint touch sensor and processor. It enables biometric fingerprint authentication in a top secure environment with local matching providing privacy of holders as biometric data never leave the card. First applications of the card are physical and logical access control for French Casino Operator Partouche. The smart card is now finalist in the award Discovery category at the upcoming show Cartes in Paris (19-21 Nov, 2013) and will be displayed by Mereal Biometrics in Booth 4N

087

[http://www.cartes.com/Catalogue/EXHIBITOR-LIST/Exhibitor-list/MEREAL-BIOMETRICS/

(search_field)/mereal+biometrics/(sort_by)/az/(limitation)/20 ] .

“A new generation of Smart Card is born; for the first time a smart card is having its own embedded biometric fingerprint reader, performs the verification on board and can be used in multiple applications. Introducing biometrics into the smart card market means meeting the toughest industry requirements available when it comes to low power consumption, optimized form factor and robust sensor design. FPC’s fingerprint sensors meet these requirements and we are really excited to now introduce this biometric smart card to the market,” says Philippe BLOT, Chief Executive Officer of UINT ( http://www.uint.fr ).

Johan Carlstrom, President and CEO of FPC, comments:

“This launch of a biometric smart card is a market break-through and marks a milestone for integrating biometrics into smart cards. Security and protection of privacy has always been top priority in smart cards and the use of biometrics makes this possible with high user convenience. FPC’s fingerprint sensor technology meets the smart card industry’s strong technical requirements and together with UINT’s vast expertise in innovative card technologies this new biometric smart card has now reached the market. This launch is a major breakthrough and something that UINT, Mereal Biometrics and FPC has effortlessly been striving towards for four years and a confirmation of FPC’s world-leading position as a supplier of capacitive fingerprint technology, with highest quality, compact size and lowest power consumption.”

About UINT MEREAL BIOMETRICS

UINT is a start-up specialized in research and development and commercialization of flexible electronic board solutions that fit in a credit card format card and are autonomous (carrying its own energy). For more than 14 years, UINT’s PhDs and engineers deploy their strong experience in research and development of electronics, security transactions and manufacturing of powered smart cards, mastering all the processes and life cycles of products from conception to manufacturing. Mereal Biometrics is a French private company dedicated to licensing of biometric solutions; his president Patrick Partouche invented the Multiple Application Chip Card having a biometric validation onboard in 2009; After 4 years of RD, the Mereal Biometrics cards are ready for commercialization and have received a first authorization of French CNIL commission for evaluation, the technology and patents are protected worldwide.

About Fingerprint Cards AB (publ)

Fingerprint Cards AB (FPC) markets, develops and produces biometric components and technologies that through the analysis and matching of an individual’s unique fingerprint verify the person’s identity. The technology consists of biometric sensors, processors, algorithms and modules that can be used separately or in combination with each other. The competitive advantages offered by the FPC’s technology include unique image quality, extreme robustness, low power consumption and complete biometric systems. With these advantages and the ability to achieve extremely low manufacturing costs, the technology can be implemented in volume products such as smart cards and mobile phones, where extremely rigorous demands are placed on such characteristics. The company’s technology can also be used in IT and Internet security, access control, etc.

Article source: http://www.darkreading.com/intrusion-prevention/uint-mereal-biometrics-launches-biometr/240162407

This month is National Cyber Security Awareness Month.

Each week within October will take on a different theme, with this week’s being ‘Mobile’.

So, with that in mind, we thought we’d prepare some tips to help keep your smartphone safe.

1. Always secure your smartphone with a password

One of the most basic security tips, but one which is sometimes completely overlooked! Having no access protection at all is just foolish. Swipe patterns are ok, but greasy finger-trails could reveal too much.

A four-digit PIN is an improvement but using a strong passcode is the ideal phone protection.

2. Ensure that your device locks itself automatically

If you set up password-protection on your phone but then leave it unlocked on your desk for 15 minutes, you won’t have achieved very much. Most smartphones allow you to set them up to automatically lock themselves after a period of inactivity.

Make sure you choose the shortest timeout you are comfortable with. Two to five minutes is better than ten to thirty, even if it does feel slightly inconvenient.

3. Install security software

Your smartphone is a computing device and should be protected accordingly. Look for an app like Sophos Mobile Security that includes malware prevention, remote data wipe, privacy review of apps and an automatic security advisor to alert you to potential risks when you change a device setting.

If you’re in charge of securing your organisation’s phones and tablets, then choose a mobile device management solution like Sophos Mobile Control.

4. Only download apps from approved sources

The Google Play Store and Apple’s App Store take security pretty seriously. They are very careful about what apps they make available and will withdraw apps that raise concerns after release.

Read user reviews of apps before installing them – if there are any security concerns then someone else may well have mentioned them.

5. Check your apps’ permissions

Many apps require more than the basic default permissions. For instance, you can reasonably expect an SMS app to send and receive text messages just as a mapping app will request your GPS location.

But something like a calculator that needs network access or an alarm clock that wants to read your contact database should be treated with extreme caution!

6. Don’t miss operating system updates

Updates to your OS often include system vulnerability patches, so it’s important to install them.

You might want to be advised of updates rather than having them automatically installed, as early adopters sometimes experience teething problems – but the forgetful among you may prefer that to missing updates altogether.

7. Be wary of any links you receive via email or text message

Now you can pick up email on your phone, exercise caution when clicking on links. And phishing scams are not limited to email – a text message can incite you to click on a dodgy link or ask for personal information.

Even simply replying to unknown SMS or email senders can raise the crooks’ interest in you, leading to more pressure to respond.

8. Encrypt your smartphone

Even if you’ve secured your smartphone with a password, a thief could still plug your device into a computer and gain access to all of your personal information. Using encryption on your smartphone can help to prevent such data theft.

9. Turn off automatic Wi-Fi connection

One of the great things about modern mobile phones is their ability to connect to the internet in many ways, but continually probing for wireless networks gives away information about your identity and location, and blindly connecting to unencrypted access points can let your phone leak all sorts of useful things for malicious actors to intercept and act upon.

So tell your phone to forget networks you no longer use, so as to minimise the amount of data leakage and configure your phone to automatically turn on/off wireless in certain places using a location-aware smartphone app.

10. Turn off Bluetooth and NFC when not in use

Bluetooth and NFC (near field communication) are great in terms of connectivity, allowing you to use accessories such as wireless keyboards and headsets or make payments with a wave of your smartphone.

But it does open a door for the bad guys to gain access to your device and access your data, so you should either switch these features off or put your device into “not discoverable” mode whenever possible. Also, be careful when pairing devices – never accept requests from unknown devices.

If you’re responsible for mobile security at work, you might like to read our practical advice for handling smartphones in the workplace.

And if you’re interested in reading other stories related to National Cyber Security Awareness Month, read the 3 essential security tasks you can do for your family today and our 10 topical security tales.

Follow @Security_FAQs
Follow @NakedSecurity

Images of smartphone, apps and Wi-Fi courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/NCLyEtM51Y0/

Early yesterday, a ‘breaking news’ tweet grabbed the attention of most security researchers involved with malware today.

BREAKING: Blackhole exploit kit author “Paunch” and his partners arrested in Russia

Within hours, corroborating support for the arrest was circulating to lend credence to the report.

Big news indeed!

The question on everyone’s lips, of course, was, “Will the arrest have any effect on the prevalence of the threat?“

This was an expected and fair question, which I shall try and address in this post.

To start with, for those not familiar with the Blackhole exploit kit, let me start with a 5-point “cheat sheet” to get you up to speed:

• Blackhole has become perhaps the most notorious of all exploit kits, thanks primarily to its dominance of the crimeware market throughout 2012 and early 2013.
• In late 2012, the second version of Blackhole was released, sporting an array of new features to increase infection rates while making the task of researchers harder.
• The author of Blackhole is known by the handle Paunch.
• The Cool exploit kit is believed to be come from the same group.
• We have explored the kit in great depth previously, for those that are interested in the technical details.

Before we start trying to look for a sudden drop in Blackhole or Cool volume, it is worth noting that the exploit kit landscape has changed since 2012.

Numerous other exploit kits are now available, and Blackhole has not dominated the threat statistics for several months.

Taking a look at the breakdown of the exploit kits that we have seen active over the past seven days we can see Blackhole and Cool (though the latter contributes just a very small fraction) are well down the charts, comprising just 2% of all reports.

Looking at this data, the Neutrino, Glazunov and Sibhost exploit kits are currently dominant.

Looking at similar data for August 2013, the picture is quite different, with Styx, SweetOrange and Neutrino dominant.

But although Blackhole and Cool contribute more than in the recent data, they still reach only 4%.

So what does this tell us?

Principally, it says that we need to take great care with statistics!

There are many factors that influence the data that we use to measure and compare different threats, so I think it is too soon to draw any conclusions.

Nevertheless, assuming that the players behind Blackhole have indeed been removed from the game, it is possible that the apparent decline we have seen in the past week will continue.

That would mean that the prevalence of Blackhole landing pages and exploit content would go down, and stay down.

But would that actually change the level of risk for the world at large?

With other exploit kits already dominant in the market, a decline in Blackhole activity would not necessarily mean a change in the overall threat landscape.

Criminals who used to use Blackhole services could simply migrate to other exploit kits.

That said, these arrests are definitely good news.

Today’s malware is largely dependant upon crimeware kits and their associated infrastructure, so any law enforcement activity against the perpetrators is very welcome.

Follow @SophosLabs

Follow @NakedSecurity

Image of black hole in ring o’ fire courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/fdvadiNuEpI/

Email delivery: Hate phishing emails? You’ll love DMARC

UK banks, the stock market and payment providers will undergo extensive stress tests in November that are designed to test their responses to cyber-attacks.

The exercise is designed to test the state of preparedness of the UK’s financial system in responding to cyber attacks, which are only growing more complex over time.

Operation Waking Shark 2 is due to take place in mid-November and will involve every high street bank taking part in a one-day “war game” featuring simulated cyber attacks designed to mimic the tactics of both state-sponsored hackers as well as cyber criminals, the Daily Telegraph reports.

The exercise comes two years after the Financial Services Authority ran the original Operation Waking Shark exercise.

Alex Mifsud, chief exec of payments firm Ixaris, said protection against cyber attacks needs to extend beyond simply making sure bank systems remain available in the face of a denial of service attack or similar high profile assault.

“Financial institutions now suffer cyber intrusions on a regular basis: we only have to remember the May arrests for the $45m that were stolen from ATMs around the world, or the £1.3m cyber theft against Barclays in April,” Mifsud said. “Organised and extensive stress tests on the cyber defences of the UK’s banks and payments service providers are therefore to be welcomed and will help ensure that successful attacks are minimised.”

“Besides the obvious physical and IT security, a sound cyber strategy should include training staff for ‘social engineering’ attacks (such as that perpetrated against Barclays in May), two-factor authentication to prevent password capture, maker-checker (whereby an individual employee / computer submits an action while another must approve it) for sensitive data entry such as changes in account ownership or large transactions, and external monitoring for unusual behaviour such as large transactions or high volumes of transactions in a given period that cannot be tampered with – even if the machine or process being monitored is compromised,” added Mifsud.

“While there is no silver bullet to protecting a financial institution from cyber attack, there are several best practice measures that can easily be applied to minimise risk.”

Ashley Stephenson, chief exec of Corero Network Security, referenced a series of DDoS attacks against US banks mounted by the Izz ad-Din al-Qassam Cyber Fighters as part of what it dubbed Operation Ababil and supposedly motivated by the presence of that video on YouTube.

“In the past year we have seen several publicly visible examples of ‘hacktivists’ bringing down banking websites, but these incidents are just the tip of the iceberg,” Stephenson said. “The new cyber stress test initiative will help to identify areas of weakness within the participating banks IT security infrastructure, allowing them to be better prepared for real attacks.”

“We highly commend the Bank of England’s Financial Policy Committee (FPC) for being proactive and ordering regulators to come up with “action plans” in the event of a cyber-attack by the first quarter of 2014,” he added.

Darren Anstee, a team manager at DDoS mitigation firm Arbor Networks, said that training exercise will help to identify security weaknesses.

“This initiative will help organisations to identify any weaknesses in their defences and operational procedures, and will help them to ensure that they are sufficiently prepared should a real attack arise,” Anstee commented. “Running regular exercises to evaluate incident response is hugely important. Any organisation can be a target for a cyber-attack, but banks are a particular target due to the very nature of their business and the key part they play in the economy.”

“Banks are targeted frequently, and with increasingly sophisticated multi-tool, multi-vector attacks; whether the attacks are motivated ideologically or for financial gain, the onus is on the financial industry to protect the availability and integrity of their systems – and they should be testing their processes frequently, on a per-organisation basis, to ensure this.

“One of the things which Operation Ababil has taught us, though, is that in some cases vulnerabilities are only uncovered when multiple organisations are targeted concurrently, and these larger exercises have a key part to play in identifying potential bottlenecks in networks and services,” he added. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/08/uk_banks_cyber_stress_test/