Showing posts sorted by relevance for query McAfee. Sort by date Show all posts
Showing posts sorted by relevance for query McAfee. Sort by date Show all posts

Key Role of McAfee In Largest IT Security System Deployment Extended By U.S. Department of Defense

Posted by Avik Sarkar On 3/10/2012 06:08:00 pm

The Key Role of McAfee In Largest IT Security System Deployment Extended By U.S. Department of Defense 

U.S. Department of Defense officially extends the key role of McAfee in largest IT security system deployment. McAfee announced that it will serve as the primary subcontractor to Northrop Grumman Information Systems (NGIS), the prime integration contractor, for the Host Based Security System (HBSS) program. The Defense Information Systems Agency (DISA) awarded Northrop Grumman a $189 million HBSS task order, which has a three-year base period with two one-year options.
HBSS is a flexible, commercial-off-the-shelf (COTS)-based program that monitors, detects, and counters against known cyber-threats to the DoD Enterprise in accordance with the Enterprise-wide Information Assurance and Computer Network Defense Solutions Steering Group. DISA serves as the lead organization providing program oversight for DoD for the HBSS solution. "DISA and McAfee have built a HBSS partnership that has resulted in vastly improved protection and situational awareness across the large and complex DoD global IT enterprise." said Ken Kartsen, vice president, Federal Sales, Public Sector, McAfee. "With the HBSS security framework, DoD can quickly deploy new protection capabilities for its host inventory of servers, desktops and notebooks. The highly scalable and open framework behind HBSS, McAfee ePolicy Orchestrator platform, is especially necessary in today's environment of rapidly escalating cyber threats and declining DoD budgets. We are honored and humbled by the continued trust that DISA has placed in us and will continue to innovate and drive the capabilities of this highly important system."
Under the terms of the agreement, the Northrop Grumman/McAfee team will continue to enhance the operational capability of the HBSS solution through McAfee advanced enterprise host technologies, solution training of DoD personnel, and McAfee Global Professional Services. HBSS is currently supported by the ePolicy Orchestrator(R) platform and by McAfee(R) Host Intrusion Prevention Systems (HIPS). Cyber training for HBSS will continue to be a key initiative under the new HBSS agreement with DISA. Continued Kartsen, "HBSS is the most extensive cybersecurity training program ever undertaken in the history of DoD."  For detailed information click here. 

-Source (McAfee)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

In a research security software company McAfee figure out Sunny Leone as the most dangerous celebrity in the Indian cyber space for this year, followed by Katrina Kaif and Kareena Kapoor. For the sixth year in a row, McAfee researched popular culture’s most famous people to reveal riskiest celebrity sportsmen, actors and politicians across the Web to reveal the 2012 rendition of ‘Most Dangerous Celebrity’ research. In the India ranking this year, Sunny Leone displaced Katrina Kaif, who owned this title in the 2011 edition of this annual research. Lubna Markar, Sr. Marketing Manager India and South Asia, McAfee, said, “Cyber criminals continue to leverage top celebrities to lure people to websites with malicious software. This year too, we saw cyber crooks leveraging Bollywood stars whereby the maximum number of malicious software laden sites pertained to Sunny Leone. This testifies her top position as the most dangerous celebrity in Indian cyberspace in 2012.” 
The study for ‘Most Dangerous Celebrity’ used the McAfee SiteAdvisor site rating which indicates the sites that are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top 10 celebrities in India from this year’s study with the highest risk percentages are: 

  1. Sunny Leone: This sexy Canadian model/actress who made headlines with her presence in the celebrity reality show BigBoss, ranks first with 9.95% chances of luring people into clicking on malicious links.
  2. Katrina Kaif: India’s ‘chikni chameli’ was the most dangerous Indian celebrity of 2011, but has slipped down to the 2nd position this year with a risk percentile of 8.25%.
  3. Kareena Kapoor: The 3rd Most Dangerous Celebrity and winner of six film fare awards has a 6.67% possibility of making users fall into a trap of malware laden Web sites.
  4. Priyanka Chopra: This former Miss World who has been the reigning queen of Bollywood occupies the 4th position on the Most Dangerous Celebrities list with a risk percentile of 6.5%.
  5. Bipasha Basu: With Raaz 3, this Bengali bombshell has moved up the ranking from 8th in 2011 to the 5th position in 2012. She has a 5.58% percentile of leading users to a malicious site.
  6. Vidya Balan: After her ‘Dirty Picture’, Vidya Balan has a 5.33 % chance of leading users to malicious sites. The versatile Indian actress has marked her presence even in the cyber space.
  7. Deepika Padukone: This sultry actress of ‘Cocktail’ fame, was the 2nd most dangerous celebrity in the year 2011, but has plummeted to 7th position this year, with a 4.92% chance of being led to a malicious Web site.
  8. Salman Khan: One of the most sought after stars in Bollywood, Salman Khan has redefined the trends of the Hindi film industry with his roles in movies such as Dabangg and Ek Tha Tiger. With a risk percentile of 4.83%, he is on the eighth position in our Most Dangerous Celebrities ranking.
  9. Aishwarya Rai Bachchan: Touted as ‘the most beautiful woman in the world’, Aishwarya Rai Bachchan, is the ninth most dangerous celebrity in India with a risk percentile of 4.58%.
  10. Poonam Pandey: The Kingfisher calendar girl who was also amongst the top 8 contestants in ‘Gladrags 2010′, has a risk percentile of 4.25% and is the tenth most dangerous celebrity.


If you go thorugh the report of McAfee's 2012’s Most Dangerous Cyber Celebrity then you will come to know that Emma Watson has replaced Heidi Klum as McAfee's 2012 most dangerous celebrity to search for online. For the sixth times in a row, McAfee researched popular culture’s most famous people to reveal the riskiest Hollywood actors, athletes, musicians, politicians, designers, and comedians on the Web.  The McAfee Most Dangerous Celebrities™ study found that women are more dangerous than men with Jessica Biel taking the number two spot and Eva Mendes coming in third. Latina women have proven that they are on fire and make up five of the top ten spots. After Mendes, Selena Gomez, Shakira and Salma Hayek take the fourth, seventh and ninth spot and Sofia Vergara rounds out the top 10 list. Funnyman Jimmy Kimmel is the only male to make the top 20 list this year. 

The top 10 celebrities from this year’s study with the highest percentages of risk are:-

  1. Emma Watson – Best known for her role as Hermione Granger in the “Harry Potter” franchise, the British actress tops the list as the 2012 Most Dangerous Celebrity. Watson continues to star in feature films including “My Week with Marilyn” and “The Perks of Being a Wallflower” and is an ambassador for Lancôme.
  2. Jessica Biel – The 2009 Most Dangerous Celebrity rose two spots this year from coming in at number 4 in 2011. Biel continues to be in the spotlight with fiancée Justin Timberlake and her role in 2012’s “Total Recall.”
  3. Eva Mendes – A new addition to the list,Mendes has starred in films including “2 Fast 2 Furious” and “Hitch.” She is currently in the news for her fling with Ryan Gosling.
  4. Selena Gomez – The tween musician and actress is best known for her role as Alex Russo on Disney’s “Wizards of Waverly Place” and for dating teen heartthrob Justin Bieber. She has been cast in the upcoming film “Parental Guidance Suggested” and was recently named one of Forbes’ Top 10 Best Social Media Superstars.
  5. Halle Berry – The Academy Award winning actress is famous for her stand out roles in action and horror films including “Catwoman” and “Gothika”. Berry is in the spotlight for her custody battle with baby daddy Gabriel Aubry.
  6. Megan Fox – The sexy actress rose 9 spots compared to her number 15 spot last year. She is currently in the news for her pregnancy with husband Brian Austin Green and will be seen in the upcoming film “This is 40”.
  7. Shakira – The belly-dancing singer/songwriter best known for her songs “Hips Don’t Lie” and “Whenever, Wherever” comes in at number 7. She was recently named one of Forbes’ World’s Most Powerful Women and was ranked number 6 on Forbes’ Top 10 Best Social Media Superstars.
  8. Cameron Diaz – 2010’s Most Dangerous Celebrity fell to eighth place, with searches resulting in slightly fewer risky sites this year. She was most recently in the spotlight for allegedly dating Alex Rodriguez. She is rumored to star in “Expendables 3.”
  9. Salma Hayek – The actress, producer and director received an Academy Award for her role as Frida Kahlo in “Frida” and recently starred in “Savages.” She is currently in the news for her controversial remarks about her Mexican heritage in a Vogue interview. She is married to billionaire François-Henri Pinault.
  10. Sofia Vergara – The Columbian actress and model best known for her comedic role as Gloria Delgado-Pritchett on ABC’s Emmy Award winning “Modern Family” rounds out the top 10 list. She also starred in the “The Three Stooges” film this year and was recently named one of Forbes’ World’s Most Powerful Women and highest paid TV actress. She recently announced her engagement to businessman Nick Loeb.



For more information about this topic click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Free Database Activity Monitoring Tool By McAfee

Posted by Avik Sarkar On 3/30/2012 08:39:00 pm

Free Database Activity Monitoring Tool By McAfee
McAfee - one of the world's leading security company & Antivirus developer has launched a free security tool designed to help businesses monitor and manage MySQL database deployments. According to McAfee-
McAfee Database Activity Monitoring automatically finds databases on your network, protects them with a set of preconfigured defenses, and helps you build a custom security policy for your environment — making it easier to demonstrate compliance to auditors and improve critical asset data protection. Database Activity Monitoring cost-effectively protects your data from all threats by monitoring activity locally on each database server and by alerting or terminating malicious behavior in real time, even when running in virtualized or cloud computing environments.
Comprehensive threat protection — Protect even your unpatched databases against zero-day attacks by blocking attacks that exploit known vulnerabilities and terminating sessions that violate your security policies.
Detailed audit trail reports — Audit trail reports are available to meet SOX, PCI, and other compliance audit requirements. During post-incident forensic analysis, this audit trail can help you understand the amount of lost data and gain greater insight into malicious activity.
Streamlined patching with no required downtime — Applying missing patches and fixing misconfigurations found by the Database Activity Monitoring vulnerability scan will improve the security posture of your databases immediately without requiring any downtime via McAfee’s virtual patching technology.

For more information & to download McAfee Database Activity Monitoring Tool click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Operation Shady RAT (The Biggest Cyber-Attack Ever)

Posted by Avik Sarkar On 8/04/2011 01:50:00 am



Researchers from security software concern McAfee say they have discovered the biggest series of computer intrusions ever, covering some 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. (See the map of targets, courtesy of McAfee, below.)
And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.
McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.
Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.
This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.
The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.
How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.
Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.
Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee and CSIS report reveals the vulnerability of cyber attacks

Posted by Avik Sarkar On 4/24/2011 01:57:00 pm

A report prepared by antivirus company McAfee and the Center for Strategic and International Studies(CSIS), has brought to light the vulnerability of cyberattacks on power grids, oil, gas and water.
The report, called In the Dark: Crucial Industries Confront Cyberattacks, is a follow up to 2010’sreport, In the Crossfire: Critical Infrastructure in the Age of Cyberwar. Commissioned by McAfee and produced by CSIS, the report reveals the survey results which were undertaken in 14 countries. It found out that of the 200 IT security executives of critical electricity infrastructure enterprises, 40 per cent believed that their industry is vulnerable, while 30 per cent believed their companies are not well protected from cyberattacks. More than 40 per cent fear a major cyber attack by 2011.
“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS. In addition to that, the press release byMcAfee quotes Jim Woolsey, former United States Director of Central Intelligence, “Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check.” It also adds that “as the energy sector increased its adoption of securitytechnologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).”
Other findings of the report include the fact that a few countries like Brazil, France and Mexico have lesser security measures than their counterparts China, Italy and Japan. McAfee’s press release reveals, that “India and Mexico have a high rate of extortion attempts; 60 to 80 percent of executives surveyed in these countries reported extortion attempts.” According to the report, while 81 per cent of respondents faced DDoS service attacks, more than 50 per cent of them had already faced government attacks.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android becomes second most popular malware

Posted by Avik Sarkar On 6/02/2011 03:51:00 pm



The first quarter was the most active in malware history and mobile attacks are moving to the forefront, according to McAfee data. Android attacks are also picking up. McAfee’s first quarter threat report noted that attacks surged in the first quarter, but spam has fallen. In fact, there were 6 million unique malware samples in the first quarter, the highest ever for the first three months of the year. February had the most new malware samples—2.75 million. Fake anti-virus software—think Mac Defender—reached its highest levels in march with 350,000 unique samples. As for emerging threats, McAfee noted that Android devices are becoming malware havens. Android was the second most popular environment for mobile malware behind Symbian in the first quarter. Historically, Android remains No. 3.

McAfee Labs combats several developing families of malware that attack Android phones. One of the families, Android/DrdDream, comprises a variety of legitimate games and apps that have been injected with malicious code. These threats are unique and quite dangerous due to the use of two root exploits to gain greater control of those phones. The two exploits—Exploit/LVedu and Exploit/DiutesEx—were initially used by users trying to gain legitimate root access to their own devices, a process commonly referred to as rooting.1 In the PC world, malware often uses exploits to enable drive-by downloads that infect machines visiting specially designed or compromised websites. For mobile devices, much of the malware has required user interaction, but in the near future mobile exploits will certainly allow automatic malware installation. Like Android/DrdDream, the Android/Drad family is made up of maliciously modified applications.
This family sends device information to an attacker-controlled site. Just like in the PC malware world, Android/Drad listens for commands from the attacker. The malware can also download additional software, though it stops short of being a full-fledged mobile botnet. It appears that the malware uses blackhat search-engine optimization techniques, a process of manipulating search engine results to place dangerous sites higher than they should appear in lists of hits.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Your Car At Risk, Hackers Can Attack Modern Cars Remotely

Posted by Avik Sarkar On 12/16/2011 01:33:00 pm


Hackers could attack modern cars without even touching them, as new car models roll off the line loaded with complex IT systems running millions of lines of software code, it's become evident that hacking a car to gain external control of it is possible. While actual cases in the field are rare, the industry is moving to secure its systems and prevent cars from becoming a major target said by Brian Jackson a security researcher. In the exclusive report he said: An unsuspecting driver opens her door and steps into her new car, placing her smartphone on the dash as it connects with the in-car infotainment system for hands-free features. Little does she know there's a Trojan virus on her phone just waiting to be connected to a car – and it executes malicious code on the vehicle's embedded software. Suddenly a hacker has the ability to track her car, unlock the doors, or even control the climate controls and speaker volume.
It sounds like a scene out of the next James Bond film, but the above scenario could be a reality today. As auto makers look to woo consumers with snazzy in-car technology features, they are also opening up personal vehicles to the underground community of hackers that have long targeted computer users. In-car IT systems such as Ford's Sync or General Motor's OnStar could be opening up exploits that allow hackers to take control of your car without even laying hands on it.
While complex in-car IT systems are so new that actual car hacking cases in the field are virtually non-existent, researchers have demonstrated it's possible. But investigations into car hacking by police may be impossible at this point because of a lack of forensics capability to detect malware. All the more reason for security vendors like McAfee, now a division of Intel Corp., to push car manufacturers to pay serious attention to security.
“It shouldn't be the responsibility of the consumers to have to secure these systems,” says Tim Fulkerson, senior director of marketing at McAfee embedded security group. “Just as manufacturers have built in seat belts and air bags, now that they're moving to software innovation, they need to bring software security into these vehicles.”
Best known for its PC antivirus software, McAfee is now working with car makers to build secure enough systems that consumers won't end up buying virus scan software for their ride. When it comes to car makers and securing IT system, Fulkerson says it “is certainly not their area of expertise.”
Perhaps that's why a team of car-hacking researchers from the University of Washington and the University of California at San Diego have had so much success. Dubbed the Center for Automotive Embedded Systems Security (CAESS), the team demonstrated in May 2010 how a criminal with physical access to a car could implant malware. Then in August 2011, the team showed an external car hacking attack could be mounted through various paths including Bluetooth and cellular radio.
One such attack was executed after the researchers reverse-engineered a car's telematics operating system and found the program responsible for handling Bluetooth functions. From there, they planted a Trojan horse (a piece of malicious software) on an HTC Dream smartphone that monitors for new Bluetooth connections and if it finds a telematics unit, sends the payload.
Researchers were also able to use special hardware to “sniff” the MAC address of the Bluetooth connection needed for pairing new devices with the telematics unit. After cracking the password through brute force, or machine-assisted repeat attempts, the Trojan could be uploaded from a device in the attacker's hands.
But seeing such an attack executed in the wild today is unlikely, according to Patrick Neal, a program coordinator for crime and intelligence analysis at the B.C. Institute of Technology (BCIT). He had his students explore car hacking methods identified by the CAESS group and others. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple's Developer Site is Under Phishing Attacks

Posted by Avik Sarkar On 6/30/2011 04:54:00 pm



With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
The hacker group claims to have found three separate security flaws in Apple's developer website - arbitrary URL redirects, cross-site scripting, and HTTP response splitting. Especially the arbritry URL redirects are problematic, since it would make it quite easy to lead a phishing attack to obtain login credentials from Apple's third party developers. Developers use Apple IDs to login, so this would give malicious folk access to developers' iTunes accounts.
YGN Ethical Hacker Group isn't a new group - they've already identified similar security issues at other websites. Java.com, for instance, suffered from similar URL redirect issues, but Oracle fixed it within a week, and thanked the hacker group. They also found issues with McAfee's website, but McAfee refused to fix anything until the hacker group went for full disclosure.
Apple has been given the same two months to fix their issues, but Apple has so far refused to do so. The issues were reported to Cupertino April 25, and Apple confirmed they had received the information two days later. We're two months down the line now, and nothing has been fixed, according to the hacker group. As such, they will now take the same steps they took with McAfee

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

As per the Statistic of 2010 China Was The Vitim of 500,000 of Cyber-Attacks

Posted by Avik Sarkar On 8/10/2011 04:34:00 pm

China said Tuesday it was hit by nearly 500,000 cyberattacks last year, about half of which originated from foreign countries including the United States and India.
The news comes just days after US firm McAfee said it had uncovered a massive global cyber spying campaign it described as a "five-year targeted operation" by one unnamed actor -- which many analysts said was China.
According to a government report, most of the attacks on China came in the form of Trojan software -- a malicious programme that masquerades as an application -- the official Xinhua news agency said. Nearly 15 percent of the destructive programmes came from IP addresses in the United States, while another eight percent originated in India, said the report by the National Computer Network Emergency Response Coordination Centre.

China, which has the world's largest online population with 485 million users, has itself been accused of spearheading online attacks on government agencies and companies, although Beijing has always denied this.
Chinese state media lambasted claims that China was behind the sophisticated hacking effort uncovered by McAfee, calling them "irresponsible".
According to the US computer security firm, victims of the attack included the governments of Canada, India, South Korea, Taiwan, the United States and Vietnam. In June, Internet giant Google said a cyber-spying campaign originating in China had targeted Gmail accounts of senior US officials, military personnel, journalists and Chinese political activists. The computers of Australia's prime minister, foreign and defence ministers were also suspected of being hacked in March, with China under suspicion.

-News Source (AEP)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee Threats Report: Second Quarter 2011

Posted by Avik Sarkar On 8/25/2011 01:11:00 pm


McAffee released its security threat report  today, announcing that 2011 has seen spikes in several different types of online security threats. “The second quarter of the year was clearly a period of chaos, changes, and new challenges,” according to the report.

The Report Contents:-

  • Hacktivism
  • Mobile Threats
  • Cybercrime
  • Malware Threats
  • Adobe outpaces Microsoft in Attracting Exploits
  • Messaging Threats
  • Web Threats

According to McAffee:-

"The threat landscape of 2011 is undergoing a year of chaos and change. We see chaos in the major challenges that hacktivist groups such as LulzSec and Anonymous pose, and change in the shifts in new malware classes and targeted devices. This quarter McAfee Labs saw major hacktivist activity—but in a very different way. The group Lulz Security, LulzSec for short, differs from other hacktivist groups in that they had no specific goals. They were in it, as they claimed, for the “lulz” (LOLs in text messagespeak, or “laugh out loud’s” ) but
showed an agility at compromising networks and servers, and stealing usernames, passwords, and other data. LulzSec committed multiple intrusions against a wide variety of companies, as well as attacks against police departments and intelligence agencies, and many other compromises. Although many of the outcomes and uses of these compromises are still in play (and we provide a helpful overview of the quarter’s activity) one thing has become clear: Many companies, both large and small, are more vulnerable than they may have suspected. Further, the security industry may need to reconsider some
of its fundamental assumptions, including “Are we really protecting users and companies?” Although LulzSec may have ceased its operations during this quarter, the questions they and other hacktivist groups have raised will be debated for a long time.
One significant change in the first quarter of 2011 was Android’s becoming the third-most targeted platform for mobile malware. This quarter the count of new Android-specific malware moved to number one, with J2ME (Java Micro Edition), coming in second while suffering only a third as many malware. This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth.
We also saw an increase in for-profit mobile malware, including simple SMS-sending Trojans and complex Trojans that use exploits to compromise smartphones. We offer an update of cybercrime “pricebooks” as well as some changes to toolkit and service prices. “Crimeware as a service” and the burgeoning “hacktivism as a service” continue to evolve as interests and targets change. On the positive side, there were some significant victories against cybercriminals this quarter.
Continuing the change theme, we observed a considerable decrease in both AutoRun and Koobface malware, offset by a strong rise in fake-anti-virus software that targets the Mac. Apple’s OS X has been mostly ignored by malware writers for years, so this represents a significant change of target
for cybercriminals. Malware continued its overall growth during the quarter as did rootkit malware. Rootkits, used primarily for stealth and resilience, makes malware more effective and persistent; its popularity is rising. Rootkits
such as Koutodoor and TDSS appear with increasing frequency. The amount of malware that attacks vulnerabilities in Adobe products continues to overwhelm those in Microsoft products.
Botnets and messaging threats, although still at historic lows, have begun to rise again. We expected this recovery after some recent botnet takedowns. Users and enterprises must plan for this growth and prepare their defenses and responses accordingly. We again examine social engineering subjects by both
geography and subject and botnets by geography and type.
We saw several spikes in malicious web activity this quarter as well as some serious growth in blogs and wikis with malicious reputations. Sites that deliver malware, potentially unwanted programs, and phishing sites also increased.
The second quarter of the year was clearly a period of chaos, changes, and new challenges."

To Download The Full report Click Here

-News Source (McAffee)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle fixes Java.com website hole after heads-up from hacker group

Posted by Avik Sarkar On 4/26/2011 04:27:00 pm

The secretive hacker group known as YGN Ethical Hacker Group has done it again, exposing a vulnerability in a vendor website -- this time one owned by Oracle -- through assessment scanning. YGN says Oracle responded promptly to its notification about the vulnerability it found in www.java.com and fixed the hole.
YGN told Network World by email that the Oracle Security Alerts team has thanked it for the information provided about an "arbitrary URL redirect vulnerability" in www.java.com. YGN published advisory information about this vulnerability both on the public SecLists online and the hacker group's own website on Sunday.
Oracle had no immediate comment.
This interaction between YGN and Oracle, which took place over the last week, seems to have followed a far different course than the hacker group's recent interaction with McAfee, which ended last month with YGN disclosing it had found a vulnerability in the McAfee website before the security vendor had fixed it.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone

Posted by Avik Sarkar On 2/27/2012 07:40:00 pm

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone  
 
Security experts have discovered a serious flaw in a component of the operating system of Google Inc’s widely used Android smartphone that they say hackers can exploit to gain control of the devices. Researchers at startup cyber security firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user’s phone carrier. The message urges the recipient to click on a link, which if done infects the device. At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike’s claim. Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents. He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
“With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices,” said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike.
Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple’s App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple’s iPhone by sending malicious code embedded in text messages that was invisible to the phone’s user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1. Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google. CrowdStrike’s method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system’s Web browser.


-Source (MyBoradband, Google, CrowdStrike)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Patches Java.com Flaw

Posted by Avik Sarkar On 4/29/2011 02:41:00 am




The discovery of security issues in Java is something that Oracle deals with on a routine basis by way of regular security updates. Security issues with Java.com, however, is another issue.
Security researchers with the YGN Ethical Hacker Group publicly reported this week that Java.com was at risk from an arbitrary URL redirection vulnerability. YGN made the report on the public Full-Disclosure security mailing list.
The group also provided a link to a proof-of-concept demo to validate their claim.
According to YGN, it informed Oracle of the vulnerability on April 19th. On April 23rd, Oracle replied, "Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it.
Oracle did not respond by press time to a request for comment from InternetNews.com on the YGN disclosure.
A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).
"An http parameter may contain a URL value and could cause the Web application to redirect the request to the specified URL," the CWE-601 definition states. "By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
The Java.com disclosure is not the first time that YGN has exposed security flaws in a major public facing website. At the end of March, YGN reported that McAfee.com was at risk from multiple security vulnerabilities.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Releases Patch Fixes for Windows Server and PowerPoint

Posted by Avik Sarkar On 5/14/2011 09:44:00 pm


Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

 Microsoft addressed two security bulletins in May’s Patch Tuesday release. Security experts said administrators should apply the fixes immediately—because, despite their small size, they address significant threats.

Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings.
The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name-resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WINS in Windows Server should apply the patch immediately as attackers could remotely cause a denial of service, according to Wolfgang Kandek, the CTO of Qualys.
“What might make the WINS vulnerability appealing to attackers is that it is a server-side issue,” Joshua Talbot, security intelligence manager, Symantec Security Response, told eWEEK.
Unlike other threats, attackers don’t have to trick a user into doing anything since it’s just a matter of finding a vulnerable server and feeding the machine “a malicious string of data,” according to Talbot. It is also a more serious issue on Windows Server 2003 than on 2008 because Windows Server 2008 has built-in protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). However, attackers can still create exploit code to get past those security features, Talbot said.
The other “important” bulletin (MS11-036) addressed a security flaw in all versions of Microsoft Office Power Point except Office 2010. The bug would allow attackers to take full control of the target machine as soon as the user opens a malicious PPT file.
Both WINS and PowerPoint vulnerabilities are fairly significant, according to Tyler Reguly, technical manager of security research and development at nCircle. File-format vulnerabilities are “popular exploits” but WINS is remote code execution, so it was “difficult” to decide which was the “biggest risk today.”
Microsoft listed both vulnerabilities using the new exploitability ratings. The PowerPoint bulletin was rated a “1” for a consistent exploit code likely for older software releases, but 0 for latest software because Office 2010 is not affected. The WINS patch was rated a “2” on both the latest and older versions because it affected all versions.
The updated rating system is intended to make it easier for IT administrators to determine their risk level, according to Microsoft.
“With massive updates such as we had in April, it’s easy to get overwhelmed. Microsoft’s new index simplifies the process, which will help IT administrators to prioritize which patches they tackle first,” said Dave Marcus, director of security research and communications at McAfee Labs.
The small release means administrators should “brace themselves for a larger update” in June, according to Kandek.
To complicate things for IT administrators, a fake Patch Tuesday update is making the rounds, according to security researchers at Websense Security Labs ThreatSeeker network. The malware is spread via a link inside an email message supposedly from “Microsoft Canada Co.” which informs users that Microsoft has issued a “Security Update for Microsoft Windows OS,” wrote Amon Sanniez, associate security researcher at Websense. Clicking on the link downloads the fake patch to the computer and infects the system with a Zeus Trojan variant, according to Sanniez.
It “ties in almost perfectly” with the real Patch Tuesday updates from Microsoft, Sanniez said.
The email looks quite legitimate and shows “some effort” went into the creation, as the message is presented in both English and French, and the display names within the headers actually say the mail originated from Microsoft Canada.
The malicious executable is currently not being detected by most major antivirus products tracked on VirusTotal, so IT managers should be careful that none of their staff members or users click on the link to get the security update. Websense said it is a low-volume threat, possibly aimed at a handful of companies. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Critical Security Holes In Oracle Database

Posted by Avik Sarkar On 12/03/2011 04:06:00 pm


A serious vulnerability found by security researchers on oracle databases. An attacker can perform SQL injection attacks and other advanced attacks, thus they can gain full privilege & traction said security researchers. Is Oracle just paying lip service to database security? Some researchers within the database community think so, complaining that as the software juggernaut has grown with acquisitions, such as the blockbuster Sun deal, it hasn't maintained enough resources to securely develop database products and resolve vulnerabilities disclosed by researchers in a timely fashion.
"I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don't get done in the CPU," said Alex Rothacker, manager of Application Security's research arm, TeamSHATTER. "We have a vulnerability disclosed where basically we can brute force any user's password ... we reported this two years ago and they haven't fixed it yet." 

 It's a complaint lodged by many researchers, who say that even as Oracle publicly states it wants to work with the research community to fix database issues, it isn't putting its shoulder into the effort. The numbers show that the proportion of quarterly critical patch updates for Oracle database products has diminished considerably over the last two years.
While some might come to the conclusion that there are fewer updates because Oracle's products are getting more secure, researchers say this trend has occurred simultaneously as the window between disclosure of vulnerabilities and patch releases for them has grown wider.

"They respond immediately and say 'Thank you very much for the information' and so on, but it sometimes takes more than a year to actually release a patch," said Slavik Markovich, VP and CTO of database security for McAfee. "I get the feeling that they don't invest enough or have enough people working on this so it takes a long time to patch." In the meantime, too, new database products--some of them security related, even--are released with the same type of vulnerabilities that researchers have been alerting Oracle to for years.   



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple’s Based Networks are More Vulnerable to Attack than Windows (BH 2011)

Posted by Avik Sarkar On 8/05/2011 10:01:00 pm


For many years, Apple enjoyed security through obscurity. The market share for Mac computers was so small that malware creators bypassed it to go after the much bigger target, Microsoft Windows. Not anymore.
Apple’s market share has been slowly rising and the popularity of the iPhone has put Apple’s products into the spotlight. Hackers are taking notice and they’re figuring out that Apple’s computers have security vulnerabilities, some of them more severe than Windows machines, according to a talk by the iSEC Partners security consulting team at the Black Hat security conference today.
Alex Stamos (pictured), Paul Youn, and B.J. Orvis of iSEC Partners said in their talk that it is possible for hackers to penetrate a network of Apple Mac computers and lurk undetected while gathering data. They concluded that there were so many vulnerabilities on the networking level that Mac machines could be considered more vulnerable than Windows machines.
Apple has not yet responded to a request for comment. At Black Hat, there will also be talks about the vulnerabilities of other operating systems, including Windows. In years past, security researchers have blamed Microsoft for producing vulnerable Windows code. And immediately following the Apple talk, security researchers had another talk about hacking Google’s Chrome operating system.
“This is all changing,” Stamos said. “If [recent hacking events] tell us anything, it’s that any computer is vulnerable to attack.”
The iSEC team said they looked at attacks on the Mac and its latest operating system, code-named Lion, or OS X version 10.7, from the perspective of Advanced Persistent Threats, or long-term security break-ins on networks of computers. They showed examples of the vulnerabilities and detailed proof that they had hacked into the operating system.
The category of Advanced Persistent Threats is a hot one because Google discovered that, under Operation Aurora, dozens of companies were compromised over a long period of time. And McAfee reported today that a similar attacked, dubbed Operation Shady RAT, compromised a total of 72 governments and corporations over a five-year period.
A network of Mac computers can be compromised in the usual way, iSEC’s Stamos said. A single user can be tricked out of giving up a username and password through social engineering or targeted “phishing attacks,” or attacks that use a believable ruse to get you to enter your username and password, which is then captured and compromised by the hackers.
Once inside the network, Stamos said that it is easy for the attacker to escalate the privileges he or she has on the network. That is where Apple’s operating system falls down in comparison to Windows. ”Once you have access, you can compromise the networking,” Orvis said. “Network privilege escalation is where it really gets bad on the Mac.”
The security researchers said that Apple has made improvements to security in version 10.7 of OS X, such as putting applications in a “sandbox,” or isolating them so that they can run (or crash) without taking down the rest of the operating system. Still, the researchers said they had figured out a couple of different ways to compromise the security of Macs through a test program dubbed Bonjoof. They said that it’s possible to lurk on a network and cover your tracks so that intelligence can be gathered on a network over time.
“All of Apple’s major authentication protocols suffer” from some kind of weakness, Orvis said.
There are ways to deal with the vulnerabilities, but company security professionals have to know how to use security forensics technology, which can take a long time. In the meantime, attackers can detect the forensics tools and react to their usage in an attempt to hide. The security researchers said they did talk with Apple about the vulnerabilities they found and communicated a number of ideas about how to improve the security of Apple’s computers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search