What's New Cybercriminals are increasingly employing compromised digital certificates to camouflage malware, warns McAfee Labs' third quarter security report. "Security industry leaders have long predicted that it would only be a matter of time before cybercriminals would use compromised certificates at scale to camouflage large numbers of malware. McAfee Labs' third quarter report suggests that we could, in fact, be approaching that state of 'at scale' signed malware," warns Mike Fey, McAfee's worldwide chief technology officer, in a blog. The commoditization of the certificate authority market has provided the environment for CAs that are not as concerned about the legitimacy of their customers and have not taken adequate steps to safeguard the reputation of their certificates. In addition, retailer relationships make verification and validation of top root CAs difficult, explains Fey. "If we cannot rely on digital signatures, IT executives need to become more reliant on an ability to detect known malware and evaluate what unknown code is capable of accomplishing if it executes," says Fey. "If we cannot rely upon digital signatures, security-responsible business executives will need to become even more savvy about what their organizations need to protect," he adds. In a move to combat compromised certificates, Google announced that it would limit the term of digital certificates to five years beginning in the first quarter of 2014. A survey earlier this year of 2,300 enterprises found that more than half of them did not know how many encryption keys and digital certificates they had in use in their organization. Large enterprises are projected to lose $35 million over the next 24 months due to compromised keys and certificates, based on a total possible cost exposure of $398 million per enterprise, according to the survey conducted by the Ponemon Institute on behalf of security firm Venafi. For more: - read Fey's blog - check out the Ponemon-Venafi survey Related Articles: Google to limit digital certificates to 5 years Emergency Alert System vulnerable to hijacking, warns IOActive Read more about: malware back to top D-Link has released updates to plug backdoor holes in older versions of its router, security researcher Brian Krebs is reporting. As reported by FierceITSecurity in October, security researcher Craig Heffner identified the security hole in firmware used by D-Link's routers. The vulnerability could enable an attacker to alter device settings and gain control of the router remotely. Heffner worked with D-Link to come up with a fix for the problem. Some security updates were released in October, while others were released at the end of last month. According to Krebs, security updates were issued on Nov. 28 for the following routers: DI-524, DI-524UP, DIR-100, DIR-120, DI-604UP, DI-604+, DI-624S and TM-G5240. "Updating an Internet router can be tricky, and doing so demands careful attention; an errant click or failure to follow closely the installation/updating instructions can turn a router into an oversized paperweight in no time. Normally when it comes to upgrading router firmware, I tend to steer people away from the manufacturer's firmware toward alternative, open source alternatives, such as DD-WRT or Tomato," cautions Krebs. Unfortunately, the D-Link routers listed are not compatible with DD-WRT or Tomato, and do not support more secure wireless encryption protocols. Krebs recommends owners of the affected D-Link routers update to a new device. For more: - read Krebs' blog - check out the D-Link security advisory Related Articles: D-Link routers have backdoor Multiple security holes found in yet another D-Link router Read more about: Brian Krebs back to top Despite being much maligned, passwords can be a useful security tool if bolstered by two-factor authentication, according to a survey of 428 security practitioners conducted by security firm Authentify. Close to three-fourths of respondents said they thought passwords would continue to be used for security, while only 2 percent said they favored doing away with passwords. Around 41 percent said they favored implementing two-factor authentication to strengthen the security of passwords. Close to two-thirds favored a voice call or secure message to the user's mobile device instead of challenge questions as the second authentication factor. Authentify surveyed security professionals in the financial services, corporate information security and health insurance industries. "I was surprised that there was very little difference between the security professionals in financial services and those in corporate information security. I expected more of an anticipated shift away from passwords in financial services," says John Zurawski, vice president of marketing for Authentify. The survey found that security professionals from smaller financial firms were more likely to favor continued use of passwords than those from larger financial institutions. "I suspect that the tendency to continue to rely on passwords as a primary authentication technique is driven by the user community. At smaller, less urban institutions, the customers may be less technically savvy, and the banking staff may know the customers and their habits much better than at a larger multi-national," adds Zurawski. For more: - see Authentify's release Related Articles: Computer geeks are better at passwords than business types Smartphone security concerns prompt makers to turn to biometrics Read more about: password back to top The top six information security threats in 2014 are BYOD, data privacy in the cloud, brand reputational damage, privacy and regulation, cybercrime and the Internet of Things, according to the non-profit Information Security Forum. The forum warned that the individual threats are not "mutually exclusive" and could combine to create greater threat profiles. "As we move into 2014, attacks will continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to circumvent them. Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high impact security events," says Steve Durbin, global vice president of the ISF. Two threats in particular should be of concern to enterprises: BYOD and the Internet of Things. BYOD risks come from both internal and external sources, such as device mismanagement, external attacks on software holes and use of insecure business apps. "Keep in mind that if implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in unprotected manner on consumer devices," ISF observes. In addition, the explosion in the number of connected machines--the Internet of Things--is opening up enterprises to security risks. "The security threats of the IoT are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adhere to high standards of safety and security," ISF notes. Durbin concludes: "By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly, and appropriately." For more: - read the ISF release Related Articles: Proactive security will be watchword for enterprises next year A majority of IT pros are frustrated with their current BYOD security product, survey says Read more about: cybercrime back to top Malicious proxy automatic configuration files are being used by cybercriminals to redirect web traffic destined for financial firms to malicious proxy servers, warns Martin Lee, technical lead for threat intelligence at Cisco's Security Intelligence Operations, in a blog. IT departments use PAC files to update browser settings to enable web traffic to pass thorough corporate gateways. But cybercriminals are exploiting PAC files "to intercept and modify traffic to and from websites for financial gain," writes Lee. The latest example is the happily named Feliz Natal, which means Merry Christmas in Portuguese. The phrase is used to encode the IP address of the malicious proxy server. The targets appear to be individuals attempting to visit websites of financial firms, explains Lee. "When downloaded the PAC file modifies the browser settings to redirect any request to one of the listed domains to the specified proxy server, 199.188.72.87," Lee writes. The listed domains include hotmail.com, americanexpress.com, banconordests.gov.br and paypal.com.br. "The proxy may act to impersonate the requested website, or may conduct a man-in-the-middle attack to intercept communications between the victim and the intended website. Given that the majority of the domains listed in the file are those of financial organisations, it's likely that the individuals behind this attack are seeking to gain access to financial details," Lee surmises. "Network filtering solutions such as the WSA [Web Security Appliance] appliance based or the cloud based CWS [Cisco Web Security] can block web connections to malicious proxy servers to prevent information loss of information and the facilitation of unauthorised access to financial services," Lee concludes. For more: - see Lee's blog Related Articles: Security researchers slam LinkedIn's Intro messaging app Botnet of mobile devices used for first time to distribute Trojan Read more about: cisco back to top |
No comments:
Post a Comment
Keep a civil tongue.