A new program designed by web security provider Trusteer allows banks to remotely access computers of its online banking users to investigate potential web and network security breaches.
Currently, banks monitor accounts for unusual activity such as random large purchases or excessive withdrawals. The new software will allow banks to quickly scan these computers to check for potential problems. Banks cannot access the computer without permission from the account holder, who must first install the program.
"Financial institutions and their customers are being targeted by purpose-built malware variants designed to evade detection and commit online fraud, specifically against their brand," said Amit Klein, CTO of Trusteer. "The Trusteer Flashlight service enables banks to counter-strike these targeted attacks."
Any malware discovery will allow the bank to monitor similar activity and prevent against future attacks from the particular strain.
At the recent RSA Conference in San Francisco, California, a web security expert for the Federal Deposit Insurance Commission reported that online banking fraud cost banks and users more than $120 million in the third quarter of 2009.
Banks boost web security with new program
Source MX Logic Security News,
Filed under Security News
Tagged as Amit Klein, bank, Flashlight, malware, program, RSA, security, Trusteer, users, web
Tagged as Amit Klein, bank, Flashlight, malware, program, RSA, security, Trusteer, users, web
Web security breaches rock Hotmail
Source MX Logic Security News,
Filed under Security News
Tagged as breaches, change, Hotmail, malware, password, Rob Margel, security, spam, web
Tagged as breaches, change, Hotmail, malware, password, Rob Margel, security, spam, web
Users of Microsoft's free email service are advised by the Redmond, Washington-based software giant to change their passwords and be vigilant as an increase in spam activity on the site has led to web security breaches.
Accounts have been hacked in increasing numbers in recent weeks, and the cyber criminals have used the accounts to send spam to the entire contact list of the user. Victims have also reported that their email filter settings and other custom account features were changed following the breach.
"Hotmail is seeing instances of accounts being 'hijacked' by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like 'Good shopping good mood' and may go to your contact list in addition to a random list of emails," Rob Margel of Microsoft wrote on his blog.
The spammers do not change passwords to prevent real users from using their accounts, but they intend to access the address more than once. Changing the password is the only way to prevent further damage.
The origin of the malware is unknown, but the results are similar to phishing attacks that take place on Twitter. The popular social networking site recently announced phishing attacks have become so frequent that it will now scan every link posted to the site for malware.
Accounts have been hacked in increasing numbers in recent weeks, and the cyber criminals have used the accounts to send spam to the entire contact list of the user. Victims have also reported that their email filter settings and other custom account features were changed following the breach.
"Hotmail is seeing instances of accounts being 'hijacked' by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like 'Good shopping good mood' and may go to your contact list in addition to a random list of emails," Rob Margel of Microsoft wrote on his blog.
The spammers do not change passwords to prevent real users from using their accounts, but they intend to access the address more than once. Changing the password is the only way to prevent further damage.
The origin of the malware is unknown, but the results are similar to phishing attacks that take place on Twitter. The popular social networking site recently announced phishing attacks have become so frequent that it will now scan every link posted to the site for malware.
Small businesses need stronger web security
Source MX Logic Security News,
Filed under Security News
Tagged as accounts, bank, business, malware, protection, small, web security
Tagged as accounts, bank, business, malware, protection, small, web security
Cyber criminals have increased efforts to target the bank accounts of small businesses because they frequently do not have the web security measures in place that larger companies do, according to David Nelson of the Federal Deposit Insurance Corporation.
Even though most online purchases and transactions require several methods of identification for the companies to properly ensure that the purchase is secure, cyber criminals have found ways around these measures. Uploading malware is easier than ever as so many different methods have been developed, Nelson said.
The losses are especially damning for small business because companies do not receive the same reimbursement protection that consumers do: the FDIC insures all consumer accounts up to $100,000, but no such protection is available for enterprise.
"In the third quarter of 2009, small businesses suffered $25 million in losses due to online ACH and wire transfer fraud." Nelson said at the RSA conference, according to Computer World. "Hackers are definitely targeting higher-balance accounts and they're looking for small businesses where controls might not be very good," he continued.
Identity theft is an ongoing problem globally. In 2009, there were 11.1 million complaints filed by adults in the U.S. that cited money stolen as a result of identity theft.
Even though most online purchases and transactions require several methods of identification for the companies to properly ensure that the purchase is secure, cyber criminals have found ways around these measures. Uploading malware is easier than ever as so many different methods have been developed, Nelson said.
The losses are especially damning for small business because companies do not receive the same reimbursement protection that consumers do: the FDIC insures all consumer accounts up to $100,000, but no such protection is available for enterprise.
"In the third quarter of 2009, small businesses suffered $25 million in losses due to online ACH and wire transfer fraud." Nelson said at the RSA conference, according to Computer World. "Hackers are definitely targeting higher-balance accounts and they're looking for small businesses where controls might not be very good," he continued.
Identity theft is an ongoing problem globally. In 2009, there were 11.1 million complaints filed by adults in the U.S. that cited money stolen as a result of identity theft.
Twitter gets proactive with users web security
Source MX Logic Security News,
Filed under Security News
Tagged as filter, links, malware, proactive, scan, scanner, sites, Twitter, URL, web
Tagged as filter, links, malware, proactive, scan, scanner, sites, Twitter, URL, web
Twitter, the popular social networking site, recently reported that it has implemented a plan to scan all links posted on the website as they are submitted by users. The measure is directly aimed at eliminating the threat of phishing attacks on its members.
All links will be immediately filtered through a scanner that is designed to detect any code that resembles a malware strain. A majority of the effort will be on direct message scanning as, according to Twitter, that is where the worst offenses often take place.
"By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter," Del Harvey, director of Twitter's Trust and Safety team, wrote on the company blog. "Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe."
The San Francisco Chonicle reported in February that cyber crimals have taken to phishing attacks because they are highly successful and easier to produce than other forms of malware.
All links will be immediately filtered through a scanner that is designed to detect any code that resembles a malware strain. A majority of the effort will be on direct message scanning as, according to Twitter, that is where the worst offenses often take place.
"By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter," Del Harvey, director of Twitter's Trust and Safety team, wrote on the company blog. "Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe."
The San Francisco Chonicle reported in February that cyber crimals have taken to phishing attacks because they are highly successful and easier to produce than other forms of malware.
IE8 best in web security
Source MX Logic Security News,
Filed under Security News
Tagged as best, Black Hat, IE8, Microsoft, NSS Labs, security, Smartscreen Filter, web
Tagged as best, Black Hat, IE8, Microsoft, NSS Labs, security, Smartscreen Filter, web
Microsoft's latest Internet Explorer update, IE8 provides users with the best overall malware protection, according to the a recently released study from NSS Labs.
The study pitted IE 8 against the latest versions of Mozilla Firefox, Apple Safari, Google Chrome and Opera 10 and found that IE 8 does far more to weed out malicious software than its competition. NSS cited Microsoft's Smartscreen Filter, which compares URLs to known malicious web addresses and warns users whenever they come into contact to a potentially dangerous program, as the feature responsible for its superior security.
"Generally, at least half of a browser's total protection was achieved in the zero hour. But, Internet Explorer 8 continued to add as much as 30 percent of additional protection over the course of the test. Other browsers added between 2 percent and 14 percent over the course of the test," according to the study.
For Internet Explorer users who have still not updated to IE8, these latest results should be reason enough. In February, at the Black Hat DC Conference in Washington, D.C., Google demonstrated a hole in Internet Explorer 6 that is not present in IE8.
The study pitted IE 8 against the latest versions of Mozilla Firefox, Apple Safari, Google Chrome and Opera 10 and found that IE 8 does far more to weed out malicious software than its competition. NSS cited Microsoft's Smartscreen Filter, which compares URLs to known malicious web addresses and warns users whenever they come into contact to a potentially dangerous program, as the feature responsible for its superior security.
"Generally, at least half of a browser's total protection was achieved in the zero hour. But, Internet Explorer 8 continued to add as much as 30 percent of additional protection over the course of the test. Other browsers added between 2 percent and 14 percent over the course of the test," according to the study.
For Internet Explorer users who have still not updated to IE8, these latest results should be reason enough. In February, at the Black Hat DC Conference in Washington, D.C., Google demonstrated a hole in Internet Explorer 6 that is not present in IE8.
Static source code analysis turned on its head
Source Security Bytes,
Filed under Security News
Tagged as Armorize, Caleb Sima, CodeSecure, DevInspect, HP, SPI Dynamics, static source code analysis
Tagged as Armorize, Caleb Sima, CodeSecure, DevInspect, HP, SPI Dynamics, static source code analysis
If you’re into source code analysis and Web application security, then you know who Caleb Sima is. Sima, for the uninitiated is cofounder of SPI Dynamics and the guy who helped build the popular static source code analyzer, DevInspect. SPI Dynamics was scooped up three years ago by HP and until recently, Sima has been busy handing off his pride and joy to the computing giant. He’s since left HP and has emerged as CEO of Taipei-based Armorize Technologies.
Armorize does source code analysis and Web application security, and is anxious to spread its influence beyond Asia into the U.S. Sima has known about Armorize for a while, meeting up annually with founders Wayne Huang and Matt Huang at the RSA Conference and learning more about their unique approach to source code analysis.
The company’s CodeSecure product turns static source code analysis on its head. Unlike traditional analysis tools that compile and scan projects and then produce a to-do list of issues and vulnerabilities that pain developers to remediate, CodeSecure does real-time language syntax analysis, Sima said, and like a spell-checker, highlights problematic lines of code and with a right-click of the mouse offers suggested fixes as the developer is typing.
“That’s the way it should be,” Sima said. “We’re enabling developers to identify problems and give them the ability to have standards of remediation practices and standard code practices. It’s agile and that’s the way it should be. The goal is to be able to take the technology and for example, give it to a college kid with little or no experience and have him code a secure Web application.”
This is pretty contrary to what other security companies say about introducing security tools into the development lifecycle, Sima said.
“Security companies are shoving security into the development arena. In my viewpoint, developers shouldn’t learn anything about security. It’s not their job. Ultimately, security should be invisible to the developer; it’s the right way to get things done.”
RSA panel weighs PCI implications of cloud computing
Cloud computing takes PCI compliance into unfamiliar territory, but PCI auditors should make an effort to understand the technology, experts said during a panel discussion Wednesday at the RSA Conference 2010 in San Francisco.
“Auditors have to get used to it,” said Liam Lynch, chief security strategist at eBay. “They need to understand the technology.”
“It’s incumbent on you to avail yourself to understand the cloud environment,” Jim Reavis, executive director of the Cloud Security Alliance, told an attendee who identified himself as an auditor who wanted help in auditing an application in the cloud.
Reavis said CSA earlier this week pre-announced the availability of its Cloud Controls Matrix, a toolset of cloud security controls that map to industry regulations such as PCI and HIPAA. When the CSA releases the full toolkit, there will be 50 controls related to PCI, he said (a CSA press release said the release is scheduled for April).
“We’ll see education of QSAs [Qualified Security Assessors] regarding where standards apply to the cloud model,” he said.
Reavis also said the industry needs SAS-70s that “are scoped properly for cloud environments.”
eBay is both a consumer and producer of cloud services, and is a Tier 1 PCI compliant company, Lynch said. Regulations are important, he said, but added, “from an eBay perspective, I worry more about criminals than auditors.”
Ward Spangenberg, director of PCI and compliance at security-services firm IOActive, said one of the first things a company needs to do before moving into the cloud is to make sure the cloud provider understands its compliance requirements. A company also needs to know what data is important in their environment before moving to a cloud service, he said.
Shamir acknowledges chip-and-PIN attack as his favorite
Source Security Bytes,
Filed under Security News
Tagged as Adi Shamir, chip-and-PIN, man-in-the-middle attack, RSA Conference
Tagged as Adi Shamir, chip-and-PIN, man-in-the-middle attack, RSA Conference
Every year Adi Shamir, one of the inventors of the RSA algorithm, brings something new to the table at the annual RSA Conference Cryptographers’ Panel. This year, he gave a shout-out to Ross Anderson, Steven J. Murdoch, Saar Drimer and Mike Bond for their work on breaking chip-and-PIN authentication in credit cards. That team released a paper in early February that explained how to use a man in the middle attack to take down the technology, which is widely used in Europe and Canada as a means of authenticating the card and customer in a transaction.
Credit cards carry an embedded chip and when the card is run through a reader, it asks the customer to enter a PIN. Via a series of digital signatures and cryptography, both ends are authenticated on the card, not on the back end, and the transaction goes through.
Shamir said Ross et al’s research learned that the cards returned a message with the number 900 verifying that the password was authenticated. “No matter what any other details might be, if it’s happy with the password, it sends back 900,” Shamir said.”All you have to is replace a card with one that will always report 900 no matter what PIN is entered, and you’re done!”
Secure cloud concept built on new Intel processor
Source Security Bytes,
Filed under Security News
Tagged as Conference, EMC, Intel, RSA, San Francisco, Trusted Execution, VMware, Westmere
Tagged as Conference, EMC, Intel, RSA, San Francisco, Trusted Execution, VMware, Westmere
At a press event here on the opening day of the RSA Conference in San Francisco, EMC’s security division, RSA, along with Intel and VMWare unveiled a proof of concept for creating secure and compliant cloud services. An interesting aspect of this “vision” was its foundation — an upcoming new processor from Intel called Westmere.
The processor for servers features seven new instructions for accelerating encryption and decryption, an executive with Intel’s data center group said. It also features Intel’s Trusted Execution Technology to deliver “a new base root of trust,” he said. An RSA press release said the technology “authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor.”
Other components of the RSA/Intel/VMWare concept, which is going to be demonstrated at the conference, are security information and event management (RSA’s enVision technology) and GRC management software (from Archer Technologies, which was recently acquired by EMC). The idea is to provide cloud services with greater visibility, finer controls and streamlined compliance, the companies said.
Pat Gelsinger, president and chief operating officer, EMC Information Infrastructure Products, said the proof of concept “portends to a more secure, more compliant environment” and encompasses both public and private cloud services.
VMWare is owned by EMC.
This you??? Twitter phishing campaign spreads rapidly
Source Security Bytes,
Filed under Security News
Tagged as account, Bebo, compromise, Facebook, phishing, this, Twitter security, you
Tagged as account, Bebo, compromise, Facebook, phishing, this, Twitter security, you
A shortened URL leads to a convincing Twitter login page. Twishing also spreads to Facebook.
The latest attempt to grab user names and passwords from Twitter users has been spreading rapidly on Twitter and Facebook. The phony direct message: “This you????” is followed by a shortened URL that leads to a pretty convincing Twitter login page. The malicious URL is also spreading on Facebook, where some users have linked their Twitter accounts.
This tactic has been used time and time again and is successful because it comes from a person being followed and trust on some level. A similar “This you” phishing campaign first surfaced last September. The domain name uses the same email address used in the previous campaign: lixing688 at gmail.com The domain is registered in Shang Hai. In addition, the URL also sends people to a phony Bebo social networking page.
Graham Cluley of Sophos posted a video demonstration of the This you??? phishing attack.
If you suspect any of your Twitter accounts have been compromised, change your passwords immediately.