• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games

Company encourages businesses, event advertisers, and corporate and individual attendees to remain vigilant and take information security precautions

Solutionary, has identified the top information and data security risks facing businesses, Olympic advertisers and attendees of the upcoming Winter Olympic Games in Vancouver from February 12th to 28th. In addition, the company has provided precautionary tips to help these people and organizations protect their data and assets.

Solutionary is a trusted security advisor to companies of all sizes around the world, processing more than 300 billion events annually through the company’s Security Operations Centers (SOC). Solutionary’s certified SOC analysts and technology offer 24/7 live and automated event monitoring to ensure the highest levels of protection.

“Hackers, spammers and scammers often take advantage of major events, like the Olympics, to steal confidential consumer and corporate data and information or to generally create chaos,” said Don Gray, Chief Security Strategist of Solutionary. “Since the 2008 Games, new and more malicious threats have surfaced and attacks are more prevalent, from the Google email hacks to Twitter and Facebook denial of service (DDOS) attacks. In the age of Web 2.0 and constant connectivity, it’s more important than ever for businesses and individuals alike to remain vigilant about information security – especially around an event of such international significance.”

Solutionary’s information and cyber security experts have identified the following as the top five information security risks around the Olympics:

Social Networks & Instant Messaging (IM) – In recent months, sites and services like Facebook, Twitter and MSN Messenger have been repeatedly targeted by hackers. Keep your guard up, even during the excitement of the Games. Who you are connecting to? How you are connecting to them? Are you sharing information that could be used for social engineering? Never share files thru IM services and connect only to branded, trusted information sources.

Masquerading Wireless Networks - Always know what network you are connecting to and avoid unsecured wireless networks. Only connect to networks associated with trusted brands/providers and be sure to verify names and credentials of the access points.

Malvertising – Website ads containing malicious exploit code may be hosted by unsuspecting websites in an attempt to maximize online ad revenue around the Games.

Hacktivism – Nationalistic pride can be a powerful motivator in driving hackers to initiate attacks. In the recent Google hacking incident there was evidence of retaliatory hacking affecting Baidu.com.

Whaling – Corporate executives and guests should be trained to recognize attempts to target them, their laptops, and phones for exploit. Promotional items can easily be faked. Emails, devices, CDs, and memory sticks can all convey malicious software.

Solutionary’s experts recommend Olympic attendees, advertisers and Vancouver-area businesses take the below security precautions, at a minimum, leading up to and during the Games:

Awareness – Make sure everyone in your network – whether it’s your kids or your employees – is aware of potential threats. If they are aware of heightened risk, they will be more vigilant and likely to flag suspicious activity or items.

Protect Endpoints - Attendees must protect mobile computers and phones as these devices often are targeted for the data they contain as well
as an exploit path for stealing account credentials, credit card information, etc.

If you can, leave them at home. Consider limiting yourself to one pocket-able device that’s easy to keep track of.

If you must have a laptop, ensure that it is up to date with the latest patches, anti-X (virus, spyware, malware) software.

Remove all non-essential data from laptop before traveling – especially if it’s confidential or sensitive.

If you must travel with sensitive or confidential data, employ strong whole disk encryption.

Check, Double-Check and Re-Check Security Processes – Local businesses and advertisers should review their information security countermeasures, validate that patches are up-to-date, that web applications are not vulnerable, and that wireless networks are secured using WPA/WPA2 authentication and TKIP/AES encryption.

Log Monitoring – Local businesses involved with the Games and advertisers must recognize that their participation brings about the possibility of increased motivated attackers targeting them for nationalistic or political reasons. Ensure security log monitoring is adequate to handle the increased threat level and volume.

Check ATM’s – Attendees and local financial institutions should be vigilant about checking for ATM pin-pad skimmers. Most pin-pad skimmers can be detected by careful examination and physical checking as they are often taped on top of the real card-entry mechanism on the ATM. If there is any doubt, find another ATM to be safe.

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Greatest cyber risk driven by remote network access and embedded malicious code: Deloitte Poll

More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today. The executives were polled recently during the Deloitte webcast, “Combating Cyber-Threats from the Underground Economy: A View from the Front Lines.”

“Cyber attacks today are not only about identity theft, but about stealing information behind companies’ firewalls,” said Mark White, principal, Deloitte Consulting LLP and the webcast moderator. “An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited.”

Richard Baich, a principal in Deloitte & Touche LLP’s Security & Privacy practice and a webcast presenter, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts. “The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems, which routinely evade present-day security controls,” said Baich.

Baich also stated that cyber criminals are now able to target specific individuals within an organization, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organizations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.

“This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs,” said Baich. “Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems.”

“Data is more valuable than money. Once money is spent it is gone. Data can be reused and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said ‘because that is where the money is.’ Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games,” added Baich.

Other polling results included:
– Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
– 62.2 percent of respondents did not know how their organization understands what data is leaving the company’s network, though 14.1 percent did confirm that their organizations were using a data loss prevention solution.
– 41.4 percent reported that they did not know how their organizations found compromised devices inside of their network.
– More than a quarter (27.4 percent) indicated their organizations rely on some type of antivirus and intrusion detection system.

Peter Makohon, senior manager, Deloitte & Touche LLP and a webcast presenter, told participants that “cyber crime may already be in their neighborhoods” and cited the following issues facing executives:

– Current signature-based information security controls are not effective against sophisticated, cyber threats and exploits, which are evolving at a phenomenal rate.
– Companies lack the automated systems and skilled analysts to rapidly analyze, identify, contain, analyze, and remediate compromised devices.
– Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
– Organizations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.

To hear the webcast please visit: www.deloitte.com/us/dbriefs/futurete.

The polling responses came from more than 270 technology executives ranging from upper management to consultant across multiple industries responded to the polling questions during Deloitte’s webcast on December 3. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte.

Source: Deloitte

Panda Security publishes Virus Yearbook 2009

Most intriguing malware selected for use of social engineering and visible effects on PCs

PandaLabs, the anti-malware laboratory of Panda Security, has published its 2009 Virus Yearbook, examining the most intriguing malicious codes to emerge over the last 12 months.

Rather than spotlighting the most widespread viruses, or those that have caused the most infections, PandaLabs has selected those which stood out most for their use of social engineering or visible effects on users’ PCs. For this reason, some of the more well-known malicious codes (such as the Koobface virus) are absent from the list.

Here are the viruses PandaLabs believes deserve a mention:

– Biggest headache. Conficker.C was without a doubt the most obnoxious virus this year. It first appeared on December 31, 2008, and has spent the last year infecting companies and home users alike. The insidious and tenacious nature of this malicious code has earned it first place in Panda’s ranking.
– Harry Potter of viruses. Although there is no reference to the world’s most popular fictional wizard, the on-screen messages Samal.A displays are all about magic. When it infects a computer, users will see the message “Ah ah you didn’t say the magic word” (see photo) and the cursor then flickers, waiting for users to enter a word. The truth is it doesn’t matter what is entered, because after three attempts, the phrase “Samael has come. This the end” (see photo), will be displayed and the computer is restarted.
– V for Vendetta. While it’s still unclear who exactly the real target of this worm is, DirDel.A wreaks vengeance on infected users, progressively replacing folders in different directories with copies of itself. The worm is carried in a file called Vendetta.exe with a typical Windows folder icon (see photo).
– Plain nuisance. The Sinowal.VZR Trojan has infected thousands of computers under the guise of plane tickets supposedly purchased by the user (see photo).
– All-action virus. Once infected with Whizz.A, computers will start emitting a series of beeps, the mouse pointer moves uncontrollably around the screen, and the CD/DVD tray opens and closes, while the screen is ‘decorated’ with a row of bars (see photo).
– Snooper. Waledac.AX ensnares its victims by claiming to offer a free application for reading SMS messages on anyone’s cell phone. Waledac.AX is seemingly ideal for people who want to check up on their partners, explaining why so many users fell victim to this intelligent virus.
– Most affectionate. BckPatcher.C tops this category, as it changes the desktop wallpaper to an image reading “virus kiss 2009″ (see photo). What a charmer!
– Touch of the sniffles. PandaLabs couldn’t fail to mention a couple of the viruses, WinVNC.A and Sinowal.WRN, that used the widespread alarm surrounding swine flu to trick users and infect their systems.
– Incompetent newcomer. The Ransom.K Trojan encrypts documents on infected computers, and then asks for a $100 ransom to release them. However its creator, probably lacking in experience, included a programming error which allows users to release the files with a simple key combination.
– Most deceitful. This year, the winner in this category is FakeWindows.A, which infects users by passing itself off as a license activation process for Windows XP.
– Party animal. Banbra.GMH arrives in an email promising photos of Brazilian parties (with dancing girls included). Who could resist?

More information about these and other threats is available at www.pandasecurity.com.

2010 Computer Threat Trends, PandaLabs forecast

Fake antivirus, bots and banker Trojans will continue to increase

Cyber-criminals will keep fine-tuning their social engineering skills to trick victims

More malware will be created for Windows 7 and Mac operating systems

The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009. As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination. Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus strains (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise

Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc. It is always a good idea to be suspicious of any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7

Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!

Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone — the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android; and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals

Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive. Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware. These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009, we have already seen some attacks, and predict there are more to come in 2010.

Cyber war

Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion — as yet unapproved — pointing at North Korea. In 2010, we can expect to see similar politically-motivated attacks.

Securing the Cloud

Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise

2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware. In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

Source: Panda Security

AXIGEN releases Version 7.3 with increased security and manageability

AXIGEN, the professional messaging solution vendor, announced today the commercial release of AXIGEN Mail Server 7.3, designed to be a perfect fit for the Service Provider segment and one more step towards hosted messaging. Only two months after the launch of the desktop-like Ajax Webmail interface, this new version comes to further emphasize the user-centric trend of the product, by focusing on effortless manageability and a higher level of security, through the introduction of a brand new Identity Confirmation system.

Placing strong focus on anti-spam protection, AXIGEN Mail Server 7.3 delivers, among other user-oriented functionalities, an extra layer of security, via a Challenge/Response – based Identity Confirmation method, to offer a highly reliable and customizable email platform.

By directing strong innovative efforts towards adapting to the extremely demanding segment of Service Providers (SPs), AXIGEN reaffirms itself as a “trail blazer”, as considered by The Radicati Group in the Market Quadrant 2009 on Messaging Platforms for Hosted Email Providers, being among those companies that “often shape the future of technology with innovations and new product designs”. Moreover, Radicati’s latest study on Email Platforms for Service Providers Market states “the company has shown huge potential in the past few years and we believe it will continue to innovate and reach new markets”, further acknowledging the product’s innovative qualities and its potential for in the cloud messaging.

“This new release proves yet again our commitment of meeting the ever increasing messaging requirements of today’s business environments. It is also a direct result of our long-term dedication and extensive efforts to present SPs with innovative solutions that they can use to build a higher-end range of Software as a Service (SaaS) offerings for corporate clients,” said Oana Bornaz, AXIGEN CEO.

One of the top nine messaging solutions for hosted email providers according to Radicati’s market studies, AXIGEN is internationally recognized as a top-grade messaging solution and has won the ServerWatch 2007 Product Excellence Award for Best Communications Server.

Source: Gecad Technologies SA

Passware software cracks BitLocker encryption open

Passware announces the release of the world’s first commercially available BitLocker decryption software.

Passware Inc., a provider of password recovery, decryption, and evidence discovery software for computer forensics, has created the first commercially available software to break Microsoft BitLocker hard drive encryption.

The new version of its flagship product – Passware Kit Forensic 9.5 – now recovers encryption keys for hard drives protected with BitLocker. The software scans a physical memory image file of the target computer and extracts all the encryption keys for a BitLocker disk.

BitLocker is an advanced, full-disk protection feature available in Windows Vista, Windows 7, and Windows Server 2008.

“Full-disk encryption was a major problem for investigators,” said Dmitry Sumin, Passware President. “We have been able to provide police, law enforcement, and private investigators with a tool that allows bypassing BitLocker encryption for seized computers.”

Passware Kit Forensic is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms. A portable version of the software runs from a USB drive and finds encrypted files and recovers files and website passwords without making any changes to the target computer.

Passware Kit Forensic 9.5 supports over 180 different file types and introduces recovery of passwords for PGP archives and virtual disks. The software supports Windows 7, Vista, 2003, XP, and 2008 Server.

Pricing and availability

Passware Kit Forensic is now available from Passware and resellers worldwide. Manufacturer’s suggested list price starts at $795. The software comes with 1 year of free software updates. Free trial licenses are also available.

Source

Security Trends to Watch in 2010 – Symantec

Symantec  2010 Security Predictions

Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.

Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

Windows 7 Will Come into the Cross-Hairs of Attackers - Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL Shortening Services Become the Phisher’s Best Friend - Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs shorteners to carry out their own evil deeds.

Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX. Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.

As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

CAPTCHA Technology Will Improve – As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

Instant Messaging Spam - As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.

Non-English Spam Will Increase – As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.

Source: Symantec Corp

BitArmor launches new managed encryption software service

BitArmor offers integrated e-mail, USB and disk encryption solution delivered from the cloud

BitArmor, a leading provider of information-centric encryption software, today announced the availability of BitArmor DataControl 4.0, which includes delivery of encryption software as a managed service. The new service is the industry’s first integrated USB, e-mail and full disk encryption solution delivered from the cloud. BitArmor Managed Encryption is well suited for mid-market businesses, saving them time, money and deployment headaches while providing military-grade encryption to prevent data breaches and comply with state and federal data privacy regulations.

– Easy to afford – Saves tens of thousands of dollars
– Easy to deploy – Leverages existing infrastructure, no additional hardware required
– Easy to use – Encryption is completely transparent to users
– Easy to manage – Enterprise class security without the hassles

“A significant number of PCs and media devices carrying business-critical data aren’t properly encrypted, and this state of affairs is certain to cause disasters for enterprises,” said John Girard, VP and distinguished analyst in Gartner’s Info Security and Privacy Research Center. “Statistical odds suggest that this will happen to virtually every organization, whether small, midsize or large.”

Unlike large corporations, mid-market businesses do not always have the budget, IT resources or infrastructure in place to protect their data with enterprise-class security strategies and technologies. Through BitArmor’s SaaS (Security as a Service) delivery model, all customers can benefit from the advantage of commercial-grade, enterprise-class encryption and affordable data security.

“A.I.M. Mutual is committed to setting the standard in service excellence for our customers, which includes being on the forefront of addressing key data protection issues like the new Massachusetts’s Privacy Law,” said Ray Pata, Manager Systems and Programming of A.I.M. Mutual Insurance Companies, one of the top providers of workers compensation in Massachusetts and an “A” rated financial institution by AM Best Company. “BitArmor Managed Encryption is a great security model as it provides very strong but highly affordable encryption so A.I.M. Mutual can continue to protect our key assets in a fiscally responsible manner.”

“Our customers operating in a wide range of highly regulated industries need encryption as part of their overall defense strategy, but mid-sized companies don’t always have the resources needed to manage an enterprise deployment,” said Carl Kunzmann, Managing Partner of Wulf Consulting, an IT provider that specializes in managed solutions for mid-market businesses and is now offering BitArmor Managed Encryption to its clients. “A great example is Ursuline Senior Services, subcontractor to Pennsylvania’s Allegheny County Area Agency on Aging, which will use BitArmor Managed Encryption to provide an additional level of security and assurance that the confidential healthcare and financial data of the 5,000+ senior citizens it serves will not be compromised.”

As the inventor of patented Smart Tag(TM) technology, a revolutionary approach to data encryption that protects data wherever it goes, BitArmor is recognized for its ability to deliver strategic solutions for the industry’s most pressing data protection problems, including the industry’s only No-Breach Guarantee.

BitArmor Managed Encryption’s latest enhancements solve the unique data protection challenges of the small to medium enterprise market by providing military-grade encryption for laptops, USB devices and email attachments, in a simple-to-manage and affordable subscription-based SaaS model. This is in stark contrast to data encryption solutions offered by many vendors that are cost-prohibitive for smaller businesses because they require investments in disparate technologies, expert IT security resources, and dedicated servers.

New SaaS features with BitArmor Managed Encryption include:
Highest Grade of Encryption: Uses military-grade encryption to safeguard sensitive data;
Complete Control of Sensitive Data: Ensures customers’ sensitive data never enters the cloud by performing encryption processing functions on the client side;
Integrated Managed Encryption: Offers a single integrated managed disk, USB and e-mail encryption solution that is easy to use and completely transparent to end-users;
High Availability: Guarantees the highest level of availability with multiple redundant servers and offline capabilities that provide access to encrypted data in the event of a network outage;
Reporting for Compliance: Supports regulatory requirements with simple-to-use reporting capabilities;
Low Total Cost of Ownership: Allows administrators to easily deploy the solution within hours and securely manage users from a single console – without costly infrastructure investments or prior encryption and key management experience.

“Today’s businesses are faced with the seemingly impossible task of meeting data security requirements while managing IT costs,” said BitArmor CEO Patrick McGregor. “BitArmor continues to deliver the necessary innovations, like SaaS-based encryption, so that all companies can afford to protect their critical data without sacrificing business growth. BitArmor provides consistent value even as regulations and impending risk threats evolve.”

Source: BitArmor

WatchGuard launches new family of E-mail security appliances for small to medium sized businesses

WatchGuard, Leader of Unified Threat Management Appliances, Expands Offerings; Unveils New Family of E-mail and Spam Security Appliances

WatchGuard® Technologies, a global leader of business security solutions, launched a new family of extensible content security solutions specifically designed for small to medium sized businesses. These new appliances fall under the umbrella of the WatchGuard XCS platform and provide advanced protection against spam, viruses, spyware and malware, as well as reliable, always-on e-mail security and full featured centralized management and reporting.

“Small to medium sized businesses stand at the crossroads of being the most at risk to an e-mail based threat, and yet, the most challenged to have state of the art e-mail and spam protection,” said Bryan Nairn, Senior Product Manager at WatchGuard Technologies. “Until now, these businesses had few options for spam and malware protection. With WatchGuard, they can have a no compromise, fully featured messaging protection solution at an affordable price point.”

The WatchGuard family of XCS appliances for SMBs consists of the WatchGuard XCS 170, the XCS 370 and the high-performance XCS 570 series. All of these appliances come complete with the WatchGuard e-mail security suite, which provides advanced protection against spam, phishing, viruses, malware and other forms of e-mail based threats. Additionally, they all sport advanced management and reporting capabilities, which include archiving, on-box reporting, messaging logs, customizable granular policies and reports, TLS encryption and message redundancy.

Furthermore, these WatchGuard XCS appliances can take advantage of WatchGuard’s innovative in-the-cloud security technology, ReputationAuthority. With 99.99 percent accuracy, ReputationAuthority eliminates up to 98.3 percent of spam e-mail before it ever gets to a small business network by use of DNS blacklists, IP traffic volume, behavior analysis and content inspection. Given that spam e-mail is a major carrier of viruses, phishing and blended threats, having ReputationAuthority pre-screen and eliminate this unwanted traffic makes networks, applications and data better protected as part of WatchGuard’s defense-in-depth architecture.

For larger businesses with up to 1,000 users, WatchGuard offers the XCS 570 appliance, which provides advanced messaging security for businesses that truly require enterprise-grade protection. For these customers, the WatchGuard XCS 570 provides bi-directional protection from internal and external threats, as well as data loss prevention to keep confidential information from escaping out of organization e-mail boundaries. To keep mail from ever being lost due to failures or other events, the XCS 570 provides queue replication, a first for a product at this price point. As well, the XCS 570 includes compliance dictionaries, content filtering, outbound attachment control and scanning, outbound content scanning, optional third-party e-mail encryption, e-profiling, instant-on data loss prevention, and clustering – all making the XCS 570 an unbeatable solution for small to mid-sized organizations.

Pricing and Availability

The WatchGuard XCS series of appliances will be available worldwide from WatchGuard channel partners within 30 days. The WatchGuard XCS 170 starts at $2,475, the WatchGuard XCS 370 is $5,500 and the WatchGuard XCS 570 is $8,500; all have no per user license fees.

Source: www.watchguard.com

Next Page »

• Recent Posts

  • Wordfast Pro 2.3 for Windows
  • Panda Security reports over 13 Million users affected by Mariposa Botnet
  • Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months
  • SonicWALL identifies growing threat of cybercriminals attacking new searches
  • Introducing the Fraud Prevention Suite to combat fraud in international eCommerce
  • Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement
  • SAP Business One 8.8 beckons new era of software for small businesses
  • Microsoft announces global launch of Windows MultiPoint Server 2010
  • SIIA announces finalists for 2010 CODiE Awards in Education categories
  • New Emotional Technology in KODAK Picture Kiosks creates opportunity to tap into trillions of images
  • Cybercriminals continue to show their love for Valentine’s Day
  • Tableau launches free software to make data social
  • Apple releases Aperture 3
  • Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
  • Top 10 Malware Threats for January

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software service software Software News tech technology threats Trend Micro United States US USA Windows Windows 7