Search results for: zero trust

Week in review: Windows 8 security features, the end of DigiNotar and BIOS rootkit in the wild

Here’s an overview of some of last week’s most interesting news: Linux Foundation suffers security breach A few weeks after the discovery of the compromise of the kernel.org website and several servers in its infrastructure comes the news that the Linux.com and LinuxFoundation.org sites have been temporarily rendered unavailable. GlobalSign audit reveals only isolated web server breach The CA has retained the services of Fox IT, the same security audit firm that investigates the DigiNotar … More

McAfee introduces anti-rootkit security beyond the OS

Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system. On that note, McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. Co-developed with Intel, it allows McAfee to develop hardware-assisted security products to take advantage of a “deeper” security footprint. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, … More

Security vendor applauds LulzSec attacks

In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. Explaining this sentiment, Andy Kemshall – CTO and co-founder of SecurEnvoy, said, “I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blasé attitudes of government and businesses … More

SpyEye Trojan attacks Verizon’s online payment page

Trusteer discovered a configuration of the SpyEye Trojan targeting Verizon’s online payment page and attempting to steal payment card information. The attack took place between May 7th and 13th. Amit Klein, Trusteer’s CTO explained that, “SpyEye uses a technique called “HTML injection” to modify the pages presented in the victim’s browser, in this particular case the injected HTML is used to capture the following credit card related data.” “The attack is invisible to Verizon customers … More

Explosive financial malware targets Windows

Trusteer identified Sunspot, a little known Windows malware platform that has been in circulation for some time, but was never previously recognized for its financial fraud capabilities. It is currently targeting North American financial institutions and has already achieved SpyEye and Zeus-like infection rates in some regions. There are confirmed fraud losses associated with Sunspot, so the threat is real. Sunspot is another example of the growing list of financial malware that is flooding the … More

Mac OS X 10.6.7 fixes security vulnerabilities

Apple today released Mac OS X 10.6.7 which increases the stability, compatibility, and security of your Mac. AirPort A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6. Apache Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of … More

BufferZone Pro now free

Trustware just made BufferZone Pro completely free. BufferZone Pro adds an additional layer of protection to the traditional security suites addressed for the home users. It creates a separate – or virtual – environment that isolates security threats and prevents them from ever touching the user’s hard drive. BufferZone protection prevents all threats, even unknown (zero-day) threats that anti-virus misses. There are no signature updates, no maintenance and no response time. “Threat Virtualization or Sandboxing … More

WatchGuard XCS gains spam blocking and encryption capabilities

WatchGuard released a free update to its XCS (extensible content security) line of email and web content security appliances that includes new features to make stopping spam even easier along with new email encryption capabilities. The new add-in for Outlook allows end users to mark any delivered messages that bypass the XCS spam filters as either “spam’ or ‘not spam’. This way, end users gain the ability to report false positives, where legitimate messages were … More

2010: The year of the vulnerability

The year 2010 has been almost identical to the previous one in terms of malware evolution. Generally speaking, trends have not changed that much and nor have the targets for attack, though certain malicious activities have progressed dramatically. Whilst monthly malware detection rates have remained reasonably stable since 2009, with browser attacks and botnets continuing to be the main threats to cybersecurity, there has been a downturn in activity by certain types of malware. Vulnerabilities … More

Hacktivism and social engineering emerge as top threats

Hacktivism and more profit-oriented malware, social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year, according to PandaLabs. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits. The major security trends of 2011 are outlined below. Malware creation. In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered … More

The Zeus malware R&D program

Trusteer captured and analyzed a new version (2.1) of the Zeus financial malware and found that it has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Zeus is under the spotlight of security vendors, banks, and law enforcement, which forces its developers to continually improve it … More

New financial malware targeting bank customers

Bank customers are being targeted by criminals using regional specific malware that flies under the radar of most antivirus technology to steal peoples online banking credentials and commit fraud. Detection rates for regional malware are between zero and 20%, suggesting that the majority of these attacks go undetected. Two pieces of regional malware targeted at UK banks have been detected by Trusteer; Silon.var2 which resides on one in every 500 computers in the UK compared … More