5 undiscovered vulnerabilities found on enterprise networks

A report by Lumeta highlights the five most prevalent undiscovered or unknown vulnerabilities commonly found on enterprise networks. 1.) Incorrect or incomplete deployments of IPS/IDS. 2.) Failure to discover and probe all segments of a network with vulnerability management tools. 3.) Overlooking nontraditional IP-enabled devices. 4.) Using default credentials on network devices. 5.) Unauthorized wireless access points.

Details Here

first published week of:   08/09/2010

75,000+ computer systems hacked in one of largest cyber attacks, security firm says

More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm. The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness.

This latest attack does not appear to be linked to the Google intrusion, said NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia. The attack also highlights the inability of the private sector - including industries that would be expected to employ the most sophisticated cyber defenses - to protect itself. The intrusion, first reported on the Wall Street Journal’s Web site, was detected January 26 by a NetWitness engineer. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide.

The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, the chief executive said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords - including to online banking and social networking sites - and then exploit that data to hack into the systems of other users, the chief executive said. The number of penetrated systems grew exponentially, he said.

Details Here

first published week of:   03/01/2010

Adobe Fights to Keep Flash Vital
Announcements at its developer conference are aimed to show its customers that it can still deliver a broad audience.

Adobe is fighting to keep its place as the middleman of choice for creative professionals. Its Flash platform, which is designed to distribute interactive content to all manner of devices and operating systems, has been embattled since Apple refused to allow the technology on the iPhone. Adobe struck back this week with a series of announcements at its MAX conference in Los Angeles, hoping to show that its technology can still bring content to the widest possible audience.

Adobe announced two new ad formats for smart phones, for use in apps or in the browser. They would allow companies to build interactive or video ads that could reach a wide variety of devices. The formats are designed to make ads consistent for viewers and easy to measure. They’re also made so that people can interact with them without leaving the application they’re currently using.

Adobe has also taken steps to make sure that the new ad formats can truly be ubiquitous. The technology works with ads designed in Flash or the Web standard HTML5, says Lalit Balchandani, Adobe’s director of advertising product strategy.

Details Here

first published week of:   10/25/2010

Adobe will be top target for hackers in 2010

Adobe Systems’ Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week. “Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot,” security vendor McAfee said in its “2010 Threat Predictions” report. Adobe’s CTO acknowledged recently that his company’s software is being attacked more frequently, and said the company has stepped up its efforts to respond. Mozilla’s Firefox browser and Apple’s QuickTime software have also faced new attacks. Among its other predictions, McAfee expects more sophisticated attacks next year against social networking sites such as Twitter and Facebook. It also sees the emergence of a new vehicle for attacks in the form of HTML 5, an update to the Web markup language that will support delivery of online video and allow Web applications to run offline. “HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said. There was some good news, however. The security firm sees law enforcement having more successes next year in its pursuit of cybercriminals, thanks to closer cooperation and improved skills at international crime-fighting agencies.

Details Here

first published week of:   01/04/2010

Android Apps Leak User Data Without Clear Notifications

Something as simple as changing your Android phone’s wallpaper or downloading a ringtone could transmit personal data about you, including your location, without your knowledge.

Sound farfetched? It’s not: About 15 of 30 randomly selected, popular, free Android apps sent sent users’ private information to remote advertising servers and two-thirds of the apps handled data in ambiguous ways, say researchers.

The researchers at Duke, Intel Labs and Penn State University, created a tool called TaintDroid that identifies apps transmitting private data to distant locations. TaintDroid monitors how applications access and use your location, microphone, camera, phone numbers in your contact list. The tool also provides feedback once an app is newly installed, letting you know if the app is transmitting data.

“This automatic feedback gives users greater insight into what their mobile applications are doing and could help users decide whether they should consider uninstalling an app,” says Peter Gilbert, a graduate student in computer science at Duke University who’s working on the project. The TaintDroid program isn’t publicly available yet.

Details Here

first published week of:   09/27/2010

Apps Know Where You Are
Geolocation analytics could help companies to improve their apps--and make more money from them.

A new platform for analyzing when, where, and how smart-phone apps are used will soon be available to thousands of mobile developers.

Appcelerator--a software development platform that lets Web programmers create apps that run natively on both iPhone and Android devices--will release the new mobile analytics platform within the next three months. The platform was developed by Appcelerator and FortiusOne, a company that specializes in visualizing location information.

Accurate geolocation analytics data will help companies improve their software and make money from location-targeted advertising.

Appcelerator has around 72,000 users, including developers from large businesses such as NBC and Budweiser. It has proven popular because it lets developers create apps without requiring the technical expertise needed to build them from scratch. The new platform, called Titanium+Geo, lets Appcelerator developers see what users are doing, and where they're doing it, as long as geolocation functionality has been built into an app.

Details Here

first published week of:   10/04/2010

Volume 31

-->