Anti-virus to go: Microsoft makes portable anti-virus tool available to download Microsoft has released its free
Microsoft Safety Scanner (MSS). This scans for and removes malware from Windows systems without requiring prior installation. According to
AV-Test's Andreas Marx, the on-demand anti-virus scanner appears to be based on the Malicious Software Removal Tool (MSRT), but with the addition of a complete signature database. MSRT used a mini database of widely distributed threats and is distributed monthly via the automatic update function.
Adding in a complete database bulks up Safety Scanner's file size to around 64 MB - still smaller than many software updates. According to Microsoft, the scanner can only be run for up to 10 days after installation, after which it must be re-downloaded - this ensures that it always has up-to-date signatures. Because MSS does not need to be installed, it can also be saved to and run from a USB flash drive. 32- and 64-bit versions are available.
Continued : http://www.h-online.com/security/news/item/Anti-virus-to-go-Microsoft-makes-portable-anti-virus-tool-available-to-download-1230253.html
Related:
Use Microsoft Safety Scanner as back line of your security offenseReply 1 : NEWS - April 19, 2011
If there's one thing that scientists and statisticians both hate, its weird data. And that's what the folks at Verizon were dealing with when they tallied the results of their 2011 Data Breach Report which found a stunning 97% drop in the number of lost records, even as the number of reported breaches rose precipitously.
The conflicting numbers had Verizon executives scratching their heads to coax a message out of statistics that seem both discouraging and wildly encouraging at the same time. But some outside security experts with hands on experience investigating data breaches say the report's unusual findings only underscore the difficulty of tracking the data theft crimes across the public and private sectors.
The Verizon 2011 Data Breach Investigations Report (DBIR) (pdf) is the third annual report issued by Verizon and the U.S. Secret Service (USSS). It covers incidents of data breaches that occurred in calendar year 2010 and comprises incidents investigated by Verizon's professional services division and those reported to the USSS. The report's tally of stolen records is a oft-cited benchmark of the prevalence and seriousness of cyber attacks.
That number has been on a steady - even precipitous decline since the first Verizon DBIR in 2008. After peaking in that first year at 361 million, the number of total records compromised dropped to 144 million in 2009 and just 4 million in 2010. That leaves Verizon in the uncomfortable position of having to try to explain - rather than merely interpret - the results of its own report.
Continued : http://threatpost.com/en_us/blogs/weird-science-verizon-finds-stunning-drop-data-theft-041911
Also:
Verizon: Advanced Persistant Threat Is Overblown
Lost records down even though breach incidents soared
Reply 2 : NEWS - April 19, 2011
From Brian Krebs @ his "Krebs on Security" blog:
The number of financial and confidential records compromised as a result of data breaches in 2010 fell dramatically compared to previous years, a decrease that cybercrime investigators attribute to a sea-change in the motives and tactics used by criminals to steal information. At the same time, organizations of all sizes are dealing with more frequent and smaller breaches than ever before, and most data thefts continue to result from security weaknesses that are relatively unsophisticated and easy to prevent.
These are some of the conclusions drawn from Verizon's fourth annual Data Breach Investigations Report. The report measures data breaches based on compromised records, including the theft of Social Security numbers, intellectual property, and credit card numbers, among other things.
It's important to note at the outset that Verizon's report only measures loss in terms of records breached. Many businesses hit by cyber crooks last year lost hundreds of thousands of dollars apiece when thieves stole one set of records, such as their online banking credentials.
The data-rich 74-page study is based on information gleaned from Verizon and U.S. Secret Service investigations into about 800 new data compromise incidents since last year's report (the study also includes an appendix detailing 30 cybercrime cases investigated by the Dutch National High Tech Crime Unit).
Continued : http://krebsonsecurity.com/2011/04/are-megabreaches-out-e-thefts-downsized-in-2010/#more-9240
Reply 3 : NEWS - April 19, 2011
"Latest state of software security report from Veracode also finds application developers' security grades low"
Most of the security and security services software tested by Veracode got an "unacceptable" rating in their first security scans, as did more than 65 percent of all commercial software, a new report released today says.
Veracode's new State of Software Security Report shows only customer support software in worse shape than security products and services, with 82 percent of apps receiving an "unacceptable" rating, versus 72 percent for security software and security services software.
While 66 percent of all commercial software scanned by Veracode received an "unacceptable" rating upon their first security scans by Veracode, the low scores of security products and services software was most telling. "That was a shocker for us," says Sam King, vice president of product marketing at Veracode, which scanned more than 4,800 applications for this report. "That helps explain some of the headlines we've seen lately-- RSA, HBGary, Comodo ... Attackers are targeting security companies and other vertical industries should be taking better care of the apps. The lesson learned for people buying: you can't assume that even security vendors are any more secure."
The bright spot, however, was that the commercial software vendors were relatively quick to clean up their products, with more than 90 of them achieving an "acceptable" score for security within one month after the first scan by Veracode. And the security vendors were especially speedy, with an average of three days to get their applications into acceptable security shape, the Veracode report says.
Continued @ Dark Reading
Reply 4 : NEWS - April 19, 2011
The UK government appears to be pressing ahead with plans to filter the internet to prevent the great unwashed from filesharing.
While we may have thought that culture secretary Jeremy Hunt had seen some common sense about the plan by asking Ofcom to review if it was workable, it seems that plans to block 100 P2P sites are going ahead anyway.
According to the Guardian there are plans to waste taxpayer money building a quango similar to the Internet Watch Foundation (IWF). This would scour the net for illegal images of children, obscene adult content and "non-photographic child sexual abuse hosted in the UK" and er filesharing.
It is worthwhile pointing out that for a long time people have advocated filtering to "protect children" and the great unwashed from terrorists. In some ways it is refreshing that the government is being upfront and saying that they are really using it to filter the net for their chums in the content industry.
According to the Guardian there is a "plan b" which involves having a judge rule whether a site should be blocked after an industry agreed voluntary code has been satisfied.
This will save ISPs from having to write cheques to outfits which have been wrongly blocked. It would also mean that the government would not have to pay to staff a quango.
Continued : http://www.techeye.net/security/british-government-presses-ahead-with-web-filter-plans
Reply 5 : NEWS - April 19, 2011
Politically-motivated hackers are thought to be behind a DDoS attack on alternative news site Newsnet Scotland, launched on Monday days before Scotland is due to vote in fiercely contested local elections.
The attack, if that's what it is, left the site unavailable from Monday afternoon into the early hours of Tuesday morning.
Publishers of the site said the evidence so far suggests that unknown parties have launched a denial of service attack against the media outlet, which advocates greater Scottish independence and takes a dim view of the "unchallenged voice of Unionism".
' Internal investigations are continuing in order to track down the root of the problem and to ensure that it cannot recur. However our server administrator has informed us that the most likely cause is a Denial of Service (DOS) Attack. The pattern of activity which the site IT team detected points toward such an explanation.... '
Continued : http://www.theregister.co.uk/2011/04/19/scottish_news_site_ddos/
Reply 6 : NEWS - April 19, 2011
Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.
Thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them. [Screenshot]
A typical message reads:
58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin
See the hashtags? They appear to be currently trending phrases on Twitter - presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.
If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.
Continued : http://nakedsecurity.sophos.com/2011/04/19/unfollowed-me-rogue-application-spreads-virally-on-twitter/
Reply 7 : NEWS - April 19, 2011
.. official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam. [Screenshot]
A typical message reads:
Dear client
Spam is sent from your FaceBook account.
Your password has been changed for safety.
Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.
Please do not reply to this email, it's automatic mail notification!
Thank you.
FaceBook Service.
The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it's spelt "Facebook" not "FaceBook".
Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.
Continued : http://nakedsecurity.sophos.com/2011/04/19/spam-from-your-facebook-account/
Reply 8 : NEWS - April 19, 2011
Apple has released version 10.2.2 of its popular iTunes media player software, a maintenance and security update that addresses a number of bugs and fixes two security vulnerabilities. According to Apple, version 10.2.2 corrects two issues in the WebKit browser engine used by iTunes that could lead to arbitrary code execution via a man-in-the-middle attack while browsing the iTunes Store.
Only the Windows version of iTunes is affected. Apple fixed the same issues on Mac OS X systems via the recent Safari 5.0.5 update. The latest iOS updates from earlier this month also corrected the same problems in Apple's iPhone, iPad and iPod Touch devices.
In addition to closing the above security vulnerabilities, the iTunes update also fixes problems that could cause the application to become unresponsive when syncing an iPad. Other changes include updates that prevent video previews on the iTunes Store from skipping while playing, iOS photo syncing improvements and various bug fixes that improve the overall stability and performance of iTunes.
Continued : http://www.h-online.com/security/news/item/iTunes-10-2-2-closes-security-holes-1229838.html
Reply 9 : NEWS - April 19, 2011
Social networking giant Facebook announced on Tuesday that it was introducing a two-factor security feature that will make user accounts harder to hijack.
The announcement was part of a group of security enhancements by Facebook that includes improved secure HTTP features and social reporting tools that make it easier to flag questionable content online.
The security improvements stem, in part, from the company's involvement with the Obama Administration on an anti-bullying crusade.
Following the lead of Google, Facebook is adding a multi factor authentication feature, similar to Google's Authenticator feature for Gmail. Disabled by default, the feature will ask users to enter a code in addition to their Facebook user name and password any time they try to access their Facebook account from a new device.
On the secure browsing front, Facebook has tweaked its HTTPS feature so that the site will automatically shift back to secure HTTP if a Facebook application requires HTTPS to be disabled.
Continued : http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Also: Facebook Expands 'Social Reporting,' Security Tools
Reply 10 : NEWS - April 19, 2011
The Wireshark development team has announced the release of version 1.2.16 and 1.4.5 of its open source, cross-platform network protocol analyser. According to the developers, these maintenance and security updates address multiple vulnerabilities that could, for example, cause the application to crash or allow remote code execution.
The 1.4.x branch of Wireshark is vulnerable to a bug in the NFS dissector that could lead it to crash on Windows, as well as a buffer overflow issue in the DECT dissector. Paul Makowski from SEI/CERT, who discovered the buffer overflow problem, is said to have verified that this "could allow remote code execution on many platforms". Versions 1.4.0 up to and including 1.4.4 are reportedly affected; Wireshark 1.4.5 fixes these issues. However, the developers have already updated the 1.4.x branch to version 1.4.6 to address a bug in the TCP dissector which could cause the application to crash.
A third problem in the X.509if dissector, which could lead to a crash, affecting both the 1.4.x and 1.2.x branches of Wireshark, has also been fixed. Wireshark 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4 are confirmed to be affected. All users are advised to update to the latest versions as soon as possible.
Continued : http://www.h-online.com/security/news/item/Wireshark-updates-patch-vulnerabilities-1230139.html
See Vulnerabilities & Fixes: Wireshark Denial of Service and Buffer Overflow Vulnerabilities
Reply 11 : NEWS - April 19, 2011
Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products.
The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among affected parties and reduce the chances that vulnerability reports will result in it being exploited in the wild. Among other things, they require employees to send private notifications to the organization responsible for the vulnerable software, hardware or service and only later publish a public advisory.
"We're definitely into the idea of no surprises for any of our vendors that we find vulnerabilities in," said Microsoft Senior Security Strategist Katie Moussouris. "We're basically following the golden rule for disclosure, and it's all about protecting customers, because there's no reason to unnecessarily amplify risk by imposing some sort of one-size-fits-all deadline on things."
The policy (MS Word document here) applies to all Microsoft employees, whether they find vulnerabilities during their personal time or as part of their official duties. The procedures are intended to move away from the doctrine of "responsible disclosure," which many people in security circles came to resent because it suggested all who disagreed with it were somehow behaving improperly.
Under the policy, Microsoft employees who discover vulnerabilities will report them privately to the third-party organizations responsible. Encrypted email is the favored medium, but only after the employee has identified the right third-party person to receive the report. The reports should include crash dump information, proofs of concept or exploit code, root cause analysis, and other technical details.
Continued : http://www.theregister.co.uk/2011/04/19/microsoft_vulnerability_disclosure_policy/
Related: Microsoft kicks off third-party bug warnings with two for Chrome
Reply 12 : NEWS - April 19, 2011
Police have made a sixth arrest in their investigation of Anonymous, the online activist collective that launched a series of cyber attacks on major firms it saw as anti-WikiLeaks.
The new suspect, a 22-year-old man from Cleveland, was questioned by specialist computer crime detectives at a local police station on Wednesday last week. He was bailed until 26 May pending further enquiries.
The five original suspects - three teenage boys and two men - have also all been bailed again in the last 48 hours, to reappear at police stations in June.
They were arrested at addresses in the West Midlands, Northamptonshire, Hertfordshire, Surrey and London in coordinated dawn operations on 27 January.
They are suspected of involvement in cyber attacks on the websites of Amazon, Bank of America, Mastercard, PayPal and Visa in December. Deliberately causing such disruption is an offence under the Computer Misuse Act and carries a sentence of up to 10 years' imprisonment.
The firms were targeted after they cut off services to WikiLeaks, amid controversy over its release of classified US diplomatic cables.
Continued : http://www.telegraph.co.uk/technology/news/8451714/New-arrest-over-Anonymous-pro-WikiLeaks-attacks.html
Reply 13 : NEWS - April 19, 2011
Avoid clicking on links and images in malware-laden emails, McAfee warns
Computer users around the world received phony Easter greetings with links to malware on Monday, according to research by McAfee Labs?.
Cybercrooks often take advantage of current events to grab computer users' attention, and this time they are using the upcoming Christian holiday to distribute dangerous emails with links to a password-stealing program.
Fortunately, the threat has already been identified by McAfee and McAfee software will protect customers against it.
One email appears to be a typical e-card with a colorful image of a bunny, chicks and eggs. A message invites you to "Download Animated Greeting Here." If you click on the link or image, it installs malware onto your machine that can steal passwords and other sensitive information, as well as give control of your machine to the attacker.
You should be on the lookout for these threats in your inbox, and avoid clicking on any images or links in spam Easter messages. [Screenshot: Easter Malware Mail]
Here's more information on how to spot holiday-related scams, and how to avoid becoming a victim:
The Scam:
1) Phony Holiday Greeting - In the Easter scam mentioned, you receive a spam email with a message like "Easter Greetings from Alex," or the attacker might use another common name. The scammers are betting that you know someone with this name and are more likely to open it. Once you open the message, it looks like a regular e-card with Easter images. We see similar scams at Christmas and Valentine's Day, when computer users are looking forward to receiving messages from loved ones, and let their guard down, only to accidentally download malware.
Continued : http://blogs.mcafee.com/consumer/consumer-threat-alerts/easter-bunny-delivers-basket-of-malware
Related:
Easter Greeting Hatches Nasty Malware Surprise
Spammers Intend to Make You an Easter Bunny
Reply 14 : NEWS - April 19, 2011
From the Sunbelt Blog:
[video]
Delicious cake - for years, the symbol of a reward never to materialise.
This sad trend continues with the upcoming release of Portal 2, which - as you would expect - is prompting a rash of utterly fictitious cake designed to lure the unwary into mind bending puzzles of a three dimensional nature, or at least some surveys and a slice of malware.
Over the last few days, Twitter users have reported a huge wave of Portal spam.and this will no doubt continue to be an annoyance as excitement builds over the release. Much of the spam makes no sense, or mashes up random Portal related comments and lines.
See if you can spot the cake mention (yes, this cake was a lie too): [Screenshot]
A lot of these spambots were directing users to a "Portal 2 Loader" (hat tip to MrTom), which has been downloaded roughly 4,000+ times and appears to be a Portal 2 crack. [Screenshot]
Continued : http://sunbeltblog.blogspot.com/2011/04/cake-is-lie.html
Reply 15 : NEWS - April 19, 2011
.. attachment
A stranger emails you out of the blue, offering you a digital photo of themselves.
What do you do?
Don't risk it - and chuck the email straight in the trashcan?
or
Take a careful look at the email, to try to weigh up the chances of it being a malicious attack?
or
Open the attachment straight away - after all, the chances of peeking at a salacious photograph outweigh the consequences of a malware infection?
Here are the details of just such an email which has been spammed around the world:
Subject: I'm going to send you the Photos in
Attached file: DSC0173519.zip
Message body:
Hello Man,
I don't know how to say it, but I've tryed before a long time to send you some photos, but I've thought that you aren't interested to see me.
But now I'm going to send you the Photos in the Attachment.
Download the pictures and extract they, I'm sure that you will like they.
The password is: 123456
Have a great day.
The messages have one attachment, called DSC0173519.zip. The ZIP file is encrypted (presumably in an attempt to defeat anti-virus products running at the email gateway - sorry Mr Cybercriminal, that didn't stop Sophos) with the password mentioned in the body of the email.
Within the ZIP is an executable file, DSC0173519.exe, which Sophos proactively detects as Mal/Behav-043.
Continued : http://nakedsecurity.sophos.com/2011/04/19/dsc0173519-zip-spammed-out-malware-attack-poses-as-photo-attachment/
No. The name alone is sufficient for that judgment.
