Lastline Report Finds Evasive Threats On The Rise
An Interesting article from Dark reading on Evasive Malware : SANTA BARBARA, Calif.–(BUSINESS WIRE)–Lastline, Inc., a new provider of active malware defense solutions for businesses, has released a new report, “The Security Threat of Evasive Malware,” that looks at how malware authors are able to exploit the limited visibility of automated malware analysis systems (sandboxes) and ensure that targeted attacks and zero day exploits remain successful. The report concludes that the use of stalling codes is resulting in a growing trend of evasive threats.
“Malware authors have been using evasive techniques for years, and those techniques are becoming more and more complex,” said Chris Kruegel, Chief Scientist at Lastline. “It’s a game of cat and mouse as once a solution to an evasive threat is discovered, the malware authors go back to the drawing board and find another way to avoid detection.”
To read more click here:
Cloud Security Falls Short … But Could Be Great
An Interesting article from Dark reading on cloud Security: SAN FRANCISCO — RSA CONFERENCE 2013 — Public cloud services could have better security than the vast majority of corporate on-premise networks, but today’s tools fail to provide needed protections, and providers and security firms fall short of the cooperation necessary to build security into the cloud.
Companies need to improve the performance of security tools that run in the cloud, add multitenancy, and make the management of cloud infrastructure easier, David Apsrey, vice president of cloud security for Trend Micro, told attendees during the Cloud Security Alliance (CSA) Summit, which took place the day before the start of the RSA Conference. Cloud service providers need to give security higher priority in their businesses, while security companies need to provide tools that are created to thrive in highly virtualized environments, he said.
To read more click here:
Google patches ‘loophole’ in two-factor verification system
An Interesting article in NBC News technology security section: A security firm found it could bypass Google’s two-step login verification process, reset a user’s master password and gain full control of the account “simply by capturing a user’s application-specific password.”
Application-specific passwords are passwords generated by Google that you can opt to use instead of your master password. They are long and awkward, and the whole point of them is that they aren’t really something you’d ever remember or even store anywhere. The trouble was, users were led to think they could only be used once, but Duo Security said, in a report, that they could in fact be used anywhere — and without a second point of authentication. The trick for the hacker was to obtain the application-specific password, and that’s really hard.
To read more click here:
Second iPhone passcode hack vulnerability discovered
An article on Naked Security about iphone vulnerability : Researchers are having a fun time with iOS 6.1 passcode locks this month, with Vulnerability Lab having discovered a second version of a vulnerability that lets a hacker slip past a lock screen to access a user’s contact list, voicemails and more.
The first vulnerability, which popped up on YouTube earlier in the month, entailed this laundry list of steps, brought to us courtesy of Naked Security’s Paul Ducklin:
To read more click here:
EADS, ThyssenKrupp attacked by Chinese hackers: report
An Interesting article in NBC News technology section: FRANKFURT (Reuters) – Airbus parent EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012, German magazine Der Spiegel reported, citing unidentified people within the two companies.
That is a trend seen throughout the German economy, where companies are increasingly being attacked by Chinese hackers, the magazine said, citing information from the German government.
To read more click here:
Microsoft says small number of its computers hacked
An Interesting article in NBC News technology section: SEATTLE (Reuters) – Microsoft Corp said on Friday a small number of its computers, including some in its Mac software business unit, were infected with malware, but there was no evidence of customer data being affected and it is continuing its investigation.
The world’s largest software company said the security intrusion was “similar” to recent ones reported by Apple Inc and Facebook Inc.
To read more click here:
