Latest tweetsConvergence is not always good, especially if you are working in secured environments like military and financial institutions where cameras are often not allowed. This geek heard of someone who literally put a nail through his phone’s camera in order to convince the guard to let him through with his phone. So here’s another option, at least one company’s making an effort for this niche segment of the market.
(More info after the break)
When 2009 came to a close, Symantec made a few predictions regarding what online security trends that were expected in 2010. They have just released this mid-year status check, pretty interesting. Check it out:
Prediction #1
Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as Reputation-Based Security, will become key in 2010.
Status: On track
Reasoning:
Adobe has issued a security advisory announcing a new zero-day vulnerability (CVE-2010-1297) that is being exploited in the wild against both Adobe Flash Player, Adobe Reader and Adobe Acrobat. The vulnerability is present in the Adobe software for platforms including Windows, Macintosh, Solaris, Linux or UNIX.
Symantec Security Response has confirmed that the attack involves Trojan.Pidief.J, which is a PDF file that drops a back door onto the compromised computer if an affected product is installed. Upon analysis of an attack, it is also observed thata malicious SWF file (detected as Trojan Horse) is used in conjunction with an HTML file (detected as Downloader) to download another malware (detected as Backdoor.Trojan) from the web.
Possible ways of attacks:
Search engine results poisoned with links to fake antivirus software have been a constant problem for Internet users. However, it is an effective way for cyber attackers to infect users’ machines. Google recently presented a research paper regarding websites that offer fake antivirus software and part of Google’s research shows that search engine results can lead to such pages. The presentation demonstrates that Google is working hard at preventing these search poisoning attempts.
According to Symantec’s Report on Rogue Security Software, the culprits of these “toxic” search results are typically scam perpetrators who use
Had an interesting and eventful Saturday where I was invited to share at the PAYM Policy Forum @ Hong Kah GRC & Chua Chu Kang SMC. The discussion eventually centered more around policy making for online dangers i.e. what we more commonly know as cyber wellness topics like cyber security, cyber bullying, etc. There was a fair bit of discussion around Facebook privacy issues, especially since I mentioned that last week I could actually see very private information about my Facebook friends like their chat conversations, etc. Some of the tech65 guys were there which made the conversation more interesting. Of key discussion was whether the onus of cyber wellness and safety rested on the individual, the parents, the education system, or for that matter, the government.
After that,
Making data protection more intelligent, policy-driven and easy-to-manage while ensuring information is protected at rest, in use and in motion
SINGAPORE – May 7, 2010 – Symantec Corp. (Nasdaq: SYMC) announced that it has signed definitive agreements to acquire PGP Corporation and GuardianEdge Technologies, Inc., two privately-held leaders in the email and data encryption market, which will extend its ability to help customers secure and manage their most critical information. Under the terms of the agreements, Symantec will acquire PGP Corporation for a purchase price of approximately US$300 million in cash and GuardianEdge for a purchase price of approximately US$70 million in cash. The agreements are subject to customary closing conditions, including regulatory approvals, and are expected to close during the June quarter.
Encryption technology is an important element of an information-centric security solution, as critical information is increasingly on mobile devices and in the cloud. State and national governments are enacting more stringent and costly compliance mandates, such as the HITECH and UK Data Protection Acts, which are driving the need to encrypt sensitive information and protect an individual’s privacy. Also, the increased costs and frequency of data breaches are driving the adoption of encryption as companies strive to mitigate risk and protect their critical information from cybercriminals.
By bringing together PGP and GuardianEdge’s standards-based encryption capabilities for full-disk, removable media, email, file, folder and smartphone, with Symantec’s endpoint security, data loss prevention and gateway security offerings, Symantec will have
Symantec Corp announced its channel strategy and vision at the inaugural Asia Pacific and Japan (APJ) Symantec Partner Engage 2010 Conference in Sanya, China. This announcement includes planned enhancements to the Symantec Partner Program which focuses on helping partners differentiate their business, maximise sales opportunities and accelerate profitability. Under the enhanced program which will go into effect at the end of 2010, Symantec will put an increased focus on driving partner competence in key solutions areas and providing partners with more resources, tools, incentives and sales support.
During the conference, Symantec also announced the recipients of its 2010 APJ Partner Awards. The Symantec Partner Awards recognise channel partners that have demonstrated innovative delivery of services and solutions to customers during the past year as well as acknowledge their dedication and commitment. The award winners are selected on criteria such as overall performance in revenue, deal registration, technical and marketing investments, customer service excellence and certification.
The winners included Singapore firm Imperium Solutions Pte Ltd, which clinched the Symantec Partner Innovation Award.
Full details in the Press Release after the break:
Symantec researchers have observed the public availability of source code for a Trojan targeting users of Skype VoIP (Voice over IP). The Trojan has the capability to record Skype calls and send the conversations via an MP3 file back to the attacker, essentially acting as a wiretap and compromising confidentiality of a Skype phone call.
The Trojan is detected by Symantec as Trojan.Peskyspy and can be downloaded to a computer by way of tricking the user with an E-mail scam or other social engineering tactic. Once a machine has been compromised by this threat, the threat can use an application that handles audio processing within a computer and save the call data as an MP3 file. This MP3 is then sent over the Internet to a predefined server where the attacker can then listen to the recorded conversations. Recording the call as an MP3 keeps the size of the audio files low and means there is less data to be transferred over the network, helping to speed up the transfer and avoid detection.
The Trojan is targeting Read more…
Tags: government, mp3, peskyspy, skype, trojan
Internet-savvy users looking for free movies to watch online may unwittingly fall prey to attackers’ latest ruse — using new movie releases to distribute malware — and both Windows and Mac users are equally at risk. Symantec Security Response has observed that this current trick is to host a blog on a reputable website, which in actual fact redirects you to a malicious website hosting malware.
Symantec Security Response has a very detailed article explaining how this happens. Check it out.
Tags: Emerging Threats, Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
A friend’s twitter account just got hacked yesterday, thought this notice from Symantec is quite timely:
Symantec Security Response is currently monitoring the reported distributed denial of service (DDoS) attacks on Twitter and Facebook. Users visiting the Twitter and Facebook sites may notice a slowdown in service, or they may not be able to gain access to the site at all.
It is not known at this time if Read more…
Tags: DDoS, denial of service, facebook, hack, hacked, hacking, malware, Symantec, twitter
