NEWS - May 19, 2011

New version of EMET is now available

From Microsoft's Security Research & Defense Blog:

Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge.

The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making "current" exploitation techniques harder and less reliable. Users interested in finding out more about EMET can read more here.

EMET has a proven track record of stopping real-life attacks, as we have detailed in our previous blog-posts here , here and here.

This release marks a big milestone for EMET since this is the first version that is available as an officially-supported product. Support will be forum based available here.

Continued (with list of new features) here:
Discussion is locked
Reply to: NEWS - May 19, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - May 19, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Google stamps out possible Android data leak (Brief)

With the security world still gently smoking following Sony's recent data breach, online search giant Google Inc. has moved quickly to quash a potentially embarrassing user information leak connected to its Android operating system.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts," a Google spokesperson outlined to PCMag on Wednesday.

Android users currently throwing worrying glances towards the pummelled PlayStation Network need not fret, according to Google, which has said the fix will be installed automatically and will be rolled out globally over the next few days.

Worries regarding the leak emerged on Tuesday when technology researchers at Germany's University of Ulm claimed 99 percent of Android devices running version 2.3.3 or earlier were open to possible attack due to a dodgy ClientLogin authentication protocol.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," wrote the trio of researchers in their announcement. "The short answer is: Yes, it is possible, and it is quite easy to do so."

Google has not said how many Android users could have been affected by the security gap if it had gone unchecked.

Google rolls out security fix for Android data leak flaw
Google fixes Android Wi-Fi security hole
Patch for Android authentication flaw only fixes part of the problem

- Collapse -
Siemens SCADA hacking talk pulled over security concerns

"Siemens was unable to fix the issue in time for the TakeDownCon security conference"

A planned presentation on security vulnerabilities in Siemens industrial control systems was pulled Wednesday over worries that the information in the talk was too dangerous to be released.

Independent security researcher Brian Meixell and Dillon Beresford, with NSS Labs, had been planning to talk Wednesday at a Dallas security conference about problems in Siemens PLC (programmable logic controller) systems. These are the industrial computers widely used to open and shut valves on factory floors and power plants, control centrifuges, and even operate systems on warships.

But the researchers decided to pull the talk at the last minute after Siemens and the U.S. Department of Homeland Security pointed out the possible scope of the problem, said Rick Moy, CEO of NSS Labs. His company had been working with DHS's ICS CERT (Industrial Control Systems Cyber Emergency Response) group for the past week-and-a-half trying to get the issues resolved. "The vendor had proposed a fix that turned out not to work, and we felt it would be potentially very negative to the public if information was put out without mitigation being available," he said.

It is common for security researchers to talk about security bugs once the software in question has been patched. But if the vendor can't get the issue fixed in time, that can create problems for security researchers, who may be expecting to talk about the issue at a hacker conference.

Continued :

Stuxnet-style SCADA attack kept quiet after US gov tests
SCADA hack talk canceled after U.S., Siemens request

- Collapse -
New Microsoft Security Essentials 2.0 Antimalware Engine
New Microsoft Security Essentials 2.0 Antimalware Engine Released

A new Microsoft Security Essentials Antimalware Engine release is now available to customers leveraging version 2.0 of the free security solution.

The software giant announced as early as the past week that it was going to kick up a notch the antimalware technologies under the hood of Microsoft Security Essentials 2.0.

The company delivers MSE refreshes on a regular basis, monthly almost, and the May 2011 update is no exception to this rule.

And since the antimalware engine is shared by many of the company's solutions, it's not only MSE 2.0 users that will get the update.

According to Microsoft, in addition to Microsoft Security Essentials 2.0, Forefront Client Security (FCS) and Forefront Endpoint Protection (FEP) will also receive the new version of the antimalware engine.

"Antimalware Engine 1.1.6903.0 is released to all MSE, FCS, FEP customers on 18 May 2011. Signature package is the first that contains this engine," the Redmond company confirmed.

With the advent of the Security Intelligence Report volume 10 the past week, the company also noted that MSE continues to be successful, although the company did not release any new adoption figures beyond those offered in 2010.

Last year, the software giant revealed that MSE had been downloaded in excess of 30 million times.

But there's another clue pointing to the real-world success of Microsoft Security Essentials. Win32/FakePAV, a rogue antivirus masquerading as MSE was right on track to becoming the second most prevalent piece of scareware in the second half of 2010, according to SIRv10.
- Collapse -
Where Are The Online Predators Hanging Out?

McAfee Blog Central:

Since becoming McAfee Chief Cyber Security Mom, I have heard many people in the Internet Safety arena say that it is more likely for your child to get hit by a car than for them meet a pedophile online. I understand their argument; they don't want to create hysteria about something that is unlikely to happen. But in my mind there is a problem with that vein of thought. A good friend of my son got hit by a car two years ago and aren't my kids are less likely to get hit by a car because I teach them how to cross the street starting as soon as they can walk?

So when I saw this post by the FBI, I decided that I would do a post about online predators right away. This sentence sunk into my brain immediately:

"When a young person visits an online forum for a popular teen singer or actor, Wing said, "Parents can be reasonably certain that online predators will be there." It is believed that more than half a million pedophiles are online every day."

The criminal goes where the people are, right? The article goes on to explain how pedophiles once went to parks and zoos, now frequent the websites kids go to such as fan sites and gaming websites. Kids often share so much personal information online, sometimes the predator can get enough information about a child before they even contact them or send a friend request.

I urge you to read this article in its entirety and watch the video if you have kids. Nothing is more important than keeping them safe.

1. Talk to your kids about strangers they meet online starting with the littlest surfers. You don't have to scare them to get them to understand that a person they meet online can be very different from the image they put forth.

2. Teach kids how to protect their online identity by using aliases, never sharing personal information such as school, address, photos, etc online, and to never meet anyone they meet online.

Continued :

- Collapse -
Spam and Phishing Landscape: May 2011

Symantec's Connect Blog:

The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline and send a variety of spam messages leveraging the event. The "Fallout from the Death of Osama Bin Laden" section includes samples of some of the spam monitored in different languages.

The effect of the Rustock shutdown from the previous month continued this month. After falling 27.43 percent in March, the average daily spam volume fell another 5.35 percent in April. Compared to a year ago , it is down 65.42 percent. Overall, spam made up 74.81 percent of all messages in April, compared with 74.68 percent in March. Going back a year, the percentage of spam was 89.22 in April 2010.

To find out more, click here (pdf) to download the May 2011 State of Spam & Phishing Report, which highlights the following trends:

• Fallout from the Death of Osama Bin Laden
• Spammer Wishes You Happy Mother's Day
• Let the Games Begin!
• Free Coins for Online FIFA Players
• April 2011: Spam Subject Line Analysis

Best email practices are:

Do Not:

Continued :

- Collapse -
Fake AV Bingo


Can you guess which domains the crooks behind the Fake Anti-Virus Scam are going to use next ? Well, neither can we. But for several weeks now, they are hosting a lot of their bad stuff out of, geo-located in lovely Russia (where else?).

A passive DNS collector like BFK/RUS-CERT can help to turn this IP address back into the domain names currently in use. Here's an excerpt from the resulting list, all in all 165 domains of badness. [Screenshot]

Several of these domains were "found" by our readers via the poisoned Google image searches that we reported earlier this month, and also via malicious advertisements embedded in perfectly benign web pages.

If you Apple Mac users now feel all safe, think again! As we mentioned earlier, Fake AV has made its appearance on Macs, where naive automatic download-and-run default settings in browsers still are common, and where "MacDefender" and its expected numerous successors and variants are likely to become as "successful" for the bad guys as their Windows version has been for years.

Fake AV Bingo? The only winning move is not to play.

- Collapse -
Security Faces Greatest Threats from Insiders, Human Errors
Database Security Faces Greatest Threats from Insiders, Human Errors: Study

"A study among database professionals reveals the biggest concerns about data breaches come from fellow employees and mistakes."

Database professionals see malicious insiders and human error as the biggest risks to database security, not external intruders, according to a recent research study.

In a study of 216 members of the International Sybase Users Group, more than half of the respondents felt that human error was the biggest risk to the organization's data security, Application Security said May 18. The database security vendor commissioned the study with Unisphere Research.

About 56 percent of non-financial organizations in the survey felt that human error was the biggest challenge and 24 percent said malicious insiders abusing privileges was the greater threat, according to the study. The numbers were even more striking amongst financial services organizations in the study, with 77 percent concerned with human error. About 48 percent of the respondents in financial services organizations worried about insiders misusing privileges. Nearly a quarter of the total respondents came from financial services organizations.

"The threat comes from inside, and usually is accidental," a database administrator with a manufacturing company told researchers from Unisphere Research.

Their concerns seem to have some grounding in reality, as nearly two-thirds of the organizations that had a data breach over the past few months reported it was either human error or an insider attack. Databases and associated Web applications were the most frequent targets.

Information security needs to be applied "just as forcefully" within the enterprise as outside, according to Joe McKendrick, lead analyst at Unisphere Research and author of the report. Organizations often fail to protect information that moves between departments or between business partners, according to McKendrick.

Continued :

CNET Forums