Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Patch Tuesday January 2014 - Security Bulletins from Microsoft, Adobe and Oracle

0
0

Microsoft Security Bulletin

On Tuesday the 14th of JanuaryMicrosoft released the monthly Security Bulletin Summary for January 2014. The summary includes 4 Security Bulletins that cover altogether 6 CVEs - all are classified as important:

 

  • MS14-001    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Vulnerability impact: Remote Code Execution
Word Memory Corruption Vulnerability    CVE-2014-0258
Word Memory Corruption Vulnerability    CVE-2014-0259
Word Memory Corruption Vulnerability    CVE-2014-0260

  • MS14-002    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Vulnerability impact: Elevation of Privilege
Kernel NDProxy Vulnerability - CVE-2013-5065

  • MS14-003    Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)

Vulnerability impact: Elevation of Privilege
Win32k Window Handle Vulnerability - CVE-2014-0262

  • MS14-004    Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

Vulnerability impact: Denial of Service
Query Filter DoS Vulnerability – CVE-2014-0261

 

For more information refer to:
Microsoft Security Bulletin Summary for January 2014
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
Symantec product detections for Microsoft monthly Security Advisories - January 2014
http://www.symantec.com/business/support/index?page=content&id=TECH213916

 

Oracle Critical Patch Update Advisory

Oracle released Critical Patch Update Advisory for January 2014 covering multiple security vulnerabilities in various Oracle products including Oracle DB and Oracle Java.

For more information refer to the following Advisory:
Oracle Critical Patch Update Advisory - January 2014
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

 

Adobe Security Updates

Adobe has released security updates for Adobe Reader, Acrobat XI, Adobe AIR and Adobe Flash Player. Those cover following products:

  •     Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
  •     Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
  •     Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
  •     Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh
  •     Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh
  •     Adobe Flash Player 11.2.202.332 and earlier versions for Linux
  •     Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh
  •     Adobe AIR 3.9.0.1380 and earlier versions for Android
  •     Adobe AIR 3.9.0.1380 SDK and earlier versions
  •     Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions

For more information refer to:
Security updates available for Adobe Reader and Acrobat - APSB14-01
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
Security updates available for Adobe Flash Player - APSB14-02
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

 


Event Queue Processing Performance Query - TECH183347

0
0
with Event Queue descriptions

Modified SQL Query from TECH183347 to add Queue descriptions to Queue numbers

Consider Security Before Building Your Nest

0
0

As we continue to connect ourselves and our lives to the greater consiousness of the Internet, we need to consider the potential implications on our security, privacy and benefits.

2014 Small Business Security Trends

0
0

Small businesses can benefit greatly by using the latest technologies to improve operational efficiency and innovation, but they can also open the door to a host of headaches. In 2014,  we will see continued consumer emphasis on privacy and the growth of Internet of Things and mobile, which will have a direct impact on small businesses and they way they do business.  

All eyes will be on protecting Privacy.

From scary headline news to a much needed wake-up call, consumers and small businesses are becoming more mindful about the amount of personal information that’s shared and collected on a daily basis.  In 2014, we expect to see privacy protection emerge as a feature in new and existing products.  But this new feature will inevitably spark a debate on whether or not these features actually provide real or meaningful privacy protection. Expect Tor, which enables online anonymity, to become a popular application across the spectrum of Internet users. You’ll also see a resurgence of users adopting aliases and fake names on social networking sites to protect their privacy.

Small business New Year’s resolution: Consider the information you’re collecting on your consumers and whether it is necessary. Be transparent about why you’re collecting certain data, and you’ll establish a more trusting relationship with your customers.

The “Internet of Things” becomes the “Internet of Vulnerabilitiesfor Small Businesses

Our devices are getting smarter and so must we.  With millions of devices connected to the Internet—and in many cases running an embedded operating system—expect more hackers to be hacking in 2014.  Security researchers have already demonstrated attacks against smart televisions, medical equipment, baby monitors and security cameras. Many of the companies building gadgets that connect to the Internet don’t even realize they have an oncoming security problem and therefore don’t have a friendly end-user method to patch these new vulnerabilities or notify customers when there is a vulnerability.  This poses serious and potentially debilitating problem for small businesses.

Small business New Year’s resolution: Consider the sensitivity of information accessed and stored via wearable tech in the workplace. Establish an “Internet of Things” employee policy about what can and cannot be used in the office or used to access your network.

Attracting trouble while social networking with customers.

New social networks attract scammers and cybercriminals the more they grow in popularity. Consider Instagram, which now boasts more than 130 million users. Small businesses are leveraging the visual social network to share artistic photos and promotions to drive engagement, but some spammers are taking advantage of this trend with gift card offers to get sensitive information. In order to redeem the offer, the user is asked to provide personal contact information like an email or a phone number. Symantec exposed some of these spam accounts and found that in the fine print (which isn’t even readily visible unless you scroll down), users are advised they will be presented with some third-party offers and that completing these does not increase their chances of winning. This type of spam can damage a small business’ online reputation if this is the experience existing and prospective customers have with their brand. Protect yourself and your customers by using security best practices no matter where you are on the Internet, or how you connect to it.

Small business New Year’s resolution: Carefully consider what social communities best fit your brand before creating a presence on all the latest social networks.

What technology trends are you planning to adopt for your small business in 2014?

Snapchat Spam: Sexy Photos Lead to Compromised Branded Short Domains

0
0

A few weeks after our blog post about porn and secret admirer spam targeting Snapchat users, a new spam campaign using sexually suggestive photos and compromised custom URLs is circulating on the photo messaging app.
 

image1_21.png

Figure 1. Snapchat spam
 

Each of these spam messages includes a request to “Add my kik”, along with a specially crafted user name on the Kik instant messaging application for mobile devices.
 

image2_12.png

Figure 2. Snapchat with a digital camera? It’s a trap!
 

After engaging these spam bots on Kik Messenger, this spam campaign is using a type of spam chat bot-script we discovered on Tinder last summer.
 

image3_12.png

Figure 3. Spam bot using a familiar chat script on Kik
 

An interesting discovery from this campaign is the use of compromised custom URLs belonging to small websites and popular brands. Spammers have found a way to create their own links using branded short domains in order to entice users into a false sense of security.
 

image4_6.png

Figure 4. Well-known branded short domain directs users to spam
 

The following are some of the compromised branded short domains we identified:

  • usat.ly (USA Today)
  • cbsloc.al (CBS Local)
  • on.natgeo.com (National Geographic)
  • nyp.st (New York Post)
  • on.mktw.net (Marketwatch)
  • mirr.im (Daily Mirror)
  • red.ht (Red Hat)
  • invstplc.com (Investorplace)
  • mitne.ws (MIT News)

image5_4.png

Figure 5. Stats page for compromised short URL
 

Hidden behind the branded customized URLs are affiliate marketing links directing users to sign-up for adult webcam sites.

Symantec has been working closely with Bitly to investigate and shut down any spammer use of branded short URLs. Bitly has confirmed that some spammers obtained Bitly API keys belonging to various brands. Some of the brands affected used the AddThis social bookmarking service who recently stopped requiring users to reveal their API key in plain text as part of the AddThis website embed code.
 

image6_1.png

Figure 6. Note from AddThis support page regarding API key safety
 

Public exposure of API keys gives anybody the ability to compromise accounts and, in this case, create short URLs using other people's domains.

Users of the AddThis service should refer to this support article on how to secure API keys. Bitly users should follow Bitly API best practices to ensure the security of API keys.

The recent spam campaign targeting Snapchat users should not be surprising. Scammers and spammers will always target new and popular apps—like Snapchat—as soon as they gain a large enough user base. To prevent spam snaps from appearing in your Snapchat feed, Symantec recommends users change their Snapchat privacy settings to receive snaps from “My Friends” only and use caution when receiving unsolicited messages or friend requests.

休暇ぼけを狙ってマルウェア攻撃を仕掛ける詐欺師

0
0

詐欺師がインターネットユーザーの気の緩みを狙うのは、特に驚くことでもありません。

シマンテックは、ホリデーシーズン後の数日間にわたって、新たにマルウェアが増加していることを確認しました。休暇が終わると、重要なメッセージを見逃していないかどうかを確かめるために、多くのユーザーがツールや電子メールを確認します。スパマーはそこを狙って、ユーザーが電子メール中の悪質なリンクをクリックすることに期待を掛けているのです。

今回の一連の攻撃では、スパマーはユーザーが緊急性の高い電子メールを開いて返信しようとするところを狙っています。実際にそうすると、マルウェアがユーザーのコンピュータに感染し、機密データが盗み出されてしまいます。

私自身も先週、有名なオンラインストアから送信されたように偽装した配達不能通知を受け取りました。休暇で留守にしていた間に、いくつか荷物を届けることができなかったという内容です。

最初は、何も注文していないのになぜこのような通知が届いたのかいぶかり、ひょっとしたら思いがけないプレゼントなのかもしれないと考えました。しかし、電子メール中のリンクをクリックする前にステータスバーを確認したところ、そのリンクは詐称されたもので、さらに電子メールで使われている言葉遣いや文法上の誤り(図 1 を参照)を見て、疑惑は確信に変わりました。

figure1_10.png

図 1. 文法上の誤りと悪質なリンクが含まれたスパムメール

同様に、スパマーが別の有名ブランドに偽装し、請求書に見せかけて悪質なリンクを埋め込んでいる電子メールも受け取りました。幸い、正規のブランドで使われているテンプレートとは違いがあり、偽装した電子メールのヘッダーはまったく無関係のものでした。さらに調べてみると、埋め込まれているリンクにはマルウェアが仕掛けられていました。図 2 に示すように、スパムには乗っ取られた URL が使われています。
 
figure2_9.png
図 2. 配達不能通知に見せかけた別のスパムメール

さらには、見ず知らずの人の葬儀に招待する電子メールも受け取ったことがあります。私はまず、その家族を知っていたか、または大学時代の友人だった、あるいは近所に住んでいたかどうか確認し始めましたが、そのうち電子メール中のリンクが悪質なものであることに気が付きました。

figure3_5.png
図 3. 葬儀を案内するスパムメール

こうしたスパムメールに対して、ユーザーは 2 つの方向からアプローチする必要があります。警戒しながら電子メールをふるいに掛けることと、詐欺師の間違いを見抜けるようになることです。

こういったスパムメールでは、文法上の誤りや、文構造の不備が多く、ある小売業者に偽装しておきながら電子メールヘッダーはその競合他社になっているといった偽装戦術の失敗も見受けられます。乗っ取られたドメインと URL を順々に使い回す手口も使われますが、それが偽装したブランドや企業と無関係という場合もあります。

ホリデーシーズン後の憂鬱な気分を乗り越える一方で、電子メールを扱う際には警戒を怠らず、休暇ぼけを詐欺師に悪用されないように注意してください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

大きく復活した .zip 添付スパム

0
0
スパマーは、長らく途絶えていた古い手法を再び使い始めています。.zip ファイルを添付し、ユーザーを欺いて圧縮形式のマルウェアを実行させるという手口です。以下のグラフは、.zip ファイルが添付されたスパムメッセージが、シマンテックの Global Intelligence Network(GIN)で過去 90 日間にわたって検出された件数を示しています。
 
figure1_6.png
図 1. .zip が添付されたスパムメッセージの過去 90 日間にわたる検出件数
 
1 月 7 日を見ると、シマンテックの GIN に届いた .zip 添付スパムのうち 99.81% が、「BankDocs-」の後に 10 桁の 16 進数が続く形式のファイル名でした。
 
figure2_7.png
図 2.「BankDocs-」で始まるファイル名の .zip が添付された電子メール
 
翌 1 月 8 日になると、99.34% が、「Invoice-E_」の後に 10 桁の 16 進数が続くファイル名になりました。
 
figure3_3.png
図 3.「Invoice-E_」で始まるファイル名の .zip ファイルが添付された電子メール
 
さらに翌 1 月 9 日には、98.94% が、「Early2013TaxReturnReport_」の後に 10 桁の 16 進数が続くファイル名になります。
 
figure4_2.png          
図 4.「Early2013TaxReturnReport_」で始まるファイル名の .zip ファイルが添付された電子メール
 
そして 1 月 10 日には、98.84% が「[ブランド名は編集済み]_December_2013_」の後に 10 桁の 16 進数が続くファイル名でした。
 
figure5_0.png
図 5.「[ブランド名は編集済み]_December_2013_」で始まるファイル名の .zip ファイルが添付された電子メール
 
これらの例は、ファイル名と MD5こそ異なっていますが、すべて同じマルウェアが仕掛けられており、シマンテックはこれを Trojan.Zbotとして検出します。Trojan.Zbot は、侵入先のコンピュータから機密情報を盗み出すことを主な目的としたトロイの木馬です。
 
1 月 10 日以降、スパム量は通常レベルに戻っているので、大規模な攻撃は今のところ沈静化しているようですが、スパマーがまた大きな攻撃活動を仕掛けるのは時間の問題でしょう。ウイルス対策ソフトウェアは常に最新の状態に保ち、不明な送信者から届いた添付ファイルは開かないようにしてください。
 
 
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

What does having an SSL certificate mean for a website?

0
0

An SSL certificate is the internet’s symbol for security on a website. It means that the internet user is protected for all the data that they provide on that website.


Vertical Password Guessing Attacks Part II

0
0

In the last installment we planned the vertical password guessing attack and optimized our wordlist. Now let's get our hands dirty! Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. However, for the purposes of this exercise we'll use Burp Suite Pro, the Swiss Army Knife of web application penetration testing. We'll leverage Burp Intruder functionality to launch the password guessing attack. Note that Burp Intruder functionality is only available within the commercial Burp Suite Pro, not the free Burp Suite. However, at only $299 per user per year, Burp Suite Pro is an outstanding value.

Let's get this party started! For the purposes of this exercise we'll examine the Symantec Connect login page at https://symaccount.symantec.com/SymAccount/index.jsp. Once your browser is configured to user Burp as a proxy (you can disable intercept functionality), submit the login page and identify the login request within Burp by navigating to the "Proxy" tab and then selecting the "History" subtab:

Screenshot_1.png

Right click on the applicable login request and select "Send to Intruder" (or just hit Ctrl-I). Now navigate to the "Intruder" tab and select the "Positions" subtab:

Screenshot_2.png

Click the "Clear §" button in order to clear the automatically selected payload positions. I know what you're thinking. Seeing that § symbol makes you want to blast some righteous TheArtistFormerlyKnownAsPrinceThatIsNowOnceAgainKnownAsPrince tunes on your stereo. Well let's don our Raspberry Berets and Party Like It's 1999! Wait a second, then we might be browsing with Netscape Navigator or Lynx. In any case, change the username parameter to your target username and then highlight the value of the password parameter and click the "Add §"" button in order to set the payload position:

Screenshot_3.png

Now select the "Payloads" subtab and click the "Load..." button within the "Payload Options (Simple List)" section. Select your optimized wordlist and click the "Open" button. Your wordlist will be displayed: 

Screenshot_4.png

In this case I added the "correctPassword" entry to the wordlist. And no, my Symantec Connect password is not really "correctPassword". Finally navigate to the "Intruder" menu and select "Start Attack". Burp will launch another window to display the results of the password guessing attack:

Screenshot_5.png

You can identify successfully guessed passwords several ways:

  • Response Code – Depending on the application, the HTTP response code can often be utilized to differentiate successful versus unsuccessful login attempts. Click on the "Status" column header within Burp Intruder in order to sort by the response code. In this case the Symantec Connect authentication page returns a 302 Moved Temporarily response for successful login attempts but a 200 OK response for unsuccessful login attempts. As an aside, web applications should always return a 302 Moved Temporarily redirect upon successful login. If the web application returns a 200 OK response, the web browser will store the authentication credentials, enabling attackers with subsequent browser access to masquerade as the victim by clicking the Back button until the browser resubmits the authentication credentials to the server. 
  • Response Length – Depending on the application, the response length can usually be utilized to differentiate successful versus unsuccessful login attempts. Click on the "Length" column header within Burp Intruder in order to sort by the response length. In this case the Symantec Connect login page returns a 1,046 byte response for successful login attempts but a 10,691 byte response for unsuccessful login attempts. Incidentally, the Symantec Connect login page returns a 6,228 byte response for the fourth and all subsequent login attempts. Can you guess why? If you said "that would be account lockout, Alex" you are correct. Unfortunately you did not phrase your answer in the form of a question. In any case, be sure to check for account lockout as discussed in the last installment. 
  • Response Body – Depending on the application, the response body can almost always be utilized to differentiate successful versus unsuccessful login attempts. In this case the Symantec Connect login page returns "302 Moved Temporarily" within the response body, indicating the redirect and successful login. Applications that do not implement a redirect typically include a telltale welcome message, application menu, or homepage content. Click the "Filter" box and enter the deterministic string in order to search response bodies within Burp Intruder.

Abracadabra! Together with Mary Poppins we have successfully launched a vertical password guessing attack! That saucy umbrella toting vixen was right, a spoon full of sugar helps the passwords go down, the passwords go down, the passwords go down!

 

Symantec Named a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms for 12-year Span*

0
0

Gartner Inc. has once again positioned Symantec as a Leader in the Magic Quadrant for Endpoint Protection Platforms (EPP) – a position Symantec has held for a 12-year span.¹ We believe this leadership position in the 2014 Magic Quadrant report, published January 8th, 2014, and Symantec’s recent positive vendor rating by Gartner² are indications of a strong product offering that performs well in detection, protection and performance.

According to the new Magic Quadrant report, which positions vendors based on their ability to execute and completeness of vision, “protection from common malware, as well as more advanced persistent threats, is the top critical consideration for EPP buyers.” The report further states that the rise of targeted attacks is “shredding what is left of the anti-malware markets stubborn insistence in reactive protection techniques,” and highlights the need for EPP solutions to be “more proactive and focus on the entire security lifecycle” to be successful in the future. We couldn’t agree more!

At Symantec, we believe organizations need to adopt a defense-in-depth strategy for effective endpoint protection. As such, Symantec Endpoint Protection leverages Insight (reputation-based security) and SONAR (behavioral-based security), Network Threat Protection, Device and Application Control, along with traditional antivirus technologies to deliver powerful layers of protection to our customers to catch threats the traditional security solutions miss.

Symantec Insight provides context based on age, association and the prevalance of a file to create a reputation score– giving organizations the ability to easily block files based on risk tolerance and reputation. SONAR is the main engine of Symantec’s behavior-based protection technology, analyzing application behaviors to determine what an application actually does (versus what it looks like) to provide effective, non-invasive protection from previously unseen zero-day threats. Network Threat Protection analyzes incoming data streams that arrive onto a user’s machine via network connections and blocks threats before they hit the system. In the last year, over 51 percent of the overall threats stopped by Symantec were stopped by these three, proactive, non-signature based technologies.

Servers represent a special endpoint type with specific needs. Symantec addresses these as well with Symantec Critical System Protection which employs a combination of host-based intrusion detection (HIDS), intrusion prevention (HIPS), and least privilege access control, to help organizations proactively safeguard heterogeneous server environments and the information they contain. Both Symantec Endpoint Protection and Symantec Critical System Protection are ideal for securing both physical and virtual environments.

While Symantec Endpoint Protection was one of our products evaluated by Gartner for the 2014 Magic Quadrant report, we see our leadership position as reflective of our broad portfolio and management capabilities and performance against malware, including Data Loss Prevention, Drive Encryption, Endpoint Management and Mobile Management Suite.

We encourage our customers, prospects and partners to review the latest research from Gartner and learn more about the best ways they can protect their environments and information from attacks. Please go here to gain access to the full report.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

¹ Ten reports published since 2002; previous titles include the Magic Quadrant for Enterprise Antivirus

² Vendor Rating: Symantec, November 21, 2013, G00255306

Symantec Intelligence Report: December 2013

0
0

Welcome to the December edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.

This month, we see the email virus rate increase for the second month in a row, reaching an annual high of one in 164 emails.

Targeted attacks continue to focus on the Service-related industries, both in the professional and non-traditional realms. Two out of every five targeted attacks appear to be focused on these Service categories.

We also saw an increase in the overall number of data breaches reported in December, many of which occurred in previous months. Many of these disclosures from earlier in the year could be due to various regulations and/or laws requiring the disclosure of a breach during the year it occurred.

In other news, the number of mobile malware variants has declined for the third month in a row, and global spam rate has increased this month, after a two month decline.

We hope you enjoy the December Symantec Intelligence Report. You can download your copy here.

Staying CyberStreetWise

0
0

A UK Government public awareness campaign Cyberstreetwise.com launched this week, aiming to help educate UK consumers and small businesses about online security. The campaign, running for three months via radio, outdoor and online advertising, offers tips to help people improve their performance online, and help keep important and personal information safe.

120px_cyberstreet_partners.jpg

We know that most of the UK population are not doing enough to protect themselves, leaving themselves open for cybercriminals to access their data and abuse their personal info, tricking them into downloading malware.

Cyberstreetwise is advising people in the UK to adopt a few simple online behaviours to make them and their families safer, such as:

  1. Using strong, memorable passwords
  2. Installing internet security software on new devices
  3. Checking privacy settings on social media
  4. Shopping safely online – always ensuring to check online retail sites are secure
  5. Downloading software and the application of patches when prompted

Have a look at the site – and your own personal devices - and please spread the word. Be Cyberstreetwise! 

Targeted attacks and the rise of "Hackers for Hire"

0
0

Targeted attacks were the main focus of our September 2013 Intelligence Report. There's good news and bad news: on the upside, such threats are lower than this time last year, even though they have still increased since two years ago. To give an idea of the diversity of attack types, we highlighted the following examples over the month:

The broader most targeted attacks are aimed at service and government bodies, possibly because these are the softest targets. In terms of company size, 24% of compromised organisations are under 250 employees, 41% are above 2500 and the remaining 35% are in the middle. The numbers of smaller companies being targeted is increasing, suggesting that such attacks are quickly moving into the mainstream and becoming increasingly more, well, targeted-  company size is not as important a criterion as, say, quality of information.

As well as the overall theme that attack techniques are continuing to evolve and improve, it is 'hackers for hire' examples that have really made us sit up. In a white paper on the subject, we describe the activities of shady organizations such as Hidden Lynx, which have been set up to offer services to other groups.

We shouldn't be surprised that financial companies - those involved in asset management, investment banking, mergers and acquisitions - are the ones most targeted by such groups: after all, according to the old adage, "That's where the money is." Geography doesn't appear to be a limitation - while many attacks are currently in South Korea and Japan, a major attack cited by the paper (VOHO, which involved a 'watering hole' campaign) was in the US.

We know from available data that such attacks are not only increasing, but the organizations involved are becoming more corporate. Hidden Lynx appears to be a highly professional outfit, the goal of which, states the report, is to "gain access to information within organizations in some of the wealthiest and most technologically advanced countries across the globe."

We do not believe that the information being accessed is particularly easy to sell in its own right; this, coupled with our understanding that the market for financial data such as credit card details is already saturated, leads us to believe that such organizations are providing 'hackers for hire'.

A darkly vibrant market in hacking services is developing for such organizations, with Hidden Lynx leading the pack and, essentially, showing others how it is done. The message is clear: leaving confidential information only weakly protected is like entering a war zone without armor. You might not get hit, but any idea of 'security by obscurity' should be consigned to the past.

Even if you do not fully appreciate the value of your information and the importance of protecting it, the chances are, others will.

Enabling Mobile Workers Just Got Easier

0
0
The Symantec Mobile Sealed Program is Now Available!

Today, we’re excited to announce the availability of the Symantec Sealed Program that enables enterprises to adopt their choice of third-party mobile apps without compromising the enterprise-level security they need to protect critical information. The Sealed Program (part of Symantec App Center) delivers an ecosystem of trusted and secure third-party mobile apps, allowing enterprises to provide a protected mobile workspace for end-users. Enterprises can manage and distribute the Symantec Sealed third party apps in the same protected way that they would manage their in-house developed apps protected and managed by Symantec App Center.

Mobile workers—that’s the term you hear often because that’s what we are.  We have always used our laptops to stay productive while “on-the-go”.  With smartphones and tablets, mobility just got a lot easier.  We might even attribute this to the millions of mobile applications that are available for entertainment, communication and more importantly, productivity.

Mobile users rely on their smartphones and tablets to stay productive, especially when they are on the road.  More importantly, they rely on mobile apps to quickly access their data from any device on any network from any location.  Apps and app management (MAM) have, therefore, become increasingly more important than device management alone.

Many enterprises are now considering mobilizing their core business processes to leverage the mobility trend and establish the edge they need to stay competitive.  While enterprises could build their own apps, they may not have the time or resources to build the app or protection into the app.  Symantec Sealed Program bridges this gap by offering a growing number of popular apps that are already protected.

For more information about our Sealed program, or to see a list of protected apps in the marketplace, click HERE.

Mobile App Developers

Joining the Sealed program is super simple.  Once you sign up for the program you’re given tools to wrap your apps quickly.  In a matter of minutes, mobile apps acquire policy-driven security controls—without requiring any additional coding or software development costs.  A delighted partner commented, “From the initial sign-on to getting our app wrapped in the Symantec Sealed program, and delivering it to device, was shockingly simple.”

Key mobile app security controls enabled by the Symantec Sealed Program include:

  • Encrypt mobile data
  • Enforce a secure (SSL) connection for wrapped apps to ensure secure HTTP data-in-transit and to block apps from going to unauthorized websites
  • Over-the-air (OTA) management of policy, including push, revoke, and remote wipe on an app-by-app basis
  • Enable/restrict copy/paste of data between managed apps within the secure workspace
  • Enable/restrict document sharing between managed apps within the secure workspace
  • Manage user authentication, re-authentication, and single sign-on (SSO) within the secure workspace
  • Enable/restrict offline access at the app level
  • Destroy data and disable apps on jailbroken (iOS) or rooted (Android) devices
  • Enable/restrict iOS 7 features: AirDrop®, AirPrint™, social media file sharing, Safari® reading list, iTunes® sharing, iCloud sharing

App Developers – Sign-up HERE to join the Symantec Sealed Program.

Connect Trusted Advisor Solves More Than 2,500 Questions

0
0
Congratulations to Trusted Advisor Marianne Van Den Berg

 

Marianne recently surpassed 2,500 solutions in the forums. In other words, she has solved more than 2,500 questions you have asked on the site.

Please join me in congratulating Marianne and thanking her for her expertise, her service, and her all-around awesomeness.

Screen Shot 2014-01-16 at 12.26.27 PM.png

 


Snapchat スパム: セクシーな写真のリンク先はブランド名入りの危殆化した短縮ドメイン

0
0

このブログで、Snapchat ユーザーを狙うポルノスパムと「隠れファン」スパムを取り上げてから数週間が経過しましたが、今度は性的に思わせぶりな写真に加えて、危殆化したカスタム URL を使う新しいスパム攻撃が Snapchat 上で出回っています。
 

image1_21.png

図 1. Snapchat スパム
 

スパムメッセージにはそれぞれ、モバイルデバイス用 Kik インスタントメッセージアプリ上の特別に細工されたユーザー名と、「Add my kik(Kik を追加)」というリンクが含まれています。
 

image2_12.png

図 2. デジタルカメラを構えた Snapchat は罠
 

Kik Messenger でこのようなスパムボットに応答すると、このスパム攻撃では昨年の夏頃にシマンテックが Tinder で発見したのと同じようなスパムチャットボットのセリフが使われます。
 

image3_12.png

図 3. Kik と同様のチャットのセリフを使うスパムボット
 

この攻撃で確認された興味深い特徴として、小規模な Web サイトや人気ブランドが所有しているカスタム URL が危殆化して利用されているという点が挙げられます。スパマーは、ユーザーに偽の安心感を植え付けるために、ブランド名の入った短縮ドメインを使って独自のリンクを作成するという方法を使用しているのです。
 

image4_6.png

図 4.有名ブランド名の入った短縮ドメインがユーザーをスパムに誘導
 

危殆化したブランド名入りの短縮ドメインとして、これまでに特定されている例を以下に示します。

  • usat.ly(USA Today)
  • cbsloc.al(CBS Local)
  • on.natgeo.com(National Geographic)
  • nyp.st(New York Post)
  • on.mktw.net(Marketwatch)
  • mirr.im(Daily Mirror)
  • red.ht(Red Hat)
  • invstplc.com(Investorplace)
  • mitne.ws(MIT News)

image5_4.png

図 5. 危殆化した短縮 URL の統計ページ
 

ブランド名の入ったカスタム URL にはアフィリエイトマーケティング用のリンクが設定されており、ユーザーはアダルト向け Web カメラサイトの登録ページに誘導されます。

シマンテックは Bitly 社と緊密に連携して、ブランド名の入った短縮 URL のスパム利用を調査し、見つかりしだい停止しています。Bitly 社によると、さまざまなブランドに帰属する Bitly API キーを入手したスパマーが存在するのは間違いないということです。影響を受けているブランドの一部は、AddThis というソーシャルブックマークサービスを利用していました。AddThis は、最近になって AddThis Web サイト埋め込みコードの一部として API キーを平文で公開するようユーザーに求めることを中止しています。
 

image6_1.png

図 6. API キーの安全性に関する AddThis サポートページの注意書き
 

API キーを一般に公開すると、誰でもアカウントを危殆化できるようになり、この場合には他者のドメインを使って短縮 URL を作成できることになります。

AddThis サービスをお使いの場合は、こちらのサポート記事で API キーの保護方法を参照してください。Bitly をお使いの場合は、Bitly API のベストプラクティスに従って、API キーのセキュリティを保証する必要があります。

Snapchat ユーザーを標的とする最近のスパム活動は、特に驚くことでもありません。詐欺師やスパマーは、人気のある新しいアプリをいつでも狙っています。Snapchat も同様で、ユーザー規模が十分に大きくなれば、たちまち標的になります。Snapchat のフィードにスパムスナップが表示されないようにするには、Snapchat のプライバシー設定を変更してスナップを「My Friends(友人)」からのみ受け取るようにすることをお勧めします。もちろん、迷惑メッセージや友人申請を受け取ったときには十分に注意してください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

"Manage > Software" SQL article has been updated

Automate and delegate common SEP tasks with workflow

0
0
There are too many service requests that are handled manually and spread across multiple systems, which are repeatable and are using several approval steps. That makes the service delivery both time consuming and cost inefficient. 
 
Zitac SEP Process Automation creates the right possibilities to make the SEP administration more efficient and increase the end user experience without affecting security. Zitac has today created a number of predefined automated processes that easily can be integrated in your environment with focus on:
 
  • Secure delegation of the SEP administration based on user or group specific needs
    - Firewall policies
    - Situation based policies. For example to allow USB connected storage devices
  • Manage Virus outbreaks by predefined automated processes
    - SMS alerts
     
  • SEP Group administration
    - In control of missing AD structure
     
  • Self service portal
    - The possibility to have one portal where all processes and functions can be easily accessed, controlled and managed
  • IT Analytics and reporting
Read more on http://selfserviceengine.com/wp-content/uploads/2013/11/SEP-Automation-Lowres.pdf and feel free to contact if you have any qeustions.
 
 
SEP.png
 
Jesper Mathiasson - Zitac Consulting
 
 
 

Cyber resilience – more than just good technology!

0
0

FireEye’s recent acquisition of incident response and forensics specialist Mandiant for around $1 billion has been a real high profile eye catcher. The move greatly broadens the FireEye product and services portfolio, of course, although the cost of the acquisition has sparked a few mutterings of ‘overpriced’ amongst the analyst community. That said, several analysts cited Mandiant’s service revenues as a great addition to FireEye and it’s hard to argue with that.

Certainly, Mandiant is a good complement for FireEye, strengthening its security intelligence capability and increasing its detection capability at the endpoint (albeit not its endpoint protection capability), while also providing FireEye with a services arm.

Possible issues? Perhaps around efficient integration & synergies between the two technology platforms, although the two companies have held a relationship since 2012. What is possibly more of concern is the differences between the companies in terms of customer focus and while the move only provides integration between the network and endpoint on 2 million endpoints (by contrast, Symantec has well over 200 million); the maturing Mandiant endpoint capability is focused on detection only, not prevention.  And then there’s the danger of a possible conflict with existing FireEye services-based partners.

So, what does all of this mean for enterprise customers? Well, although it is clearly a good technology acquisition, does this fully address the ’cyber problem‘ as claimed? Cyber resilience is more than just good technology with customers needing to respond to a broader set of business and technical challenges such as:

  • Increasing dependency on connected and internet reliant business services
  • IT infrastructure complexity due to rapidly evolving technologies such as mobile, cloud, virtual, big data, social, ‘etc’
  • Malicious actors & malware are making hay in this increasingly connected and complex world.

Customers just don't have the holistic IT security technology to deal with all of the issues that arise from the above. In other words, a breach will happen. So exactly how you prepare for a breach is equally as important as how you respond to it. It’s true that there are innovative technology providers out there that will go some way to help customers manage some of these challenges, but there is no silver bullet to fix the cyber problem.

As far as customers are concerned, the approach they should really take is to:

  • Be business led – ensure the business sponsors and supports any cyber security initiative
  • Manage risk by aligning to well defined business processes
  • Be cyber aware within your own estate
  • Gain understanding of the external threat landscape
  • Be agile & proactive in cyber defences – in all areas of people, process and technology
  • Make the right technology investment choices to provide sustainable cyber security and resilience.

While Symantec has for some time been at the leading edge in delivering security software solutions, our 4.0 transformation is a key factor in driving innovation for our customers. Through our change, we are leveraging our existing broad profile of security software and services solutions, covering more vectors of threat than emerging vendors, while focusing on solving the advanced attack problem and wider customer cyber resilience issues.

Specifically, Symantec’s portfolio strengths embrace:

  • Endpoint Protection – capabilities such as our SONAR behavioural protection and our Insight reputational database that tracks billions of file reputations; blocking both known and unknown threats
  • Targeted Attack Protection – multiple vector protection in the form of web security, mail security, server security, and data loss protection. Including new capabilities from Symantec such as‘DISARM’ that strips malware from email attachments in real time delivering clean attachments.
  • Managed Security Services– leading managed services offerings, supported by contextual security intelligence, providing customers actionable insights into internal security incidents cross referenced by our deep knowledge of the evolving threat landscape
  • Finally, the Symantec 4.0 transformation is driving closer integration across our wide portfolio connecting capabilities from our endpoint, gateway, datacenter technologies and managed & hosted services

Also, there are new Symantec 4.0 offerings on the way that will leverage our increased integration & market-leading deep contextual security intelligence to provide actionable cyber visibility and protection.

The point is that, in cyber security, you must have a proactive strategy that is inclusive. As mentioned, there is no ‘silver bullet’ that solves this problem in one hit. What Symantec offers, however, is breadth and capability right across its solutions to get end users safely and securely to their individual destinations.

How to convert a registry file to a batch file

0
0

RegToBat Converter is a simple tool to convert a registry file (.reg) to the batch file (.bat).

Viewing all 5094 articles
Browse latest View live




Latest Images