Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Archives for June 2014

Snare Agent Updates

by

Please note that the following Snare Agents have been updated and are now available:

  • Enterprise Snare Agent for Windows
  • Enterprise Snare Epilog for Windows
  • Enterprise MS SQL Agent

These release are primarily to address the following issues with the agents:

  • Registry handle leak -Fix the registry handle leak issue that was causing the increasing number of registry handles. In severe cases, this issue could cause the frequent restart of the Snare service.
  • Man-in-the-middle attack in OpenSSL pre v1.0.1h -An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable Snare Windows Agent (pre v4.2.5) and a vulnerable third party log collector using TLS. This Snare Windows agent is not vulnerable to this attack if a pre v4.2.5 Snare is communicating with a Snare Server. Snare v4.2.5 is built using OpenSSL v1.0.1h that fixes this issue on Snare Windows agent side. Customers are also encouraged to update their log collectors to OpenSSL v1.0.1h so that vulnerability can be removed from both sides.
  • Objective exclude filter bug (Windows Agent Only) -Objectives allow events to be included or excluded depending on various matching criteria. A bug in previous versions resulted in the exclude option only taking full effect when applied to the ‘Event ID’ match objective. All other exclude options were ignored if a wild card match objective was performed after theexcluded match objective. This fix ensures the exclude option works correctly on the whole event including”event id”, “general match”, “user name” and “event source” fields, so that a wild card match objective after the exclude objective does not permit the excluded data.

For complete release notes ->

Kaspersky Lab Global Survey Shows 18% of Government and Defense Organizations Encountered a Targeted Attack Within the Past 12 Months

by

In a survey of nearly 4,000 IT managers across 27 countries, Kaspersky Lab has not only found that targeted attacks on the rise year-over-year, but also identified the business sectors most likely to be targeted. Globally, 18% of organizations in the Government & Defense sector reported at least one targeted attack within the past 12 months. The rate of targeted attacks reported within the Government & Defense sector was the highest rate reported in this year’s survey, a notable increase from the global average of 12% reported across all business sectors.

When looking at data across all business sectors, it’s also clear that targeted attacks are not limited to the Government & Defense industry. Other business segments have felt the brunt of targeted attacks at a higher-than-average rate, including the Telecommunications industry where 17% of businesses reported targeted attacks, and the Financial Services and Transportation & Logistics sectors, both of which reported targeted attacks within the last 12 months at a rate of 16%.

Read the full article ->

Anti-Malware Doesn’t Cut It in the Mobile Era

by

InformationWeek – Wallstreet and Technology – June 19th, 2014 – Mike Raggoo

As operating system architectures shift from open file systems to application sandboxes, traditional anti-virus becomes less relevant. Enterprise mobility management provides both proactive countermeasures and reactive mitigation.

It’s no secret that retailers are under attack. Not from masked robbers, but from anonymous criminals that work online. What is less widely known is that anti-malware — the virtual guardian of the PC era — won’t protect organizations in an increasingly mobile world. And the pace of change in mobile is so great that certain security standards can quickly become obsolete.

To address the rapidly changing challenges in mobile security, I have had the privilege of working with the Payment Card Industry (PCI) Security Standards Council as part of its PCI Mobile Task Force. We are focused on the emerging mobile point-of-sale (POS) technologies and the evolving mobile threat landscape. As more retailers deploy mobile devices for mobile POS, mobile presents the opportunity for more automated security countermeasures for protecting retailers from attack. Therefore the PCI Mobile Task Force continues to update the PCI guidelines to take advantage of these unique security features.

Read full article ->

Facebook users most likely targets of account theft

by

Kaspersky Lab – Virus News – June 12, 2014

Facebook remains the preferred target for cybercriminals who specialize in stealing social network accounts: according to Kaspersky Lab’s statistics, in Q1 2014 fake sites imitating Facebook accounted for 10.85% of all instances when the heuristic Anti-phishing component was triggered. Only fake Yahoo pages sparked more phishing alerts, leaving Facebook the prime target among social networking sites.

Today’s Facebook fakery is a global business, with cybercriminals attacking the site in a variety of languages: English, French, German, Portuguese, Italian, Turkish, Arabic and others.
Unauthorized access to accounts in Facebook or any other social network can be used to spread phishing links or malware. Cybercriminals also use stolen accounts to send spam to the victims’ contact lists and publish spam on their friends’ walls where it can be seen by other users, or to spread messages asking their friends to send urgent financial assistance. Hijacked accounts can also be used to collect information on individuals for use in future targeted attacks.

Smartphone or tablet owners who visit social networks from their mobile devices are also at risk of having their personal data stolen. To make matters worse, some mobile browsers hide the address bar while opening the page, which makes it much more difficult for users to spot fake resources.

“Cybercriminals have developed a number of ways to entice their victims to pages with phishing content. They send links to phishing web pages via email or within social networks or in banners placed on third-party resources. Fraudsters often lure their victims by promising them ‘interesting content’. When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don’t become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals,” said Nadezhda Demidova, Web Content Analyst, Kaspersky Lab.

Read More ->