An explosion of fresh customized malware continues to leave even the industry’s top security products lagging behind as organizations are doing everything they can to protect their networks and customers. Congress has even stepped up their efforts to pass legislation that better protects our digital and critical infrastructures from new cyber threats. But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough? Here were some of the top security stories from June 2010. Continue reading this post…
An interesting study released this week shows that about 1.3 million malicious ads are being viewed online everyday. Most of these malvertisements are pushing drive-by downloads and fake security software. Some of the key findings in the report include:
Users are twice as likely to get infected by a malware ad on a weekend
The average lifetime of a malvertisement is 7.3 days
97% of Fortune 500 websites are at a high risk due to their external partners (JavaScript widget providers, packaged software providers etc.)
69% of Fortune 500 companies use external JavaScript to render portions of their sites
64% of Fortune 500 companies are running outdated web applications
This study drives home the point that everybody is exposed. Whether it’s a consumer hitting an ad on a website that’s got malware or an attack targeting the person running the grid, the fact is as long as there’s a human being in the loop malware is going to get deposited.
What I find interesting is that malvertisments targeting consumers take the same payload-type approaches as APTs that are specifically designed to go after the top government or corporate information, but just not in the same highly targeted, sniper-type fashion. But whatever approach is taken, the cornerstone to every one of these types of attacks that deposit some type of targeted malware is the payload.
This brings me to a poll question I’d like to ask you: What’s the most important step to stopping malware payloads? Said differently, if you could only do ONE thing to stop these attacks, which approach would you take? I’d love to get your feedback on it.
April showers may bring May flowers, but the Internet also saw something else in full bloom — cyber crime. Computer systems around the globe experienced a variety of problems in April ranging from more fake antivirus software to malicious code that avoids detection from search engine Web crawlers. But none were as big as a well-publicized faulty security update that crashed thousands of computers and became a public relations nightmare for one of the world’s top security software makers. Here were some of the top security stories from April 2010: Continue reading this post…
In the midst of March Madness, it seems like security professionals everywhere are scurrying to find ways to safeguard their enterprises from new forms of malware and exploit techniques that have successfully bypassed most antivirus protections throughout the first quarter of 2010. With systems constantly under attack, what’s important is making sure our computer endpoints are protected from the latest viruses and botnets out there. Check out some of the top stories from March 2010. Continue reading this post…
Last week, a new exploit technique was disclosed that bypasses a critical Windows security feature, DEP (data execution prevention), as well as an ASLR security enhancement for address space layout randomization.
In the article, “New exploit technique nullifies major Windows defense,” some researchers worry that a proof-of-concept code published by Google security software engineer, Berend-Jan Wever, could actually lead to more successful attacks against Microsoft’s newer operating systems.
While Wever claims the proof-of-concept doesn’t do any harm because it’s wrapped around an exploit of a bug in Internet Explorer 6 (IE6) that was patched years ago, MicroTrend’s Ria Rivera wrote in the company’s malware blog that the exposure could be used to further enhance exploits, and expects to see it used within exploits soon.
“After Wever released his heap-spraying exploit codes in 2005, a lot of new exploits started using that technique. It would thus be not far-fetched that the release of this new proof-of-concept could lead to the same scenario — new exploits could start using ‘return-to-libc’ to achieve DEP bypass.”
With so many data compromises arising from the latest disclosed vulnerability it seems so clear that now is the time to completely re-evaluate the way we approach desktop security. Vulnerabilities lose their power when you address the core issue of controlling what applications are allowed to run on your system in the first place whether these applications were added by a user or by malicious code exploiting a security hole.
Questions? Leads on topics? Ideas for improvement? Or just want to open up a dialog and chat with us about — whatever? We want to hear what you have to say!