Aug 15

Risk & Compliance

McAfee – Risk & Compliance

  • Tool Talk: Cracking the Code on XtremeRAT
    Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. Aside from the FROM: address, Read more…
  • Latest Yahoo Data Breach Restates Need for Basic Security
    News broke today of a large data breach against Yahoo Voices, resulting in more than 400,000 username/password combinations being posted in clear text. The compromise involved a basic SQL-injection attack against an exposed Yahoo server (dbb1.ac.bf1.yahoo.com).  Similar to other recent events, the account data was reportedly stored in an unencrypted state. We see this type of attack Read more…
  • RDP+RCE=Bad News (MS12-020)
    See March 15 and 16 updates at the end of this blog. —————————————————-   The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on Read more…
  • Urchins, LizaMoons, Tigers, and Bears
    In early April, I wrote about the famed “LizaMoon” SQL-injection attacks. I said it then, and I’ll say it again now: SQL-injection (SQLi) attacks are a constant. Some of these attacks are more visible than others.  Some adversaries find intelligent ways to hide their tracks so as not to splatter evidence of their misdeeds all over various search Read more…
  • McAfee to Acquire NitroSecurity
    I am excited to share that McAfee has officially announced its intent to acquire privately owned NitroSecurity.  NitroSecurity is a leading provider of security information and event management (SIEM) solutions that offers complete visibility and situational awareness to protect critical information and infrastructure. With NitroSecurity’s technology and talent, McAfee can expand its reach into the fast Read more…
  • Building an Arsenal of Best-in-Breed Database Security Solutions
    Visit any news site on the Web, and undoubtedly you’ll come across a barrage of articles publicizing the details of yet another data breach. With the prominence of SQL injection attacks, and malicious insiders and hackers exploiting sensitive data stored on unpatched and vulnerable databases, enterprise organizations have found themselves reevaluating their security strategies. Following Read more…
  • Hackers vs. Hackers: The New Frontier Of Embedded Devices
    If we look at the evolution of hacking, certain techniques never go out of style, but we’re at the beginning of a big shift in terms of the targets.  The threat landscape has evolved beyond PCs, tablets, and smartphones to a whole new battleground: connected devices all around us. According to Ericsson, there will be Read more…
  • Five Simple Steps SMBs Can Take To Prevent A Disastrous Data Breach
    Every week we see similar stories permeating the news – large enterprises falling victim to data breaches and finding themselves at the mercy of hackers looking to access and exploit sensitive customer data for personal or monetary gain. The impact of just one of these events can be devastating; for large enterprises, the short-term effect Read more…
  • Lockheed Martin, EMC, Sony: Design Inner Security Layer assuming Outer Layer is already breached.
    The recent security breach at Lockheed Martin confirmed that the attacks we saw with Operation Aurora, identified by McAfee, and Stuxnet are just the beginning of a new era of targeted attacks. Cybercriminals are now executing the perfect plan to get closer to their target without raising any red flags. In the case of Operation Read more…
Aug 14

Joomla Unauthorized File Upload Remote Code Execution

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Joomla Unauthorized File Upload Remote Code Execution protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Server Enforcement Violation
Attack Information: Joomla Unauthorized File Upload Remote Code Execution

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-14-aug.html

Aug 14

Canon Wireless Printer Denial Of Service (CVE-2013-4615)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Canon Wireless Printer Denial Of Service protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Application Servers Protection Violation
Attack Information: Canon Wireless Printer Denial Of Service

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug5.html

Aug 14

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug10.html

Aug 14

Microsoft .NET Framework Array Access Violation (MS13-052; CVE-2013-3131)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft .NET Framework Array Access Violation (MS13-052) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Microsoft .NET Framework Array Access Violation (MS13-052)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-06-aug1.html

Aug 14

Cisco OSPF LSA Manipulation Denial of Service (CVE-2013-0149)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Cisco OSPF LSA Manipulation Denial of Service protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cisco Protection Violation
Attack Information: Cisco OSPF LSA Manipulation Denial of Service

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-08-aug1.html

Aug 13

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug7.html

Aug 13

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-06-aug2.html

Aug 13

Combating Advanced Malware: McAfee Survey at Black Hat USA 2013








Rick Simon

The final survey results are in from Black Hat USA 2013 and it’s clear: IT professionals are frustrated that so much time is spent combating advanced malware.

Many professionals devote half their workweek addressing malware and the consequences of advanced attacks.

That’s because new attacks are more advanced than ever before, using everything from pernicious rootkits or social media-driven spear phishing to network-based advanced evasion techniques. As this arms race continues, enterprise defenses and solutions need to adapt to these sophisticated methods of attack.

Recently, I wrote that we surveyed McAfee booth visitors at Black Hat USA 2013 on the topic of advanced malware. The final results are now in and here’s what those IT professionals had to say about their top concerns with advanced malware and how they’re dealing with the problem.

Black Hat Survey Results

McAfee---Black-Hat-Survey-Images---v3a

Although 81% of all respondents said advanced malware was a big or huge concern to their business, only 44% said their company is presently using technology to combat advanced security threats. That’s a massive gap between recognition of the problem and actually doing something about it.

McAfee---Black-Hat-Survey-Images---v3b

More than half of those surveyed said their biggest challenge was detecting – and detecting accurately – advanced malware. I think that is a reflection of where we are today in the advanced malware arms race – right now, the attackers and the weapons they use are ahead of the defenders.

McAfee---Black-Hat-Survey-Images---v3c

A surprising number of those surveyed said that they devote more than 20 hours a week detecting and combating advanced malware and a third spend at least a day a week on this problem. And in many conversations, that was a major frustration.

Fighting advanced malware is part of a security analyst’s job, but enterprise solutions need to do a better job detecting and eradicating these determined adversaries. It’s time for an advanced threat defense system that helps organizations win the advanced malware arms race.

Stay tuned for more from McAfee on this subject and be sure to follow us on Twitter @McAfeeBusiness.

 

 

Tags: , ,

Article source: http://blogs.mcafee.com/enterprise/combating-advanced-malware-mcafee-survey-at-black-hat-usa-2013