A+ R A-

HelpNET Articles

by Stefan Frei - Research Analyst Director, Secunia - Monday, 24 January 2011.

There is an on-going arms-race in the IT security industry between vendors striving to produce secure software, and researchers’ and cybercriminals’ efforts (and successes) in finding new vulnerabilities in software. The number of vulnerabilities in general over the last five years reached over 4,300 on average per year with no significant up- or downward trend. During the period from 2009 to 2010, the number actually decreased by 3%. Therefore it is fair to say that, on a large scale, the security ecosystem appears to be in a sort of state of equilibrium regarding the current rate of vulnerabilities. Vulnerabilities are counted as the number of unique CVEs.

However, computer users cannot be complacent. Significantly, Secunia’s Yearly Report for 2010 revealed that out of more than 4,000 vendors on the market today, just 14 vendors with products in use on millions of private and corporate systems daily, were responsible for over half of the vulnerabilities discovered in the last two years: Adobe Systems, Apache Software Foundation, Apple, Cisco, Google, HP, IBM, Kernel.org, Microsoft, Mozilla Organization, Novell, Oracle (includes Sun Microsystem, BEA, and Peoplesoft as a result of recent acquisitions), RealNetworks, and VMware.

The evolving vulnerability threat

Unfortunately vulnerabilities are still the ‘Achilles’ Heel’ of any IT system particularly for end-point PCs. An alarming trend for this sub-section was also highlighted: cybercriminals are now focusing their specific efforts on end-users. Vulnerabilities on end-points are commonly exploited when users visit a malicious website (with content controlled or injected by an attacker), or open data, files, or documents with one of the numerous programs and plug-ins installed on their end-points. The sheer variety and prevalence of programs found on typical end-points, coupled with unpredictable user usage patterns, make end-points an attractive and easy to exploit target for cybercriminals.

In order to better understand the risk and security challenges most private or corporate Internet users face on a daily basis, data taken from anonymous 2010 scan results from users of the Secunia Personal Software Inspector (PSI) was analyzed. We found that 50% of users typically have more than 66 programs from more than 22 different vendors installed on their end-points. To further track the security of typical users, we used a representative portfolio of software typically found on end-points.

 1  |  2  |  3  |  4  |   Next page >> 

by Zeljka Zorz - Thursday, 30 December 2010.

imageSteganos Privacy Suite (v.12) is a suite offering most Steganos privacy and encryption products bundled up together: Safe, Portable Safe, Crypt & Hide, Password Manager, Private Favorites, E-Mail Encryption, Trace Destructor and Shredder.

Welcome screen:

A simple click on any of the icons on the left part of the screen will take you to the tool you need.

Since I have previously presented Steganos Safe, Portable Safe and Shredder on this site, I wo...

by Nick Lowe - Check Point - Monday, 17 January 2011.

Predicting the distant future of IT security is tricky, but the near future – the next 12 to 18 months – is a little easier. After all, the seeds of what is to come were planted in the recent past. Traditional security threats posed by hackers, viruses and worms over the past 10-plus years are still a concern, and have been joined by newer, emerging threats from the proliferation of Web 2.0 apps, mobile computing and custom attacks.

These threats are dramatically increasing security complexity. But they’re not the only issues concerning businesses. There’s also the simple mistake, or moment of carelessness by a trusted employee when handling data, which can have far-reaching consequences unless the risks are mitigated.

So what specific threats should organizations be preparing for during the coming year? And what are the implications for business IT security infrastructures? Based on our research and feedback from customers, here are Check Point’s thoughts and projections for 2011 and into 2012.

Be Web 2.0 wary

While malware, phishing attacks, Trojans and key-loggers continued to proliferate on Internet applications, the emergence of more rich-media capabilities in Web 2.0 apps and mobile devices will increase the number of drive-by-downloads and sophisticated, blended attacks.

For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees that use rich media and Web 2.0 applications in an organisation, the greater the chance of unwittingly exposing the company to an attack – unless the right protection is in place.

Fitting new Windows

According to the Check Point survey mentioned earlier, 7% of organizations have already made the leap to Windows 7 and another 54% plan to migrate in the next two years. In addition, organizations are using an average of nine different vendors to secure their organization's infrastructure from the network to the endpoint, creating difficulties in security management, loss in productivity and potential security holes in between the individual products.

Businesses may find that Windows 7 migration is a good time to look at the number of security vendors’ solutions they are using and decide to consolidate endpoint security solutions. Because Windows 7 presents a clean slate for the OS, it can be a clean slate for security as well.

Virtualization security becomes real

Businesses are starting to leverage virtualization technologies as an additional layer of security defense, supplementing traditional security solutions. Examples include browser and session virtualization that segregates and secures corporate data from the Internet – allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.

 1  |  2  |   Next page >> 

imageAvast! Free Antivirus (v.5.1.864) is an anti-virus, anti-spyware software with boot-time scanning capabilities. It also incorporates anti-rootkit and strong self-protection capabilities, and contains several real-time "Shields" which continuously monitor your email and internet connections and check the files on your computer whenever they are opened or closed.

The installation process is a breeze, and you can choose a custom installation if you want. You are also offered to install Google's...

by Elad Sharf - Senior Security Research, Websense Labs - Wednesday, 7 March 2012.

Websense has detected a new wave of mass-injections of a well-known rogue antivirus campaign. The majority of targets are Web sites hosted by the WordPress content management system.

At the time of writing, more than 200,000 Web pages have been compromised, amounting to close to 30,000 unique Web sites (hosts). The injection hijacks visitors to the compromised sites and redirects them to rogue AV sites that at...

by Mirko Zorz - Wednesday, 14 March 2012.

imageThe past 10 years represent a very interesting timeframe for reviewing vulnerability disclosures and ensuing changes that continue to affect risk management in IT organizations around the world.

Vulnerability disclosures across the industry in 2011 were down 11.8 percent from 2010. The overall vulnerability severity trend has been a positive one. Medium and High severity vulnerabilities have steadily decreased since their high points in 2006 and 2007...

by Berislav Kucan - Monday, 12 March 2012.

imageA great number of multifunction printers of have the ability to integrate within a corporation's business environment and connect to its email systems, its file systems, its FTP servers and a number of other resources. In order to be able to do that, these devices have to contain credentials needed to authenticate themselves to these resources.

Unfortunately, this information can also be extracted by attackers and be misused by them to gain a footho...

Page 8 of 8