Information Security all in one place!

Network Security News

RSA Conference 2012: On the Agenda


This is the first RSA Conference since 2011’s high-profile security breaches. How did those incidents influence this year’s agenda? Hugh Thompson explains in an exclusive event preview.

By any account, 2011 was a banner year for prominent information security attacks.

“We’ve seen the rise of hactivism; we’ve seen just a huge amount of these highly-targeted, sophisticated attacks,” says Thompson, RSA Conference’s program committee chair. And these incidents have fundamentally influenced the conference agenda.

“If you look at many of the breaches over the past 12 months, most of them ended with some type of sensitive data leaving the enterprise,” Thompson says. “But it’s interesting to look at how many of [the incidents] began. A lot of them began with a person – a smart, well-intentioned person inside the company, making a choice. And the choice was either to install an executable, open a file, and I think you’ll see that play out in a fascinating way in this year’s agenda. We’ve got quite a few talks on the human element of security.”

Read More Here: http://www.bankinfosecurity.com/interviews.php?interviewID=1404

Advertisements

Cisco Security Advisory: Cisco Small Business SRP 500 Series


Cisco Releases Security Advisory for Cisco Small Business SRP 500 Series

Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:

* Cisco SRP 500 Series Web Interface Command Injection
Vulnerability
* Cisco SRP 500 Series Unauthenticated Configuration Upload
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability

These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if remote management is enabled.  Remote management is disabled by default.

Cisco has released free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26:

 * Cisco SRP 521W
 * Cisco SRP 526W
 * Cisco SRP 527W

The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 521W-U
 * Cisco SRP 526W-U
 * Cisco SRP 527W-U

The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4:

 * Cisco SRP 541W
 * Cisco SRP 546W
 * Cisco SRP 547W

To view the firmware version on a device, log in to the Services Ready Platform Configuration Utility and navigate to the Status > Router page to view information about the Cisco SRP Series device and its firmware status.  The Firmware Version field indicates the current running version of firmware on the Cisco SRP 500 Series device.

More information regarding these vulnerabilities:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

The latest Cisco SRP 500 Series Services Ready Platforms firmware can

be downloaded at:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282736194&i=rm


SonicWall: Expansion of Security Services; Kaspersky Anti-Virus


Kaspersky Lab

Intelligent network security and data protection solutions provider, SonicWall, has expanded its suite of firewall security services with the addition of Kaspersky Anti-Virus to its Enforced Client Anti-Virus and Anti-Spyware solution.

SonicWall Firewalls are designed to ensure easy  deployment, provisioning and enforcement of the client on endpoint devices  through a unique policy-driven engine.

SonicWall Next-Generation and Unified Threat Management  firewalls already provide gateway anti-virus through SonicWall’s proprietary  reassembly-free deep packet inspection anti-malware solution, protecting the  perimeter, wireless and VPNs. But, according to SonicWall, viruses can still enter the  network through laptops, thumb drives or other unprotected systems. Protection  at multiple layers is the best defence against sophisticated modern threats,  however, maintaining, enforcing and deploying the right security software on  endpoint devices can put a strain on IT resources and budgets. SonicWall firewalls are designed to provide an innovative  multi-layered anti-malware strategy consisting of its anti-malware solution at  the gateway and enforced anti-virus solution at the endpoints.

When a non-compliant end-point within the network tries  to connect to the internet, the firewall will redirect the user to a web page to  install the latest SonicWall Enforced Client Anti-Virus and Anti-Spyware  software. The firewall is also designed to ensure that all the  end-point clients are automatically updated with the latest anti-virus and  anti-spyware signatures without end-user intervention. The updated clients can  remediate infections by cleansing the endpoint systems and thus preventing  further propagation of the threat throughout the network. SonicWall has integrated Kaspersky technology into its  enforced client solution. The software resides on endpoint computers and  delivers critical protection against viruses, spyware, Trojans, worms, rootkits  and more. “Deploying, maintaining and enforcing the right security  software on endpoint devices within a network can be difficult,” said Swarup  Selvaraman, product line manager at SonicWall. “Our innovative SonicWall  solution simplifies this process and gives IT managers’ easy-to-deploy  anti-virus and anti-spyware protection across any number of devices using  policy-based management and reporting. Kaspersky support bolsters our existing  offering and gives customers more opportunities to choose the anti-virus  solution that best meets their needs.” The solution is designed to support Microsoft Windows PCs  and laptops and is ideal for deployments scaling from a few to thousands of  end-points.


BYOD Control: Aruba brings it together with ClearPass


Aruba Delivers BYOD Control with ClearPass

The bring-your-own-device (BYOD) era is booming, while BYOD delivers some freedom to users and is great don’t get me wrong, however. It is still absolutely critical that companies reachthe same degree of protection,  and control that corporate owned devices also receive to these devices. It has to be thought of as a wired device, in my opinion.

Networking vendor Aruba is now debuting a solution for BYOD, built on Linux and leveraging the open source FreeRADIUS access controlsolution to help return control to enterprises.

English: offical logo of Aruba Networks

“ClearPass provides a networking solution for BYOD to address all of the majoroperating systems and any networking vendor’s network architecture,” Robert Fenstermacher, director of Product Marketing at Aruba, told InternetNews.com. “It can act as a single point of policy control across all wired, wireless and remote infrastructure for a global organization.”

More from ENP: http://www.enterprisenetworkingplanet.com/netsysm/aruba-delivers-byod-control-with-clearpass.html


Qualys: Going Public with IPO?


Vulnerability assessment and management company Qualys has announced plans for an IPO later this year.

In a recent article posted on Network World,  Qualys; a security firm specializing in vulnerability scanning and assessment says they are ready to go public. Based on my experience with the product I would have to agree that this would be a good decision. Regarding the fact that I have used, and currently using Qualys on a contract position, many hours have been spent using and abusing these appliance(s). I have witnessed first hand the ways the scanning engines have morphed into a dependable tool with low false positives. Offering more asset control to the administrator than in recent years, and the overall performance issues that have been handled through it’s generations have made this product ready for prime time. Apparently I am not the only one who thinks so – with over 5,000 appliances currently running on production environments world wide.

Qualys

“‘We are ready,’ says Qualys CEO Philippe Courtot,” writes Network World’s Ellen Messmer. “He says the company, which he founded in 1999, has achieved profitability and is increasing revenues.”

“Courtot says the company did about $76 million in revenue last year, showing profitability, and expects to see revenues grow to $94 million this year,” Messmer writes. “Its variety of products, and scanning and compliance services, have become widely used by about 5,000 organizations around the world.”

For the full story click here: http://www.networkworld.com/news/2012/022112-qualys-ipo-256396.html

 

 

 


Anonymous: “Power” in their hands


U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities

The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.

Español: Sello de la NSA English: The seal of ...

Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.

Gen. Alexander’s warning signals a growing federal …

More on this story here:

Wall Street Journal: 

http://online.wsj.com/article/SB10001424052970204059804577229390105521090.html?mod=googlenews_wsj

USA Today:

http://content.usatoday.com/communities/ondeadline/post/2012/02/report-nsa-chief-sees-possible-anonymous-hit-on-power-grid/1#.T0MRyjUS1WI


Botnet: Cutwail Returns; Overall Spam Increasing


According to M86 Security, the infamous Cutwail botnet (aka PandexMutant and Pushdo) appears to have been reactivated. The security specialists say that in the past few weeks they have registered several waves of HTML emails that were infected with malicious JavaScript and probably originated from Cutwail-infected PCs.

Cutwail had its heyday about five years ago, when it led the botnet activity list with 1.6 million infected computers. However, it lost its top position in the market after hackers intruded into the system and disclosed the names of customers and affiliates.

How a botnet works: 1. A botnet operator sends...

Image via Wikipedia

According to M86 Security, the volume of infected emails was 50 times higher between 23 and 25 January, and three further waves from 6 February were found to be as much as 200 times higher.

Infected emails had subject lines such as “FDIC Suspended Bank Account”, “End of August Statement” and “Scan from Xerox WorkCentre”.

Read More Here: Cutwail botnet back in action