Cyber Security News for Small Business

Criminals have drained more than $100 million from the accounts of small ... you in the crosshairs of cybercriminals intent on plundering the accounts of small ... A Panda Security white paper on the small business online banking survey ...
technology.inc.com/security/articles/201009/banking.html

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk. ... Etienne A. Gibbs, Independent Internet Security Advocate, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and ...
linux Windows mac os information... - http://www.akhamaster.com/

There were similar fears raised by the Confederation of British Industry and the Federation of Small Businesses, which described the policing arrangements on cyber crime as “lamentable”. ... But while the Agency rightly stated that there were now more staffing resources targeted directly at Internet crime than in the days of the NHTCU, it was also clear that cyber criminals were not a major priority for SOCA, at least not compared with the government-set priorities of ...
Political Wag - http://www.politicalwag.com/

“According to the FBI, cybercriminals steal millions from small and midsize companies,” said ... general manager of Trend Micro Consumer and Small Business. ...

With various ways of handling online transactions, cybercriminals aren't limited to taking on the big businesses for hacking purposes. Small businesses need ...

Most anti-virus products designed for use in businesses do a poor job of detecting the exploits that hacked and malicious Web sites use to foist malware, a new report concludes.

Independent testing firm NSS Labs looked at the performance of 10 commercial anti-virus products to see how well they detected 123 client-side exploits, those typically used to attack vulnerabilities in Web browsers including Internet Explorer and Firefox, as well as common desktop applications, such as Adobe Flash, Reader, and Apple QuickTime.

Roughly half of the exploits tested were exact copies of the first exploit code to be made public against the vulnerability. NSS also tested detection for an equal number of exploit variants, those which exploit the same vulnerability but use slightly different entry points in the targeted system’s memory. None of the exploits used evasion techniques commonly employed by real-life exploits to disguise themselves or hide from intrusion detection systems.

Among all ten products, NSS found that the average detection rate against original exploits was 76 percent, and that only three out of ten products stopped all of the original exploits. The average detection against exploits variants was even lower at 58 percent, NSS found.

NSS President Rick Moy said most vendors appear to have chosen to focus on detecting the malicious software variants delivered by these exploits than on blocking the exploits themselves. Moy notes that while the anti-virus vendors state they are now processing more than 50,000 malware samples every day, it appears the majority of vendors still fail to block the most widely-used methods of delivering those malware samples.

“When you’re talking about exploits that have been published on a government funded web site for months on end, there’s really no good excuse as to why you’re not covering that,” Moy said. “Since there are far fewer exploits than malware, it is imperative that attacks be defeated in the  earliest possible stage.”

The NSS tests revealed that certain exploits were consistently missed by the anti-virus products, particularly those that attacked the IE peers and MS VBscript help Internet Explorer vulnerabilities that Microsoft first disclosed in March 2010.

Moy shared a copy of the report on the condition that I refrain from disclosing how each individual product performed, as his company plans to sell the report. But as with the last NSS report I wrote about — which looked at how long it takes anti-virus products to block malicious Web sites — this study focuses on testing individual aspects of anti-virus product performance, including some areas that are glossed over in industry tests.

Even without information about which products earned the highest marks in exploit blocking, one takeaway from the report is the importance of patching as soon as possible after a vendor releases a fix, Moy said.

“There is not a lot of focus on stopping exploits, is what we’re finding, even though certainly at least against the older exploits these security products should act as a virtual patch,” Moy said, adding that organizations should consider developing custom exploit signatures for high-value systems, either at the host or network layer. “The ‘patch immediately’ approach probably works for smaller organizations, but larger companies tend to wait quite a while to make sure patches don’t conflict with homegrown apps.”

Still, NSS doesn’t make a lot of information available about its methods, and this omission has driven much of the criticism of previous NSS Labs reports.

“It would be nice if at least some information about the way the figures were arrived at were available for scrutiny, so that an interested party would have more than just a rather spectacular but otherwise context-free chart to gauge the relative value of the report,” wrote Kurt Wismer, an anti-virus industry watcher and blogger. “As it stands, the information they make available on their site is worse than useless – figures without adequate context are precisely where the idiom of ‘lies, damn lies, and statistics’ comes from. Posting the context-free chart the way they have only serves to sensationalize the report.”

Wismer said the study highlights an area where many products have room for improvement, and that having more anti-virus products blocking the exploitation stage would be a very advantageous improvement. But he said the report itself doesn’t provide a full picture of the performance of these products.

“It just doesn’t tell the customer whether or not they’d actually be protected in the real world,” Wismer wrote in an e-mail to KrebsOnSecurity.com. “The more links in the chain of events leading to compromise that can be used to a defenders advantage. a chain is only as strong as it’s weakest link and so only one stage of a multi-stage attack needs to be blocked in order for the final intended outcome to be thwarted. A test that doesn’t include all the stages therefore necessarily omits information that could be important in determining which products provide the best assistance at protection.”

Interestingly, a series of reports released earlier this month by anti-virus testing lab AV-Test comes to similar conclusions as the NSS report about the exploit-blocking abilities of the major anti-virus products. According to AV-Test, the industry average in protecting against exploits (both known and unknown) was 75 percent.

Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs.

Acrobat and Reader users can update to the latest version, v. 9.3.4, using the built-in updater, by clicking “Help” and then “Check for Updates.”

Today’s update is an out-of-cycle release for Adobe, which recently moved to a quarterly patch release schedule. The company said the update addresses a vulnerability that was demonstrated at the Black Hat security conference in Las Vegas last month. The release notes also reference a flaw detailed by researcher Didier Stevens back in March. Adobe said it is not aware of any active attacks that are exploiting either of these bugs.

More information on these patches, such as updating older versions of Acrobat and Reader, is available in the Adobe security advisory.

Microsoft issued a record number of software updates today, releasing 14 update bundles to plug at least 34 security holes in its Windows operating system and other software. More than a third of flaws earned a “critical” severity rating, Microsoft’s most serious. Separately, Adobe released an update for its Flash Player that fixes a half-dozen security bugs.

Microsoft tries to further emphasize which critical patches should be applied first, and it does this largely by assessing which of the flaws appear to be the easiest and most reliable to attack. According to an analysis posted on the Microsoft Security Response Center blog, the most dangerous of the critical flaws patched this month involve media file format and Office bugs.

Specifically, Microsoft pointed out a critical flaw in Microsoft Silverlight and its .NET Framework, as well as bugs in the Microsoft MPEG-Layer 3 and Cinepak codecs. All of these media format vulnerabilities are critical and could be exploited merely by loading a tainted media file, either locally or via a Web browser, Redmond said.

The software giant also urged customers to quickly deploy a patch that fixes at least four vulnerabilities in Microsoft Office, the most severe of which could lead to users infecting their PCs with malware simply by opening or viewing a specially-crafted e-mail.

More details on the rest of this month’s updates are available here. Just a quick note about this patch batch for consumers: It might not hurt to wait a day or two before applying the Microsoft updates. Given the sheer number of vulnerabilities addressed in this release, there is a good chance that one or more of them may turn out to cause problems for some customers. Also, there don’t appear to be any online threats actively exploiting any of these flaws at the moment.

In other news, Adobe released a patch for its ubiquitous Flash Player that fixes at least six flaws in Flash. The newest version brings Flash to v. 10.1.82.76. If you’d like to know what version of Flash you are currently using, browse to this link.

Note that if you use both Internet Explorer and non-IE browsers, you’re going to need to apply this update at least twice, once by visiting the Flash Player installation page with IE and then again with Firefox, Opera, Chrome or whatever other browser you use. Also, unless you want some “free” software — like McAfee Security Scan or whatever Adobe is bundling with Flash player this month — remember to uncheck that option before you agree to download the software.

Finally, a blog post I published on Sunday incorrectly stated that Adobe would be issuing an update for its PDF Reader software today. Adobe plans to release the Reader update next week.

As always, please drop a note in the comment section below if you experience any issues applying these updates.

I recently highlighted a study which showed that most of the top software applications failed to take advantage of two major lines of defense built into Microsoft Windows that can help block attacks from hackers and viruses. As it turns out, a majority of anti-virus and security products made for Windows users also forgo these useful security protections.

As I wrote last month:

Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system’s memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) — first introduced with Windows XP Service Pack 2 back in 2004 — attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they’re seeking, the code placed there will not execute or run.

These protections are available to any applications built to run on top of the operating system, and they’re designed to make it difficult for attackers to develop reliable exploits for vulnerabilities in Windows applications. As we saw last month, few top apps invoke the protections, but many readers may be surprised to learn that few anti-virus products have adopted these technologies.

I installed the trial versions of a dozen top anti-virus and security suites on a virtual machine running Windows Vista, and then checked each product’s executable files using Microsoft’s excellent Process Explorer tool, which provides a mass of information about processes running on your Windows system, including whether or not those processes invoke DEP and/or ASLR.

Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010.

Microsoft Security Essentials was the only product that used both ASLR and DEP consistently on Windows Vista (although interestingly it does not invoke DEP on Windows XP). Other anti-virus suites I tested used either ASLR or DEP (or both), but only in some applications that make up the suite. For example, McAfee Internet Security’s “mcagent.exe” program runs both ASLR and DEP, while four other executable processes spawned by the program ran DEP but not ASLR (since these tests were run, McAfee has changed the trial version of MIS available on its site, and the company sent me a screen shot that shows DEP and ASLR on all running processes in that version).

Similarly, I found that the anti-virus suite from Avira ran its main avguard.exe program in ASLR mode but did not use DEP. The rest of the program files that ship with this product run neither ASLR nor DEP. Kaspersky Internet Security had DEP enabled on just one process (the browser plug-in), and did not invoke ASLR with any program components.

To be sure, DEP and ASLR are not panaceas: Security researchers have come up with a number of clever ways to bypass these protection mechanisms. Still, it’s interesting to note the lack of these features in anti-virus products for two reasons: First, even researchers who have developed exploits to work around these protections say the two technologies raise the bar significantly for malicious coders. Second, anti-virus products are not immune to introducing their own exploitable software flaws.

I sought comment from all of the anti-virus vendors whose products I examined (except for Microsoft) and received a few responses. Most either downplayed the usefulness of the two technologies in combating today’s threats, or said that they planned to implement the protections in upcoming releases.

Mikko Hypponen from F-Secure said that “adding support for DEP and ASLR in our products is on our roadmap, but has not been implemented yet. This is because we’ve focused our development efforts lately to focus on performance. Once we have this feature ready, it will be available to all of our customers through our update channel.”

Pedro Bustamante, a senior research adviser at Panda Security, said Panda decided not to use either ASLR or DEP in favor of their own technology “to provide protection not only for the single AV processes but also for other types of operations. For example our products include a Shield component which already takes care of the protection as offered by ASLR and DEP, in addition to other types of self-protections such as preventing a process from injecting a thread into a separate process, preventing certain applications from executing dangerous operations on the system (such as Adobe Acrobat dropping an executable in the system and running it), protection of the AV files in the installation directories, etc.”

Bustamante continued: “These Microsoft technologies might be a good solution for certain types of more basic applications, but from our point of view are insufficient for an anti-malware product trying to get a more defense-in-depth approach to securing the whole OS and third party applications.”

Bitdefender said it plans to incorporate DEP and ASLR in its 2011 suite of products.

Symantec’s director of product management, Dan Nadir, said Norton Internet Security 2010 does in fact include support for DEP (although my experiments with Process Explorer showed it was not enabled) and that the company is “evaluating possible support of ASLR in future versions of our products.”

The research team from ESET responded: “Based upon the types of attacks we see against security software, and the likely attack scenarios, ASLR and DEP do not provide any significant defense. [While] enabling ASLR and DEP is quite trivial, the complexity come in assuring the proper test matrix has been implemented. Without proper testing ASLR can be weaponized…We will consider adding the features in the future, but not without extremely rigorous testing.”

A small business can take advantage of this information and have their web site appear in the top 10 results of Google Maps and Google's organic search engine listings. Local Advertising has extremely high More > ... Cyber Stalking Facts. about 13 hours ago - No comments. Cyberstalking is a recent form of criminal behavior involving persistent threats or unwanted attention using the Internet and other means of computer communications. ...
Finance,Business,Health Tips... - http://ongkinhviet.com/wp/

Posted in: Small Business Security Strategies by Administrator on July 13, 2010. According to Symantec's 2009 security review, the biggest single threat to computer security is a user's failure to apply new security patches when they become available. ... One well-written virus can spread and attack millions of PCs in minutes, giving these cyber criminals access and control over your PC – often without YOU ever realizing it until it's too late. ...
IT Support & IT Service for Small... - http://www.networklogix.com/

Social Media Poses Security Risk to Small Businesses. July 12, 2010 BusinessAdvantage Leave a comment Go to comments. Social Media Poses Security Risk to Small Businesses. Social Media networking has generated a massive buzz around the ... The increasing use of cloud computing and social media networks is opening up many UK businesses up to cyber attacks. This is why it is becoming much more important to have a strong social media policy in place and is essential for any ...
Business Advantage - http://businessadvantage.wordpress.com/

Security Small businesses run by new entrepreneurs often have lower standards of security and this is especially true when it comes to banking and banking online. The smalls just don't have the expertise nor the payrolls stuffed with I.T. professionals to keep up with the Trojans and frauds that cyber-criminals use to prey upon the unfortunate, and the unwary. You want the highest level of security possible but without making it so inconvenient on yourself that you aren't ...
Business Tips: Business Idears... - http://insidebusinesstips.com/

Cyber-risk insurance generally covers damages which stem from failures arising from your use of online or internet-based technologies. For example, this type of policy can cover data loss, service interruptions resulting from server ... And , it's certainly reassuring to know that innovative companies are responding to the concerns expressed by small business owners. Likewise, this trend is simply further proof that, over time, the thorny ethical and security issues that ...
Online Document Management &... - http://blog.firmex.com/

Adobe Systems Inc. is urging users to update installations of Adobe Reader and Acrobat to fix a critical flaw that attackers have been exploiting to break into vulnerable systems.

The update brings Adobe Acrobat and Reader to version 9.3.3 (another update for the older 8.2 line of both products brings the latest version to v. 8.2.3). Patches are available for Windows, Mac, Linux and Solaris versions of these programs. Adobe’s advisory for this update is here, and the Reader update is available from this link — or by opening the program and clicking “Help” and “Check for Updates.” If you download the update from the Adobe Reader homepage, you’ll end up with a bunch of other stuff you probably don’t want (see below, after the jump for more on this).

If you use Adobe Reader or Acrobat, please take a moment to update this software. Users may also want to consider switching to other free PDF readers that are perhaps less of a target for malicious hackers, such as Foxit Reader, Nitro PDF Reader, and Sumatra.

It’s not hard to recommend almost any other PDF reader over Adobe’s. For starters, despite Adobe’s promises to streamline its update process, updating an Adobe product seems to have gotten far more complex over the past year or so. For instance, updating from Adobe’s Web site always pre-checks the installation of third party software, such as an anti-virus “security scanner” or a toolbar. This version of Reader also installs a program called “Acrobat.com,” an online PDF creation and manipulation manager. Incidentally, when you launch Acrobat.com from the icon the Reader update leaves on your desktop, another “mandatory update” is required for this product as well.

On top of that, the user is required to download the Adobe Download Manager, a program that has in the past introduced its own security vulnerabilities.

Many readers have asked about the purpose of the download manager, which is apparent with this month’s release: Adobe is using the Download Manager progress screen as an opportunity to pitch a number of other software titles available for download, apps made to work with Adobe Air, yet another multimedia component that comes bundled with each Reader update.

But the update process still isn’t complete. In fact, Adobe Reader at this point is only at version 9.3.0, and still needs to download an additional update to bring the user up to the latest version, 9.3.3. Getting that update requires opening Reader, waiting a minute or two for the Reader Update icon to appear in the Windows taskbar, and then double-clicking the install button. Windows users then need to restart their systems for the patch to take effect.

By the way, the vulnerability Adobe fixed in Reader and Acrobat also exists in Adobe’s ubiquitous Flash Player, but Adobe shipped an update to fix that flaw in Flash on June 10. If you haven’t already updated Flash this month, have a look at this post, which walks you through how to do that.

Unfortunately, small businesses are being targeted aggressively, as the cyber- criminals have apparently concluded that their defenses are weaker. ...
www.fiercecomplianceit.com/story/pain-small.../2010-06-24

Network Security has become increasingly important as companies both large and small are attacked by cyber criminals. This article will provide you information about network auditing and how you can use it to protect your business. ...
allIPTech.com - http://alliptech.com/

SMBs fighting back against cyber criminals, increasing security measures ... Small- and medium-sized business have been getting serious about their security ...
www.messagingarchitects.com/.../smbs-fighting-back-against-c...

While I suspect many small businesses still think their business is too small to be targeted – think again. Federal authorities have said cyber criminals ...
businessforums.verizon.net/t5/Small-Biz...to.../212497

Business · Personal Finance · Small Business · Tech ... Soccer fans are a big target for cyber crooks. Spam related to the FIFA 2010 World Cup has soared ... Symantec has also seen an increase in cybercriminals' use of phishing scams, ...
www.wkrn.com/Global/story.asp?S=12707644