DoNotTrackPlus Keeps your information in Control

February 22nd, 2012 Mourad Ben Lakhoua

Protecting your online privacy is very important, if you are browsing internet you will be tracked at each website with different plugins and scripts. If you are looking to stop tracking your navigation you can use do not track plus.

Do not track plus is a free extension that you can install at almost any browsers including Chrome, Firefox, Safari, and Internet Explorer. Many people ignore the idea that they can use some simple ways to protect their privacy, but it is always possible if you consider this small utility.

Here you can find a video demonstration for the tool.

You can have the tool at the official website.

Share

37 More Malicious Apps Reported at the Android Market

February 21st, 2012 Mourad Ben Lakhoua

After reporting several malicious cases trend micro alert about more than 37 malicious applications at the Android market, these malicious games are called “fan apps,” which a kind of application that claims to be original one but after executing the app victim will have a message that the game not yet released.

This message is widely used to keep the malicious program running on the background while user will continue to search for the game. A screenshot for Trend Micro shows that the 37 applications are leading to dead links such as adding ‘e’ for Google to have the following URL (www.googel.com) this is a nice trick to avoid detection by Google so no reaction will be made to remove these application.

Facebook as social network is a good way to promote not only blog posts but malwares as victim will be notifying all friends about the malicious application. That’s not all as the Trojan will be gathering sensitive information to send them to remote server this includes: OS version, International Mobile Equipment Identity (IMEI), and phone number.

Those information are important and sensitive, a criminal can easily use them to send SMS spams and advertisement, the kind that we receive usually ‘hey you’ve just been Pre-Selected to Win a 1000$ please call this number to have your money’.

This malware Trend Micro detect them as ANDROIDOS_FAKEAPP.SM while the case has been reported to Google and applications are obviously removed from Android Market.

Source: http://blog.trendmicro.com/fan-apps-now-spreading-on-the-android-market/

Share

Peepdf Utility for Analyzing Malicous PDF

February 20th, 2012 Mourad Ben Lakhoua

PDF files are used on many web resources and if we look at malwares we find that attackers always choose to include their malicious JavaScript’s in pdf files. This will help them to hide their malcode, and it can infect thousands of online document readers. This is beside the number of vulnerabilities in third party applications such acrobat adobe reader.

If you are looking to analyze a suspicious PDF file you can check peepdf, a python based utility that can help malware analyst to find suspicious component in any pdf file. The usage is pretty simple by running the following command:

./peepdf.py [options] PDF_file

By using peepdf you will find the MD5 signature information, size, version, if the file is encrypted, different file objects, suspicious elements, file streams, objects with JavaScript code and more.

Here if you are using Acrobat reader than it by default allows Java script execution, there is no need to keep this settings so you need to deactivate this functionality as the following screenshots:

Screenshot for Adobe JavaScript Settings (click to enlarge)

Screenshot for Adobe JavaScript Settings disabled (click to enlarge)

You can read more details about peepdf tool on the official website.

Share
News11

Infosec Weekly Radar , February 13 – 19 ,2012

February 19th, 2012 Mourad Ben Lakhoua

Eircom Study Hub Breached

Eircom one of the major teleco operators in Ireland have been faced by a cyber-attack where hackers managed to get 8,404 users credential for Studyhub servers, Brian Honan have released a blog post about the SQL injection attack and ways to mitigate their risk.

“If this breach is the result of an SQL Injection attack then it is disappointing as this attack vector has been known about for many years and indeed has been the source of many other well publicised breaches.”

http://bhconsulting.ie/securitywatch/?p=1188

CISSP Reloaded Domain 3 – Telecomms and Network Security

@J4vv4d continues the series of CISSP review with a new post for the third domain about network and telecommunication security, over this post he takes us in a journey at the OSI layers and protocols including TCP/UDP and more very interesting post not to be missed.

by far the most daunting of domains when I first picked up the book all those years ago. Network security is so important yet because it’s complex, a lot of companies end up doing it wrong. It’s complex because not as many people ‘properly’ understand the security implications of the network and also because most companies don’t even know what their network comprises of. “

http://www.j4vv4d.com/?p=454

Anonymous Takes Down NASDAQ Site with DDOS Attack

Websites of exchange operators Nasdaq and BATS have been attacked by hackers over the last 24 hours, causing ongoing disruptions for those trying to use the sites. Sites was down because of distributed denial-of-service attack from a group of Anonymous hackers.”

http://thehackernews.com/2012/02/anonymous-hackers-target-nasdaq-website.html

Attempted Cyber-Attack on Bank Hapoalim

 “Israel’s Bank Hapoalim reported an attempted cyber-attack from Iran on their systems on Thursday. Bank officials said the attack was foiled by extant security measures and that the hackers failed in their mission.

Security officials traced the Bank Hapoalim attack from servers in Iran, but noted the Iranian server farm could have simply served as a proxy for hackers elsewhere allowing them to hide their tracks.

http://www.israelnationalnews.com/News/News.aspx/152866

Computer spyware is newest weapon in Syrian conflict

” In Syria’s cyberwar, the regime’s supporters have deployed a new weapon against opposition activists — computer viruses that spy on them, according to an IT specialist from a Syrian opposition group and a former international aid worker whose computer was infected.”

http://edition.cnn.com/2012/02/17/tech/web/computer-virus-syria/index.html

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share

GFI Languard Real Solution for Corporate Security

February 19th, 2012 Mourad Ben Lakhoua

Today it is hard to believe that a company do not allow internet access to its employee,  Internet access is required for sending emails and complete some complicated tasks, but on the other hand this open a window for attacking local system by hackers or malwares.

Being prepared and secured goes over having the latest security patches on all LAN systems, and this add the requirement for having new modern component that will help security administrators in following all hosts and servers.

Screenshot for GFI Languard dashboard (click to enlarge)

GFI Languard is one of the leading network security vulnerabilities and patch management solution that will help security managers get the latest statistics and vital information about all network component. Languard can provide you the following:

Patch Management

After scanning the network you will have a list of all discovered systems with information about application installed version, the Languard will make your patch tasks simple by only applying the required updates.

Here even if you have latest update for operating system many security reports are alerting about third party applications such as Adobe pdf reader, Firefox browser or even VoIP applications, and after installing most of these apps it is hard to find a software that will provide an automated update functionality, this makes Languard the first and best solution for automating those complicated tasks.

Network and software audits

Usually configurations on your local area network may change as there is a requirement, someone looking to open a certain port on the Firewall, other is looking to disable his antivirus for a predefined period.

After approving this operation you can use Languard to conduct a periodic audit on the network that will alert you about policy restriction and allow you to keep this approved action only for the predefined period. So for example after this audit you will find that there is an open port on the firewall, to have more constant visibility on your network and take action by blocking the port or keep it for next period.

Inventory assessment

Just as any company regardless of its size they have a yearly inventory to check that all devices are in place on your network. Here if you have a problem or a device not working you will be notified by Languard and you can at this point report the problem or make the required action.

Some companies have hundreds of hosts, servers, switches or devices. And this is going to be important if you find a problem in a real-time to act in a time record.

Vulnerability Assessment

Having a vulnerable system will allow any user to attack the local network, so Languard will check password security level, devices firmware versions, severs and applications version and if there is vulnerability an upgrade will be downloaded and a patch will be applied.

For passwords it will notify users and administrator about type of password used and as a result user can or admin will change it according to the predefined security policy.

Conclusion

Whether you have a small size network or a large one GFI Languard is important as providing internet to your employee, this will make your IT team more organized, not running across your company, and having the timely reaction to protect your local and wide area network. You can read our previous review for GFI Languard.

Source: http://www.gfi.com/network-security-vulnerability-scanner

Share

Windows Protection Master is a Fake Virus Alert

February 18th, 2012 Mourad Ben Lakhoua

Windows protection master is a new reported fake antivirus that can infect your computer to start some alerts that it contains spyware, Trojan-Spy, NetTool, PSWTool and more. Such alerts will scare victim and make him purchasing a full license for this software.

windows protection master Screenshot for the Windows Protection Master (click to enlarge)

Besides detecting these malwares the software will pop-up some unusual notifications to make victim confident that this software is an essential one for his safety:

Warning! Identity theft attempt detected.

Error Keylogger activity detected.

Torrent Alert. Torrent link detected!

Well this will get the user struggling and he will start to look for a solution, as you can see that the malware goes up to SOPA to help victim in encrypting the torrent traffic. This is a very modern and highly sophisticated malware. It is important that you never believe similar notifications.  Apply all the required safety rules:

  • Make sure that you have all applications and system updates.
  • Never open emails attachments from suspicious sources
  • Use the low privilege rights on your system to avoid executing any malicious software
  • Make sure to have security software with latest definition and auto scan enabled.

Source: http://deletemalware.blogspot.com/2012/02/remove-windows-protection-master.html

Share
person-computer

CoreTrace BOUNCER Advanced Endpoint security Product

February 17th, 2012 Mourad Ben Lakhoua

New video demonstration have been released by CoreTrace about how to stop Reflective Memory Injection attack that provide attacker a full control on victim machine, Tools used in the demo is Metasploit on attacker side machine and windows XP operating system on victim computer.

As always technique used to execute the malicious script on victim side is the web browser, This can be easily done by some social engineering technique to allow attacker get an open session on victim computer.Here CoreTrace suggest to protect users by an innovative application called BOUNCER.

“BOUNCER is the most secure application whitelisting solution designed for the real people that use it. We know that simply locking down endpoints from executing unauthorized applications isn’t enough. Application whitelisting solutions must be designed for intuitive administration and be as transparent as possible to the end users it protects. BOUNCER does just that. Provide security, visibility, and control with the user at the center of all design considerations.

Very interesting demo by Greg Valentine.

Source: http://www.coretrace.com/products/BOUNCER_by_CoreTrace/default.aspx

Share
« Older Entries
Twitter Delicious Facebook Digg Stumbleupon Favorites More
Powered by WordPress | Designed by: Best SUV | Thanks to Toyota SUV, Ford SUV and Best Truck