Malwarebytes Anti-Exploit – new freeware protects against browser attacks better than your anti-virus will

May 16, 2014 – 5:51 AM

It’s a big bad world out there, and we’re pretty sure it’s not going to change any time soon. We’re talking specifically about malware, drive-by exploits and the like, because these attacks seem to be on the rise, and it’s kind of disconcerting.

Good then to see some tools start to appear, especially ones which are geared to the kind of exploits that your typical anti-virus won’t catch. We’re looking at you zero day exploits! The new Malwarebytes Anti-Exploit comes from a pretty good stable, the company started out supplying anti-rootkit advice and tools, and has gone from strength to strength.

The free software is in beta at the moment, so expect a few glitches, but it’s designed to protect not just all the main browsers, but also key vulnerable software applications such as MS Office and Adobe Acrobat etc. We’re not given any details of how it performs its magic, but it apparently just sits there in the background monitoring your system to make sure things stay nice and friendly while you surf and work.

It’s hard to test this kind of stuff, but the company helpfully gives a couple of demo files to use here, which demonstrate the program in action. Very reassuring (assuming they’re not just rigged to trigger an alert box). Definitely worth adding to the toolbox we think.

Source:
http://www.redferret.net/?p=44174

Urgent Security Update Regarding Your Bitly Account

May 8, 2014 – 9:09 PM

We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission. For our users’ protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts. 

We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.

Source:
http://blog.bitly.com/post/85169217199/urgent-security-update-regarding-your-bitly-account

Your Android phone viewed illegal porn. To unlock it, pay a $300 fine

May 7, 2014 – 5:39 PM

Researchers have uncovered Android-based malware that disables infected handsets until end users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography.

To stoke maximum fear, Android-Trojan.Koler.A uses geolocation functions to tailor the warnings to whatever country a victim happens to reside in. The screenshot to the right invoking the FBI, for instance, is the notice that’s displayed on infected phones connecting from a US-based IP address. People in Romania and other countries will see slightly different warnings. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone. The normal phone functions in some cases can be restored only when the user pays a “fine” of about $300, using untraceable payment mechanisms such as Paysafecard or uKash.

The discovery of Koler.A comes 18 months after researchers from Symantec found that so-called ransomware extorts an estimated $5 million a year from users of traditional PCs. Ransomware refers to malware that disables computers and demands that cash payments be paid to purported law-enforcement agencies before the machines are restored. More recently, ransomware scammers upped their game by building strong cryptography into malware, known as Cryptolocker, that holds entire hard drives hostage until end users pay a Bitcoin ransom of $300.

Source:
http://arstechnica.com/security/2014/05/your-android-phone-viewed-illegal-porn-to-unlock-it-pay-a-300-fine/

Antivirus is Dead: Long Live Antivirus!

May 7, 2014 – 5:39 AM

An article in The Wall Street Journal this week quoted executives from antivirus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.

This hardly comes as news for anyone in the security industry who’s been paying attention over the past few years, but I’m writing about it because this is a great example of how the cybercrime underground responds to — and in some cases surpasses — innovations put in place by the good guys.

About 15 years ago, when the antivirus industry was quite young, there were far fewer competitors in the anti-malware space. Most antivirus firms at the time had a couple of guys in the lab whose job it was to dissect, poke and prod at the new crimeware specimens. After that, they’d typically write reports about the new threats, and then ship “detection signatures” that would ostensibly protect customers that hadn’t already been compromised by the new nasties.

This seemed to work for while, until the smart guys in the industry started noticing that the volume of malicious software being released on the Internet each year was growing at fairly steady clip. Many of the industry’s leaders decided that if they didn’t invest heavily in technologies and approaches that could help automate the detection and classification of new malware threats, that they were going to lose this digital arms race.

Source:
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

Password management done right

May 6, 2014 – 5:53 PM

David Sancho, senior threat researcher with Trend Micro, has recently written a short but good post in which he pointed out the reasons why despite their inherent insecurity, passwords are here to stay.

Among the advantages they offer are the fact that they can be used straight away, and that they are a good alternative to tying yourself to a specific authentication token, smartphone or location (and all the problems that might arise from that – lost devices, dead batteries, etc.).

He ended his post by giving advice to users on how to choose strong passwords, encouraged them to start using software for managing them, and finally, to use two-factor authentication where possible.

The adoption of the latter is not happening fast enough – whether because many services don’t offer the option, or users are simply not taking advantage of it where it exists – and instructions on how to create strong passwords often falls on deaf ears, so people like Lance James, head of Cyber Intelligence at Deloitte & Touche, are toying with some ideas that would force users to change their password-picking habits.

“One thing I’ve learned about humans is that in most cases, they will take the path of least resistance when it comes to change management, and only when applied pressure (road block is a nice way of putting it) or a reward is offered does this usually disrupt this path,” he recently noted in a blog post.

“We spend a lot of time telling the user to ‘do this because security experts advise it, or it’s part of our policy’ but we don’t really provide an incentive or an understanding of why we tell them to do this. Well humans are programmable, and the best way to see the human brain is to look at it like a Bayesian network. It requires training for it to adapt to change, and repeated consistent data to be provided.”

His proposed solution – described as “Pavlovian password management” – is to create a system that would allow users to choose weak passwords, but would penalize them by making them expire in a few days.

Source:
http://www.net-security.org/secworld.php?id=16808