iTWire - iTWire - Security iTWire - Technology news, trends, reviews, jobs Sat, 01 Nov 2014 19:11:18 +1100 Joomla! - Open Source Content Management en-gb Webroot with the lot for Pizza Hut Webroot with the lot for Pizza Hut

Increasing downtime due to malware led Pizza Hut to adopt Webroot's cloud-based security service.

When Pizza Hut's IT team realised that 20% of stores had suffered downtime because their POS systems had become infected with malware. In extreme cases, it took a full day to reimage the computers.

"This was an alarming figure because downtime in stores, especially during peak hours, means a huge risk in losing business and ultimately revenue," said Pizza Hut field systems analyst Ross Portas.

The incumbent signature-based security software was therefore found wanting, and extensive research led to a shortlist of two candidates.

{loadposition stephen08}Webroot's cloud-based approach to security, zero-day threat protection, low resource consumption, and journalling and rollback features led to a 10-day trial, which resulted in its adoption across all Pizza Hut franchises in Australia.

In the first three months of use, downtime was reduced by 80% and only occurred in one store.

With this 'set and forget' real-time, cloud-based security software, that keeps organisations protected in the background, Pizza Hut's IT team now has the flexibility and time to focus on improving other areas of the business," Portas said.

]]> (Stephen Withers) Security Thu, 30 Oct 2014 15:57:38 +1100
WD packs 6TB into Purple drive WD packs 6TB into Purple drive

WD's latest Purple disk drive for surveillance video storage has a capacity of 6TB.

WD has matched Seagate's recent announcement of a 6TB disk drive designed for storing surveillance video.

The WD Purple disk drive, designed for video surveillance applications, is now available in a 6TB version.

Company officials say they are suitable for use in systems with up to eight drives and 32 HD cameras.

{loadposition stephen08} The Purple series of drives incorporate WD's AllFrame technology for reduced video frame loss and to allow the use of more storage bays in one device.

They also feature IntelliSeek, which optimises seek speeds to reduce power consumption, noise and vibration.

"Video surveillance has long been a pioneering Internet-of-Things application. Driven by machine-to-machine interaction between high-resolution, high-bit-rate video cameras and high-capacity surveillance video recorders, IoT applications bring access and big data analytics to improve user's security," said WD storage technology group senior vice president and general manager Matt Rutledge.

"WD Purple 6 TB drives enable innovation in this fast growing market."

The new 6TB version costs US$329. Local pricing was not immediately available.

]]> (Stephen Withers) Security Tue, 28 Oct 2014 10:44:30 +1100
CA ups the ante in fraud detection with new release CA ups the ante in fraud detection with new release

CA Technologies has released its next generation Risk Analytics solution which it says will allow card issuers to reduce incidents of fraud and gain ‘unprecedented’ flexibility and control with their fraud detection systems.

CA vice president, solution strategy Asia Pacific & Japan, Vic Mankotia, says this latest version of the risk analytics solution incorporates “sophisticated, patent-pending behavioural neural network authentication models for assessing risk of online, card-not-present (CNP) transactions”.

“There is an increase in market demand for a more advanced CNP fraud detection strategy that goes beyond just comparing the current transaction to established fraud indicators,” Mankotia says.

“CA Risk Analytics considers both fraud patterns and legitimate transaction behaviour and tracks the pivotal players in a transaction, card or device for example.

{loadposition peter}“It estimates the risk of fraud using advanced machine learning techniques to understand normal behaviour for these pivotal players as well as the fraud risk related to deviation from past behaviours. This results in a more accurate assessment of which transaction to authenticate and helps stop fraud in CNP transactions.”

According to Mankotia, history shows that the continued global rollout of the EMV standard and the increasing distribution of Chip and PIN cards will result in an increase of CNP fraud attempts.

“Card issuers and merchants want a solution that improves fraud detection without increasing cardholder friction. CA Risk Analytics and its behavioural neural network models will result in ‘zero touch’ authentication that will instill a level of confidence and streamline the online checkout process.”

Key features and capabilities added to the latest version of CA’s Risk Analytics solution are:

•    Increased flexibility and control for the card issuer. Card issuers can instantly change score thresholds and policies at their discretion. This gives them more control over their business so they can adapt to market conditions, better handle staff fluctuations or deal with current events that may demand examining a higher or lower volume of transactions while still ranking the most risky first. Card issuers no longer have to rely on vendor-only control of their system settings

•    Reduced fraud with revenue and cost improvements. The neural network authentication models within CA Risk Analytics help improve the accuracy of detecting legitimate from fraudulent transactions. This helps to reduce fraud and increase revenue. Better accuracy in detection also helps manage the cost of transaction analysis

•    Better customer experience. Because the models in CA Risk Analytics can better detect legitimate customer behaviour, there is no need to add friction to the checkout process and challenge the consumer with additional authentication to prove their identity.

]]> (Peter Dinham) Security Mon, 27 Oct 2014 14:17:52 +1100
McAfee improves firewall integration McAfee improves firewall integration

McAfee pitches new version of its Next Generation Firewall stressing the benefits of integration with other security functions.

An updated version of the McAfee Next Generation Firewall features new integrations with the McAfee Security Connected framework for layered protection plus improved workflows and operational efficiencies.

The firewall takes advantage of endpoint information from McAfee ePolicy Orchestrator, reputation intelligence from McAfee Global Threat Intelligence, and realtime protection from McAfee Advanced Threat Defence.

Integration with McAfee Enterprise Security Manager allows continuous monitoring and alerting of compliance status.

{loadposition stephen08}Recent overseas research commissioned by McAfee found 43% of IT decision makers at large companies believe that point security solutions that don't share information can lead to threats going unnoticed, and 46% said siloed security also causes their IT departments to spend too much time manually discovering and remediating threats.

"Cyber security is a major concern for many Australian businesses, and it's our priority to provide simplified yet sophisticated Next Generation Firewall products to ensure their data is secure," said McAfee vice president and worldwide chief technology officer Mike Sentonas.

"McAfee's Security Connected vision and strategy resonates with organisations in Australia. The Next Generation Firewall release further enhances the value to local business by delivering an advanced network protection across the entire enterprise."

Dimension Data group general manager for security Neil Campbell said "Today our customers require network security solutions that can keep pace with the way advanced attacks are now orchestrated, all with minimal complexity and an affordable price tag.

"With its Security Connected framework, McAfee is aiming to address each of these requirements as it brings its entire ecosystem of security technologies together and now incorporates a true next generation firewall."

Image: Purple Slog [CC BY 2.0] via Flickr

]]> (Stephen Withers) Security Thu, 16 Oct 2014 15:43:51 +1100
UPnP failings implicated in DDoS attacks UPnP failings implicated in DDoS attacks

Akamai's Prolexic security operation has warned that home and office devices such as routers and media servers are being co-opted into distributed denial of service (DDoS) attacks.

DDoS attacks typically work either by running malware on large numbers of computers, or by tricking devices into sending floods of traffic to target systems.

Akamai's Prolexic Security Engineering & Response Team (PLXsert) has detected a new attack technique that subverts the UPnP protocols used on a wide range of home and office equipment, including routers, media servers, webcams, smart TVs and printers.

The idea behind UPnP is that it allows networked devices to discover each other and then provide and consume services. For example, a UPnP control point (perhaps an app running on a smartphone) might instruct a UPnP media server (perhaps running on a NAS device) to send a particular video file to a UPnP media renderer (perhaps a smart TV).

{loadposition stephen08}Or a program running on a computer might communicate with a router via UPnP to set up port mappings so that the program is reachable from outside the LAN.

PLXsert first detected DDoDS attacks using UPnP in July, and has been able to replicate this technique in its lab. They have since become more common.

Company officials say 4.1 million of the 11 million Internet-facing UPnP devices in use are potentially vulnerable to being used in this type of reflection DDoS attack.

"The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch," said Akamai security business unit senior vice president and general manager Stuart Scholly.

"Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat."

Page 2: What to do in the meantime?

While the real fix is to correct the shortcomings in UPnP software and firmware to prevent devices from acting as reflectors, Akamai suggests steps that can be taken to reduce the risk of devices being co-opted. These include blocking WAN-based UPnP requests to devices, and disabling UPnP services on devices where it is not a functional requirement.

And to reduce the risk of succumbing to this type of DDoS attack, administrators can block source port 1900 traffic to services that do not use UPnP.

Mr Scholly added "These attacks are an example of how fluid and dynamic the DDoS crime ecosystem can be.

"Malicious actors identify, develop and incorporate new resources and attack vectors into their arsenals.

{loadposition stephen08}"It's predictable that they will develop, refine and monetise these UPnP attack payloads and tools in the near future."

Scripts are circulating that scan ranges of IP addresses for potential target devices, and then to use them to carry out the reflection attacks.

One real-life attack of this kind intercepted by Akamai peaked at 54.35Gbps and 17.85 million packets per second.

Akamai's threat advisory is available here.

]]> (Stephen Withers) Security Thu, 16 Oct 2014 10:24:40 +1100
Webroot BrightCloud joins HP security range Webroot BrightCloud joins HP security range

HP's enterprise security products lineup is being bolstered with the addition of the Webroot BrightCloud IP reputation service.

One of the problems with BYOD - or company-issued mobile devices, for that matter - is the risk associated with user-installed apps exfiltrating sensitive data.

The Webroot BrightCloud IP reputation service takes advantage of the company's database of more than 11 million mobile apps to detect communication channels that malicious apps use to control or extract sensitive personal or business data.

From the end of this year, HP enterprise security customers will be able to subscribe to the service through HP.

{loadposition stephen08}"Teaming up with an industry leader like HP demonstrates the value of our threat intelligence services to greatly improve efficacy and proactively identify threats," said Webroot's vice president of enterprise and OEM sales Scott Merkle.

"By adding mobile threat IPs to our already industry leading IP reputation services, network security providers like HP can further enhance the detection of threats introduced by BYOD and the multitude of mobile devices connected to the enterprise network."

Image: Purple Sherbet Photography [CC BY 2.0] via Flickr

]]> (Stephen Withers) Security Wed, 15 Oct 2014 18:21:33 +1100
Keep an active eye on Active Directory changes with ADAudit Plus Keep an active eye on Active Directory changes with ADAudit Plus

A new version of ManageEngine's ADAudit Plus provides real-time notifications of critical changes made in Active Directory.

ManageEngine's ADAudit Plus is a real-time, web based Active Directory change reporting system.

The latest version provides administrators with real-time email alerts when critical and unauthorised changes are made to Active Directory.

ManageEngine product manager Balasubramanian Palani said "ADAudit Plus real-time change monitoring and notification is like installing a surveillance camera inside a domain controller and designating an acute observer, who knows well the impact of every change, to man it 24x7.

{loadposition stephen08}"The tool's built-in and configurable alerts fire the moment some critical change is detected, which provides administrators all the head start required to successfully preclude an intrusion or remediate an untoward change."

ADAudit Plus is available in standard (from US$495) and professional (from US$795) professional editions.

The software can be downloaded here and used for 30 days without payment.

]]> (Stephen Withers) Security Wed, 15 Oct 2014 16:56:27 +1100
Licensing issues unlikely to have delayed Apple Bash fix Licensing issues unlikely to have delayed Apple Bash fix

The likelihood that Apple delayed releasing a fix for the recent remotely exploitable vulnerability in Bash due to licensing issues is low, according to the executive director of the Free Software Foundation.

In the wake of the disclosure of the bug and Apple's tardiness in releasing a fix, the website Arstechnica had speculated that this was due to licensing issues: earlier versions of Bash were released under the GPL version 2 while the later versions, including the current one, are under the GPL versions 3 which has much stricter pro-user terms.

While practically all Linux distributions patched the bug within days, Apple, which has dozens of times the resources that free software projects have, took nearly a week to do so.

John Sullivan told iTWire: "I don't think that premise (the one advanced by Arstechnica) is valid, because the Bash maintainer also released patches for older versions of Bash. All Apple would have needed to do is apply them.

{loadposition sam08}He added: "But it is generally correct to say that they would not have been able to take patches to a GPLv3-covered work and distribute them or derivatives of them under GPLv2."

Asked what were the main differences between the two licences that led, for example, to Apple dropping Samba from its operating system, Sullivan responded: "I don't know why Apple made this specific bad decision. I don't have any firsthand evidence that they made it because they object to GPLv3.

"I do know, of course, that Apple aggressively uses DRM to prevent users from modifying the software running on their own devices. GPLv3 protects users from this aggression, and so Apple may be afraid of that. Apple is also a major software patent aggressor, and GPLv3 has stronger protections for users and developers against that as well."

Image: courtesy Pixabay

]]> (Sam Varghese) Security Fri, 10 Oct 2014 11:12:12 +1100
Bash bug: Oracle issues 16 patches, investigating other products Bash bug: Oracle issues 16 patches, investigating other products

Oracle Corporation has issued fixes for vulnerabilities in 16 of its products that are affected by the Shellshock vulnerability in Bash that came to light last month.

The bug was discovered by security researcher Stephane Chazelas on September 24. After it was made public, a number of additional vulnerabilities were found in the terminal application which was created by the GNU Project back in 1980.

According to information at Oracle's website, a further 42 products "are using Bash in at least one version of the product and thus are likely subject to CVE-2014-7169 and that do not have fixes available."

The company said its Global Product Security division had determined that a further 108 products did not include Bash in their initial distribution and therefore should not be vulnerable.

{loadposition sam08}Apart from these, a further 17 products are being investigated to find out if they are in any way vulnerable.

With reference to Oracle Cloud, the company said it was investigating and would continue to provide fixes for affected products and services "as soon as these fixes have been fully tested and determined to provide effective mitigation".

]]> (Sam Varghese) Security Wed, 08 Oct 2014 17:36:54 +1100
Many Cisco products affected by Bash vulnerability Many Cisco products affected by Bash vulnerability

Networking giant Cisco has identified a total of 88 products which it sells that are vulnerable to the Bash bug that was made public on September 24.

The bug was discovered by security researcher Stephane Chazelas. After it was made public, a number of additional vulnerabilities were found in the terminal application which was created by the GNU Project back in 1980.

In its advisory, Cisco said the vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell was invoked. "The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers," it added.

It added that all versions of GNU Bash, starting with version 1.14, were affected and the specific impact was determined by the characteristics of the process using the shell.

{loadposition sam08}"In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, authentication is required before exploitation could be attempted," the advisory said.

Vulnerable products fall into the categories of: hosted services; video, streaming, telepresence, and transcoding devices; voice and unified communications devices; unified computing; routing and switching - enterprise and service provider; network management and provisioning; network and content security devices; network application, service, and acceleration; Meraki Products; and collaboration and social media.

Cisco said another 120 products had been confirmed not to be vulnerable. A further 113 products were being investigated.

"Cisco is currently investigating its product line to determine which products may be affected and the extent of the impact of the vulnerability on its products. Additional Cisco products will be added as the investigation progresses," the advisory said.

"Customers interested in tracking the progress of any of the following bugs can visit the Cisco Bug Search Tool to view the defect details and optionally select Save Bug and activate the Email Notification feature to receive automatic notifications when the bug is updated."

]]> (Sam Varghese) Security Fri, 03 Oct 2014 16:23:54 +1000