IoT Security: What to Expect as a Vendor When Joining the Connected World

Published on 07/31/15 02:30PM

Threats, Internet of Things

... or lessons to learn from Fiat Chrysler Automobiles (FCA)'s recent mistakes

Many vendors are now adding Internet connectivity to their products, adding more features and enabling the device to send information back to them. Unfortunately, for the vendors who never developed connected products before, these additions also carry a greater risk of having a high-impact security vulnerability in their products. Case in point: the vulnerability recently discovered in the wireless service (Uconnect) of a Jeep Cherokee, which affects several connected cars by Fiat Chrysler Automobiles (FCA) and resulted in recalling 1.4M vehicles. The researchers who discovered it showed how this security flaw could enable hackers to take control over the car’s brakes, engine and electronic equipment.

Read More

Bitdefender OEM & Libraesva: Allies in the Fight against Email Security Threats

Published on 07/21/15 09:06AM

OEM Business, Network Security, Technology, News

Read More

Mobile Application Security: Soon Enough, Hackers’ Attack Vector of Choice

Published on 07/10/15 03:30PM

Mobile Security, Technology

… but overlooked by app developers and enterprises alike

Recently, the Bitdefender Research team found a security flaw in Instapaper. The popular Android app allows users to save and store articles for reading, particularly when they’re offline, on the go, or don’t have Internet access. Users have to create an account to be able to check notes, liked articles or access other options. The vulnerability discovered lies not in how the app “fetches” content from the web, but in the fact that it doesn’t perform any certificate validation. This opens the door for man-in-the-middle attacks [1]  that could allow an attacker to use a self-signed certificate, start “communicating” with the app, and collecting authentication credentials. Such an attack could have serious consequences, especially for those who use the same password for multiple accounts – they could have several accounts hacked into. 

Read More

Spammers Getting More Clever – An Analysis of Recent Spam Attacks

Published on 06/25/15 08:29AM

Threats, Network Security, Technology

There are many ways a spammer can infect a device with malware and capture confidential or banking information or sell counterfeit drugs, luxury items or software. A few years ago, spammers would register fictitious email accounts with many different webmail services to send spam messages which would capture private information or make victims partake in affiliate scams. As antispam companies became more proficient in identifying unsolicited messages through email domains and IP addresses, spammers began to use more clever techniques. An example is the so-called snowshoe spamming, in which spammers scatter their messages across a wide range of IPs and domains, in order to blur domain reputation metrics and evade filters. Recent years have seen a rise in snowshoe spam, but while this type of spam fits into a pattern, the way it’s executed may vary from one spam wave to another.

Read More

11 Frequently Asked Questions About Malware Botnets – Answered!

Published on 06/20/15 08:30AM

Threats

Or why using the Command and Control (C&C) server ban lists will not help with security.

If the malware botnet concept is a bit blurry to you, this article will surely clarify things. Without further ado, here are 11 frequently asked questions about malware botnets: 

Read More

InfoSecurity Europe 2015. The Big Security Picture.

Published on 06/09/15 02:30PM

OEM Business, Technology

 

Being my first year at Infosecurity Europe (Infosec), I cannot compare it with previous editions. 

But the feedback I received from exhibitors and attendees alike in regards to content, networking opportunities and the new venue (Olympia London) was very positive. Although official numbers are still not in yet Malcolm Wells, Exhibition Manager @ Infosecurity Europe, informs us that numbers are up on 2014. So congratulations to the Infosec team on their 20th event anniversary, and in regards to the bigger numbers this year. However, when I review the 3-day event, I don’t think big numbers, I think big picture.

Read More

Mobile Malware: Reinventing the Wheel or Not?

Published on 06/04/15 02:30PM

Threats, Mobile Security

Mobile is everywhere, no pun intended. At a security conference I attended recently, one of my colleagues humorously quoted Jules Winnfield, played by Samuel L Jackson, from Pulp Fiction by saying “Say mobile again, I dare you, I double dare…”

It’s true: it’s ubiquitous and unavoidable. And for plenty of good reasons. For example, Gartner stated this year that Android alone “surpassed a billion shipments of devices in 2014, and will continue to grow at a double-digit pace in 2015, with a 26 percent increase year over year”. It’s forecasted to surpass the 1.5 billion by 2016.

That type of volume and usage draws a lot of attention – both “good” and “bad” – as it clearly demonstrates a huge and growing market space, with possibly a lot of unexplored business opportunities. When it comes to bad news, it generally travels fast. So when we look at attacks and hacks in the mobile space, there is more than a lot of expectation, at least within certain sectors, to see how this market is and will evolve: who will be the main players, what will be the plays etc.

Read More

Ransomware Dominates the Current Security Threat Landscape. Most Likely, Its Future Too!

Published on 05/28/15 10:24AM

Threats, Endpoint Security

Lately, the security threat landscape has been undergoing some changes. No, we’re not talking about new types of malware spreading and ravaging end-users’ computers. We’re talking about a “shift in focus” in cybercriminal activity, influenced heavily by the latest trends in online payments.

If a few years ago, the popular way to make money using malware was creating (and deceiving people into downloading) FakeAVs, now the bad guys are focusing on Ransomware. And there are two main reasons for this focus shift:

Read More

How Important Are False Positives in Measuring the Quality of an Antimalware Engine?

Published on 05/21/15 11:35AM

OEM Business, Endpoint Security, Technology

Antivirus false positives are not always attributed the importance they deserve.

Picture this scenario: you download a program from a legitimate source and when you try to install it, your antivirus stops you saying it’s potentially malicious. What do you do?

Read More

Why IoT Security Will Be a Nightmare for Everyone

Published on 05/08/15 02:00PM

Technology, Internet of Things

The Internet of Things (IoT) seems to be about innovation, about developing new cool, exciting “things” that nobody has done before – developing them fast, bringing them to the market with high speed. And people developing these things do understand the importance of security. Even for a small thing such as a wireless-controlled lamp, a user wouldn't want any neighbor kid to control it. However, as the 2014 Blackhat/Defcon showed[1], a number of those devices have rather inadequate security and could be easily broken into. So why exactly does this happen?

Read More