PowerShell threats surge: 95.4 percent of analyzed scripts were malicious

by Candid Wueest

Malicious PowerShell scripts are on the rise, as attackers are using the framework’s flexibility to download their payloads, traverse through a compromised network, and carry out reconnaissance. Symantec analyzed PowerShell malware samples to find out how much of a danger they posed.

Of all of the PowerShell scripts analyzed through the BlueCoat Malware Analysis sandbox, 95.4 percent were malicious. This shows that externally sourced PowerShell scripts are a major threat to enterprises.
» Read more

Automating Cloud Security to Mitigate Risk

by Dave Shackleford

As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. This paper explores the potential security challenges enterprises face as they migrate to any kind of cloud setup and offers guidance to ensure a smooth migration to new solutions.
» Read more

Shamoon: Back from the dead and destructive as ever

by Semantec Security Response

Shamoon (W32.Disttrack), the aggressive disk-wiping malware which was used in attacks against the Saudi energy sector in 2012, has made a surprise comeback and was used in a fresh wave of attacks against targets in Saudi Arabia.
The malware used in the recent attacks (W32.Disttrack.B) is largely unchanged from the variant used four years ago. In the 2012 attacks, infected computers had their master boot records wiped and replaced with an image of a burning US flag. The latest attacks instead used a photo of the body of Alan Kurdi, the three year-old Syrian refugee who drowned in the Mediterranean last year.
» Read more

Avalanche malware network hit with law enforcement takedown

by Semantec Security Response

The Avalanche malware-hosting network has been dealt a severe blow following the takedown of infrastructure used by at least 17 malware families. The takedown operation, which was a combined effort by multiple international law enforcement agencies, public prosecutors, and security and IT organizations including Symantec, resulted in the seizure of 39 servers and several hundred thousand domains that were being used by the criminal organization behind the Avalanche network.
» Read more

Detecting Incidents Using McAfee Products

by Lucian Andrei

Modern attacks against computer systems ask for a combination of multiple solutions in order to be prevented and detected. This paper will do the analysis of the capacities of commercial tools, with minimal configuration, to detect threats. Traditionally, companies use antivirus software to protect against malware, and a firewall combined with an IDS to protect against network attacks. This paper will analyze the efficacy of the following three combinations: antivirus, antivirus plus host IDS, and antivirus combined with a host IDS plus application whitelisting in order to withstand application attacks. Before doing the tests we predicted that the antivirus will block 20% of the attacks, the HIDS will detect an additional 15%, and McAfee Application Control will protect at least against 50% more of the attacks executed by an average attacker using known exploits, without much obfuscation of the payload. The success of defensive commercial tools against attacks will justify the investment a company will be required to make.
» Read more

Mobile Device Management

by Michelle Sellers

Mobile device management is an important topic for companies considering the use of a mobile device policy.  There are several vulnerabilities that can be caused from outside sources, not to mention vulnerabilities that come from the inside. McAfee, a leader in antivirus is reporting that the top cyber threats for 2014 are attacks on mobile devices (Gormisky, n.d.). A mobile device that has been attacked can compromise corporate data. Companies need to do the research involved in securing mobile devices before accepting the possibility of “bring your own device” to the workplace.

» Read more

Future Privacy and Security Controls

by Michelle Sellers

Technology is moving so quickly, it’s difficult to keep up with the security features that are needed to keep it secure. As a result; after a tool, device, or software are released, there is usually a security patch or several security patches that follow to secure it. Sometimes this security comes a little too late.

The future of technology is heading more towards mobility and ease of use. Employers want their employees to be able to work from anywhere and at any time. The problem with this is that with mobility and ease of use; also come security issues that need to be considered for better privacy and security controls.

» Read more

Active Defense Through Deceptive Configuration Techniques

by Nathaniel Quist

Honeypots are making a profound impact in the security world. Their ability to infer information about an attacker’s Tactics, Techniques, and Procedures (TTPs), allow defenders to configure their defenses to respond to emerging threats, capture 0-Day exploits, and identify malicious users within a network.
» Read more

Is The Security+ Still Worth It?

by Michelle Sellers

The Facts
The Security+ Certification was released in December 2002. The objectives were derived through input from industry, government and academia, a job task analysis, a survey of more than 1,100 subject matter experts and a beta exam with responses from subject matter experts around the world. The test questions were written by IT security professionals, so you can be assured of their relevance. It turns out to be a structured certification program that attempts to fill the gap for trained information security professionals. Since 2002 there have been approximately 10,000 CompTIA Security+ certified professionals in 112 Countries.
» Read more

1 2