Everyth1ng Y0u Kn0w Ab0ut P@ssw0rds 1s Wr0ng

Everyth1ng Y0u Kn0w Ab0ut P@ssw0rds 1s Wr0ng

Read more »

New router-based solution protects home IoT devices

As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.

German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.

SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.

"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."

SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.

The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.

A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.

It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.

"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.

You can find out more on the Avira website.

Image Credit: lucadp / depositphotos.com

via betanews

Read more »

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: this flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.

"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.

But because Vanhoef hasn't released any proof-of-concept exploit code, there's little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.

The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.

Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.

At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.

In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.

Windows and latest versions of Apple's iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.

However, Vanhoef said the security issue is "exceptionally devastating" for Android 6.0 Marshmallow and above.

via zdnet

Read more »

Sophos continues to work at protecting customers from the WannaCry ransomware attack – here’s what you need to know.

Sophos continues working to protect customers from the WannaCry ransomware attack. That effort has been successful, but we continue to receive many questions about how this attack happened, what we must do to defend our organizations, and, of course, what’s next?

This article is designed to answer those questions.

What happened?

A fast-spreading piece of ransomware called Wanna (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r and Wana DeCrypt0r) held computer systems hostage around the globe Friday. National Health Service hospitals (NHS) in the UK was hit hard, with its phone lines and IT systems being held hostage. From there, the attack spilled across the globe.

It encrypted victim’s files and changed the extensions to: .wnry, .wcry, .wncry and .wncrypt. It then presented a window to the user with a ransom demand:

Analysis seems to confirm that the attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers. It uses a variant of the ShadowBrokers’ APT EternalBlue Exploit (CC-1353). It also uses strong encryption on files such as documents, images, and videos.

This was different from past ransomware attacks. Why?

There were some unique aspects to the WannaCry attack. Typical ransomware infections happen after the victim clicks on a malicious email attachment or link. In this attack the malware was able to exploit a remote code execution (RCE) vulnerability that allowed it to infect unpatched machines without users having to do anything.

Because of that, this was able to spread in the same rapid fashion as the worm outbreaks common a decade ago, such as Slammer and Conficker.

Specifically, WannaCry exploited a Windows vulnerability Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.

Organizations running older, no-longer-supporter versions of Windows were particularly hard hit. In fact, Microsoft took the highly unusual step of making a security update for platforms in custom support (such as Windows XP) available to everyone. The software giant said in a statement:

We know some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download here.

Is this over?

Unlikely. With the code behind Friday’s attack in the wild, we should expect copycats to cook up their own campaigns in the coming days to capitalize on the money-making opportunity in front of them. We also expect aftershocks Monday as employees at affected company’s who weren’t there Friday return to work and fire up their computers.

What is Sophos doing to protect customers?

Sophos continues to update protections against the threat. Sophos Customers using Intercept X and Sophos EXP products will also see this ransomware blocked by CryptoGuard. Please note that while Intercept X and EXP will block the underlying behavior and restore deleted or encrypted files in all cases we have seen, the offending ransomware splash screen and note may still appear.

Is there anything I need to do?

You’ll want to ensure all of your Windows environments have been updated as described in Microsoft Security Bulletin MS17-010 – Critical. Microsoft is providing Customer Guidance for WannaCrypt attacks. As noted above, Microsoft has made the decision to make the Security Update for platforms in custom support only — Windows XP, Windows 8, and Windows Server 2003 — broadly available for download:

Windows Server 2003 SP2 x64	Windows Server 2003 SP2 x86
Windows 8 x64	Windows 8 x86
Windows XP SP2 x64	Windows XP SP3 x86	Windows XP Embedded SP3 x86

As we always say, patching is critical. For Sophos customers, keep checking the Wana Decrypt0r 2.0 Ransomware Knowledge Base where we’ll be issuing updates.

via sophos

Read more »

Antivirus for Linux

Overview

Linux is considered to be more secure than other operating systems. However, it’s increasingly a target of attackers, as Linux systems are used for critical roles like developer workstations, web servers and internal file servers. In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux machines can also become distribution points for Windows, Mac, and Android malware.

Sophos Antivirus for Linux provides superior on-access, on-demand, and scheduled scanning for Linux servers and desktops. It delivers excellent performance, stability, and reliability to a wide range of Linux distributions.

Features

Effective and secure
The Sophos Antivirus engine effectively detects and cleans viruses, Trojans, and other malware. In addition to sophisticated detection-based on advanced heuristics, Sophos Antivirus for Linux uses Live Protection to look up suspicious files in real time via SophosLabs.

To prevent the Linux machine from becoming a distribution point, Sophos Antivirus for Linux also detects, blocks, and removes Windows, Mac, and Android malware.

Detects and blocks malware with on-access, on-demand, or scheduled scanning
Sophos Antivirus for Linux ensures efficient on-access scanning using either the TALPA Filesystem Interceptor or the Fanotify library. On-demand and scheduled scans are also available. Scanning can be configured for local and network drives.

Excellent performance, low impact
Sophos Antivirus for Linux is continually tuned for the best performance. The lightweight agent keeps your Linux boxes secure without slowing them down. Protection updates are small—typically under 50 KB—so updates are easy on your network and your Linux machines.

To optimize performance, you can also configure exclusions using directories, file names, and wildcards.

Extensive platform coverage 
Sophos Antivirus for Linux provides pre-compiled support for a wide range of Linux distributions and kernels, including 64-bit versions.

Have a customized Linux installation? Not a problem. Sophos Antivirus for Linux supports customized Linux distributions and kernels.

via Sophos

Read more »

Apps to secure any Android phone or tablet: 6 best cheap and free Android security apps

Like Windows before it, the 'open' and widely popular Android system from Google has a weak security system that makes it prone to infection from dangerous malware. We reveal the best six anti-virus apps for Android as lab-tested by malware specialists AV-Test, and also investigate which are more reliable in their other security functions. (See also: Best Android apps.)

Best Android antivirus

The idea of installing security software on an Android smartphone might seem like overkill, but there are plenty of good reasons to consider doing so.

Anyone – fraudsters included – can submit apps to the Google Play Store without pre-approval, and apps can also be downloaded and installed from a wide range of other sources. That means Android users face a greater element of risk than those with iPhones or Windows Phone handsets, who can only install apps that have been properly pre-vetted for safety.

The more open nature of the Android operating system makes it more susceptible to the kind of malware that we've grown accustomed to dealing with on Windows PCs. Although the scale of the Android malware problem isn't yet as bad as it is on Windows, it remains a threat all the same. The security software test lab AV-TEST [www.av-test.org], has no fewer than 1.8 million different pieces of Android malware in their database – malware that is typically used to steal your valuable personal data from your phone without your knowledge.

Yet, even if you're careful about what apps you install or which websites you visit, there are other strong motives for installing a security suite. Such security apps routinely include anti-theft features, for example. Contrary to the name, they won't prevent theft but they may allow you to lock or wipe the data from your stolen handset. Some even include features that allow you take photos or audio recordings of the thieves. If you've merely left the phone lying in a bar or restaurant, the anti-theft features can be used to locate your handset, and display a message on the lost phone's screen, providing instructions on how to contact you to return the handset.

Another useful feature commonly found in Android security suites is call blocking. If your mobile is constantly plagued by nuisance calls or spam texts, you might be able to block the callers so that they don't interrupt your day. But this won't work when you're being plagued by pre-recorded calls hawking PPI refunds and the like, when the caller number is Unknown or Withheld. Some apps include schedulers in their call-blocking facilities, so you can divert all calls from the office to voicemail at evenings and weekends, for example.

Some suites also include app managers that allow you to password protect access to the web browser or the Google Play Store – invaluable for parents who routinely hand their phone over to children to play games and worry that they might stumble into something they shouldn't, or run up horrendous bills by purchasing apps.

Less useful are the backup facilities found in many of these suites. Some merely back up contacts, which Android already automatically does when you sign in with your Google account, while others only offer a tiny amount of space to store your photos and files. The Google+ app, on the other hand, can be set to automatically back up your photos, and that offers gigabytes of free space. (See also: Best Android apps for new smartphones and tablets.)

Best Android antivirus: app reviews

Avast Mobile Security & Anti-Virus review (click here)

Avast Mobile Security & Anti-Virus is a suit of security and backup tools for Android smartphones and tablets.

Free

---

Ikarus Mobile Security review (click here)

Ikarus Mobile Security is a decent and lightweight security app for Android phone and Android tablet.

£7 inc VAT

---

Kaspersky Internet Security for Android review (click here)

Kaspersky Internet Security offers solid protection for Android phone and Android tablet.

Free

 

---

Norton Mobile Security 2014 review (click here)

Norton Mobile Security 2014 offers a vast array of security and useful phone management tools, all without any charge whatsoever.

Free

---

Qihoo 360 Mobile Safe review (click here)

Qihoo 360 Mobile Safe provides a vast array of security and useful phone management tools, all offered without any charge whatsoever.

Free

---

Trend Micro Mobile Security review (click here)

Trend Micro Mobile Security is a security app for Android phone and Android tablet.

Free

---

Best Android antivirus: verdict

In terms of their ability to detect today's recognised malware lurking inside Android apps, there is almost nothing to separate our six contenders – they all do a faultless or near-perfect job, according to AV-TEST's results.

Big differences do emerge when it comes to the additional features they offer, especially the potentially valuable anti-theft features. Here, it was disappointing to see Norton Mobile Security fall behind the pack, especially given it's the most expensive package on offer here. Ikarus is also light on features, but it performs well and is significantly cheaper than Norton.

Kaspersky and Trend Micro both offer solid packages, but both have weaknesses: Kaspersky has a couple of notable usability flaws while Trend Micro's extras let the side down, especially its weak anti-theft and parental control features.

In the end, it's a shootout between the free Qihoo 360 Mobile Safe, which packs in an astonishing number of features for an app that is completely free, and our favourite package from Avast, which charges a modest fee for a wide breadth of features and the best anti-theft tools of any of the apps on test here.  

It's the flexibility and variety of those anti-theft tools that narrowly earns Avast Mobile Security & Anti-Virus our Best Buy award, but Qihoo 260 Mobile Safe earns a richly deserved Recommended.

Read more: http://www.pcadvisor.co.uk/test-centre/security/3355021/best-android-antivirus-tested/#ixzz2zAP2vnNR

Read more »

Malware attacks on Android devices see 600% increase in 2013 / 2014

Malware targeting the Android platform is exploding, with a 600 percent increase in just the past 12 months.

That statistic is among the findings of a new study--Mobile Security Threat Report--unveiled last week at the Mobile World Congress in Barcelona, Spain. The report, prepared by security firm Sophos, "shows that the mobile revolution is clearly in effect, and as a result, mobile malware is on the rise," notes an article at Silicon Republic.

Among the findings in the study:

• Smartphone subscriptions are expected to top 7 billion by the end of this year, which would put more smartphones than humans on the planet.

• Nearly 1 billion of those devices will be Androids, and cyber criminals are targeting them at an increasing rate.

"In the past 12 months, researchers at SophosLabs have seen an alarming acceleration in the development of mobile malware," the article reports. "In that time, Android malware has increased by nearly 600 percent to a total of more than 650,000 individual pieces of malware."

The report also shows that in some countries--notably Russia, Austria and Sweden--the percentage of mobile devices that have been the subject of malware attacks has outpaced the rate of PC attacks.

In addition to the increase in malware threats against Android devices, Sophos also reports "a sharp rise in applications that, while not malware strictly speaking, pose a threat to user security and privacy, and the usability of the device. The potentially unwanted apps, or PUAs, include apps that link to aggressive advertising networks, can track devices and locations, and even capture content data."

For more:
- check out the SophosLabs report (reg. req.)
- read the Silicon Republic article

Read more »

Free Security Scans - Find threats your antivirus missed

Computer scan

Scan 1 computer

  Download now

Ideal for: 
Home or small office users

Scans for: 
Viruses, spyware, adware

Benefits: 
Simple to install
No need to uninstall existing AV

• Learn more 
• How to install

System requirements

• Windows Vista, 2003, XP, 2000 (including 64-bit)
• 133MHz processor
• 256MB RAM
• 120MB disk space

Network scan

Scan 2 - 200 computers

Download now 

Ideal for: 
IT Managers managing a network

Scans for: 
Viruses, spyware, adware
Applications and devices
Rootkits

Benefits: 
ActiveDirectory and MSI deployment
Comprehensive report
No need to uninstall existing AV

• Learn more 
• How to install
• Quick start guide

System requirements

• Windows 7, 2008, Vista, 2003, XP, 2000* (*excluding 64-bit)
• 1GHz processor
• 256MB RAM
• 120MB disk space
• Microsoft .NET framework 2.0

Found threats?

After scanning remove found viruses, block or control unwanted devices and stop rootkits with a free trial of Endpoint Security and Data Protection.

Take a free trial  Learn more

Learn more about our products
Solutions to secure your business

Read more »