Panda Security USA Technology BlogPanda Security USA Technology BlogTechnology insights from Panda Security USA on today's most common Internet threats.
Articles:
1, 2
Articles
Fake YouTube Page Creator - The Risk
2008-09-15 19:52:00 Last week PandaLabs discovered a new tool for creating fake YouTube video pages as a way of deceiving users into installing malware. The vector for infection is similar to many fake codec based malware attacks seen in recent weeks (CNN, MSNBC, etc). The flexibility of this tool allows anyone to direct the fake Adobe Flash update error to any malicious ... More About: Youtube , Page , Creator , Fake , Risk
Banks are not the only target for phishing
2008-09-12 19:30:00 It’s not just banks that hackers deploy phishing attacks against; it has been seen that hackers also deploy attacks against other payment processing services such as MoneyGram, Equifax, Western Union, etc as a way of gaining profit through harvesting personal details. More About: Banks , Phishing , Target
New Statement of Fees Malspam
2008-09-11 21:22:00 The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe.
SQL Injection Attacks: The future of mass hacking campaigns
2008-05-28 19:32:00 SQL injection attacks are evolving as a prime mode of transportation for malicious scripts that hackers wish to insert into legitimate web-sites. Typically the web-site is a vehicle for distributing Trojans through scripts crafted to exploit specific vulnerabilities on visiting PCs; i.e. the recent Adobe Flash vulnerability annouced today that could use SQL injection as a form ... More About: General , Future , The Future , Campaigns , Mass
LayerOne Security Conference Video Available
2008-05-23 17:39:00 Last weekend we participated in a smaller regional security conference in Pasadena California called LayerOne which occurs yearly at the Pasadena Hilton. There was a number of great talks and I provided one on the evolution of cyber-crime and it’s prevalence. I am making the video available here. More About: Video , Security , Conference
Yesterday?s Webinar Available!
2008-05-22 18:49:00 Yesterday’s webinar on Customer Privacy, Malware and Government Regulations is now available for your viewing pleasure. Enjoy! http://www.itsecurity.com/webinar/enterpr ise-malware/?tfso=1409 More About: Yesterday , Webinar
Why Security-as-a-Service reduces total cost of ownership (TCO)
2008-05-22 18:23:00 Recently I have been getting a number of questions concerning the cost savings of a security service (SaaS) model versus a traditional on-premise solution. While there are certainly a number of direct benefits to the end-user, I thought for the purpose of this article to elaborate on the most important one: “reducing the total cost of ownership (TCO) via ... More About: Security , Service , Cost , Total
Anatomy of a data breach part 2
2008-05-22 10:48:00 In this second part I am going to talk about utilizing different methods of protecting sensitive data-at-rest by using system hardening. The overall goal is to obviously implement an effective strategy to reduce the potential of a data breach (keeping in mind it’s all about best efforts when meeting compliancy). First of all we have to understand how a data breach is ... More About: Anatomy , Data , Part , Breach
Eleven months of writing for the Information Security Systems Association J
2008-05-21 01:57:00 I have been writing now for eleven months in the Information Security Systems Association Journal (ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles ... More About: Virus , Writing , Information Security
Webinar on Privacy and Security - Win a Garmin GPS!
2008-05-20 23:38:00 Free Live Webinar on May 21 @ 10AM PST / 1PM EST http://www.itsecurity.com/webinar/enterpr ise-malware/ New breeds of malware ? spyware, adware, Trojans, and viruses ? are rapidly infecting networks and exposing businesses and their customers to unprecedented security risks. The government is now mandating that corporations effectively protect the privacy of individuals and ensure the confidentiality and integrity ... More About: Security , Garmin , Privacy
How regulations affect small to mid-size companies
2008-05-20 21:16:00 It’s important to note that not only are large corporations affected by regulatory standards, but the small and mid-size companies are also equally affected; especially when their core business is dealing with protected classes of information by law (patient information, credit card information, financial data, etc). A very good example is a regional medicare facility that has less then 500 employees. Now one may think that they are ... More About: Companies , Small , Regulations , Size
From Traditional AV to Security-as-Service
2008-05-20 04:57:00 Over the past five years the anti-virus market has experienced tremendous growth with the advent of new technologies to adapt to current conditions. What was once a market consisting of a very few players has now evolved into a global enterprise consisting of dozens of companies with an assortment of anti-virus products varying in degrees ... More About: Security , Virus , Service , Traditional
Anatomy of a data breach part 2
2008-05-07 02:48:00 In this second part I am going to talk about utilizing different methods of hardening web-facing applications. The goal is to obviously implement an effective strategy to reduce the potential of a data breach. First of all we have to understand how a data breach is conducted and what methods are used to access internal protected information. The purpose behind such an ... More About: Anatomy , Data , Part , Breach
Anatomy of a data breach
2008-05-04 20:08:00 In 2007 and 2008 the industry has seen an upsurge in data breaches affecting millions of consumers and causing corporations to pay heavily in fines. Data breaches can lead to exposure of consumer information through a number of different ways that vary in complexity. The common perception associated with a data breach is the difference between data being extracted from physical ... More About: Anatomy , Breach
Virtualization: An emerging trend in the financial markets
2008-05-01 18:18:00 Yesterday we gave a presentation on virtualization at the Wall Street Technology Association (WSTA). Several major banks from the New York area were present at this forum (Bank of New York Mellon, CitiGroup, Merril Lynch, Morgan Stanley, Depository Trust and many more). The forum really addressed the emergence of virtualization within the financial community and how security is much ... More About: Markets , Financial , Virtualization , Trend
SC Magazine Pod-Cast on Massive SQL Injection Attack
2008-04-30 22:50:00 Yesterday Chuck Miller from SC Magazine published a podcast in which I spoke about the details of the latest mass web hack covered earlier. PandaLabs had confirmed that there was no IIS vulnerability involved in this latest round of attacks, rather poorly written .ASP code was the culprit. However; it’s extreamly important to understand that we are talking ... More About: Cast , Attack , Injection
Massive iframe hack: The conclusions
2008-04-29 01:22:00 Perception vs. Reality It may seem that things are getting better and cyber-crime may be diminishing, but the evolution of hacking for profit will remain constant through the remainder of this year. Data breaches are becoming a commonplace and corporate CIOs are focusing their attention towards protection of critical assets, especially external facing applications that are subject ... More About: Hack
Crimeware as a Service (CaaS) Updated
2008-04-28 18:00:00 As the malware threat landscape continues to evolve, hackers are constantly changing techniques to counteract detection technologies that vendors are developing. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to personal information. Several years ago, hackers used polymorphism and metamorphism as ... More About: Service
Security Shouldn?t Take a Backseat to Virtualization
2008-04-28 17:57:00 There?s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat.? These benefits are often seen by CIOs and other information ... More About: Security , General
Regulatory Compliance & The Real Risk of Undetected Malware: Part 2
2008-04-18 19:33:00 I am working on a white-paper that covers the disconnect between formal audit process and the technical safeguards implemented to ensure internal controls are adequate. As you may have read part 1 of this article series and how I talked about the missing element, this is a continuation delving deeper into the problem. Thoughts? Comments? “In the wake ... More About: Virus , Malware , Risk , Real , Part
Sever-Side Polymorphism or Crime-ware as a Service (CaaS)
2008-04-16 22:40:00 As the threat-landscape is evolving hackers are constantly changing technique in order to counter-act detection technologies that vendors develop. I remember a few years ago when polymorphism and metamorphism were used as a way to constantly generate new variants of worms. Essentially the virus morphed itself into different variations and successfully evaded signature based technologies. Eventually ... More About: Virus , Crime , Service , Ware , Side
Server Side Polymorphism & Crime-Ware as a Service Model (CaaS)
2008-04-16 06:05:00 As the threat-landscape is evolving hackers are constantly changing technique in order to counter-act detection technologies that vendors develop. I remember a few years ago when polymorphism and metamorphism were used as a way to constantly generate new variants of worms. Essentially the virus morphed itself into different variations and successfully evaded signature based technologies. Eventually ... More About: Crime , Service , Ware , Model , Server
The Hannaford hack: what we can learn from it
2008-04-05 02:05:00 Most people have heard of by now the recent high-profile data security breach with retail chain Hannaford Bros. According to an article published by SC Magazine (http://www.scmagazineus.com/Hannaford-te lls-regulators-how-breach-happened/articl e/108569/) hackers placed hidden malware on nearly 300 servers to intercept transactions. This malware was designed to locate and discover credit card information from consumers who interacted with the stores, thus, these hackers untimely harvested ... More About: General , Hack , Learn
Security Shouldn?t take a Backseat to Virtualization
2008-03-31 23:33:00 I will be presenting on the subject of why security shouldn’t take a back seat to virtualization on April 30th at the Wall Street Technology Association. This event is located at the Raddision Martinique in New York City. http://www.wsta.org/events/security_in_a_ virtualized_world_panel_discussion_and_fo rum Security Shouldn?t Take a Backseat to Virtualization Ryan Sherstobitoff, Chief Corporate Evangelist Companies are widely adopting server virtualization in an effort to improve operational ... More About: Malware , General
Think Your Protected? Think Again. Study Reveals Hidden Cyber-Crime Breache
2008-03-28 21:15:00 Over a five month period, Panda Security conducted several audits with a large state agency in the United States to assess the level of risk pertaining to hidden and undetected infection points. Due to the confidential nature of this customer, we cannot disclose the agency name. The information learned from this case is a great demonstration of ... More About: Crime , Study , Cyber , Hidden
Web-Site Defacements
2008-03-28 19:59:00 Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them. However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked. This ... More About: Site , Web site
Application Scam Sites
2008-03-26 22:33:00 Recently Panda Security was notified regarding an on-line scam currently in production claiming to offer Panda Security, McAfee, Symantec and Adobe products in addition to a product known as error mechanic. The site www.pandasecuritysoftware.com and the following associated domains are part of this scam: pandaantivirus2008.com panda-antivirus-2008.com pandasecurity2008.com pandaantivirus-2008.com panda-anti-virus.com panda-2008.com antivirus-panda-suite.com panda-ib.com panda-2008.com panda-anti-virus.com panda-antivirus-2007.com panda-antivirus-2008.net panda-bdl.com panda-ib.com panda-suite.com pandaantivirus-2007.com pandaantivirus-2008.com pandaantivirus-ib.com pandaantivirus2008.com pandasecurity2008.com pandashield.com pandasuite2007.com panda-bundle.com pandabundle.com pandasecuritysoftware.com pandasecuritysoftware.net Some words of caution: This site and the domains are not supported or in anyways affiliated with Panda Security and ... More About: Virus , Sites , Scam , Application
Click-Fraud: The lesser known evil
2008-03-25 17:10:00 I came across this interesting article that talks about a Trojan; not any Trojan but a Trojan that automates PPC click-fraud that is currently targeting Google and Yahoo (http://www.securitypronews.com/news/secu ritynews/spn-45-20080312Click Fraud TrojanT argetsGoogleYahoo.html). What?s interesting about click-fraud is the little amount of attention that it receives in the media in comparison to Identity Theft and the other horrors of the Internet. ... More About: Virus , Evil
Behavioral Blocking: An effective means of stopping 0-day
2008-03-25 01:26:00 Behavioral blocking (a.k.a kernel rules / system rules) can provide the first layer of defense against emerging threats exploiting 0-day vulnerabilities. Exploits commonly take advantage of mistakes made by programmers and thus good applications can turn bad in an instant. Malformed documents have accounted for a good number of these attacks (PDF, MDB, DOC, etc) recently. Take for example the new ... More About: Effective
Regulatory Compliance & the Real Risk of Undetected Malware
More articles from this author:2008-03-20 03:41:00 With the emergence of regulatory laws borne out of experience from a variety of embarrassing security breaches, today?s corporate leaders face a myriad of repercussions. These range from serious fines to jail time when found not in compliance with regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and Payment ... More About: Malware , Risk , Real , Compliance , Regulatory 1, 2 |
|
 |
|
 |
