Ex-Dr Solomon’s senior managers bring in Russian anti-virus Product to the UK corporate market Oxford Solutions Limited (OSL), a new company specialising in internet security products, has been launched by two former Dr Solomon’s senior managers. Phil Watts, former Director of UK Business for Dr…

Follow this link:
Kaspersky Lab Int. appoints new distributor in the UK

Kaspersky Labs, a leading data security software developer has appointed Simone Cools as International Sales Director.

See more here:
Kaspersky Lab Welcomes A New International Sales Director

From Hacktivism to Mac Malware, 2011 has been a year full of IT security incidents. Kaspersky Lab’s experts have picked out the key trends of the past 12 months and highlighted the major new features on the security landscape. Looking at these stories gives us an idea of what we can expect in 2012.According to Costin Raiu, Director of Kaspersky Lab’s Global Research & Analysis Team, the most significant stories of the last year were:The Rise of ‘Hacktivism’ – one of the major trends of 2011, and no doubt it will continue into 2012.The HBGary Federal Hack – how weak passwords, old software systems plus use of the cloud created a security nightmare.The Advanced Persistent Threat – these attacks confirm the emergence of cyber-espionage as common practice among powerful state actors.The attacks against Comodo and DigiNotar – trust in certificate authorities (CA) is under threat. In the future CA compromises may become more widespread. Besides, it is likely that more digitally-signed malware will appear.Duqu and Stuxnet – state-of-the-art cyber warfare. Is this the start of a cyber Cold War?The Sony PlayStation Network Hack – the new perils hidden in the cloud. Personally Identifiable Information is conveniently available in one place,

Go here to read the rest:
The Top 10 Security Stories of 2011 from Kaspersky Lab

Greetings from Hong Kong! This week we are enjoying the security conference AVAR, which is taking place in Hong Kong. Some interesting topics are being covered, such as the talk “Malware in EFI”, where Intel’s Igor Muttik showed us how malware could take advantage of the the EFI (Extensible Firmware Interface)  and the challenges we could be facing, as well as the countermeasures that can be taken. Another topic that has been around a lot is malware in mobile devices. Even though it is not that prevalent, it is true that it is an emerging threat and it raises some interesting thoughts. Of course the cloud is another topic covered here, but one of the most interesting ones are those that are talking about targeted attacks in certain countries in Asia, as South Korea and Japan. The full program is here in case you want to take a look at it.

As some of you may remember, in last year’s AVAR in Bali I was awarded the “Wildlist Reporter of the year” prize, so this year I was the one in charge of giving the prize to the next. On Thursday night, after the gala dinner, I went to the stage to announce the next “Wildlist Reporter of the year” winner, and that was my good friend Philipp Wolf, Director of Protection Labs in Avira. In the following picture, from left to right, you can see Luis Corrons, Philipp Wolf and Peter Chung (Wildlist Director):

Wildlist Reporter of the Year

The rest is here:
Hong Kong, AVAR 2011

Sadly, having signed up some time ago (see

Kaspersky Lab announces that Eugene Kaspersky, CEO of Kaspersky Lab together with Alexander Gostev, Director of Kaspersky Lab’s Global Research and Analysis Team have left Moscow on their glorious journey across Antarctica to the South Pole

Follow this link:
Kaspersky Lab at the South Pole!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it.

According to the article, hijacked web pages of Tumbler users contain links to malicious sites that pose as a Tumblr login page and indicate that in order to access the “Adult Content” the user must enter their credentials. They don’t call it a booby trap for nothing!

The attack is particularly cunning in that it uses URLs that look like they could be legitimate Tumblr addresses, but are not. In almost every case, if you click on a link and it asks you to log in, it is unsafe to do so. It might be a good time to remind you of how the phishing cycle works, so here is a diagram.

As you can see, if you fall for the phishing attack it will be your friends who are next attacked. If your password is compromised then a hacker can post anything on your Tumblr page and it will appear to come from you. If you think you may have fallen for such an attack, type in the name of the actual website, such as www.tumblr.com and then use the regular means to change your password. If you use the same password at multiple sites you will need to change the password at multiple sites. Since it can be a bit of a hassle try to remember 20 different really good passwords, stop trying, and use a password manager! In addition to the password managers mentioned in Paul Laudanski’s blog, lastpass.com and Password corral are viable tools. For tips on preventing yourself from falling victim to a phishing attack, I offer some advice at http://blog.eset.com/2011/06/01/gmail-accounts-under-attack.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Follow this link:
Do you Use Tumblr? Beware!

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work.

Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes, phishing emails to their users. The idea is very simple. Make the emails look like any number of successful phishing attacks and then follow up with the educational component. The users who go to the phishing site to enter their credentials are the users who need to learn what they did wrong.

Recently Microsoft cited a dramatic reduction in autorun malware successfully infecting computers after they had automatically updated computers to change the way in which autorun works, effectively taking the bite out of autorun malware. Of course Microsoft knew for years that what they did would dramatically decrease the effectiveness of this attack vector. Well, the same principal can be applied to phishing attacks. A few years ago Carnegie Mellon performed testing that demonstrated users who had been phished were magnitudes more likely to learn to accurately identify a phishing attack than users who did not receive such training.

Facebook probably has the ability to reach at least 1 in 10 computer users in the world. Combine the resources of Facebook, Microsoft, Google, and other large players to actively phish and then provide access to well designed educational materials and the results are as easily predictable as the results of Microsoft disabling autorun.

Perhaps in addition to killing unarmed farm animals Mark Zucherberg could take a few moments out of his busy schedule and do something exceptionally meaningful to make a positive impact in internet safety… going phishing to educate users!

For those of you in corporate environments don’t expect these major organizations to have the guts to step up to the plate anytime soon. I recommend you phish your users to identify who needs more education. It is important that when doing this style of training extraordinary efforts are made to demonstrate that the training is for the benefit of the student and not a humiliating experience. You will better protect your business and make employees safer at home.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Read more here:
Anti-Phishing Day

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?”

What do all of these links below have in common? You don’t have to read them, I’ll tell you..

http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html
http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/
http://mashable.com/2011/02/19/anonymous-westboro/
http://www.bbc.co.uk/news/technology-12535456
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=439&topic_id=572223&mesg_id=572590
http://www.theregister.co.uk/2010/12/13/amazon_outage_not_anonymous/
http://www.depravedmindset.com/2010/12/is-wikileaks-controversy-playing.html
http://topstoriesmilwaukee.com/uncategorized/attack-of-the-anonymous/
http://www.wowmaterials.com/2011/05/06/battle-of-the-immortals-turns-one/

In all of these links the group referred to as “Anonymous” denies responsibility. This is an exceptionally odd claim for anonymous to make, and here is why. In an article in the Huffington Post it is stated that “Anyone who claims to be acting under the banner of Anonymous is by virtue of that fact a member of Anonymous“. What this implies is that if you are a member of Anonymous and you carried out the attack, then you can claim responsibility on behalf of Anonymous, however, if you didn’t carry out the attack you don’t know if someone who claims to be a member of Anonymous carried out the attack or didn’t. At best, unless a group that knows that none of its members are also members of Anonymous claims responsibility, the best Anonymous can do is neither confirm nor deny involvement.

In reality, Anonymous can neither confirm nor deny that this blog was written by a member of Anonymous!

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Read more from the original source:
I Can Neither Confirm nor Deny

At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers.

According to the article Citi will be notifying affected users via mail… not email. It is important for people to understand that this is how banks work. Notifications of this sort of attack via email virtually always are indicative of a phishing attack. Because compromised data included “customers’ names, credit card numbers, addresses and e-mail addresses” this potentially puts those users at a higher risk of being phished for information about the new credit cards they receive. If users will follow the simple rules I provided at http://blog.eset.com/2011/06/01/gmail-accounts-under-attack they will easily repel such attacks. Never follow a link in a banking email and if you do follow it anyway, do not log in.

Recent reports of politically motivated hacks should not lead anyone to believe that the financially motivated hacks have gone away. Financial institutions are under attack every day of the year, however they have a lot more experience combating such attacks than most any other sector. It is still rare for financial institutions to report a breach, but when 200,000 customers have to be notified of a problem it becomes difficult to hide an incident.

Citi claims to have put new procedures into place to prevent the type of breach that did occur from happening again. This is the history of crime and crime prevention. We learn from the attacks, block the vector and the criminals will find a new attack vector.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Continued here:
Citigroup Hacked – Sometimes it is all About the Money