Following three highly informative days of discussions at the cutting edge of IT security, Kaspersky Lab has announced the winners of its annual international ‘IT Security for the Next Generation’ conference

Continued here:
Kaspersky Lab Announces the Winners of Its Annual Student Conference

Two Kaspersky Lab products – Kaspersky Endpoint Security 8 for Windows and Kaspersky Internet Security 2012 – have won prestigious awards in independent testing conducted by the authoritative British magazine Virus Bulletin in April 2012

View post:
Kaspersky Endpoint Security 8 for Windows Tops Corporate Solutions in VB100 Test

Kaspersky Mobile Security has confirmed its position as a leader in its class, repeating its five-star performance in independent testing by PC Security Labs (PCSL)

Read more from the original source:
Kaspersky Mobile Security Once Again Scores Top Marks in Independent Testing by PC Security Labs

This week sees the launch of the latest quarterly AVG Community Powered Threat Report.

So what did the first quarter of 2012 Q1 2012 reveal in terms of threats?

Blackhole Toolkits:

Cyber criminals are adopting an increasingly entrepreneurial attitude through the marketing of ‘commercial’ crimeware kits.  These kits are available to purchase online and effectively give anyone the tools to become a cyber criminal.

This quarter, other commercial crimeware kits lost market share to the most advanced crimeware offering, the Blackhole exploit kit.

During 2011,AVG research shows that the Blackhole toolkit was most popular  and the toolkit of choice for cyber criminals, with AVG research showing that on average, 70 per cent of attacks were performed by variants of Blackhole.

Blackhole is a sophisticated and powerful exploit kit, mainly due to its polymorphic nature, and it is heavily obfuscated to evade detection by anti-malware solutions. These are the main reasons why it has a high success rate.

Kaspersky Lab announces that its flagship consumer product, Kaspersky Internet Security 2012, posted the highest score in two years of independent detection testing

Original post:
Kaspersky Lab Scores Higher Than 99% in AV-Comparatives Detection Test

Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, when spam filters became aware of these kinds of mails, we saw the evolution to direct links in e-mail, then to obfuscated links in e-mail where the e-mails looked professional and had the appearance of official messages from the organization the phishers desire your information from.

One thing stayed the same and that is the language used in the phishing mails. Most often they are not correct in either a contextual way or grammar-wise. Regardless, all these attempts sooner or later will be blocked by spam filters or by the anti-malware products, or by URL reputation schemes such as Google’s Safe Browsing or Microsoft’s Smart Screen. But, too often, some people still fall victim for these phishers. One observation as to why this happens will be described later in this blog.

In the last few weeks, a new approach can be added to the portfolio of phishing attempts. The e-mail is accompanied by an attachment with the extension “htm” or “html”.

Now why would the phishers use an attachment with html-code rather than a link? There are several reasons for this. Amongst others:

1. Executing the html-code locally will not have your browser go to a website and thus the URL reputation filter will not be applied.
2. Executing the html-code locally for the browser means it is loaded from an intranet rather than from the Internet. Settings are usually less strict for files started/loaded from an intranet.

Some applications have a protection mechanism in place when specific files are executed or loaded directly as an attachment as, for example, Microsoft Office 2010, which will only load the file in a Protected View where active content is disabled

If we look at this specific phishing attempt, besides the fact that the window is not really a properly delineated window with a border, the grammar is far from perfect.

An Internet Worm “Leave” Spreads in the Form of Security Patch to Windows Kaspersky Lab, an international data-security software development company, warns users of the discovery of a new version of the Internet worm I-Worm.Leave that spreads as a message from Microsoft. The message contains…

More:
Bogus Patch "leaves" Backdoor Open

When it comes to the security of your family’s home computers, it’s clear that maximum protection is the one to go for

Continue reading here:
Kaspersky PURE 2.0: the Ultimate in Home PC Protection – PURE and Simple

The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.

The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.

Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.

The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.

• Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
• Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
• Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.

This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.

Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.

Read more here:
The Latest Threat To Your Mobile Phone: Your Employer

Microsoft urges firms to apply ‘critical’ security patch for March 2012

Continuing our series of posts on activity in the patch arena, today we highlight Microsoft’s latest critical bulletin which has been issued to urge businesses running Windows XP Service Pack 3 (and later versions through to Windows 7) to apply the update made available in March’s Patch Tuesday release.