PRODUCTS

News

15

Jan

UTM Buyers Guide gives you everything you need to find the best protection that’s also the easiest to manage.

This guide will allow you to:

  • Understand what a modern UTM can do for you
  • Compare product features, and know what you need to keep your network secure.
  • Ask the right questions of vendors as you consider your options

Click here to download the Buyers Guide.

15

Jan

The October 2013 CPU covers fixes for: Oracle Database Server, Oracle Enterprise Manager Grid Control, Oracle Supply Chain Products Suite, Oracle Siebel CRM, Oracle Industry Applications, Oracle Primavera Products Suite, Oracle and Sun Systems Products Suite, Oracle MySQL, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft Products, Oracle iLearning, Oracle Financial Services Software, Oracle Java SE and Oracle Virtualization. All of these updates are important, but arguably Java is the most important of all of them.

51 security vulnerabilities are addressed in Java this quarter, and 50 of them affect Java Applets or Java WebStart, the plugin that runs Java in your web browser. Worse yet, all but one are remotely exploitable without authentication. Some versions of Java update themselves, some rely on the operating system vendor and others are too old to support an auto-update mechanism. This does not make things easy.

Our advice?

1) Determine whether you have Java installed and enabled in your web browser. Visit java.com/en/download/installed.jsp and click “Verify Java version“. If your browser prompts you to install Java, close the tab; you’re Java-free. If it loads the applet, check your version. Be sure you are running Java 7 update 45 (1.7.0_45), Java 6 update 65 (1.6.0_65) or Java 1.5.0_55.
If you must have Java installed you ought to be running Java 7 (1.7). All previous versions are not officially supported and present a greater security risk.

2) If Java is installed and out of date, be sure to update it. Windows users can open the Java Control Panel, select the Update tab and choose Update now. Mac users can check for updates using the integrated Apple updater. Linux users should follow normal procedures for system updates provided by their distribution.

Java2

3) Most importantly, if you don’t need Java, get rid of it. Java can be useful for applications (Minecraft, payroll, mortgage calculators) and server-side applications (JBoss and more), but it doesn’t belong in your browser. If you’re not sure, I recommend disabling it. If you run across things that require Java, your browser will alert you with instructions.

You can read the original article, here.

15

Jan

As we explain below, next-generation firewalls are typically defined as firewalls enhanced with intrusion prevention and application intelligence. On the other hand, UTM systems include those features—plus additional technologies such as email security, URL filtering, wireless security, web application firewalls and virtual private networks (VPNs). In this view, UTM systems include NGFWs as components.

Manager’s guide to UTM and next-gen firewalls

UTM systems are among the most widely used tools in the information security arsenal. The concept of unified threat management is very appealing: multiple critical security technologies, integrated on a single platform, provided by a single vendor.
IT managers evaluating UTMs need clearly defined criteria to choose the right protection.

You may wonder: Is a UTM solution right for my organization? What security features are most important? What other issues need to be considered, such as ease of management and support for remote users?

Download our free guide to get the answers to these questions: A Manager’s Guide to Unified Threat Management and Next-Gen Firewalls. (Registration required).

You can read the original article here.

15

Jan

When you consider the country’s huge online population, it’s not surprising that the U.S. sends so much spam. Spam comes from “bots” — computers infected with malware and under the control of a criminal. “Bot masters” can use servers anywhere in the world to give the bots instructions. So spam-bots in the countries on our list aren’t the authors of the spam, they are more like the messengers.

While it’s interesting to call out the 12 “dirty dozen” countries that send the most spam by volume, we also like to look at the amount of spam by population. It’s a diverse list of nations, and even small countries have a big spam problem.

The Dirty Dozen Spampionship

We’ve been measuring spam in our quarterly “Spampionship” going back a few years, and the U.S. consistently tops our charts. As you can see in the graphic below, bots in the U.S. send by far the most spam of any country, with second-place France (responsible for 6.7% of spam) well behind.

Other countries in our top 12 include China (third at 6.2% of spam) and Russia (fifth at 5.1% of spam), both consistently at the top of our charts quarter after quarter.

Spam per person – a fairer measure

We also look at spam “per person.” We do this because we think it’s a fairer measure of how spammy a country is. By setting the U.S. as the baseline, we can see how likely it is that a computer in a given country is a spam-sending bot compared to the U.S.

This past quarter, Bulgaria was the top country for spam per person, coming in at 2.1 times the U.S. Belarus, which had been the tops of the spam per-person chart for the past year, dropped to second place, at 1.9 times the U.S. spam level.

spam-bot-invaders-infographic-pop

Fight back against spam and cybercrime – kill a spam-bot

Spam is truly a global problem — spam-bots can be anywhere in the world. Remember, if your computer is infected with spam-sending bot malware, you are part of the problem. Do your part to fight back against spam — download our free Virus Removal Tool to scan your computer and automatically clean up malware.

You can learn more about our “Spampionship” series by visiting our award-winning Naked Security blog. If you’re a business looking to keep your email secure, Sophos blocks spam and email-borne threats. Learn more about email security from Sophos

You can read the original article, here.

15

Jan

Instead of just reinstalling your favourite apps and starting afresh, your new device will know how to get online straight away, how to get into your Twitter account, and how many Angry Birds levels you haven’t conquered yet. Clearly, Google keeps a raft of configuration data on your behalf, because if you have the option enabled and then decide to turn it off you get this dialog: So how risky is this option? It’s not risky in the sense, for example, of the recent flaw in the Tumblr app on iOS. There, Tumblr forgot to secure the actual transmission of personally identifiable information (PII), such as your password.

That meant that crooks at a coffee shop, for example, might easily be able to sniff out and extract your Tumblr password. The Android issue is more subtle: the data is encrypted in transit, and Google (for all we know) probably stores it encrypted at the other end. But it’s not encrypted in the sense of being inaccessible to anyone except you. That’s obvious because, you can recover your data from Google even after you’ve wiped (or lost) your device, or changed your Google account password. In other words, Google can unilaterally recover the plaintext of your Wi-Fi passwords, precisely so it can return those passwords to you quickly and conveniently even if you forget your device password and have to start over. That’s just the sort of convenience which many users will trade against security. So, let’s say some Three Letter Agency were to use some prismatic techqniue to acquire those Wi-Fi passwords from Google. Is that likely? If so, would it be bad? I have to say that it probably would be, if only because the list of Wi-Fi networks and passwords on your device is most likely much more extensive than just your own network in your own home.

android 2

You’d effectively be helping to built a list of passwords to go with the already-existing and extensive maps of Wi-Fi access points built up over years, both by Google and others. You probably don’t want to help anyone, friend or foe, to do that. The solution is to encrypt everything “for your eyes only” before you back it up anywhere, especially into the cloud. And the problem with that is it’s not quite as convenient, not least because there’s no password-free way to recover that backed-up data, for example if you forget your password. That’s the dilemma we all face. Are you prepared to accept a digital equivalent of locking your keys in the car forever (for example if you forget your full-disk encryption password and didn’t save the recovery key)? Or would you prefer to have what amounts to a backdoor to your own, or worse still, to other people’s, personal information? What do you think?

You can read the original article, here.

15

Jan

“WD is using enterprise-class components to build a new family of network appliances for small businesses,” said Bill Evans, general manager of WD’s business storage solutions group. “The WD Sentinel S-series network appliances are engineered with Intel Xeon processors, pre-populated with WD Se datacenter 3.5-inch hard drives for rapid deployment, and feature dedicated 2.5-inch boot drives for maximum reliability. No other vendor offers a comparable network storage plus server in an equally small form factor. With a small footprint and quiet fan, an S-series appliance can be deployed anywhere.”  

Proven Components from Intel, Microsoft, and WD
Built by WD, powered by an Intel Xeon processor and running Windows Server 2012 R2 Essentials, the WD Sentinel S-series is based on proven technologies from industry leaders. Unlike competitors’ proprietary operating systems, the S-series is a fully configured native Windows Server on which customers can deploy thousands of Windows applications.

“Windows Server 2012 R2 Essentials gives customers the benefit of built-in, groundbreaking, low-cost storage technologies, and WD’s Sentinel S-series hardware helps small businesses take advantage of these technologies,” said Jamie Hamilton, Director of Marketing, OEM Division at Microsoft Corp. “We are pleased to work with WD to tackle the small business, first-server opportunity. WD’s hardware engineering expertise, previous success with network storage products based on Windows Storage Server, and leadership in offering an R2 version of Windows Server 2012 Essentials puts WD in a good position to serve this industry.”

Reliable Enterprise Grade Components    
The WD Sentinel S-series include WD 3.5-inch datacenter-class hard drives for enhanced data security.  Businesses gain enterprise-class reliability with dual dedicated boot drives (optional on WD Sentinel DS5100), dual gigabit Ethernet ports, and dual external DC-in power adapter ports. This engineered redundancy, along with a bezel lock for physical security, all add to the reliability of this ultra-compact network storage plus server that can be deployed virtually anywhere.

Affordable First Server for Any Small Business
The WD Sentinel S-series is a complete, fully-configured solution with automatic backup and restore software for up to 25 users and 50 computers, all at a very affordable price that starts at $2,560 U.S. MSRP.  By combining a single solution for both storage and server requirements, the S-series appliances are a great solution for any small business looking for their first server.

“Finally, a network storage vendor has delivered a low-cost, turn-key solution that meets my customers’ requirements—with no assembly required,” said Kevin Royalty, Microsoft MVP and Managing Partner of Total Care Computer Consulting in Centerville, Ohio. “Small business customers want a packaged solution with balanced disk, processor, memory, and operating system that is engineered and tested as a unit. The DS5100 and DS6100 appliances are ideal as a ‘first server’ due to the high-performance Intel Xeon processor, Windows Server, high-capacity enterprise-class disk storage, and tiny footprint.”

Availability
WD Sentinel S-series appliances are available today at CDW, PC Connection, and Insight, and through select VARs, resellers, and distributors worldwide. The WD Sentinel DS5100 is pre-populated in capacities of 4 or 8 TB. The WD Sentinel DS6100 is available with capacities of 8, 12, or 16 TB.

WD Sentinel

15

Jan

A ‘channel-first, channel-focused’ company, Sophos continues to receive impressive recognition from CRN/The Channel Company, mostly recently with Michael Valentine, senior vice president, worldwide sales, and Kendra Krause, vice president of channel sales, North America, being named Channel Chiefs just last month. Late last year, Michael Valentine was also named a top IT executive for the mid-market.

Sophos enables partners to sell, market, distribute and implement its award-winning cloud, network, server and enduser protection solutions to organizations of all sizes. The company recently announced a new partner program for North America which includes a simplified deal registration and discount structure, full access to the Sophos product and solution portfolio, sales and marketing tools, training and technical enablement, and significant investments in local channel sales and SE resources.

To determine the 2014 5-Star recipients, The Channel Company’s Research team assessed each vendor’s application based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support and communication.

“Solution providers have a lot of choices when it comes to selecting vendor partners. Identifying the right vendor, with the right technologies, and the right approach can make all the difference,” said Robert Faletra, CEO, The Channel Company. “Our annual Partner Program Guide and 5-Star rating recognizes the very best channel programs available in the market today to help solution providers determine which vendor delivers the best partner elements for their individual business goals.”

John Keenan, vice president of sales for North America, Sophos, said, “Receiving 5-Star recognition from CRN is validation that our strategy is working. From the highest levels, the Sophos team works hard to demonstrate our commitment to the channel in everything we do. We believe investing in those partners who commit to growing their business with us is a smart, simple approach to building lasting relationships and growing revenue. We’re honored to receive positive accolades that come as a result of that approach.”

For more information on the Sophos Partner Program, visit the Sophos website or to learn more about becoming a Sophos partner. The 2014 Partner Program Guide will be featured on CRN.com and the 5-Star Partners listing will be highlighted in the April issue of CRN.

You can read the original article here.

15

Jan

For the first time, AV-Test has released test results comparing malware protection for Macs among 18 major security vendors. The results show a wide disparity in protection against Mac OS X malware. Sophos came out near the top with a 96.6% detection rate. Our Mac protection was better than Kaspersky, Trend Micro, Symantec and McAfee. You can see the full results at the AV-Test website. AV-Comparatives tests also show Sophos protects Macs better — and we won’t slow Macs down either. According to the Register, the AV-Comparatives tests showed that Sophos “aced the test.”

 Protect your Macs

Malware targeting Mac OS X isn’t as widespread as malware for Windows and Android, but the threat is real and growing. And with more businesses expecting to add Macs in the future, protecting them will need to be a top priority. You need security that works not just for Windows malware, but for Macs and mobile devices too.

Visit sophos.com/best-endpoint to see how Sophos beats the other security vendors, from protection to performance, compatibility, and price.

You can read the original article, here.

15

Jan

As it is, Whitten explains, Facebook gives users the option of linking their mobile numbers with their accounts. Users then can receive updates via SMS and can also login using their phone number rather than their email address. Whitten found that when sending the letter F to Facebook’s SMS shortcode – which is 32665 in the UK – Facebook returned an 8-character verification code. After submitting the code into the activation box and fiddling with the profile_id form element, Facebook sent Whitten back a _user value that was different from the profile_id that Whitten modified.

Whitten says that trying the exploit might have led to having to reauthorize after submitting the request, but he could do that with his own password instead of trying to guess at his target’s password.

facebook2 hijack2

After that point, Facebook was sending an SMS confirmation. From there, Whitten said, an intruder could initiate a password reset request on his targeted user’s account and get the code back, again via SMS. After a reset code is sent via SMS, the account is hijacked, Whitten wrote: We enter this code into the form, choose a new password, and we’re done. The account is ours.

facebook2 hijack3

Facebook closed the security hole by no longer accepting the profile_id parameter from users. This could have been a valuable flaw were it to fall into the hands of attackers who might have used it to steal personal data or send out spam. As it is, one commenter on Whitten’s post who obviously didn’t understand the “it’s now fixed” part of the story made the bug’s value clear with his or her eagerness to figure out how to exploit it: ›khalil0777 • a day ago
someone explain me how to exploit it i am realyy need it i wait your helps friends :/
:/ oh well, ›khalil0777, looks like you’re too late for that party.
I’d say better luck next time, but perhaps instead I’ll save my good wishes for Mr. Whitten.
May he enjoy his $20,000.
It was well-earned, and it’s a bargain for Facebook even were the reward to be doubled, considering the grief that could have been caused by such an easy exploit.

Click here to see the original article.

15

Jan

Steve Gollschewski, Deputy Commissioner, Strategy, Policy and Performance presented the award to Rob Forsyth, Director Sophos Asia Pacific, in recognition the team’s ongoing partnership with the Queensland Police Service, working closely with the community to provide education material for community groups, as well as hosting the Sophos Signature events to explore current and emerging issues, and raising greater awareness in the government and business communities regarding fraud and cybercrime.
According to Detective Superintendent Brian Hay, Head of Fraud Division, Queensland Police Service, the concept of working with the private sector in regard to fraud and cybercrime started 12 years’ ago, and Sophos has supported what is now known as Project Synergy right from the start.

The Fraud and Cybercrime Partnership Award recognises the Queensland Police Service’s need to partner with industry entities such as Sophos, to better secure and protect the Australian community,” said Detective Superintendent Brian Hay.
Sophos has shown the courage and character to step forward to participate with the Queensland Police Service since Project Synergy’s inception, and we look forward to continuing our ongoing relationship, to further build and enhance innovative strategies to protect Australia and indeed global communities.

Sophos has worked closely on many key security projects and initiatives including the Over the Horizon Forum for the Department of Broadband, Communications and the Digital Economy, an event that takes place during National Cybersecurity Awareness Week, where Sophos is an active supporter and committee member.

Sophos also works directly with leading industry associations including the Internet Industry Association (IIA) and Australian Computer Society. Sophos is a member of the Australian Government’s National Standing Committee on Cloud Computing advising on security issues and an Industry Code of Best Practice. The company is also actively supporting the Internet Industry Association’s inaugural National Online Security Council forum being held next month.
Forsyth says the award is an indication of the ongoing work the company invests within the business community to raise greater awareness of security issues.

It is an absolute honour for Sophos to be recognised by the Queensland Police Service, with this inaugural Partnership Award, and we thank Detective Superintendent Brian Hay and Queensland Police in recognising Sophos’s continued work and education in the community,” Forsyth said.

Sophos will continue its work in driving awareness around security issues, particularly on a local level, rallying the community and business to work together in ensuring Australians understand online safety, fraud and cybercrime.

You can read the original article, here.

15

Jan

Quantum computing hinges, very broadly, on allowing individual bits (called qubits) to contain superimposed values of zero and one, vastly increasing computing power. Its implications for cryptography, medicine, and research have made it a major goal for public services and private industry alike: DARPA has devoted years of funding to quantum computing research, and Google launched its own “Quantum Artificial Intelligence Lab” last year.

But while qubits have been stored for a limited period of time under certain conditions, and specialized machines have been built using quantum technology, that’s not enough for practical code-breaking applications. Last year, for example,The Economist all but ruled out the possibility that the NSA had a crypto-ready quantum computer.

The NSA’s program, part of the larger intelligence community “Black Budget,” doesn’t actually task anybody with building a quantum computer. According to the memo, it asks researchers to “conduct basic research in quantum physics and architecture/engineering studies to determine if, and how, a cryptographically useful quantum computer can be built.” So while the grant fits with the NSA’s general mission — and quantum computing could one day pose a real threat to present-day encryption methods — it’s a lot more theoretical than the agency’s ability to, say, seed malware to computers from miles away.

NSA Quantum

You can read the original article here.

15

Jan

UTM Series appliances will remain an important part of our hardware appliance portfolio and continue to enjoy all the great new features and enhancements that come with every software update. Our UTM Series delivers unmatched value with a great balance of price, performance and protection.

As you know, at Sophos, every feature is available on every appliance — and our UTM Series appliances are no different. And because they are based on an Intel architecture, you can benefit from all future software enhancements and performance optimizations — past, present, and future.

Features you get with Sophos UTM Series

  • Intel architecture provides a future-proof upgrade path unlike ASICs
  • Same protection on every appliance, from our smallest to our largest
  • Cluster up to 10 appliances dynamically without external load balancers
  • A range of models at performance and price points to fit diverse environments
  • Sophos UTM Series — Eight (8) models suitable for organizations of all sizes

Small:  The UTM 100, 110, and 120 are ideal for small organizations or branch offices that have less demanding traffic capacity requirements, but still want the best network protection

Medium:  The UTM 220, 320 and 425 provide the optimal balance between performance and protection for a variety of different environments.

Large:  The UTM 525 and 625 are designed to protect even the most demanding enterprise networks. They are purpose built for scalability, reliability, and high availability.

UTM Series Tech Specs

utm-series-specs

Datasheets:  UTM 1xx | UTM 220 | UTM 320 | UTM 425 | UTM 525 | UTM 625  

You can read the original article here.

15

Jan

Our goal of ‘Security made simple’ can only be fully realized when every interaction Sophos has with customers and partners exceeds their expectations,” said Kris Hagerman, chief executive officer of Sophos. “Mary has an extraordinary track record in building dynamic and high-impact customer care and customer support organizations, and we are thrilled to welcome Mary to our management team.

With Sophos Winfield will promote and lead a world-class customer support organization that leverages the latest technologies, methodologies and engagement channels to deliver the highest levels of customer satisfaction. Sophos already has one of the industry’s highest reputations for support quality and customer satisfaction. Winfield’s mission will be to enhance that reputation even further; her organization will serve as the focal point for the “voice of the customer” within Sophos and advocate for customers’ needs across all facets of the business.

Mary Winfield said, “I am excited to join the Sophos team. I believe the company is executing a winning strategy, with winning products and a commitment to customer excellence that sets the standard for the security industry. I look forward to helping the company make the most of every engagement with customers in our quest to make security simple“.

15

Jan

One of our SophosLabs researchers, Anna Szalay, made an interesting discovery recently: a new type of Android malware that slips in through a security hole in the USB debugging feature that allows developers to modify their Android devices. Naked Security expert Paul “Duck” Ducklin reports that this malware can intercept your SMS text messages to steal bank transaction details.

Duck explains in his post that intercepting SMSes from your Android phone allows the attackers to steal information they can use to access, for example, your email accounts or bank accounts:

The crooks want to infect you with malware that knows how to intercept incoming SMSes and redirect their content elsewhere. You can see where this is going: mobile malware that reads your SMSes before you do can steal important data such as the two-factor authentication (2FA) codes sent by your email provider or your bank, giving cybercriminals a way into your account despite the extra layer of protection in place.

SophosLabs detects this SMS-stealing malware as Andr/FakeKRB-H. As Duck explains, this malware gets onto your Android in a multi-step process that starts with your device getting infected by a crafty piece of Windows malware that sneaks in through the USB connection between your Android and a PC. This “helper” malware is a downloader detected by SophosLabs as Troj/DwnlAPK-A.

Troj DwnlAPK-A 2

If you connect your Android to a PC infected by Troj/DwnlAPK-A, the malware sneaks in under the guise of files that “appear to be regular, clean files that enable full USB-to-phone connectivity on Samsung and LG devices,” Duck writes.

Troj DwnlAPK-A 3

Then, once the downloader is installed, it loads the Android malware onto your device in what appears to be an app disguised as a Google-imitating “Google App Store” (the real Google store is simply called “Play Store”).

This is a good reminder that the bad guys continue to develop inventive ways of compromising our security to get at our most valuable data. Read the article at Naked Security to learn more about this malware and how to block it with security settings on your Android.

You can read the original article here and here.

15

Jan

TrueCrypt’s sudden demise

Despite being nominally open source software, TrueCrypt was always a bit secretive. Unlike many free, open source projects, the main developers and maintainers were unknown to the community. Someone, apparently one of the maintainers of TrueCrypt, shut down the project, claimed the product was not secure, and replaced it with a modified version designed only for undoing the encryption of previous versions. Sophos security adviser Maxim Weinstein tells us that TrueCrypt’s warning should be taken seriously. “We don’t know exactly why this was done, who exactly did it, or whether the software is, in fact, compromised or to what degree,” Max tells Sophos Blog. “As the community attempts to unravel the mystery, it’s best for users to stop using TrueCrypt and to find another solution.”

5 tips for data security

Encrypting your data and communications is vital in today’s security landscape. Our security experts offer these five key recommendations for moving beyond TrueCrypt to an alternative for data protection.

  • Use vetted, trusted, operating system-level encryption like Microsoft BitLocker and Mac FileVault 2. TrueCrypt was not using the latest technology, so now is a great time to move to compliant encryption standards.
  • The real issue with business use of encryption has been key management. You need good key management that enables encryption beyond just full-disk on your laptops.
  • Data isn’t only on your disks. Users are taking it everywhere, especially the cloud. Now’s a good time to reevaluate your data protection strategy to make sure you’re protecting data everywhere.
  • Non-Windows platforms need encryption, including OS X, Android and iOS. And don’t forget any systems still running Windows XP, you’ll need to protect them too.
  • A thumb drive or DVD can hold sensitive records too. You need to encrypt all your storage devices as well.

The TrueCrypt alternative: SafeGuard Encryption

Only Sophos offers a single solution for all your encryption needs — for all your PCs, laptops, cloud, mobile devices, removable media, and file shares. And our software has been certified by several crypto-analysts, including the Federal Office of Information Security in Germany (the BSI), as truly secure.

You can manage all your data encryption simply, from a central console. And SafeGuard Encryption won’t slow users down. Visit sophos.com/truecrypt to learn more. Or click here for a free trial of SafeGuard Encryption.

You can read the original article, here.

15

Jan

Likewise, the three countries that took their place in the top flight all came up from the 13-24 range. And, just like in your favourite football league, the majority of the high-flyers stayed put at the top. But is it so surprising that the USA is the Man United of the SPAMMIERSHIP, “winning” as often as not, or that China and India are often found near the top? With more than a billion people each and a thirstily-increasing demand for internet access in both countries, where else would you expect to see China and India except in the Dirty Dozen?

Welcome, then, to the SophosLabs SPAMMIERSHIP League Table:

And with more than 300 million people and the lion’s share of the world’s internet connectivity, where else would you expect to see the USA than leading the pack outright? What, then, if we scale the scores up or down in proportion to each country’s population? Now things get interesting, becase a rather different story emerges:

dirty-dozen2

Half of the volume-based culprits are gone, and countries that would usually fly under the radar when measured on spamming volume alone – like Luxembourg and Singapore – suddenly burst onto the scene. Don’t be surprised. This doesn’t mean that usually law-abiding Singapore has turned into a seething swamp of spam-related cybercriminality. Remember that although the Dirty Dozen denotes the extent to which a country’s computers are used for delivering spam, it doesn’t tell us where the spammers themselves are located.

That’s because most spam is sent indirectly these days, especially if it is overtly malevolent, such as:

  • Phishing emails. These try to lure you into entering passwords into mock-ups of a real site such as your bank or your webmail account.
  • Malware links. These urge you to click links that put you directly in harm’s way by taking your browser to hacked websites.
  • Malware deliveries. These use false pretences, such as fake invoices, to trick you into opening infected attachments.
  • Identity theft. These invite you to reply with personally identifiable information, often by claiming to offer work from home opportunities.
  • Investment scams. These talk up investment plans that are at best unregulated and at worst completely fraudulent.
  • Advance fee fraud. These promise wealth or romance, but there are all sorts of fees, bribes and payments to hand over first.

If the crooks behind this sort of cybercrime were to use their own computers, they’d never be able to send the volume of spam they’d like. Also, using their own computers would lead law enforcement to their digital doorsteps. Instead, cybercriminals rely heavily on bots, also known zombies: innocent users’ computers that are infected with malware that regularly calls home to download instructions on what to do next. Those instructions may say something such as “here is a boilerplate email message, and here is a list of email addresses – send a copy to everyone on it.” So, if your country is in the Dirty Dozen, it almost certainly has a much-higher-than-average number of unprotected computers that are actively infected with malware. And if a cybercriminal can secretly tell your computer to send spam to 1000 people you’ve never heard of – leaving you to argue with your ISP why you shouldn’t be thrown off line for antisocial behaviour – then ask yourself this: “What else could he get up to on my account?” In short, the SPAMMIERSHIP League Tables are meant as a light-hearted way of reminding us all of one very serious aspect of computer security: namely that if you put yourself in harm’s way, you’ll probably end up harming lots of other people, too. In other words, getting serious about computer security is the easiest sort of altruism: by protecting yourself, you help to protect everyone else at the same time.

You can read the original article, here.

15

Jan

WD’s My Cloud personal cloud drives, available now in China in capacities of 2 TB, 3 TB and 4 TB, enable consumers to organize, centralize and secure the digital content from all of their computers and mobile devices and access those files from any device and from anywhere in the world. WD’s My Cloud EX4 high-performance four-bay network attached storage (NAS) solution, available now in China in 0 TB, 8 TB, 12 TB or 16 TB1 capacities, provides creative professionals, prosumers and workgroups a reliable way to save, share, back up, stream and manage massive amounts of digital data. The Baidu Yun service is a leading public cloud storage service provider with more than 100 million users. Consumers and businesses store content on Baidu Yun for easy access and sharing from any computer or mobile device.

The collaboration between WD and Baidu will enable Chinese customers to manage their Baidu Yun account and easily transfer files between their My Cloud or My Cloud EX4 device and Baidu Yun using WD’s My Cloud mobile apps for iOS and Android operating systems. Baidu and WD customers will also be able to back up their local content to Baidu Yun, as well as backup their Baidu Yun account to their local storage using WD SmartWare™ Pro software.

“The growth of Baidu and its public cloud storage and services in China has been spectacular; it’s a pleasure to collaborate with them,” said Jim Welsh, executive vice president, Branded Products and worldwide sales. ”The integration of Baidu Yun with our personal cloud and external storage platforms gives our mutual customers the best of all worlds – the ability to keep content safe at home, while backing  up and sharing with friends on Baidu Yun.”

“Baidu aims to provide the best way for people to access their valuable content, regardless of their location,” said Hou Zhenyu, chief architect of Baidu Yun. “WD is a leader in high-capacity local storage, and integrating our public cloud storage service with WD’s platform gives our customers a compelling hybrid cloud storage solution – the best of both public cloud storage and personal cloud storage.”

You can read the original article here.

15

Jan

In the spirit of sharing our knowledge, we’d like to show you a pretty great infographic that explains in visual format how a web attack works. As you can see in the infographic below, a web attack happens in five stages, and this whole process takes less than a second. The web is the number one source of malware (a term that combines “malicious” and “software”), and the majority of these malware threats come from what is called a drive-by download.

5 Stages of a Web Attack

The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code (Stage 1: entry point).

Most of the time, these are legitimate websites that have been compromised to redirect you to another site controlled by the hackers (Stage 2: distribution).

Today’s cybercriminals use sophisticated malware packaged in an “exploit kit” that can find a vulnerability in your software among thousands of possibilities.

When your browser is redirected to the site hosting an exploit kit, it probes your operating system, web browser and other software (such as your PDF reader or video player) to find a security vulnerability that it can attack (Stage 3: exploit).

Remember — if you are not applying security updates to your operating system and software, you are unprotected against these exploits.

Once the exploit kit has identified a vulnerability, that is where Stage 4: infection begins. In the infection phase of an attack, the exploit kit downloads what is known as a “payload,” which is the malware that installs itself on your computer.

Finally, in Stage 5: execution, the malware does what it was designed to do, which is mainly to make money for its masters.

The malware known as Zbot can access your email or bank accounts. Another type of payload called ransomware can hold your files hostage until you pay to have them released.

This kind of attack happens all the time. But you don’t have to be a victim. Download our checklist of technology, tools and tactics for effective web protection to find out how you can protect your organization from malware attacks at every step of the way. You should also check out our free whitepaper explaining how malware works and offering tips to help you stop it: Five Stages of a Web Malware Attack. (Registration required). 

You can read the original article here.

15

Jan

Of course, it isn’t just film stars who have sensitive data on their Apple devices – employees will often have corporate data on their iPhones and iPads while home users may also have their personal pictures and videos stored on their iOS device.

With that in mind, here are 3 tips to help keep your photos and other data safe:

1. Use a strong password

This is an easy one – it’s important to make sure you use a strong, unique password for your iCloud account, especially as Apple hasn’t yet enabled two-step verification for iCloud. To do this, make the new password long (minimum 14 characters), avoid using real words and switch between UPPER, lower, d1g1t5 and //@ckies. If you have trouble remembering such a complex password, consider using a password manager.

And while we’re here, make sure you use unique passwords for every account on every website that you use. It’s important because if someone gains access to one of your accounts, they can only access that one – not every account you own.

2. Limit what you backup to iCloud

iCloud SettingsNow is a good time to check what exactly is being backed up to your own iCloud account. Go to Settings on your device and then select iCloud. Here you will see a list of all the apps on your device that are being backed up to the cloud. Each can be individually toggled on or off. You need to decide for yourself as to what you want to backup – for example, you may decide to not backup your Photos (especially if they’re a little risque), but keep backing up your Mail and Documents & Data.

It’s a case of weighing up the risk of losing or bricking your device, versus the risk of having your information stolen through the cloud. Of course, there’s always the option of…

3. Turn iCloud off and backup locally

If you feel that the risk of having your iCloud storage hacked outweighs the convenience of the service then you may wish to delete your account entirely. Doing so is very easy. Go to Settings on your iDevice and then select iCloud. Scroll all the way to the bottom of the screen and you will see the option to Delete Account. Of course, that means your device will no longer be backed up, so you’ll need an alternative means of backing up your data. Fortunately, you have that with Apple’s iTunes which offers a manual alternative.

To backup with iTunes:

1. Make sure your computer has the latest version of iTunes

2. Connect your iOS device to your computer

3. Choose File, then Devices and Back up.

If you decide to backup your devices this way, remember to continue backing up on a regular basis. 

You can read the original article, here.

15

Jan

The new line up consists of four rack-mount appliance models with larger internal disk capacities, faster processors, increased memory, and integrated solid state drives (SSDs) to shorten backup time and accelerate data recovery. The bundled WD Arkeia v10.1 software delivers new support for “seed and feed” technology to support hybrid cloud backups. This allows companies to move backups offsite via network replication rather than shipment of tapes.

The new fourth-generation appliances offer:

•    Increased Backup and Recovery Speed: New features include integrated LTO5 tape drives, processor upgrades to a maximum of 2 hex-core Intel Xeon, integrated SSDs on select models, and memory up to 96 GB to allow for increased data backup and recovery speeds of both files and disk images. WD Arkeia’s patented Progressive Deduplication™ technology accelerates backups by compressing data at source computers before transfer over local area networks (LANs) or wide area networks (WANs).
    Higher Storage Capacity: Storage capacity doubles from the third generation, with raw capacity now ranging up to 48 TB, configured in RAID-6.
•    Improved Ease-of-Use: Version 10.1 of WD Arkeia software, delivered with the new generation, includes an on-boarding wizard to streamline the appliance setup process.
•    Storage Reliability: All new WD Arkeia appliances feature WD enterprise-class WD RE™ hard drives for maximum data integrity.
    Simplified Tape-free, Offsite Storage: Version 10.1 of WD Arkeia software extends support for hybrid cloud backup capabilities to the full line of WD Arkeia appliances. “Seed and feed” capabilities allow administrators to supplement network replication of backup sets offsite by using USB-connected hard drives to transfer initial and large backup sets and also to size WAN bandwidth for the replication of nightly incremental backups.  

WD Arkeia fourth generation network backup appliances – models RA4300, RA4300T, RA5300, RA6300 – will be available in July 2013 through select DMR’s and WD-authorized value-added resellers (VARs) in the US, Canada, and Europe.  Manufacturer’s Suggested Retail Price, including hardware and software, begins at $9,990 USD.  WD Arkeia network backup appliances are covered by one year of unlimited access to technical support, one year of software updates, and a one-year limited hardware warranty.