Thursday, August 23, 2012

Cherwell Software is on the 2012 Gartner ITSSM Magic Quadrant

We have made it!  Cherwell is on the Gartner Magic Quadrant. Click the lick below to view the press release.

Cherwell Software is on the 2012 Gartner ITSSM Magic Quadrant

Wednesday, August 22, 2012

Crisis Malware Specifically Targets Virtual Machines–Repost from WatchGuard

In a WatchGuard Security week in review from about three weeks ago, Corey highlighted a new cross-platform malware variant called Crisis, which could infect both Windows and Mac computers by using a Java vulnerability that affected both platforms. The cross-platform nature of this malware alone made it pretty unique and interesting. This week, Symantec has uncovered new details about Crisis, which makes it even more impressive and scary; and could also represent an evolutionary new step  for malware. In short, Crisis specifically targets and infects virtual machines. According to Symantec’s blog post, when Crisis executes on a Windows computer, it searches the hard drive for VMware format virtual images. When it finds a VM image, it mounts the image and copies itself to the virtual machine, thus infecting it as well. Since virtual machines pretty much look identical to physical ones, malware has always been able to inadvertently infect virtual machines. However, this is the first time that I have seen malware that specifically targets and infects virtual images.
This is a pretty big deal in malware evolution. Unlike physical computers, virtual images get cloned, copied, and shared quite a bit. Often, IT administrators have pre-set virtual images they use as the base image whenever building a new virtual machine. If one of these base images got infected, you could inadvertently spread that infection to every new virtual image you spun up.
Furthermore, many administrators haven’t yet implemented the same security controls they have on their physical networks, on their virtual ones. This makes their virtual network a black hole, as far as visibility and security are concerned. One of the issues highlighted this year was that SMB’s increased adoption of virtualization technology would reawaken the need for virtual security solutions. Crisis’ new virtual spreading technique reinforces that prediction. The good news is there are solutions out there. For instance, WatchGuard’s own XTMv and XCSv virtual appliances can deliver all the typical layers of security you use today to your virtual network. Today’s malware authors use modular code and like to share. I suspect many other malware authors will adopt this new virtual image infection trick soon, and we will see them more aggressively target virtual machines. If you haven’t already implemented virtual security solutions, I recommend you do so soon.

Tuesday, August 21, 2012

Security Week in Review–from WatchGuard

This is a text-version of last week’s security news summary. If you’re interested in the important and interesting security stories you may have missed last week, check out the bulleted-list below.  
  • Shamoon malware wipes HD and MBR - An Israeli security firm called Seculert discovered a malware variant that steals info, then erases your hard drive (HD) and wipes your master boot record (MBR), preventing your computer from booting. Though the malware has infected at least one Middle Eastern energy company, experts do not think Shamoon comes from the same authors as other APTs.
  • Citadel trojan seems to target airline employees - A security company found a version of the Citadel botnet trojan that seems to target airlines, by attempting to steal employees’ VPN credentials. The malware specifically tries to capture some of the additional authentication tokens certain VPN clients require.
  • Blizzard credential breach - Blizzard is the latest victim of yet another password/credential breach. Though Blizzard salts their hash, you should still change your Blizzard credentials
  • Anonymous claims another PSN hack; Sony says no - In a tweet and Pastebin post, Anonymous claims they breached Sony PSN network again, and stole the information from 10 million PSN users. Sony says the breach didn’t happen. Chalk this one up to an Anonymous hoax.
  • Tridium releases ICS software patches – Tridium creates automation software for lighting and HVAC systems. US-CERT warned of many vulnerabilities in their software, and Tridium released updates to fix them this week. Just more evidence of how digital attacks can affect physical infrastructure.
  • Android malware triples in a quarter - One of WatchGuard’s partners, Kaspersky, released a security report last week that included some interesting facts about mobile malware. They found that Android malware has increased three-fold, and mostly focuses on SMS trojans that steal money.
  • Wikileaks Trapwire release and DDoS attack- A few weekends ago, Wikileaks released information about how certain agencies are leveraging video surveillance systems to track people (codenamed Trapwire). Shortly after this release, the Wikileaks site suffered DDoS attacks from a group called Antileaks. Antileaks says the incidents are unrelated.

Monday, August 20, 2012

So the Windows Phone is not dead yet......RIM is circling the bowl

Windows Phone Will Soon Overtake BlackBerry in the U.S.

Wednesday, August 8, 2012

Can cloud and security be used in the same sentence?

Hack raises concern about cloud storage

Monday, August 6, 2012

This is a good example if why the cloud is not quite there yet

Hackers Got Into Honan's iCloud Account With Deception, No Password Required [Security]

Sunday, August 5, 2012

Seriously? I have been wondering the very same thing.

Did anyone really confuse Samsung products for Apple's?

Saturday, August 4, 2012

Do you have your account yet? Mail: Microsoft Reimagines Webmail

Interesting Read About Getting Hacked

What Getting Hacked Feels Like