2. Agenda
• Introduction – F-Secure
• Security in the news
• Malware – how you get infected
• Software vulnerabilities
• Anatomy of a cyber crime
• Software publishers fight back
• We will protect you – F-Secure’s 8 layers of protection
• F-Secure Software Updater
3.
4. Praised by Analysts
The Forrester Wave™: Endpoint Security, Q1 2013
Forrester Research Inc. gave us the
highest score among all vendors for
our product roadmap and strategy.
We received top ranking scores on
our performance and satisfaction, in
addition to our advanced antimalware technologies.
5. Awarded Protection
Prestigious Best Protection awards by AV-Test
“We are proud to
congratulate the
entire F-Secure team
for receiving the AVtest Best Protection
Award 2012”
“Out of all corporate
endpoint protection
products reviewed, FSecure Client Security
offered by far the best
protection.”
Andreas Marx, CEO
of AV-TEST
Andreas
Marx, CEO of AVTEST
8. Comprehensive Protection
Providing 360 protection from all threats
Protection Service for Business
Business Suite
In-House IT
Policy Manager
Management as a Service
Internet Gatekeeper Messaging Security
Gateway
PSB Portal
Out-sourced IT
Server Security
Client Security
Email and Server
Security
Mobile Security
Linux Security
AV for
Workstations
PSB Server
Security
PSB Email and
Server Security
PSB Workstation
Security
Protection
Service for Email
PSB Mobile Security
13. Malware Attack Vectors
INFECTED
CONTAMINATED CONTAMINATED MALICIOUS LINK
ADVERTISEMENT
WEBSITE
ATTACHMENT TO MALWARE
An otherwise legitimate website
A legitimate website is
An authentic looking email
An email from a seemingly
is infected though hostile
compromised by an attacker deceives the end-user to open trusted or legitimate source
advertisements originating from and consequently contaminated
a seemingly genuine
deceives the end-user to follow
non-website related
by inserting malicious content attachment, which contains an a link to an external website
independent 3rd party adinto it, which then infects every integrated malware. Which
which contains malicious
agencies, which then
visitor going to the site.
through software vulnerability software that infects every
contaminates visitors by
or exploit gains access to the
visitor going to the site.
exploiting software
system.
vulnerabilities.
14. Malware Attack – What Next?
VULNERABILITY
BACKDOOR
ACCESS
But due to a vulnerability from
outdated software, an
integrated malware payload is
installed.
Malware contacts remote
server and deploys additional
malware, ensuring multiple
backdoor and remote access.
With access secured, the
attacker aims to escalate
privileges in order to gain further
access in the network.
15. Malware Attack – What Next?
DATA
ESCAPE
With access to most confidential parts
and files of the network, the criminal
identifies most valuable data and
starts sending it to external staging
servers.
Valuable data is then extracted
and send forward. Attacker
destroys evidence and hides
tracks, but might leave a
backdoor for further access.
16.
17. Karmina
Senior Analyst
WHAT IS A SOFTWARE
VULNERABILITY?
Software bug or defect that allows your
device to be compromised.
Security (an intersection of 3 elements):
• a system susceptibility or flaw
• attacker access to the flaw
• and attacker capability to exploit the flaw
18. Vulnerabilities by Numbers
Top 10 Vendors
Vendor
No. of vulnerabilities
2012
Oracle
Apple
Mozilla
Microsoft
IBM
Google
Adobe
Cisco
HP
Apache
2011
424 ↑
270 ↑
262
195 ↑
169 ↓
110
154 ↑
150 ↓
143
137 ↓
134 ↓
189
74 ↓
55 ↑
144
246
244
299
135
44
Source: National Vulnerability Database (http://nvd.nist.gov/)
19. Vulnerabilities by Numbers
Most Targeted Applications
Operating Systems
Operating System
No. of vulnerabilities
2012
2011
Apple iOS
Microsoft Windows Server 2003
Microsoft XP
Microsoft Windows 2008
Microsoft Windows Vista
Microsoft Windows 7
Cisco IOS
Linux Kernel
Oracle Solaris
VMware ESXi
VMware ESX
Cisco IOS XE
Citrix Xen
Apple Mac OS X
Apple Mac OS X Server
86
45
42
48
41
42
36
45
47
12
11
9
33
21
17
↑
↓
↓
↓
↓
↓
↑
↓
↑
↑
↑
↓
↑
↓
↓
35
105
96
101
91
98
36
45
47
7
7
13
3
69
66
Application
Mozilla FireFox
Mozilla Thunderbird
Mozilla SeaMonkey
Google Chrome
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Apple iTunes
Apple Safari
Adobe Flash Player
Oracle Java
Adobe Air
Adobe Flash Player for Android
Ffmpeg
Microsoft Internet Explorer
Adobe Shockwave Player
Adobe Reader
No. of
vulnerabil
ities
2012
159
144
143
125
115
109
102
85
66
58
54
53
42
41
27
25
2011
↑
↑
↑
↓
↑
↑
↑
↑
↑
↑
↓
↓
↓
97
63
63
275
78
45
63
37
27
10
45
38
65
Source: National Vulnerability Database (http://nvd.nist.gov/)
22. Vulnerability Types -RCE
• RCE – Remote Code
Execution
• Runs code without
authorisation or
authentication
• “Drive by installations”
• Code is designed as data
• Documents, emails and
websites can be used
23. Vulnerability Types - EOP
• EOP – Elevation of Privilege
• Allows attacker to either gain higher privileges or impersonate
another user with higher privileges
• Usually targets the “admin” or “root” account
• Combined with RCE, allows an attacker to install malware on
one or more systems
24. Vulnerability Types – DOS
• DOS – Denial of Service
• Makes a device or system unavailable to intended users
• Uses or creates software bottlenecks
• Excessive CPU usage, memory leaks, disk I/O, slow or long
LDAP searches, database calls or large join operations.
• Motives for DOS
• Protestors, hacktivists
• Industrial espionage
• Distraction from criminal activity
25. Vulnerability Types – Leaks
Leaks (or information disclosure)
• Enables an attacker to
gain valuable
information
• Memory dumps, log
files, network traffic
• Mobile Phone Apps –
unencrypted data
• Invisible to the user
26. Gregory
Senior Software Engineer
ZERO – DAY: An attack that exploits a previously
unknown vulnerability
APT – Advanced Persistent Threat – Targeted
attack aimed at specific organisations
• Governments
• Financial institutions
• Medical organisations
28. Anatomy of a crime – RSA – March 2011
Source: RSA
http://blogs.rsa.com/anatomy-of-an-attack/
201
RE
1
C
1
2
3
PHISHING
EMPLOYEE
VULNERABILITY
Attacker sent two „spear
phishing‟ emails during
the course of two-day
period.
The email, titled 2011
Recruitment Plan, related well
with the ongoing recruitment
process in the company.
Emails were sent to two
small groups of employees
without particularly high
profile or target value.
It was crafted well enough to
trick one employee to retrieve
it from their Junk mail
folder, and open the attached
excel file.
The attached excel file
contained a zero-day exploit
that installed a backdoor
through an Adobe Flash
vulnerability.
(CVE-2011-0609)
29. Anatomy of a crime - RSA
4
REMOTE
ACCESS
Having the backdoor
secured, the attacker
installed a remote
administration tool called
„Poison Ivy‟, which allowed
the attacker to remotely
control the computer.
5
SENSITIVE DATA
$66.3 Million
With remote access
Direct bottom-line
established, the attacker
cost of investigating
leveraged the original
and monitoring of
credentials in gaining entry to
corporate customer
more „strategic‟ systems and
transactions
employees with access to
sensitive data.
Data was then extracted and
aggregated to an internal
staging server.
6
EVASION & EXIT
From there, data was send to
an external staging server at a
compromised machine – and
subsequently pulled by the
attacker.
Traces and data was removed
from the compromised host
to remove any traces.
33. Blackhole Exploit Kit
• Off the shelf malware tool – currently most prevalent web threat
• Targets web users through out of date browsers to install malware
• Once infected, the attacker can see what other vulnerabilities can
be exploited
38. How can you protect yourself?
•
Patch regularly, patch quickly
•
Reduce your attack surface
•
Less (software) is more
•
Avoid vulnerable software – Java, in
particular
•
Get an anti virus program – keep it up to
date!
•
Have a strong security policy and enforce it
•
“Educate Rob” – user education. You are
only as strong as your weakest link.
39. How can you protect yourself?
•
Patch regularly, patch quickly
•
Reduce your attack surface
•
Less (software) is more
•
Avoid vulnerable software – Java, in
particular
•
Get an anti virus program – keep it up to
date!
•
Have a strong security policy and enforce it
•
“Educate Rob” – user education. You are
only as strong as your weakest link.
40. How can you protect yourself?
• 95% of all attack attempts can be attributed to just 5 vulnerabilities
• 1 vulnerability in Windows, 4 in Java
• 3 of the top 5 were less than 6 months old, the most prevalent is 2
years old and was top vulnerability in 2012
41. Comprehensive Protection
Providing you with 8 layers of protection
1. URL/WEB ACCESS FILTERING
2. HTTP PROTOCOL SCANNING
3. EXPLOIT DETECTION
4. CLOUD REPUTATION QUERIES
5. SANDBOXING AND BEHAVIOURAL ANALYSIS
6. REAL-TIME SCANNING
7. MEMORY SCANNING
8. RUNTIME HEURISTICS
Corporate
Client Security
Server Security
Email and Server Security
PSB Workstation Security
PSB Email and Server Security
Consumer
Internet Security 2014
Mobile
F-Secure Mobile Security
43. Software Updater
Combining operational efficiency and security
Out-of-date 3rd party software is a significant security
risk, yet expensive to update without Software Updater!
…
= Significant Cost Savings!
Can be deployed in less than one hour.
44. Software updater supported applications
.NET Framework
7-Zip
Access
Access Database Engine
Access Runtime
Acrobat Distiller
Acrobat Elements
Acrobat Reader
Adobe Acrobat
Adobe AIR
Adobe Flash
Adobe Flash Player Plugin
Adobe Reader
Adobe Reader MUI
Adobe Shockwave Player
Apache
Apache Tomcat
Apple Application Support
Apple iTunes
Apple QuickTime
AT&T Global Network Client
Audacity
BizTalk Server
BlackBerry Desktop Manager
BlackBerry Server for Exchange
Business Contact Manager for Outlook
CCleaner
CDBurnerXP
Citrix Group Policy Management
Citrix MetaFrame XP
Citrix Online Plugin
Citrix Password Manager Console
Citrix Presentation Server
Citrix Single Sign-On Console
Citrix XenApp
Commerce Server
Content Management Server
CoreFTP
DirectX
Excel
Microsoft Office Excel Viewer
Exchange
Exchange System Manager
FileZilla
Firefox
Flash Player Plugin
Foxit Reader
Microsoft FrontPage Server Extensions
Gimp
Google Chrome
Google Picasa
Google Talk
Groove
Host Integration Server
HP System Management Homepage
Hyper-V
InfoPath
Internet Explorer
Internet Information Server
Internet Information Services
ISA Server
Java Development Kit
LibreOffice
MDAC
Microsoft Antigen for SMTP Gateways
Microsoft AntiXSS
Microsoft CAPICOM
Microsoft Digital Image
Microsoft Expression Blend
Microsoft Expression Design
Microsoft Expression Encoder
Microsoft Expression Media
Microsoft Expression Studio
Microsoft Expression Web
Microsoft FAST Search Server 2010 for
Sharepoint
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection
Microsoft Forefront Security for Exchange
Server
Microsoft Forefront Security for SharePoint
Microsoft Forefront Threat Management
Gateway
Windows Journal Viewer
Microsoft Lync
Microsoft Lync Server
Microsoft Office
Microsoft Office Communications Server
Microsoft Office Communicator
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Groove Server
Microsoft Office InfoPath
Microsoft Office Outlook
Microsoft Office Pinyin IME
Microsoft Office Project Server
Microsoft Office Search Server
Microsoft Office SharePoint Server
Microsoft Office Small Business Accounting
Microsoft Office Visual Web Developer
Microsoft Office Web Apps Application
Server Components
Microsoft Outlook Express
Microsoft Project Web Front End Server
Microsoft Report Viewer Redistributable
Microsoft Search Server
Services For Unix
Microsoft SharePoint
Microsoft Silverlight
Microsoft Step By Step Interactive Training
Microsoft System Center Configuration
Manager
Microsoft Systems Management Server
MICROSOFT UNIFIED ACCESS GATEWAY
Microsoft Virtual Machine (VM)
Microsoft Virtual PC
Microsoft Virtual Server
Microsoft Visual C++ Redistributable
Microsoft Visual Studio
Microsoft Visual Studio Tools for Applications
Microsoft Windows Defender
Microsoft Windows Live OneCare
Microsoft Word Server
Microsoft Works 6-9 Converter
MozyHome
MozyPro
MSComctl Analysis Services
MSN Messenger
MSXML
NetChk Protect
Notepad++
Office
Microsoft Office
OneNote
Opera
Oracle OpenOffice.Org
Outlook
Outlook Express
Outlook TimeZoneMove
Pidgin
PowerPoint
PowerPoint Viewer
Producer for PowerPoint
Microsoft Project
Proofing Tools
Publisher
RealPlayer
RealVNC
Safari
Salesforce Chatter Desktop
SeaMonkey
Sharepoint Designer
Microsoft SharePoint Team Services
Sharepoint Workspace
Shavlik NetChk Protect
SkyDrive Pro
Skype
Skype Business
Small Business Server
SNA Server
Snapshot Viewer for Microsoft Access
SQL Server
SQL Server Desktop Engine (MSDE)
Sun Java Runtime Environment
Thunderbird
TortoiseSVN
http://www.f-secure.com/en/web/business_global/swup
UltraVNC
Virtual CloneDrive
Visio
Visio Viewer
Visual Basic
Visual Basic for Applications SDK
Visual C++ Redistributable
Visual FoxPro
Visual Studio .NET
VLC Media Player
VMware Player
VMware Workstation
Winamp
Windows Server
Windows
Windows Embedded Standard
Windows Home Server
Windows Storage Server
Windows Hyper-V Server
Windows Internal Database
Windows Live Messenger
Windows Mail
Windows Media Encoder
Windows Media Player
Windows Media Services
Windows Messenger
MSN MESSENGER
Windows Movie Maker
Windows Search
Windows SharePoint Services
Windows Small Business Server
Windows Storage Server
Windows Web Server
WinRAR
WinZip
SQL Server Desktop Engine (Windows)
Word
Word Viewer
WSUS
Zimbra Desktop
45. F-Secure DeepGuard 5 – EXPLOIT DETECTION
…
DG 5.0 monitors the most commonly
exploited software
Protects
against
threats such
as “Red
October"
If the software starts to behave
suspiciously, DeepGuard stops the
exploit
Special logic for handling document
exploits
46. F-Secure DeepGuard
Sandboxing and Behavioural Analysis
Proactive behaviour-based protection against emerging
threats
Unknown
Program
Executes
Behavior
Analysis
Reputation
Check
Event
Analysis
DeepGuard is our behaviour analysis feature, providing
you with a last line of defence against unknown malware
48. CLOUD REPUTATION QUERIES
Real Time Protection Network
“
Quite a few protection
features gain their
bleeding edge with
cloud-based operations
and this requires
connection to the
F-Secure cloud.
49. URL/WEB ACCESS FILTERING
F-Secure Browsing Protection
While browsing the internet, it is nice to
see where you could safely go…
And when your user takes a wrong
turn, we are there to stop them.
50. HTTP PROTOCOL SCANNING
Network Interceptor Framework (NIF)
No more browser plugins
All HTTP, IMAP4, POP3 and SMTP traffic scanned
Firewall - Network Traffic Control
POP
F-Secure Firewall controls all network traffic to
and from your workstation
Unknown
HTTP
Email
51. F-Secure Reseller/Partner Technical Training day coming soon
6th December 2013
Slough Copthorne Hotel
Places limited - contact me for details
07818 515 687
bunmi.Sowande@f-secure.com
Editor's Notes
F-Secure being in the industry for 25 years, we were the 1st company to spot the 1st virus. Good selling pointing. Global software security company, listed in NASDAQ OMX Helsinki Ltd23 country offices with 900+ employees, and a presence in more than 100 countries.Awarded world-class anti-malware research and operationsPraised Strategy. Highest score among all vendors for our product roadmap and strategy, given by Forrester Research Inc.
Let’s look at the detail of our security offering…
Adobe – 2.9 million customer lost personal data including passwords and credit card information, as well as source codeWhatsapp – Poor design means encryption is predictable and easy to crack
Blackhole Creator has been arrested. Use of the tool has dropped since then. Dick Cheney removed the wireless function of his implant because he was worried a hacker could interfere with it. Homeland used this in an episode.
Government – New Cyber Defence ForceOpposition – Plans to tackle cybercrime
It’s now a case of it, not when you will be attacked.information security functions not fully meeting the needs in 83% of organizations, 93% of companies globally are maintaining or increasing their investment in cyber-security to combat the ever increasing threat from cyber-attacks.Thirty-one percent of respondents report the number of security incidents within their organization has increased by at least 5% over the last 12 months.
Oracle tops the chart with 424 vulnerabilities, much higher than their 262 entries in 2011. A significant number of these vulnerabilities are related to Java.Microsoft continues to decrease the number of vulnerabilities it reported with 169 vulnerabilities, down from 244 in 2011 and 318 in 2010.Google had the most vulnerabilities in 2011, but now lies in sixth position with only half of the vulnerabilities they reported in 2011.
These numbers confirm that mobile platforms are garnering more and more attention from security researchers and hackers.An interesting entry into the chart this year is VMware ESX/ESXi. The virtualization market is growing and the security focus has shifted to follow the trend.454 vulnerabilities were reported in 2012 for the top five web browsers (Mozilla Firefox, Google Chrome, Apple Safari, Microsoft Internet Explorer and Opera Browser). This figure is greater than all the vulnerabilities reported in 2012 for all operating systems combined (which had “only” 436 vulnerabilities).
Our competitors are catching us and they have started making claims about “equal level” patch management features. This is however not true since at so far they only support Windows Update. According to Vulnerability Database only 12 % of the vulnerabilities are found from OS and 85 % from 3rd party software. The remaining 3% is from hardware etc.86 – 10 - 4
APT – Business and Political Targets
DATAPOINT:RSAhttp://blogs.rsa.com/anatomy-of-an-attack/+ + + + + + + + + + + + + + + + + + +The email subject line read “2011 Recruitment Plan.”The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls.The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines. IF PATCHED!OK, back to the attack. As you know, the next step in a typical APT is to install some sort of a remote administration tool that allows the attacker to control the machine. In our case the weapon of choice was a Poison Ivy variant set in a reverse-connect mode that makes it more difficult to detect, as the PC reaches out to the command and control rather than the other way around. Similar techniques were reported in many past APTs, including GhostNet.Having set remote access, now the attacker in a typical APT starts digital shoulder surfing to establish the employee’s role and their level of access. If this isn’t sufficient for the attackers’ purpose, they will seek user accounts with better, more relevant, privileges. I’ve pieced together a separate blog post as an appendix, talking about the attack end-to-end and providing more data.Then they use the compromised accounts, coupled with various other tactics, to gain access to more “strategic” users. In the RSA attack the timeline was shorter, but still there was time for the attacker to identify and gain access to more strategic users.The attacker first harvested access credentials from the compromised users (user, domain admin, and service accounts). They performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high value targets, which included process experts and IT and Non-IT specific server administrators.If the attacker thinks they can exist in the environment without being detected, they may continue in a stealth mode for a long while. If they think they run the risk of being detected, however, they move much faster and complete the third, and most “noisy”, stage of the attack. Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase.In the third stage of an APT, the goal is to extract what you can. The attacker in the RSA case established access to staging servers at key aggregation points; this was done to get ready for extraction. Then they went into the servers of interest, removed data and moved it to internal staging servers where the data was aggregated, compressed and encrypted for extraction.The attacker then used FTP to transfer many password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack.I hope this description provides information that can be used to understand what has happened and correlate with other APTs.
DATAPOINT:RSAhttp://blogs.rsa.com/anatomy-of-an-attack/+ + + + + + + + + + + + + + + + + + +The email subject line read “2011 Recruitment Plan.”The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls.The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines. IF PATCHED!OK, back to the attack. As you know, the next step in a typical APT is to install some sort of a remote administration tool that allows the attacker to control the machine. In our case the weapon of choice was a Poison Ivy variant set in a reverse-connect mode that makes it more difficult to detect, as the PC reaches out to the command and control rather than the other way around. Similar techniques were reported in many past APTs, including GhostNet.Having set remote access, now the attacker in a typical APT starts digital shoulder surfing to establish the employee’s role and their level of access. If this isn’t sufficient for the attackers’ purpose, they will seek user accounts with better, more relevant, privileges. I’ve pieced together a separate blog post as an appendix, talking about the attack end-to-end and providing more data.Then they use the compromised accounts, coupled with various other tactics, to gain access to more “strategic” users. In the RSA attack the timeline was shorter, but still there was time for the attacker to identify and gain access to more strategic users.The attacker first harvested access credentials from the compromised users (user, domain admin, and service accounts). They performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high value targets, which included process experts and IT and Non-IT specific server administrators.If the attacker thinks they can exist in the environment without being detected, they may continue in a stealth mode for a long while. If they think they run the risk of being detected, however, they move much faster and complete the third, and most “noisy”, stage of the attack. Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase.In the third stage of an APT, the goal is to extract what you can. The attacker in the RSA case established access to staging servers at key aggregation points; this was done to get ready for extraction. Then they went into the servers of interest, removed data and moved it to internal staging servers where the data was aggregated, compressed and encrypted for extraction.The attacker then used FTP to transfer many password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack.I hope this description provides information that can be used to understand what has happened and correlate with other APTs.
CryptoLocker is a computer worm which surfaced in late 2013. A form of ransomware targeting Microsoft Windows-based computers, the trojanencrypts files stored on local hard drives and mounted network drives using public-key cryptography, and then displays a message saying that the files will be decrypted if a fee is paid through an anonymous payment service by a specified deadline, beyond which decryption is no longer possible.CryptoLocker typically propagates as an attachment to a seemingly innocuous e-mail (usually taking the appearance of a legitimate company e-mail), or from a botnet. The attached ZIP file contains an executable file with filename and icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. Some instances may actually contain the Zeustrojan instead, which in turn installs CryptoLocker.[1][2] When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup. It then attempts to contact one of several designated command and control servers; once connected, the server then generates a 2048-bitRSA key pair, and sends the public key back to the infected computer.[1][3] The server may be a local proxy and go through others, frequently relocated in different countries to make tracing difficult.[4][5]The payload then proceeds to begin encrypting files across local hard drives and mapped network drives with the public key, and logs each file encrypted to a registry key. The process only encrypts certain types of files by extensions, but particularly targets Microsoft Office and OpenDocument files.[2] The payload then displays a message informing the user that files have been encrypted, and demands a payment of either 100 or 300 USD or Euro through an anonymous pre-paid cash voucher (i.e. MoneyPak or Ukash), or 2 Bitcoin in order to decrypt the files. The payment must be made within 72 or 100 hours, or else the private key on the server would be destroyed, and "nobody and never [sic] will be able to restore files."[1][3]
The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on the October 7, 2013 that "Paunch" has been arrested.
Microsoft – Patch Tuesday – 2nd Tuesday of the MonthOracle – 127 security patches including 51 patches for Java, all but one of the Java patches allow for RCEIos 7 fixed 80 vulnerabilities (Just over 50% of users have upgraded)The most concerning of the iOS vulnerabilities is CVE-2013-5139. This is a flaw in the IOSerialFamily driver that could allow an attacker to run arbitrary code, with no authentication required for the exploit, and it could result in disclosure of information stored on the phone as well as denial of service. The other high severity vulnerabilities can also be exploited to create a denial of service attack. -
There are five main areas to the new policy: improved reporting, improved validation, improved remediation, the implementation of a 'hall of fame' – and a reward scheme paying between $150 - $15,000.
CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities.Updating Java - In the Java 7 update 11 release, the default security level setting for Java was increased to High. This configuration means that users need to expressly authorize an applet execute (whether they are unsigned or self-signed)Disabling the Java browser plug-in - If updating Java isn’t an option, user can focus on managing the Java browser plug-in by disabling the plug-in and only enabling it when needed. This can be done via a handy, one-click option in the Control Panel (available in the Java 7 update 10 release) or via the web browser’s settings. The instructions for disabling Java in various web browsers are available at: http://www.java.com/en/download/help/disable_browser.xmlUsing two browsers - Rather than fiddling with security settings, the user may opt for a two-browser strategy, in which one browser with the Javaplug-in enabled is dedicated solely to using the website or program that demands it. All other web browsing is done on a separate browser without the plug-in.Enable Click to Play - For Java-enabled web browsers, an additional touch of security comes from the plug-in blocking feature built into most browsers. In Firefox and Opera, it’s known as ‘Click to Play’ while Chrome has a ‘Block all’ option for plug-ins in its Contents Settings page. This functionality prevents automatic execution of plug-ins (not just Java) and requires the user to click on the plug-in of interest before it will run.3rd party apps: Another possibility is to use third-party programs to block plug-ins from automatically running on page load, unless the user chooses otherwise. The most popular of such programs is NoScript, which blocks multiple types of active content in Mozilla-based browsers, though there are a handful of other applications available that perform a similar function
CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities.Updating Java - In the Java 7 update 11 release, the default security level setting for Java was increased to High. This configuration means that users need to expressly authorize an applet execute (whether they are unsigned or self-signed)Disabling the Java browser plug-in - If updating Java isn’t an option, user can focus on managing the Java browser plug-in by disabling the plug-in and only enabling it when needed. This can be done via a handy, one-click option in the Control Panel (available in the Java 7 update 10 release) or via the web browser’s settings. The instructions for disabling Java in various web browsers are available at: http://www.java.com/en/download/help/disable_browser.xmlUsing two browsers - Rather than fiddling with security settings, the user may opt for a two-browser strategy, in which one browser with the Javaplug-in enabled is dedicated solely to using the website or program that demands it. All other web browsing is done on a separate browser without the plug-in.Enable Click to Play - For Java-enabled web browsers, an additional touch of security comes from the plug-in blocking feature built into most browsers. In Firefox and Opera, it’s known as ‘Click to Play’ while Chrome has a ‘Block all’ option for plug-ins in its Contents Settings page. This functionality prevents automatic execution of plug-ins (not just Java) and requires the user to click on the plug-in of interest before it will run.3rd party apps: Another possibility is to use third-party programs to block plug-ins from automatically running on page load, unless the user chooses otherwise. The most popular of such programs is NoScript, which blocks multiple types of active content in Mozilla-based browsers, though there are a handful of other applications available that perform a similar function
Browsingprotectioncheckssafety and/orsuitability of thewantedwebsitefrom F-Secure cloud.On managedenvironmentsyoucanchoosewouldyoulikethepossibility to bypasstheblock to beofferedornot.