Symantec Website Security Threats: February 2014 Update.
 

Symantec Website Security Threats: February 2014 Update.

on

  • 563 views

Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.

Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.

Statistics

Views

Total Views
563
Views on SlideShare
563
Embed Views
0

Actions

Likes
0
Downloads
22
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Symantec Website Security Threats: February 2014 Update. Symantec Website Security Threats: February 2014 Update. Presentation Transcript

  • WEBSITE SECURITY THREATS: FEBRUARY 2014 UPDATE Thursday 13th February 2014 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andy_horbury@symantec.com andrew_shepherd@symantec.com Website Security Threats: February 2014 Update
  • Agenda 1 Month in Numbers 2 Malware tactics: Redkit, Fake Browsers 3 Mobile Applications 4 Social Media Scams 5 Stranger than fiction 6 Good news Website Security Threats: February 2014 Update
  • The month in numbers • 82% of enterprise Mac users not getting security updates • 16 million online accounts in Germany compromised • 20 million credit card details stolen in South Korea • UK government: “Half of UK people are not protecting themselves online” • Attackers steal personal details from 800,000 Orange customers • Eleven US high school students expelled for hacking teacher accounts, and augmenting their grades • Around 45 retailers affected by POS malware. Website Security Threats: February 2014 Update
  • Malware and toolkits – Redkit, Fake Browser, FedEx • After an absence of 18 months Redkit exploit toolkit returns after Blackhole’s author (Paunch’s) arrest • Phony FedEx: malicious email campaign that impersonates FedEx targets unsuspecting home and business users • Chrime or Chrome? Fake browser update sites aims to trick users into download malware posing as a browser update. Website Security Threats: February 2014 Update
  • Mobile Applications not quite as secure as you would hope • Issues with global banking apps – 4 in 10 banking apps, vulnerable to man in the middle attacks because they don’t validate server SSL certificates – 90 percent of analysed apps contain several unencrypted links which could potentially let an attacker intercept traffic and inject code to display fake login screens to the user. • Its not just the banks… – Starbucks have updated their app after data leakage reported Website Security Threats: February 2014 Update
  • Social Media Scams – RIP, SnapChat, WhatsApp • RIP Scams continue to work and work – The online list of alive ‘dead’ celebs continues to grow – Linking to malicious, apps, sites and phony surveys • SnapChat Spam – Spam uses sexually suggestive images and compromised short URLs • WhatsApp being used to spread malware – messages claim that WhatsApp for PC is available & that the recipient has 11 pending invitations from friends. Website Security Threats: February 2014 Update
  • Stranger than fiction • Thanks but no thanks! Teenager reported to the police for finding website vulnerability • Its that time again…. Academics discover the prefect time for cyber attacks • Who’s to blame for security problems? Surveys say….you, me them, us… EVERYONE Website Security Threats: February 2014 Update
  • Stranger than fiction part two Live from the security HQ at the Superbowl #oops Website Security Threats: February 2014 Update
  • Good News • The fridge comes back in from the cold…. – Spamming fridge is not quite what it seems • Guccifer the celebrity hating hacker arrested – Leaker of Downton Abbey and Sex and City scripts finally shut down • Yahoo defaults to AOSSL • Yahoo enables https encryption by default and more services being added all the time • Tumblr activated SSL this past week Website Security Threats: February 2014 Update
  • Link glossary • POS attacks http://bit.ly/1aTXsfe • Fake Browsers: – http://bit.ly/1eThlCQ – http://bit.ly/1iO7YVN • Redkit http://bit.ly/1dHcwYs • SnapChat http://bit.ly/LTYY5q • WhatsApp http://bit.ly/1gsYXze • Yahoo and SSL http://tnw.co/1bo9Ncc • Symantec Intelligence Report December 2013 http://bit.ly/1fYlxzb • Symantec IOT blog http://bit.ly/1hb4aAy • Rest In Peace Scams http://bit.ly/1ntvUOm • Slides available to download on SlideShare http://slidesha.re/1j2jxIi Website Security Threats: February 2014 Update
  • Next webinar: Thursday 13th March 2014 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 @andyhorbury Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: February 2014 Update