Symantec Website Security Threats: February 2014 Update.

688 views
563 views

Published on

Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
688
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Symantec Website Security Threats: February 2014 Update.

  1. 1. WEBSITE SECURITY THREATS: FEBRUARY 2014 UPDATE Thursday 13th February 2014 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andy_horbury@symantec.com andrew_shepherd@symantec.com Website Security Threats: February 2014 Update
  2. 2. Agenda 1 Month in Numbers 2 Malware tactics: Redkit, Fake Browsers 3 Mobile Applications 4 Social Media Scams 5 Stranger than fiction 6 Good news Website Security Threats: February 2014 Update
  3. 3. The month in numbers • 82% of enterprise Mac users not getting security updates • 16 million online accounts in Germany compromised • 20 million credit card details stolen in South Korea • UK government: “Half of UK people are not protecting themselves online” • Attackers steal personal details from 800,000 Orange customers • Eleven US high school students expelled for hacking teacher accounts, and augmenting their grades • Around 45 retailers affected by POS malware. Website Security Threats: February 2014 Update
  4. 4. Malware and toolkits – Redkit, Fake Browser, FedEx • After an absence of 18 months Redkit exploit toolkit returns after Blackhole’s author (Paunch’s) arrest • Phony FedEx: malicious email campaign that impersonates FedEx targets unsuspecting home and business users • Chrime or Chrome? Fake browser update sites aims to trick users into download malware posing as a browser update. Website Security Threats: February 2014 Update
  5. 5. Mobile Applications not quite as secure as you would hope • Issues with global banking apps – 4 in 10 banking apps, vulnerable to man in the middle attacks because they don’t validate server SSL certificates – 90 percent of analysed apps contain several unencrypted links which could potentially let an attacker intercept traffic and inject code to display fake login screens to the user. • Its not just the banks… – Starbucks have updated their app after data leakage reported Website Security Threats: February 2014 Update
  6. 6. Social Media Scams – RIP, SnapChat, WhatsApp • RIP Scams continue to work and work – The online list of alive ‘dead’ celebs continues to grow – Linking to malicious, apps, sites and phony surveys • SnapChat Spam – Spam uses sexually suggestive images and compromised short URLs • WhatsApp being used to spread malware – messages claim that WhatsApp for PC is available & that the recipient has 11 pending invitations from friends. Website Security Threats: February 2014 Update
  7. 7. Stranger than fiction • Thanks but no thanks! Teenager reported to the police for finding website vulnerability • Its that time again…. Academics discover the prefect time for cyber attacks • Who’s to blame for security problems? Surveys say….you, me them, us… EVERYONE Website Security Threats: February 2014 Update
  8. 8. Stranger than fiction part two Live from the security HQ at the Superbowl #oops Website Security Threats: February 2014 Update
  9. 9. Good News • The fridge comes back in from the cold…. – Spamming fridge is not quite what it seems • Guccifer the celebrity hating hacker arrested – Leaker of Downton Abbey and Sex and City scripts finally shut down • Yahoo defaults to AOSSL • Yahoo enables https encryption by default and more services being added all the time • Tumblr activated SSL this past week Website Security Threats: February 2014 Update
  10. 10. Link glossary • POS attacks http://bit.ly/1aTXsfe • Fake Browsers: – http://bit.ly/1eThlCQ – http://bit.ly/1iO7YVN • Redkit http://bit.ly/1dHcwYs • SnapChat http://bit.ly/LTYY5q • WhatsApp http://bit.ly/1gsYXze • Yahoo and SSL http://tnw.co/1bo9Ncc • Symantec Intelligence Report December 2013 http://bit.ly/1fYlxzb • Symantec IOT blog http://bit.ly/1hb4aAy • Rest In Peace Scams http://bit.ly/1ntvUOm • Slides available to download on SlideShare http://slidesha.re/1j2jxIi Website Security Threats: February 2014 Update
  11. 11. Next webinar: Thursday 13th March 2014 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 @andyhorbury Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: February 2014 Update

×