Day: January 17, 2014

Posted on

PAN-OS 6.0: Raising the Bar in the Fight Against Advanced Threats

Today Palo Alto Networks announced the availability of PAN-OS 6.0, and with it another major milestone in our commitment to defend enterprises, service providers and governments from the most advanced cyber threats.  At the center of our enterprise security strategy is an innovative platform, powered by PAN-OS, that provides breakthrough protection from the data center to the network perimeter, as well as the distributed enterprise. With over 60 new features now available in this release there is quite literally something for everyone.

As you read through the feature overview you’ll see two dominant themes emerge.  First, we continue to invest heavily in exposing new evasion tactics used by attackers to avoid detection. A clear example can be seen with the enhancements made to WildFire, which protects our customers from unknown malware, and zero-day exploits across nearly 400 different applications. Detecting these threats requires that you inspect all traffic – regardless of the port it’s transmitting through, the protocol used, or whether it’s encrypted, which we estimate constitutes as much as 20-30% of enterprise traffic today.

Second, it should go without saying that the intelligence gathered during detection must be closely integrated with your defenses and shared globally, such that previously unknown attack patterns can never be repeated.

Here are some of the highlights:

  • PAN-OS 6.0 expands WildFire’s dynamic analysis to include all major file types including Android APK, Java, PDF, PE and Microsoft Office.  Inspection can be performed against fully emulated Windows XP and Windows 7 environments with granular reporting and analysis tools to help expedite incident response.
  • PAN-OS 6.0 adds new DNS analysis and monitoring techniques to identify previously unknown command-and-control (C&C) servers, as well as infected hosts operating within your enterprise.  C&C intelligence is routed back to our Threat Prevention and URL Filtering subscription service to block any future communication and quickly remediate existing infections.

Be sure to check out the full breadth of this release at our What’s New in PAN-OS 6.0 feature page.  We’ll detail all of the enhancements made across the platform including VM-Series, GlobalProtect, and Panorama.

[Source: ]

Posted on

UPDATED – SCADA Security: Join Palo Alto Networks and the ICS-ISAC For A Look At SARA

UPDATE:  The ICS-ISAC panel session has been moved to January 22, 2014, 1:00PM EST, due to an unforeseen urgent matter. You can use the same link to register.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Supervisory control and data acquisition (SCADA) system security is a hot topic, and Palo Alto Networks will be participating in an ICS-ISAC online panel on situational awareness this Wednesday, January 15, January 22. Please join us and register here if you are interested to learn more.

The ICS-ISAC is a non-profit Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security. The ICS-ISAC is developing and piloting the Situational Awareness Reference Architecture (SARA). SARA is a practical compilation of standard practices, processes and technologies that can be used by asset owners, knowledge centers and their public and private partners to guide the implementation of local and shared situational awareness.

Palo Alto Networks is a new member of the ICS-ISAC, and we believe our next-generation security platform is a perfect fit for this architecture with its ability to provide highly granular visibility into network traffic and potential risks. We look forward to showcasing our solution in the ICS-ISAC’s SARA test bed in various situational awareness use cases across the control center and remote station environments.

Hope you can join us!

[Source: ]

Posted on

Two Thirds of Personal Banking Apps Found Full of Vulnerabilities

A researcher looked at the security of home banking apps, and found shocking results. Forty home banking apps from the top 60 most influential banks in the world were tested and found to have major security weaknesses.

Ariel Sanchez, a security consultant with IOActive, tested 40 iPhone and iPad banking apps over a period of 40 man-hours. He doesn’t name the apps nor the banks concerned, but has contacted some of the banks and reported the vulnerabilities. Although he doesn’t describe the vulnerabilities in any detail, if he can find them so easily, then so could attackers – and many of them are relatively easily exploitable. He published his findings in a blog posting yesterday.

Sanchez conducted tests in six separate areas: transport security, compiler protection, UIWebViews, data storage, logs and binary analysis. In each area he found widespread weaknesses. For example, 40% of the apps do not validate the authenticity of SSL certificates, making them, he says, “susceptible to Man in The Middle (MiTM) attacks.”

A full 90% of the apps contain non-SSL links, potentially allowing “an attacker to intercept the traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompt or similar scam.”

50% “are vulnerable to JavaScript injections via insecure UIWebView implementations… allowing actions such as sending SMS or emails from the victim’s device.”

70% have no facility for any “alternative authentication solutions, such as multi-factor authentication, which could help to mitigate the risk of impersonation attacks.”

“Most of the log files generated by the apps, such as crash reports, exposed sensitive information.” Documents leaked by Edward Snowden indicate that the NSA specifically looks for Windows error reports sent over the internet as a potential source for developing new 0-day exploits. Sanchez says the same problem exists with banking apps: “This information could be leaked and help attackers to find and develop 0day exploits with the intention of targeting users of the application.”

Some of the apps clearly rely on the device’s own security to protect the user’s data. “Some of them used an unencrypted Sqlite database and stored sensitive information, such as details of customer’s banking account and transaction history. An attacker could use an exploit to access this data remotely, or if they have physical access to the device, could install jailbreak software in order to steal… the information from the file system of the victim’s device.”

But one of his more worrying findings came from disassembling the apps themselves. He used the IDA PRO disassembler tool with the Clutch decryption tool. “A combination of decrypted code and code disassembled with IDA PRO was used to analyze the application,” he explains; and what he found was hardcoded development credentials within the code. “By using hardcoded credentials,” he says, “an attacker could gain access to the development infrastructure of the bank and infest the application with malware causing a massive infection for all of the application’s users.”

His research comes at a vital time. Banks are promoting the use of mobile banking as a competitive differentiator, but they clearly need to do more to protect their customers. “Home banking apps that have been adapted for mobile devices, such as smart phones and tablets, have created a significant security challenge for worldwide financial firms. As this research shows, financial industries should increase the security standards they use for their mobile home banking solutions,” warns Sanchez.

[Source: InfoSecurity Magazine]

Posted on

Palo Alto Networks Acquires Morta Security

Morta Team Expertise and Technologies Contribute to Palo Alto Networks’ Proven WildFire Threat Detection and Prevention Capabilities

Palo Alto Networks Santa Clara, CA
Palo Alto Networks® (NYSE: PANW), today announced it has acquired Morta Security, a Silicon Valley-based cybersecurity company operating in stealth mode since 2012.  Financial terms of the acquisition were not disclosed.The acquisition of Morta Security further cements Palo Alto Networks as the leading provider of next-generation enterprise security.  Palo Alto Networks offerings uniquely provide enterprises the ability to safely enable applications and rapidly detect and prevent threats, especially those that use an increasingly sophisticated array of tactics to compromise networks and gain access to valuable intellectual property.Morta Security brings to Palo Alto Networks a team experienced at protecting national infrastructure as well as technologies that enhance the proven detection and prevention capabilities of the Palo Alto Networks WildFire™ offering, which is already used by more than 2,400 customers.

QUOTES

·         “The Morta team brings additional valuable threat intelligence experience and capabilities to Palo Alto Networks” said Mark McLaughlin, President and CEO of Palo Alto Networks.  “The company’s technology developments align well with our highly integrated, automated and scalable platform approach and their contributions will translate into additive threat detection and prevention benefits for our customers.”

·         “Palo Alto Networks has a successful history of disrupting the network security landscape with its unique offerings” said Raj Shah, CEO of Morta Security.  “The Morta team is excited to work with the clear leaders in this space and we look forward to joining the company and contributing to future highly innovative technology leadership.”

Advanced Threats Demand Automated and Scalable Approach

Today’s sophisticated attacks increasingly rely on a combination of tactics and threat vectors to penetrate an organization and often remain undetected for extended periods of time while inflicting long-term damage.  Most organizations still rely on legacy point technologies that address only specific types of attacks, or phases of the attack.  Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyber attacks.  And, when they are finally discovered, they typically require significant human incident response efforts.  As the volume and sophistication of these attacks continues to grow, throwing more point products and human capital at the challenge is too costly and cumbersome for most organizations.

To address these challenges, a new approach is required:  One that begins with positive security controls to reduce the attack surface; inspects all traffic, ports, and protocols to block all known threats; rapidly detects unknown threats through analysis and correlation of abnormal behavior; then automatically employs new signatures and policies back to the front line to ensure previously unknown threats are known to all and blocked.  This approach can reduce the number of threats that penetrate an organization and greatly reduce the need for costly human remediation.

Palo Alto Networks is pioneering the development of this kind of automated approach; it starts with the firewall as the core enforcement vehicle within the network and is complemented by advanced detection services to increase overall efficacy.  With its security platform, Palo Alto Networks builds greater visibility upstream combined with strong prevention mechanisms of both known and unknown threats.  The Morta team’s cybersecurity expertise and technologies will fit seamlessly into this approach by adding capabilities that can expedite the detection of new attack variations.

To learn more about the Palo Alto Networks security platform and WildFire offering: visit:https://paloaltonetworks.com/products/features/apt-prevention.html.

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content.  Find out more atwww.paloaltonetworks.com.

Palo Alto Networks, The Network Security Company, WildFire, and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

[Source: Palo Alto Networks]

Posted on

Is Baidu Secretly Collecting Japanese User Data?

On December 26th, the Japanese government’s National Information Security Center warned roughly 140 central government ministries, agencies, research institutions and public universities to either disable the cloud-input function of the Baidu input method editors (IMEs) or stop using Baidu IMEs. When the IME cloud-input function is enabled, data is automatically sent to the Baidu servers.

Baidu IMEs can be found on Windows platforms, often bundled with other software, or preinstalled in new PCs with the cloud-input function enabled by default.  On Android platforms, Simeji, app owned by Baidu, had been sending input information to Baidu even when the cloud-input function was disabled.

Baidu Denies Spying Activities

In response to Japan’s recommendations, Baidu pointed out that the cloud-input function helps make user’s input more accurate by constantly referring to the most current dictionary in the cloud. Personal information such as credit card numbers, passwords, addresses, phone numbers have not been sent to the servers even when cloud-input function is enabled. The IME servers are located only in Japan, and the data collected from users are securely managed.

Baidu emphasized that the cloud-input function can be found in the user agreement, but it was difficult-to-find, resulting in the inadvertent use of the Baidu IME cloud-input function. As part of their response, Baidu has made the user agreement easier read and they have also fixed a bug in the Simeji app that was sending information without cloud-input on. The bug fix was released on December 27th for cloud-input function disabled as the default setting.  This setting applies to updated users as well.

Baidu IME App-ID is Forthcoming

We recommend that Baidu IME users check their app settings to ensure that no data is being transmitted without their knowledge. In addition, we are in the process of creating an App-ID for the Baidu IME cloud-input function for both Windows and Simeji applications. When the Baidu App-ID is available, customers will be able to control Baidu IMEs for specific users or groups, or block the use of Baidu IMEs across their entire network.

The Baidu IME App-ID will be delivered in an upcoming content update.

[Source: Palo Alto Networks Research Center]

English
English
Exit mobile version