Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: The cyber-security start up enSilo has found a vulnerability in many anti-virus products including AVG Internet Security 2015, McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015. A report from Digital Citizens Alliance and RiskIQ reveals sites distributing pirated material are more likely to infect users with malware. According to a blog post from FireEye Labs, a cybercrime article on The Guardian website is delivering visitors malware via an Angler Exploit Kit. Finally, a survey conducted by Gemalto reveals two thirds of consumers are not likely to shop at or do business with companies that have been victims of a data breach where personal information was taken.
A vulnerability has been revealed in several major anti-virus products. The Israel-based cyber-security startup enSilo recently showed how AVG Internet Security 2015, McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015 were all vulnerable to the same flaw. These giants of the enterprise antivirus software game were all subject to the same coding issue. The softwares would allocate memory for read and write, as well as execute permissions with an address that an attacker could easily predict and then proceed to inject code into the target system.
A new report from the Digital Citizens Alliance and cybersecurity firm RiskIQ found that sites distributing pirated videos were far more likely to expose visitors to dangerous software than legitimate streaming sites or the Internet at large. The study worked by comparing a sample group of highly-trafficked sites known for pirated material with a control group of randomly selected legal streaming sites and other types of websites from different parts of Alexa’s web rankings. RiskIQ found that 33 percent of the piracy sites had at least one malware incident within the month the company collected data on it, versus just 2 percent of the control group.
An archived article on The Guardian website that investigates cybercrime is providing more than information, it’s delivering malware via the Angler Exploit Kit, a web-based attack tool, according to a Thursday blog post from FireEye Labs. When a syndication link is loaded in the background, readers are eventually redirected to Angler’s landing page via injected HTML that crafts the request to the Angler landing page, the post stated.
Global survey by Gemalto reveals impact of data breaches on customer loyalty. Nearly two-thirds (64%) of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen. This is according to a recent global survey by Gemalto, the world leader in digital security, titled “Broken Trust: ‘Tis the Season to Be Wary”, which surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States.