About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Follow Us on Twitter

Latest signatures: SV770

Latest signatures date: July 28, 2014

Latest Applifilter: 74

Latest eSafe Version: 8.6.100.0

07/06/2011

eSafe Version 8.6 Has Been Released

Discover eSafe Content Security v8.6

When it comes to content security, it is essential to stay ahead of the times by incorporating new features and functions for a more secure email and web gateway. We are glad to announce the release of eSafe Content Security v8.6  managed availability from June 28, 2011

New Functionalities & Enhancements

The highlights of this release of eSafe include:

  • Additional Data Loss / Leak Prevention (DLP) functionality with an advanced dictionary creator tool
    - Allows create unique and costume DLP dictionaries per the organization needs with full Unicode support
  • New Transparent SSL Mode
    - Intercepts and scans encrypted SSL/HTTP traffic is now built-in part of the eSafe bridge/router installation mode
  • Web Quota Control enhancements
    - New competitive feature allowing monitor and enforce company policy for users/groups that exceeded their daily web quota
  • Mail IP Reputation features
    - New Anti-Spam engine that rejects spam email based on the sender IP reputation on connection time.
    - Rejects and eliminates 80% of spam email before they even establish SMTP connection
  • New dynamic URL Filtering Engine
    - 80 URL categories, over 100m URLs categories - More than 90% URL category classification
    - No more huge local DB, only local dynamic cache with common URLs
  • New Web 2.0 Script analysis engine
    - New faster and better script analysis engine to treat the latest up-to-date malwares and web exploits
  • Central Management functionalities enhancements

For more information about the new eSafe v8.6 version and evaluation process, please contact your local SafeNet sales representative

05/22/2011

'Like' Button Follows Web Users

 Interesting article by "The Wall Street Journal":

'Like' Button Follows Web Users

04/25/2011

Russian police free kidnapped Kaspersky son

Read More

03/09/2011

Microsoft Security Bulletin - March 2011

Microsoft has released the March vulnerabilities patches:

 

Microsoft March Bulletin

01/10/2011

Mobile security outrage: private details accessible on net

Huge data leakage in Australia:

Read More

12/20/2010

Weekly Security News – December 20, 2010

1. NSA considers its networks compromised
Read More

2.  Top Five Vishing Techniques
Read More

3. New Google service identifies hacked sites
Read More

4. Your Apps Are Watching You
Read More

5. FarmVille players lured with fake "farm cash" offer from Zynga
Read More

6. Another Massive Data Breach in University of Wisconsin
Read More

7. Staying Secure Through the Holidays
Read More

8. The 10 Most Destructive Hacker Attacks In The Past 25 Years
Read More

9. Nigerian Scam Victim Sues Bank, Loses in California Appellate Court in Riverside
Read More

10. Performance concerns make 25% of users turn off AV
Read More

11/18/2010

Weekly Security News – November 18, 2010

1. McAfee CEO: Get ready for tidal wave of mobile attacks
Read More



2. Drive-By Downloads Still Running Wild
Read More

3. Malware pushers lure victims with leaked Harry Potter movie screener
Read More

4. Scareware SEO attack exploits engagement of Prince William and Kate Middleton
Read More

5. Well crafted PayPal phishing e-mail doing rounds
Read More

6. Debt collectors utilize Facebook to embarrass those who owe
Read More

7. Chinese ISP hijacked US military, gov web traffic
Read More

8. Rogue e-mail makes Swiss bank lose millions?
Read More

9. LinkedIn attack comprised over 31% of all spam
Read More

10. 10 security tips for retailers
Read More

11. One Hundred Naked Citizens: One Hundred Leaked Body Scans
Read More

12. The 12 most dangerous online scams
Read More

13. 10 holiday ID theft prevention tips
Read More

14. Joshua Simon Ashby gets 4 months in jail for posting naked photo of ex-girlfriend on Facebook
Read More

15. Web users deceived into downloading malicious anti-virus software
Read More

16. Top 10 Security Threats for 2011
Read More

17. Holiday spam e-mail runs start off
Read More

18. 40% of all rogueware was created in 2010
Read More

19. Palin hacker sentenced to one year in custody
Read More

20. Half of SMBs block employee access to Facebook
Read More

11/11/2010

Weekly Security News – November 11, 2010

1. Facebook, Twitter fail latest security assessment
Read More

2. Hackers break into OECD computer system
Read More

3. ZeuS attackers set up honeypot for researchers
Read More

4. Two alleged Zeus mules arrested in Wisconsin
Read More

5. GoDaddy-hosted websites injected with malicious code
Read More

6. Man Pleads Guilty to $4.8 Million ATM Fraud
Read More

7. Man loses millions in computer virus-related scam
Read More

8. Breaches cost health care industry $6 billion annually
Read More

9. Burglar cuffed after crime scene MySpace blunder
Read More

10. Student who hacked Bill O'Reilly gets 30 months
Read More

11. Barracuda first security vendor to pay for bug finds
Read More

12. 2 Charged With Fraud of Millions From Pianist
Read More

13.  Latest IE 0-day exploit finds its way into Eleonore toolkit
Read More

14. Malicious URLs Pose Mobile Hijacking Risk
Read More

15. Hacker accesses Louisiana EMT licensing database
Read More

16. Employees will take bigger risks during this holiday season
Read More

17. Nasty IE 0day exploit hosted on Amnesty International site
Read More

18. Virus Leads to $20 Million Scam
Read More

11/05/2010

The Evolution of eCrime


It took almost 40 years from the first computer bug in 1947, to the first PC virus in 1986, which marked the beginning of eCrime.  But even then it took more than 10 years for criminals to realize that they can make more money infecting computers than selling drugs.  The advent of the Internet and easy reach to millions of computers around the world, created endless opportunities for criminals to make money with almost zero risk. They took things seriously and the sophistication and the professionalism of the eCrime that we see today would have looked as science fiction just 10 years ago.

Threats Evolution
As the Internet has evolved into the dynamic, collaborative and wide-open Web 2.0, the business of eCrime has evolved along with it. eCrime is now a highly profitable and targeted business model that capitalizes on the weaknesses of an open Web and human’s naïve nature.  Carefully crafted and socially engineered spam messages lurk for those naïve and unsuspicious internet users guiding them to infected websites.

The Motive - It’s all about money…
The money making process is structured and thorough:

  • Finding the opportunities
  • Researching security vulnerabilities of most commonly used applications like PDF reading, Internet Explorer, etc.
  • Choosing the tools and methods of operation usually writing code to exploit security vulnerabilities and inject malware into users computer
  • Operating and feeding the food chain (through money laundering) by selling exploits and malware to operators that control networks of infected computers (BOTNET)
  • Making money by sending spam and phishing email via infected computers that are part of the controlled BOTNET

The Food Chain

  • Cybercriminals are paying researchers that sometimes work as a group to scrutinize commonly used internet-enabled applications and find vulnerabilities
  • They then pay code writers to write malware that exploits found vulnerability
  • They distribute malware by paying people for each infected computer that joins their BOTNET
  • All this is fueled by selling spam advertisement for questionable or bootlegged products
  • This spam is being sent out through the BOTNET of infected computers around the world

Cybercriminals are developing malware that has been purpose-built to find its way around traditional security measures.  The race will always be between security solutions and eCrime professionals/amateurs. Security companies are developing new technologies to stop them and Cybercriminals are developing new technologies to bypass security.

11/04/2010

Weekly Security News – November 4, 2010

1. Police To Get Facebook Lessons
Read More

2.  Facebook discovers and "punishes" UID-selling developers
Read More

3. Guarding Your Business Against Social Networking Hacks
Read More

4. Spying app kicked out of Android Market
Read More

5. Russian-Armenian botnet suspect raked in $140,000 a month
Read More

6. Adobe Accelerates Patch Schedule for Critical Flash Bug
Read More

7. Turkey reinstates YouTube ban
Read More

8. Perverted Facebook hacker targeted women
Read More

9. Five LinkedIn privacy settings you need to know about
Read More

10. Police leak risks security catastrophe
Read More

11. Where did all the Viagra spam go?
Read More

12. Internet Explorer users warned of new zero-day attacks
Read More

13. DDOS Attack on Myanmar Takes the Country Offline
Read More