Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How cybersecurity ex ...

 Products

With so many security solutions on the market, navigating performance test results and independent reviews is no easy task. If each vendor claims to offer the best, how can you choose the best for you? That’s leaving aside some important features such as a password manager or a VPN, not to mention key concerns   show more ...

such as computer speed and gaming focus. And what if you have a Mac? There is no shortage of online reviews, of course, although the users who post them may have any level of cybersecurity expertise, bias, and understanding of what various consumers actually want. Fortunately, independent international organizations specializing in professional cybersecurity testing make their objective approach available. They evaluate all manner of security products: home antivirus utilities, corporate security solutions, parental control apps, password managers, and more. The evaluators Several major labs have a strong global reputation. Here are the best-known. Austrian lab AV-Comparatives is an independent organization with a spotless reputation that has been testing security solutions for more than 20 years; AV-TEST GmbH, a German independent research institute specializing in IT security, has been testing security solutions for more than 15 years; British SE Labs has been in the industry for only five years, but its founder, Simon Edwards, is a renowned security expert. He has been in the antivirus testing business for a quarter of a century and was one of the first to deploy real-world attack scenarios in tests. Knowing how each lab assesses protection, what criteria it uses, and what it focuses on, makes it easier to understand which awards are relevant. With that in mind, we compiled this report on how the laboratories test security solutions. Antivirus testing: AV-Comparatives Throughout each year, AV-Comparatives conducts numerous tests based on various criteria: detection and removal of common malware in lab conditions; real-world protection capabilities; performance; protection against complex threats; and false positives. Based on their aggregate scores, the competing solutions vie for one of three annual awards: Product of the Year, Outstanding Security Product, and Top Rated. But which is best? The names don’t make intuitive sense. For example, Top Rated status from AV-Comparatives is the equivalent of third place, not “top,” as you might expect from the name. Further, if only one solution scores maximum points for the year, it becomes the Product of the Year. But sometimes more than one product reaches that summit. In such cases, the lab selects the product of the year based on the results of individual tests or confers an honor on the solution with the longest awards drought, leaving the other star performers to share the title of Outstanding Security Product and second place. Effective protection and high speed AV-Comparatives awarded Kaspersky Internet Security its Product of the Year 2020 title. Our solution excelled in all tests and outperformed the toughest competitors by number of accolades. It also won a number of annual awards in each discipline based on results achieved throughout the year: Real-World Protection 2020 GOLD — for high performance against real threats with minimal false positives; Advanced Threat Protection 2020 GOLD — for best protection against bodiless threats and exploits for known and new software vulnerabilities. This is Kaspersky Internet Security’s second consecutive year winning the gold in this demanding test; Lowest False Positives 2020 SILVER — for the fewest false positives in all tests. That means the antivirus does not erroneously react to legitimate programs; Malware Protection 2020 BRONZE — for detection of common malware with minimal false positives; Best Overall Speed 2020 BRONZE — for minimal impact on system performance while maintaining an optimal level of protection. This puts a lid on the antivirus slowdown myth, at least as far as our products are concerned. Based on its test results, AV-Comparatives also assigns each antivirus solution a level: Standard, Advanced, or Advanced+. The lab notes that even the Standard level indicates a high-quality solution, although it points to a need for some improvements. For certain product categories (for example, Mac and Android protection, parental control), the levels do not apply — all products that pass the tests receive an Approved badge. In sum, Kaspersky Internet Security received an Advanced+ rating in every test throughout the year. Antivirus testing: AV-TEST The AV-TEST Institute evaluates security solutions in three areas: Protection, Performance, and Usability (false-positive rate). The maximum score for each test is 6 points. AV-TEST uses samples of both the newest and the most common threats to test the level of computer protection. Solutions that score 17.5–18 points (the maximum being 18) in the course of each two-month test cycle earns Top Product status. Tests are carried out separately for solutions protecting systems under different operating systems, as well as for highly specialized security applications. Best antivirus for Windows Kaspersky Internet Security for Windows received the highest possible score in four of the six series of AV-TEST’s tests over the past year; and close to the maximum (17.5 points) in the other two. Our antivirus was a Top Product in all six certifications. The solution has received this status consistently since 2016, the rating’s first year. Meanwhile, our corporate product, Kaspersky Endpoint Security for Business, fell short by half a point on just one of the six tests, performing flawlessly in all the others. Six Top Product awards is an excellent result. The solution confirmed its top status for the fourth straight year. In addition, based on its annual test results, AV-TEST presented the Best Performance award to Kaspersky Endpoint Security for the third year in succession. Best antivirus for Android Kaspersky Internet Security for Android delivered the best result in five of the six test cycles of 2020, and in the first and thus far only test of 2021. Moreover, in catching malware, it scored maximum points on each of the monthly tests, always with minimal impact on the performance of the test gadget. Best antivirus for macOS Kaspersky Internet Security for macOS has also been riding high this past year. In all tests in which it participated, our antivirus received the top AV-TEST rating. Best VPN solution In VPN testing, Kaspersky Secure Connection also proved its worth. According to independent experts, it demonstrated the best data transfer speeds both between continents and for anonymous surfing, and the best throughput on torrent networks. Best parental control solution Kaspersky Safe Kids for Windows 10, Android 8, and iOS 12.4 took part in parental control testing. All three received APPROVED Parental Control Software certificates. To receive this award, a solution must possess all basic features and block unwanted content with minimal false positives. Antivirus testing: SE Labs As part of its regular quarterly research on security solutions for workstations, SE Labs carries out two tests: Protection Accuracy Rating and Legitimate Accuracy Rating. Based on its test results, each product receives an overall, letter-based score: AAA is the highest, followed by AA, A, B, and C. SE Labs also calculates the Total Accuracy Rating, an important consideration when comparing two products with the same letter rating. Total protection In the past year, Kaspersky Internet Security received AAA ratings in all four SE Labs quarterly tests for home products (the Home Anti-Malware Protection Awards). Also, our antivirus has consistently ranked first in the Total Accuracy Rating. Incidentally, the company tests not only home antivirus products, but also corporate solutions. Kaspersky Endpoint Security for Business received the Best Enterprise Endpoint award, making it Product of the Year for workplace protection in large companies. As for the Total Accuracy Rating, both Kaspersky Endpoint Security and Kaspersky Small Office Security have topped it three times already. Conclusion Of course, the choice of security solution is influenced by a range of factors — from clichéd advertising to advice from friends and family. However, if you are serious about this issue, the evaluations of independent international organizations make a weighty argument in favor of a particular solution. That is why we actively participate in external independent tests and intend to continue doing so. For us, this is not a mere marketing ploy; a professional outside opinion helps us to control the quality of our technologies and solutions objectively. As you can see, Kaspersky solutions show a consistently high level of performance. The results speak for themselves.

image for Phish Leads to Breac ...

 Data Breaches

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that   show more ...

time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts. A notice of breach posted by the California State Controller’s Office. In a “Notice of Data Breach” message posted on Saturday, Mar. 20, the Controller’s Office said that for more than 24 hours starting on the afternoon of March 18 attackers had access to the email records of an employee in its Unclaimed Property Division after the employee clicked a phishing link and then entered their email ID and password. “The SCO has reason to believe the compromised email account had personal identifying information contained in Unclaimed Property Holder Reports,” the agency said, urging state employees contacted by the agency to place fraud alerts on their credit files with the major consumer bureaus.  “The unauthorized user also sent potentially malicious emails to some of the SCO employee’s contacts.” The SCO responded in an email that no state employee data was compromised. “A single employee email account was briefly compromised by a spear phishing attack and promptly disabled,” SCO spokesperson Jennifer Hanson said. “SCO has notified the employee’s contacts who may have received a potentially malicious email from the unauthorized user. SCO team members have identified all personal information included in the compromised email account and begun the process of notifying affected parties. The Controller is going over and beyond the notification requirements in law by providing both actual mailed notification and substitute notification in an effort to ensure the broadest possible notification.” A source in an adjacent California state agency who’s been tracking the incident internally with other employees says the SCO forgot to mention the intruders also had access to the phished employee’s Microsoft Office 365 files — and potentially any files shared with that account across the state network. “This isn’t even the full extent of the breach,” said the California state employee, who spoke on condition of anonymity. The source claims the intruders stole several documents with personal and financial data on thousands of state employees, and then used the phished employee’s inbox to send targeted phishing emails to at least 9,000 California state workers and their contacts. In a follow-up response to those claims, the SCO said its “IT security staff were able to determine — based on the same logs that identified the intrusion — that no access was made to any Office 365 files other than the employee’s mailbox.” The State Controller is the Chief Fiscal Officer of California, the sixth largest economy in the world. Source: sco.ca.gov. Many attackers can do a great deal of damage with 24 hours of access to a user’s account. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems. The SCO holds an enormous amount of personal and financial information on millions of people and companies that do business with or in the state. Organizations hoping to improve internal security often turn to companies that help employees learn how to detect and dodge email phishing attacks — by sending them simulated phishing emails and then grading employees on their responses. The employee said that until very recently California was using one such company to help them conduct regular employee training on phishing. Then in October 2020, the California Department of Technology (CDT) issued a new set of guidelines that effectively require all executives, managers and supervisors to know all of the details of a phishing exercise before it occurs. Which suggests plenty of people who definitely should get phish tested along with everyone else won’t get the same ongoing training. “Meaning, such people will not be tested ever again,” the state agency source said. “It’s utterly absurd and no one at CDT is taking ownership of this kludge. The standard was also written in such a way to effectively ban dynamic testing like you see in KnowBe4, where even an administrator won’t know what phishing template they might receive.” [Full disclosure: KnowBe4 is an advertiser on this site]. The CDT issued the following statement in response: “SCO informed CDT they have contained the phishing attack. The characterization of the CDT phishing exercise standard is incorrect. Before phishing tests in any state agency are performed, internal business units are advised to coordinate to avoid disruption or operational impact to public services. Supervisors and managers are routinely tested without advance notice to ensure employees at every level are aware of security hazards and can learn how to avoid them.” Update, 3:44 p.m. ET: Added comment and response from the California SCO. Update, 5:38 p.m.  ET: Added additional comment from SCO about cloud access. Update, 6:58 p.m. ET: Added response from CDT.

 Trends, Reports, Analysis

Obviously, the number of RDP attacks increased sharply during the COVID lockdown. Lately, researchers disclosed that RDP attacks grew by 768% between the first and fourth quarters of 2020.

 Feed

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute   show more ...

arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 Versions less than 15.00.1497.012, Exchange 2016 CU18 less than 15.01.2106.013, Exchange 2016 CU19 less than 15.01.2176.009, Exchange 2019 CU7 less than 15.02.0721.013, and Exchange 2019 CU8 less than 15.02.0792.010. All components are vulnerable by default.

 Feed

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITYSYSTEM. This issue was demonstrated in the vulnerable version 5.7.02.5992 and fixed in version 5.7.03.6112.

 Feed

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

 Feed

Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat   show more ...

Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.

 Feed

Ubuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this   show more ...

issue to cause a denial of service or obtain sensitive information. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-0969-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 8 serves as a replacement for Red Hat   show more ...

Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

 Feed

Red Hat Security Advisory 2021-0968-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 7 serves as a replacement for Red Hat   show more ...

Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

 Feed

Red Hat Security Advisory 2021-0967-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 6 serves as a replacement for Red   show more ...

Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

 Feed

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an "improper input validation" issue in Qualcomm's Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory

2021-03
Aggregator history
Tuesday, March 23
MON
TUE
WED
THU
FRI
SAT
SUN
MarchAprilMay