Política de segurança para dispositivos móveis

Five things to consider for a mobile security policy
Mobile is the new endpoint in IT. But organizations are still struggling with mobile security. Aaron Rhodes of Neohapsis lists five steps to take when developing a corporate mobile security policy
Fonte: CSO

Os 5 passos:
  1. set a strategy
  2. plan well
  3. establish policy
  4. train
  5. comply

"some of the more common line items in such policies";
  • Mobile devices must be password protected
  • Mobile devices must use device encryption before accessing corporate e-mail
  • Mobile devices may not be "rooted" or "jailbroken"
  • Mobile devices must be managed by the corporate IT department using the corporate approved MDM system

Wiretapping na prática

When the feds come knocking: The tale of a Utah ISP, a secret court order, and a little black box

Over the course of the last month and a half, the world has begun to find out more about this shadowy court, the Foreign Intelligence Surveillance Court (FISC), which was set up in 1978 under its namesake law, the Foreign Intelligence Surveillance Act (FISA). (...)

Former National Security Agency (NSA) contractor turned whistleblower Edward Snowden's leaks brought to light some details, albeit not many, relating to these secretive warrants and orders handed down by the court.

But little did we know of logistics; specifically, how they are handed to companies that hold data on terrorism suspects and foreign spies who are living and working in the United States. (...)

XMission is one of Utah's largest, and one of few independent, Internet providers in the state. Pete Ashdown, the company's chief executive, spoke to BuzzFeed on Friday about how he received a warrant under FISA in 2010. (...)

For nine months, XMission was forced to install a "little black box" that was capturing all the traffic to one particular customer: "Everything they were sending and receiving," he said. (...)

notícia completa na ZDnet

KINS - novo cavalo de Tróia ameaça bancos

July 24, 2013 — CSO — With the major developers of banking malware laying low, a new crook on the block has emerged gunning to be top dog in the market.

The developer's new malware is called KINS, and he's selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is.

"[KINS is] a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors," Limor Kessem, a cybercrime specialist with RSA, the security division of EMC, wrote in a blog post on Tuesday.

The Trojan is entering the market at an opportune time, as developers of such major banking malware have either retired, gone into hiding or otherwise removed their skills from the open market.

"There aren't any major commercial Trojans in the underground for sale right now," Kessem said in an interview. "KINS will probably be the next Trojan that will take over."

In a message posted to a Russian language underground forum and translated by RSA, KINS' developer said the malware has been developed from scratch and not a modification of another product. Nevertheless, RSA found a number of similarities between it and previous Trojans.

For example, like Zeus and SpyEye, the malware has a main file and DLL-based plug-ins. One plug-in is already available for $2,000, according to the malware developer's forum posting, to counter Rapport, a popular fraud protection program currently used by banks.


Fontes: CSO, RSA blogs

Malware para acesso remoto a Android

da ArsTechnica:

Android malware that gives hackers remote control is on rise

Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs have been used for everything from hacking the e-mail boxes of New York Times reporters to capturing video and audio of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers’ reach beyond the desktop. In a blog post yesterday, Symantec Senior Software Engineer Andrea Lelli described the rise of an underground market for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.

Androrat was published on GitHub in November 2012 as an open source tool for remote administration of Android devices. Packaged as a standard Android application (in an APK file), Androrat can be installed as a service on the device that launches at start-up or as a standard “activity” application. Once it’s installed, the user doesn’t need to interact with the application at all—it can be activated remotely by an SMS message or a call from a specific phone number.

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

Hackers have taken Androrat’s code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat “binder” tools, which can attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.