“During his SysScan talk, Koret disclosed vulnerabilities and some other security issues, like the lack of ASLR protection for some components, in antivirus products from Panda Security, Bitdefender, Kaspersky Lab, ESET, Sophos, Comodo, AVG, IKARUS Security Software, Doctor Web, MicroWorld Technologies, BKAV, Fortinet and ClamAV. However, he also claimed to have found vulnerabilities in the Avira, Avast, F-Prot and F-Secure antivirus products.”
IT Security Guru
US Department of Defence seeks $5 billion in cyber funding
Mikko Hypponen, chief research officer at F-Secure, pointed out that the cyber operations budget for 2015 is 8.5 per cent larger than for 2014. “In any case, the budget for cyber operations is huge. For comparison, I believe DARPA’s budget is $3 billion, he said.
Google updates Play store API for Android developers
In April, F-Secure revealed that 99 percent of mobile malware came from the Android operating system, however of that, just two percent was found in the Google Play store. Up to one million Android users fell victim to a Bitcoin mining virus after downloading infected software.
Antti Tikkanen quoted - Antti Tikkanen, director of security response at antivirus vendor F-Secure, said that the ECB had reacted quickly to the incident and praised the network segregation. “I think the ECB came out with quite a clear statement on what has happened, and explained what kind of data was lost. In general, the best option is not to store any data you fear you might lose. If you can't do that, then encrypt it. Sometimes all data simply can't be encrypted because of the way it's used. If only customer contact data was lost, they did a better job than average with segregation."
Mention of Mobile Threat Report - “A study from security specialist F-Secure found that Android-based malware accounted for 97% of all mobile malware in 2013. The remaining 3% targeted Nokia's discontinued Symbian OS, while iOS, BlackBerry, and Microsoft Windows Phones accounted for 0% of all malware attacks.”
Allen Scott Quoted - "MD Allen Scott, MD of security experts F-Secure said: "We understand that many people are a bit lost when it comes to online protection, which is why we've compiled advice to give some guidance."
Mikko Hypponen, chief research officer at F-Secure, indicated that the cyber operations budget for 2015 will be 8.5 per cent larger than 2014 and this was how he arrived at the $5 billion [£3 billion] figure above, adding, “In any case, the budget for cyber operations is huge. For comparison, I believe DARPA’s budget is $3 billion [£1.8 billion].”
“It looks like it may be a spinoff from the Carperb banking Trojan, for which the source was leaked to public domain a year ago, but this has not been confirmed yet,” F-Secure director of security response, Antti Tikkanen, told Infosecurity. “It remains to be seen if Kronos gets buyers from the underground market, and if the features are as advertised.”
Nasdaq Hackers Used Two Zero Days But Motives a Mystery
F-Secure director of security response, Antti Tikkanen argued that there’s not enough publically available information to deduce that Moscow had a hand in the attack. “Zero-days are one indication that the attacker has more resources than on average, but it’s not always the case that zero-days indicate a nation-state actor,” he told Infosecurity. “I think in Nasdaq, along with other high-value targets, are now better equipped than they were in 2010. Are they well-enough equipped to be safe from skilled attackers? Probably not.”
Includes F-Secure CosmicDuke/MiniDuke Announcement & Sean Sullivan Quote - "At the moment, crimeware which targets consumers is under attack by international law enforcement. It is quite possible that the displaced crimeware vendors found a new buyer of information," speculated F-Secure security advisor, Sean Sullivan.
Free Avast Vs F-Secure which one is the better AntiVirus?
"Let’s begin with perhaps the most significant difference between the two programs – Avast includes a Virtual Sandbox feature, whereas F-Secure does not ... “Incase anyone is starting to feel a little sort for F-Secure, they do have the best and most user friendly control panel and also include parental controls for those happy to let their kids surf alone online. For some users this will be an important consideration, and while Avast has a perfectly functional interface it does not offer such filtering ... "In regards to customer service and support F-Secure have an excellent reputation not just for being typically able to resolve issues swiftly but also in being really simple to get in touch with. They offer not just phone or online form submission (As Avast does), but also email and chat ... “Those looking for a clean, deceptively powerful, family and customer friendly product may find their heads turned towards F-Secure.”
REFILE-Israel's Nation-E sees revenue of up to $400 mln by year end
“Researchers with F-Secure of Finland and Symantec reported last week that they believe the "Energetic Bear" hacking group was behind a campaign to infect energy and industrial firms with malicious software.”
International Business Times
CosmicDuke: The Latest Strand to Russia’s Cyber-Espionage Campaign
Includes F-Secure CosmicDuke Announcement & Tirmo Hirvonen (Labs Blog) Quoted - "Moreover, we found that the loader was updated at some point, and both malware families took the updated loader into use," a blog post by F-Secure security researcher Timo Hirvonen explains. "Since Cosmu is the first malware known to share code with MiniDuke, we decided to name the samples showing this amalgamation of the MiniDuke-derived loader and Cosmu-derived payload as CosmicDuke."
Sean Sullivan Quoted - “The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued the request after researchers with F-Secure … “ “The request follows another alert last week on Havex from ICS-CERT, which said that the agency and F-Secure had learned that the malicious software was designed to send a map of the network infrastructure back to the hackers' command-and-control server.” “F-Secure and Symantec said they believed the malicious software had so far only being used for spying, but that it had the capability to be used for sabotage. "They are scanning and mapping out industrial control system networks," said F-Secure researcher Sean Sullivan. "They are probably passing on the ones that are of interest to other groups."
US companies warned against “Energetic Bear” virus
“Meanwhile, F-Secure has claimed that the attackers used a remote access trojan (RAT) named Havex to hunt for vulnerable industrial control systems (ICS) with a view to ultimately accessing critical infrastructure used to manage electrical, water, oil, gas and data supplies.”
“Technical assistance was provided by Dell SecureWorks and CrowdStrike. Numerous other companies also provided assistance, including facilitating efforts by victims to remediate the damage to their computers inflicted by Gameover Zeus. These companies include Microsoft Corporation, Abuse.ch, Afilias, F-Secure, Level 3 Communications, McAfee, Neustar, Shadowserver, Anubis Networks, Symantec, Heimdal Security, Sophos and Trend Micro.”
Evolved Cridex cyber attack found with 50,000 stolen credentials
“Cridex is one of many old attack tools to receive a technical upgrade in recent weeks. Researchers at F-Secure uncovered a fresh BlackEnergy hack campaign believed to be targeting European governments with a wave of spear-phishing emails masquerading as IT alerts in June.”
U.S. Urges Energy Companies To Be On Guard Against Russian Cyberattacks
“The group is known to private malware researchers as “Energetic Bear” because it operates during Russian working hours and mostly targets Western energy companies. The U.S. security firm Symantec and F-Secure of Finland report that the group was responsible for an effort to implant the Havex Trojan infect in their victims’ computers” … “Symantec and F-Secure say the malware ordinarily is used only for spying, but can be modified to sabotage a machine.”
Wondering where our story on Russians hacking energy companies is?
Links to previous article which mentions F-Secure: Attackers fling Stuxnet-style RATs at critical control software in EUROPE
Mix 96 / Bridge FM / Radioaire / Radiocity / CFM Radio / City Talk FM / 9.74 Rock FM / Radio Borders / Central FM / North Sound / Basingstoke The Breeze / Andover The Breeze / Key103 / Clyde1 / Hallam FM / 2br / Juice Brighton / Gaydio / Forthone / Tayam / LBC.co.uk / Sky.com / Jack Bristol / My Gold Music / Radio Pembrokeshire / Virus BFN / Minster FM / Kerrang Radio / Three FM / My Gold Music / Sun FM / Stray FM / Cool FM / Orange.co.uk / KLFM 967 / Viking FM / Metro Radio / 964 Eagle / Yorkshire Coast Radio / Wessex FM / Manchester’s Magic / Viking FM / North Sound / Pirate FM