EventSentry - Voted WindowSecurity.com Readers' Choice Award Winner - Event Log Monitoring solution
By info@WindowSecurity.com (The Editor)
EventSentry was selected the winner in the Event Log Monitoring category of the WindowSecurity.com Readers' Choice Awards. AdventNet EventLog Analyzer was first runner-up while Enterprise Security Analyzer (ESA) and GFI EventsManager were second runners-up.
Secure Data Disposal
By rickym@trencor.net (Ricky M. Magalhaes)
Secure data disposal methods; how organisations that reuse media may employ countermeasures to prevent exposure.
Cisco IOS cTCP Denial of Service Vulnerability
In Cisco Security Advisory
A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released free software updates that address this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative.
Cisco IOS Software Multiple Features IP Sockets VulnerabilityIn Cisco Security Advisory
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS? Software are enabled.
Cisco IOS Software WebVPN and SSLVPN VulnerabilitiesIn Cisco Security Advisory
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition.
Cisco IOS Software Multiple Features Crafted UDP Packet VulnerabilityIn Cisco Security Advisory
Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
Cisco IOS Software Multiple Features Crafted TCP Sequence VulnerabilityIn Cisco Security Advisory
Cisco IOS? Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.
Cisco IOS Software Mobile IP and Mobile IPv6 VulnerabilitiesIn Cisco Security Advisory
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco IOS Software Secure Copy Privilege Escalation VulnerabilityIn Cisco Security Advisory
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
Cisco IOS Software Session Initiation Protocol Denial of Service VulnerabilityIn Cisco Security Advisory
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to cause a reload of the Cisco IOS device
US Smart Grid Spending Opens American Homes and Businesses To Mass Blackouts (March 21, 2009)
The US's high technology, digitally based electricity distribution and transmission system known as the "Smart Grid" is slated to get $4...
Draft Legislation Calls for White House-Level Cyber Security Position (March 20, 2009)Senate Commerce Committee Chairman John D...
Diebold Admits Voting Machine Audit Log Flaw (March 22 & 23, 2009)In a hearing in California last week, Premier Election Solutions, formerly known as Diebold, admitted that a flaw in its voting machines software can lose votes and fail to log the loss...
Alleged DoD Hacker Arrested in Romania (March 20, 2009)Romanian police have arrested a man who allegedly broke into and damaged US Department of Defense computer systems...
Stimulus Package Includes Changes to HIPAA Privacy Rules (March 18, 2009)
The federal stimulus package includes amended rules regarding the Health Insurance Portability and Accountability Act (HIPAA)...
Proof-of-Concept Code Released for Twitter Cross-Site Scripting Flaw (March 21, 2009)A cross-site scripting vulnerability in Twitter could be exploited to spread malware virally through the microblogging service...
Cached Data Exposes Credit Card Info (March 23, 2009)Cached data from a server that is no longer in use has exposed 22,000 credit card numbers including CVVs, expiration dates, names and addresses; 19,000 of the cards could still be active...
psyb0t Worm Targets Home Users' Routers (March 23 & 24, 2009)The psyb0t worm recruits home networking devices into powerful botnets...
Senator Says Cyber Intrusions are on the Rise (March 20, 2009)Cyber intruders broke into computers in the office of Senator Bill Nelson (D-Fla...
Symantec Study Shows Most Companies Have Experienced Loss - From Cyber Attacks (March 23, 2009)Research from Symantec shows that 98 percent of the 1,000 IT managers from companies in the US and Europe said their companies experienced tangible loss from a cyber attack of some sort over the last two years...
Heightened Demand Downs Wikileaks (March 23, 2009)The Wikileaks website is down just days after it published a list of websites allegedly banned by the Australian Communications and Media Authority (ACMA)...
Intrusion Detection & Response Leveraging Next Generation Firewall TechnologyCategory: Firewalls & Perimeter Protection
Paper Added: March 26, 2009
Techniques and Tools for Recovering and Analyzing Data from Volatile MemoryCategory: Forensics
Paper Added: March 26, 2009
Sanitising media, (Thu, Mar 26th)Pat asked an interesting question. He, like many of us, has the requirement to make sure that ...(more)...
Webhoneypot fun, (Thu, Mar 26th)37 days ago the DShield webhoneypot project released the first Alpha of the code. I hadn't rea ...(more)...
Java Runtime Environment 6.0 Update 13 Released, (Wed, Mar 25th)JRE 6.0 Update 13 has been released and addresses a couple of security issues ...(more)...
Cisco Releases IOS Bundle of Vulnerabilities, (Wed, Mar 25th)Cisco has officially released a bundle of vulnerability notices for their IOS software. ...(more)...
Safari hacker talks security (Macworld.com) (Yahoo Security) Symantec Data Leak Remains Under Investigation (E-Week Security) Conficker: The Windows Worm That Won't Go Away (E-Week Security) Nasty New Worm Targets Home Routers, Cable Modems (PC World) (Yahoo Security) With Limited Resources, UK Vows to Battle E-crime (PC World) (Yahoo Security)Don't Let Microsoft SharePoint Become a Security Blind Spot (E-Week Security)
Scareware Morphs Into Ransomware
Malware changes from scareware to ransomware, encrypting users' files and then charging a fee to decrypt them
Israeli Hacker ‘The Analyzer’ Steals Over $10 Million USDBy Darknet on us bank security
It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’. He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t? Anyway he’s firmly under...
Read the full post at darknet.org.uk
Posted by InfoSec News on Mar 26
http://www.theregister.co.uk/2009/03/25/making_blackberry_wiretappable/
By Dan Goodin in San Francisco
The Register
25th March 2009
Comment - It has recently dawned on Canadian officials that
communications sent with the BlackBerry are among the hardest mobile
messages to eavesdrop on...
Posted by InfoSec News on Mar 26
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9130519
By Jaikumar Vijayan
March 25, 2009
Computerworld
The Senate Homeland Security Committee's senior-most Republican is
asking DHS Secretary Janet Napolitano to explain why...
Posted by InfoSec News on Mar 26
http://www.eweek.com/c/a/Security/Conficker-The-Windows-Worm-That-Wont-Go-Away-529249/
By Brian Prince
eWEEK.com
2009-03-25
The Conficker worm continues to slither its way across the Internet, and
a major update for the malware is looming on April 1. Just what will
happen is anyone's...
Space storm alert: 90 seconds from catastrophe
Posted by InfoSec News on Mar 26
http://www.newscientist.com/article/mg20127001.300-space-storm-alert-90-seconds-from-catastrophe.html
By Michael Brooks
The New Scientist
23 March 2009
IT IS midnight on 22 September 2012 and the skies above Manhattan are
filled with a flickering curtain of colourful light. Few New Yorkers...
Posted by InfoSec News on Mar 25
http://blog.wired.com/27bstroke6/2009/03/the-analyzer-ha.html
By Kim Zetter
Threat Level
Wired.com
March 24, 2009
Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for
allegedly stealing about $1.5 million from Canadian banks, also
allegedly hacked two U.S. banks, a credit...
Posted by InfoSec News on Mar 25
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=216200419
By Kelly Jackson Higgins
DarkReading
March 24, 2009
The dirty little secret about patching routers is that many enterprises
don't bother for fear of the fallout any changes to their Cisco router
software...
Posted by InfoSec News on Mar 25
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130346
By Gregg Keizer
March 24, 2009
Computerworld
None of the five smartphones slated for attack at last week's PWN2OWN
hacking contest was compromised, a sign that security researchers have
yet to...
Posted by InfoSec News on Mar 25
http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/
By Dan Goodin in San Francisco
The Register
24th March 2009
Researchers have demonstrated how to create rootkits that survive
hard-disk reformatting by injecting malware into the low-level system
instructions of a target...
Posted by InfoSec News on Mar 25
http://www.stuff.co.nz/waikato-times/news/2287438/Telco-hires-Kiwi-hacker
Waikato Times
24/03/2009
The Whitianga teenager who brought a US university to its knees with his
hacking antics has been hired by a telecommunications company.
Owen Thor Walker, 19, offending under the name Akill...
Standards body investigates C4I security taggingPosted by InfoSec News on Mar 25
http://gcn.com/articles/2009/03/23/c4i-data-tagging.aspx
By Joab Jackson
GCN.com
Mar 23, 2009
The Object Management Group 's (OMG) working group for Command, Control,
Communications, Computers and Intelligence (C4I) has begun investigating
the possibility of either developing or adopting...
Posted by InfoSec News on Mar 25
http://www.islamonline.net/servlet/Satellite?c=Article_C&cid=1237705512621&pagename=Zone-English-HealthScience%2FHSELayout
By Syed Sujeel Ahmed
Software Engineer - India
IslamOnline.net
March 24, 2009
Anyone who surfs the internet or chats over a messenger program has
probably...
Two weeks, two exploits
Mozilla's security team is rushing out a fix for its flagship Mozilla browser following the public release of attack code that targets a previously unknown vulnerability.…
Webmail bug puts 40m accounts in jeopardyOne attack pwns all
A web-borne vulnerability lurking in a popular email application seriously compromised the security of 40 million accounts until it was fixed early last month, independent researchers said.…
Melissa anniversary marks birth of email-aware malwareSupermodel of computer virus world turns 10, still spreading
Thursday (26 March) marks the 10th anniversary of the notorious Melissa virus, the first successful email-aware virus.…
Aussie classification site hacked in censorship protestConroy speaks out on 'technical errors'
Hackers broke into the Australian government's film and videogame classification website yesterday and posted a message opposing comms minister Stephen Conroy's trial of internet filtering.…
Final countdown to Conficker 'activation' beginsT-minus six
Security watchers are counting down to a change in how the infamous Conficker (Downadup) worm updates malicious code, due to kick in on Wednesday 1 April.…
Top e-crime cop to plead for more cashHome Office unmoved
The woman in charge of policing online fraud in the UK plans to use the first operational year of the new Police Central e-crime Unit (PCeU) to make the case for more funding.…
Pink Floyd's Gilmour backs McKinnon protest gigUFO hacker gets support from Dark Side of the Moon
Updated Legendary Pink Floyd guitarist David Gilmour has agreed to participate in a musical protest against attempts to extradite UFO enthusiast turned hacker Gary McKinnon to the US.…
Canadian cops cry for BlackBerry wiretapHow to eat a golden egg
Comment It has recently dawned on Canadian officials that communications sent with the BlackBerry are among the hardest mobile messages to eavesdrop on. But rather than congratulate the Waterloo, Ontario-based Research in Motion on a job well done, they're calling for laws that would force service providers to use only technology that can be tapped.…
Profs design AK47-locating 'smart dust' helmetsSatnav network node-lids backtrack bullets, ID weapons
Acoustic gunshot detectors have become common in the past few years, and some have been reduced in size to where a single soldier can wear one on his uniform and be cued-in to an enemy's location as soon as he fires.…
Pentagon hacker Analyzer suspected of $10m cyberheistCredit card scam exposed
Charges against notorious hacker-turned-suspected-cyber-fraudster Ehud Tenenbaum have expanded to include alleged fraud involving banks and credit card firms in both Canada and the US.…
Security in the clouds - or clouds in security?Supplementary benefits
‘Cloud Computing’ is the marketing term of the moment, despite lacking a formal definition (this is what we came up with),…
Scareware package incorporates file ransom trickeryDouble dipping
Cybercrooks have combined two threats with a fake anti-virus package that holds files for ransom.…
Mimecast and file server destructionOnline mail services lead to filer destruction - maybe
Analysis Mimecast is a UK-based supplier of unified email management services. Around the end of 2002 it started to build an appliance function that would unify the many daisy-chained email functions, (anti-spam, anti-virus, data leak prevention, signaturing) that were all implemented as separate boxes through which emails had to flow before ending up in peoples' inboxes. How it has done this and what it means leads logically through cloud file storage (CFS) to a deadly problem for filer suppliers.…
Sound Fake? Finding a Malicious DriverBy Di Tian on Web and Internet Safety
You already know that malware changes registry keys to take advantage of the autorun capability when systems and applications start. The registry keys we often see for this purpose include: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current Version\Windows\AppInit_DLLs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[Legit_program]\Debugger HKEY_CLASSES_ROOT\CLSID\[CLSID]\InprocServer32 Recently, we noticed that the Lando Trojan uses a different registry to load its malicious code into Internet [...]
Should I Care About server.exe?By Karthik Raman on Malware Research
Computer users know that they shouldn’t touch system files. If they did, they could damage their computers. A well-known ploy of malware authors is to name their files after system files. Users can be tricked into ignoring malicious files on their systems by this social-engineering method. Let’s look at what the Backdoor-CEP.gen Trojan does, for example. [...]
Brief: Security projects aim for Summer of CodeSecurity projects aim for Summer of Code
Firms improve secure coding practices, OWASP survey findsBy Robert Westervelt
Boaz Gelbord, OWASP Security Spending Benchmarks Project Leader, explains the survey results. Also, Ivan Arce of Core Security talks about smartphone threats and penetration testing.
Security policies need simplifying, expert saysBy Robert Westervelt
Companies need to spend more time refining security policies to align them with business objectives.
Microsoft IE 8 security only benefits educated usersBy Eric Ogren
New productivity and security features of Internet Explorer (IE) 8 might require end users get a lesson from IT staff before companies can fully benefit.
Survey gauges Web application security spendingA new survey shows that despite the dismal economic conditions, more than a quarter of the companies polled expect to spend more on Web application security this year.
New ransomware holds Windows files hostage, demands $50Cybercrooks have hit on a new twist to their aggressive marketing of fake security software, and are duping users into downloading a file utility that holds users' data for ransom, security researchers warned Wednesday.
Bucking a trend, security appliance market growsThe security appliance market in Western Europe grew 14.4 percent in 2008 and is expected to continue to expend this year, albeit at a slower rate, according to the latest figures from analyst firm IDC.
Google lawyers seek transfer of Milan privacy trialLawyers for Google Wednesday challenged the jurisdiction of a Milan court over a privacy case that sees four Google executives accused of defamation.
Firefox fix due next week after attack is publishedOnline attack code has been released targeting a critical, unpatched flaw in the Firefox browser.
A hidden chore of deploying NACOne of the great hidden chores of deploying NAC is finding all the devices that are attached to the network, even those that can't authenticate.
Cold-boot attacks: The 'frozen cache' approachPart one of this pair of columns described "cold boot attacks" and their security implications, in particular for software-implemented full-disk encryption. Security expert Jurgen Pabel continues with part two.
With limited resources, UK vows to battle e-crimeA new U.K. police force dedicated to tracking down cybercriminals is gearing up to make the most of what one senior police official acknowledges is limited funding.
Expert cites "major problem" with security policy complianceAttendees at this week's SecureWorld Boston conference got a stern talking-to Wednesday morning: Keynoter Charles Cresson Wood said organizations need to get their information security policies in order or risk going down the tubes
Hospital loses patient data again in less than a year
United Christian Hospital lost patient data stored in USB thumb drive again in less than a year.
Nasty New Worm Targets Home Routers, Cable ModemsA computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear.
Adobe details secret PDF patchesAdobe Systems Inc. revealed Tuesday that it patched five critical vulnerabilities behind the scenes when it updated its Reader and Acrobat applications earlier this month to fix a bug already under attack.
Panda Releases Free Security Tool for AutorunPanda, an antivirus software company, has a new free Panda USB Vaccine available for download that can disable the Windows Autorun feature for an entire PC or a particular USB drive.
Cisco security updates squash router bugsCisco has released eight security updates for the Internetwork Operating System (IOS) software used to power its routers.
Cisco helps avoid security scrimping in cash-tight timesMany Wi-Fi vendors have integrated dedicated wireless intrusion prevention systems (WIPS) directly into their 802.11n systems. Cisco, for example, recently released an application called Adaptive Wireless IPS integrated with a multifaceted attack correlation system in its Wireless Control System (WCS) network management and security policy platform.
Identity management delivery methodsDifferentiation among the various offerings from various vendors is what makes choosing an identity management "solution" interesting. So we see different "bells and whistles," different suite modules and different delivery methods. It's this latter that's the topic today.
Sipera gear protects Microsoft OCS when used in unified communicationsAt VoiceCon Orlando next week, Sipera will announce that its unified communications security gear supports Microsoft Office Communications Server, enabling businesses to safely extend OCS to telecommuters and business partners.
Secure Your Data in Parcels With Silver KeyIt's always interesting to view a technology from a new perspective, and that's what Silver Key allowed me to do. And believe me, it's all in the perspective--Silver Key (US$30, 30-day free trial) creates password-protected "parcels," which are pretty much the same type of thing as a password-protected zip, rar, 7zip or other archives The biggest difference is that Silver Key allows you to attach large binary keys to your archives as text files. The program steps you through the parcel creation process, never letting you forget that you're creating an archive that's secure.
China becoming the world's malware factoryWith China's economy cooling down, some of the country's IT professionals are turning to cybercrime, according to a Beijing-based security expert.
Privacy group: Facebook principles still lackingFacebook's recent decision to back off proposed changes in its terms of service still leaves the social-media site with a "huge loophole" in privacy protections, a privacy group said Tuesday.
Facebook holds the line against spammers, scammersFacebook is shoring up its security protection procedures as the social-networking site increasingly comes under attacks from spammers, data thieves and other tricksters, according to the company's chief privacy officer.
Is Apple Safari Safe?When security researcher Charlie Miller hacked the Mac through the Safari browser in under 10 seconds last week, the question raised was deafening: Is Apple Safari secure? The answer, of course, is a bit more complicated.
Prevent USB Drives from Spreading Viruses
The alarming Conficker/Downadup worm is one of many threats that can spread by infecting those portable USB thumb drives on which so many of us rely.
Critical Flaws Found in HP OpenView
First patch didn't cut it.
Cisco Security Updates Squash Router Bugs
The networking company has released its twice-yearly IOS patches, posting eight updates
Every Smartphone OS Endures Pwn2Own Unhacked [Haxx]
By matt buchanan on Windows Mobile
After Safari was busted in 10 seconds at the Pwn2Own hacking competition, you'd think puny smartphones wouldn't stand a chance. But you'd be wrong!
Every smartphone OS up for total destruction—iPhone, Windows Mobile, Symbian, Android and BlackBerry—made it through the competition unscathed. Not because they're inherently more secure. It's just because their puny processing power and memory make things like the 10-second Safari hack harder to do, even though the exploit is totally there.
Another reason is that every phone has a unique carrier and OS version situation, which made it harder for researchers to come with exploits—for instance, one crafted for the Storm, which wasn't in the competition, actually didn't work on the Bold. So the multiplicity of phones out there is actually a good thing security-wise, though it makes more monolithic platforms, like the iPhone a more attractive target—kinda like Windows' juggernaut-size makes it a bigger target for exploits than Mac or Linux. That said, I don't think the survival rate will be so great next year. [Computerworld via Slashdot]
Posts
No comments:
Post a Comment