New Downad/Conficker variant spreading over P2P
By Rik Ferguson on worm_downad
TrendLabs researcher Ivan Macalintal has this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous worm. As well as reactivating the original propogation functionality, this new variant sheds some extra light on possible links with other malware and origins of the worm. This new Downad/Conficker [...]
The Rocky Road To More Secure CodeA wave of secure coding initiatives have been launched, but will they result in less vulnerable applications?
Survey: Small Firms Recognize Insider Risk, But Don't ActSymantec report finds SMBs worried about insider threats
Interceptor - Wireless Wired Network Tap (Fon+)By Darknet on wireless wired network tap
The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. Most tools are designed to pass a copy of the traffic onto a specified wired interface which is then plugged into a machine to allow a user to monitor the [...]
Microsoft Puts Hold on Forefront Security Product RangeBy Darknet on windows-security
Microsoft is in the news again, but this time for holding back on something security related. It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too. A lot of Windows networks use ISA (as it used to be called) - in the future it’ll [...]
P2P eavesdrop 'guilt by association attack' developedFree BitTorrent countermeasure released
US engineering researchers say they have identified a new privacy threat to users of peer-to-peer (P2P) networks such as BitTorrent and (perhaps) Skype. Obligingly, however, they have freely released a protective plugin designed to work with a popular torrent client.…
Spies hacked US electrical grid, says WSJThe Russians, the Chinese, and "others"
Foreign cyber-spies have reportedly been infiltrating the US electrical grid and planting software that can be used to destroy key components.…
MS blames non-Redmond apps for security woesIssues are third party and they'll cry if they want to
Microsoft has blamed common third-party desktop applications, rather than Windows, for the majority of security threats in a new report. The finding might appear surprising at first but is backed by independent security notification firm Secunia.…
Hackers pwn Macca site with banking malwareRingo forgotten again
Webmasters had to purge the website of former Beatle Paul McCartney after hackers planted malware.…
Mark Rasch: Facebook, Privacy and ContractsFacebook, Privacy and Contracts
Brief: Rogue security apps worry Microsoft mostRogue security apps worry Microsoft most
Experts alarmed over U.S. electrical grid penetrationBy Robert Westervelt
Russian and Chinese probing of the U.S. electrical grid has prompted a call on lawmakers to act quickly to strengthen cybersecurity of the nation's critical infrastructure.
Microsoft: Rogue 'security' software a rising threatFake security software programs along with attacks using vulnerabilities in applications continued to pester Internet users in the last half of 2008, according to Microsoft's latest security report.
Microsoft patch rate surged in second half of 2008Microsoft was forced to pick up the patching pace in the second half of 2008, the company admitted Wednesday, as it fixed 67% more flaws and released 17% more security updates in the period than it had in the first six months of the year.
PGP slims encryption software to aid SMBsPGP Corporation has announced a slimmed-down version of its disk encryption platform which it hopes will appeal to small and medium sized businesses put off the technology by its reputation for expense and complexity.
FBI claims ISP stole millions from AT&T, VerizonThe U.S. Federal Bureau of Investigation has raided a Dallas collocation facility, investigating a fraud in which telecommunication giants AT&T and Verizon Communications were duped into providing more than 120 million minutes of telephone service to criminals, the FBI claims.
Creating a reputation system that's easy to use, safe and secureLast issue, in talking about Ethoca, I mentioned that their fraud-fighting scheme might be the basis for constructing the type of system we've been talking about for years without ever getting close to realizing a working system. If you read the last issue, you can probably guess that I'm talking about a reputation system.
Gov't agency: We are not the source of data leakageHong Kong's ICAC (Independent Commission Against Corruption) said Monday it doesn't possess soft copies of documents that an Internet user downloaded via file-sharing tool Foxy.
Researcher's death casts pall over major TCP fixThe security researcher who discovered a major networking flaw that could be used to take down Internet servers has died, leaving others to carry on the work of fixing the flaw without him.
Are You Infected? A Smart and Simple Test.A common tactic used by malware is to block the infected computer from connecting to the Web sites of antivirus and security companies. Such blocks are meant to prevent you and your antivirus program from getting help in removing the infection.
Electric Grid in US Penetrated by Spies, (Wed, Apr 8th)
Many readers sent this article in this morning. Thanks to our readers! According to this arti ...(more)...
Snort 2.8.4 upgrade is out -- Upgrade now!, (Wed, Apr 8th)We over at Sourcefire (yes, I work for Sourcefire in case you don't know by now!) have been putting ...(more)...
Power Grid Hack Highlights Where Government Cyber Security Efforts Fall Short (E-Week Security)Report Says Hackers Have Penetrated Power Grid (NewsFactor) (Yahoo Security)
Report: Cybercriminals Have Penetrated US Electrical Grid (PC World) (Yahoo Security) Microsoft Outlines Rogue Antivirus, Data Breach Threats (E-Week Security) MS blames non-Redmond apps for security woes (The Register)Judge to Decide if Hannaford Breach Liability Case Will Go to Trial (April 2 & 6, 2009)
A federal judge will soon decide if Hannaford Bros.......
French Legislators Approve Three-Strikes Anti-Piracy Law (April 3, 2009)In an all but unanimous vote, the French National Assembly approved a "three-strikes" anti-piracy bill.......
Swedish Anti-Piracy Law Cuts Internet Traffic (April 3 & 6, 2009)An anti-piracy law in Sweden called the Intellectual Property Rights Enforcement Directive (IPRED) that took effect on April 1 appears to be responsible for a significant drop-off in web traffic in that country; the decline has been estimated at between 33 and 40 percent.......
UK ISPs Now Required to Retain Internet Communications Data (April 6, 2009)The UK's Data Retention (EC Directive) Regulations 2009, which took effect on Monday, April 6, 2009, require Internet service providers (ISPs) to retain Internet communication data for 12 months.......
IRS Late in Implementing Federal Desktop Core Configuration Settings (March 27 & April 6, 2009)A report from the Treasury Inspector General for Tax Administration (TIGTA) says that the US Internal Revenue Service (IRS) has been dragging its feet in its implementation of required security measures.......
IG Report Says Interior Department Did Not address Security Issues (April 5, 2009)A report from the US Interior Department's then-Inspector General (IG) written last spring, but made public just last week, said that despite having been ordered by a judge to fix serious cyber security problems the department's computer network remains vulnerable.......
County Auditor's Office Investigating Presence of Password Sniffers on Computer (April 4, 2009)The Clark County, Indiana auditor's office is conducting an internal investigation after two suspicious applications were detected on one of its computers.......
Attackers Exploiting Unpatched PowerPoint Flaw (April 2 & 3, 2009)An unpatched vulnerability in PowerPoint is being actively exploited in "limited and targeted attacks," according to Microsoft.......
Univ. of Washington Notifies 6,000 of Data Breach (April 1 & 3, 2009)The University of Washington has notified more than 6000 employees that their personal information was compromised in a data security breach late last year.......
Neeris Variant Inspired By Conficker (April 3 & 6, 2009)A new variant of the Neeris worm now exploits the same Windows flaw used by Conficker.......
Microsoft and Facebook Team Up to Put the Kibosh on Koobface (April 6, 2009)Microsoft and Facebook are working together to protect users from the Koobface worm...
Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances
In Cisco Security Advisory
China and Russia v. the US Grid!
The WSJ woke up up with a start with an eye-opening grabber: 'Electricity Grid in US Penetrated by Spies.' Scary stuff! The story, while quite interesting, doesn't however give much direct evidence that would allow us evaluate how real the threat is
Cyberspies Penetrate Electrical Grid: Report
By Reuters
WASHINGTON (Reuters) - Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday.
The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials.
The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website.
"The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians."
The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official.
"There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year."
The administration of President Barack Obama was not immediately available for comment on the newspaper report.
Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."
Officials said water, sewage and other infrastructure systems also were at risk.
Protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week.
The sophistication of the U.S. intrusions, which extend beyond electric to other key infrastructure systems, suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists.
While terrorist groups could develop the ability to penetrate U.S. infrastructure, they do not appear to have yet mounted attacks, these officials say.
(Writing by Eric Beech; Editing by Jon Boyle)
Company Caught in Texas Data Center Raid Sues FBI, and Loses
By Kim Zetter
Liquid Motors is one of about 50 innocent companies put out of business when the FBI seizes the servers at Core IP Networks in Dallas. A judge rules the company, which provides inventory management and marketing services to national automobile dealers, has no recourse against the feds.
Report: cyberwarriors probing US electrical grid
By jhruska@arstechnica.com (Joel Hruska) on US
It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.
Microsoft: 3% of e-mail is stuff we want; the rest is spam
By jacqui@arstechnica.com (Jacqui Cheng) on Symantec
Spam makes up close to 100 percent of all e-mail traffic on the Internet, according to Microsoft. In a new security report, Microsoft said that 97 percent of e-mails sent were destined for the junk folder, though most never made it to their destinations thanks to server-side filtering.
As usual, the latest waves of spam are rife with advertisements for pharmaceutical products (48.6 percent of the total). Microsoft noted that a larger percentage of spam was blocked by its own Exchange Hosted Filtering (EHF) services in the second half of 2008 for most categories, with some 40 percent of "non-sexual" pharmacy spam being blocked (apparently, sexual pharmacy spam figured out how to get around EHF filters during that time—Microsoft recorded a drop in blocked e-mails from this category).
Researcher: Power Grid Hackers Gained Access by Attacking PCs
Grid hackers likely used the same route as other cybercriminals: exploiting a bug in software such as Windows or Office.
US Agency Moves Toward Smart-grid Road Map
The US NIST hires a nonprofit to work on interoperability and standards issues
Malware Infections Lurk in U.S. Electricity Grid, WSJ reports
The Wall Street Journal reported today that hackers from China, Russia and elsewhere have managed to install malicious "software tools" inside the U.S. electricity infrastructure.
Google Secure Data Tool Ties Apps to Company Data
The new tool could spur a range of vendors to connect their products to Google Apps
Active Storage on Wednesday released two new RAID products, expanding on its XRAID product line. The XRAID ES comes in 4TB and...
Report: Cybercriminals Have Penetrated US Electrical Grid
The intrusions appear to be pervasive, government officials tell The Wall Street Journal
Microsoft: Rogue 'Security' Software a Rising Threat
In its latest security report, Microsoft also says hackers look for flaws in applications to infect computers
Troubleshooting Kerberos in a Sharepoint Environment (part 3)
By blue@jinx.dk (Jesper M. Christensen)
What Kerberos delegation is and when we need to configure it
Microsoft Security Intelligence Report volume 6
By MSRCTEAM
Hello, Bill here,
Today is the release of the Microsoft Security Intelligence Report volume 6. The report can be found here: http://www.microsoft.com/sir.
A section in the report is devoted to out-of-band (OOB) releases. So, I thought I would blog a bit about these types of releases in the broader context of update management.
Security update management is a security discipline in itself. It is a fundamental security pillar in the security protection landscape. It is comprised of risk assessment, deployment planning, and cost analysis to name a few. Efficiency and cost effective patch management relies heavily on predictability. Predictability is entirely dependent upon a software vendor’s release process. While this may be true, the threat landscape can change to the degree that predictability becomes a secondary consideration when it is outweighed by an imminent and potentially destructive threat. Understanding the nature of what drives the release of a security update is key to having a balanced patch management strategy.
Over the years Microsoft has been constantly striving to improve our release process to minimize the impact of security update deployment. In the early days, we would release updates at various times of the week and/or month without a predetermined schedule. It was probably easier to predict the weather in San Antonio Texas than it was to predict when an update would be released from Microsoft. Many years ago when in San Antonio, I remember temperatures of 40 degrees in the mornings and 80 degrees in the afternoons—in November.
In subsequent years we started to release updates on a more predictable schedule. And has matured to what we have today by releasing updates on the second Tuesday of each month.
Essentially, we established a significant measure of predictability. In spite of these improvements, it was predictably unpredictable when customers may be under imminent threat or active attack. Specifically, exploit code existing and being leveraged in the wild but no security update being available. Under such circumstances, we would have to expedite the release of a security update as soon as possible to protect customers from the immediate threat.
These types of releases are what we call out-of-band (OOB). In other words, updates were not released on the second Tuesday of the month; waiting for the scheduled release date would leave customers with limited recourse to protect them. To be sure, if Microsoft releases an OOB update, customers are at great risk of exploitation and should apply the update as soon as possible. As I noted earlier, predictability becomes a secondary consideration in light of an imminent or active threat.
What is also important to note is that OOB’s don’t really fit any type of pattern. In the last four years we have released eight OOB’s. So it’s reasonable to average this out to two OOB’s per year. But the numbers tell a different story in terms of distribution. There were two OOBs in the matter of several months in 2008. In contrast, 2004 yielded 3; 2005 yielded 0; 2006 yielded 2; and 2007 yielded 1. As you can see, the numbers are not necessarily a harbinger of things to come.
Here at Microsoft we are constantly focusing on improvements that we can make to lessen the impact of security update management. While Microsoft has refined processes that lend itself to a predicable release cycle, predictability becomes secondary to out-of- band releases if warranted to protect customers.
While not the focus of this blog post, there are other data that factor into a patch management strategy that falls under the rubric of vulnerability and exploit trends. This information as well as a closer analysis of OOB releases can be found in the newest version of the Microsoft Security Intelligence Report V6. The report can be found here: http://www.microsoft.com/sir.
Bill Sisk
Posts
No comments:
Post a Comment