Damballa discovers new toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface Destover is best known as the malware used in the attack on Sony Pictures Entertainment in November 2014, and also for its relationship based on its wiping technique with the Shamoon malware used in the attack on Saudi Aramco in 2012. The Destover trojan is a wiper that deletes files off of an infected system, rendering it useless. Unlike most malware, the goal of Destover and other wiping malware is to cause damage for ideological and political reasons not for financial gain. For example, at Sony,…
Author: ISBuzz Team
A unique malware targeting mass media agencies in Hong Kong hides its C&C (command and control) server inside Dropbox accounts. According to FireEye’s threat analysis, the campaign seems to be part of a Chinese state-sponsored attack, carried out by a group previously known as admin@338. Craig Young, security researcher at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire : “This is not a threat toward Dropbox users but rather the attackers are relying on Dropbox to help stay under the radar. Many security departments would recognize command and control traffic because the communication…
Fans buying tickets for Adele’s tour have told the BBC they were shown the address and credit card details of customers other than themselves. Advance tickets were made available to members of Adele.com this morning. Ticketing company Songkick said due to the “extreme load” on the site some customers could see others’ account details. It apologised for any “alarm”. Security experts from ESET, Lieberman Software and Veracode have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Sander, VP of Product Strategy at Lieberman Software : What can go wrong even without hackers involved? What should companies do to prevent details…
The ubiquitous authentication methodology Two-factor authentication (2FA) has been about for much longer than you think. For a decade or more we have been used to being issued with a card reader (in essence a hardware token device) to use with our bank card and Personal Identification Number (PIN) when looking to complete our internet banking transactions. 2FA technology has also, over the past year or so, been employed by seven of the ten largest social networking sites (including Facebook, Twitter and LinkedIn) as their authentication measure of choice. Because of this, the use of the technology has become widespread…
Advanced Persistent Threats as we know them will cease to exist in 2016, replaced by deeper, embedded attacks that are harder to detect and trace back to the perpetrators, according to Kaspersky Lab experts. In their Predictions for 2016, the experts reveal that while the ‘Threat’ will remain, the concept of ‘Advanced’ and ‘Persistent’ will disappear to reduce the traces left behind on an infected system. They will also rely more on off-the-shelf malware to minimise their initial investment. Kaspersky Lab’s Predictions for 2016 are based on the expertise of the Global Research and Analysis Team, the company’s 42 top…
As enterprise perimeters expand, so will security vulnerabilities It’s no secret that cyber threats are getting smarter and penetrating deeper across devices and different levels. As global enterprises push to scale their businesses through initiatives like cloud and social, information that previously resided in internal hardware will now be strewn across various devices and levels like on-premises, public clouds, social media and mobile. This will leave consumers, businesses and governments on constant high alert for increased risk, vulnerability and exposure. Cloud security will increase in scale, and decrease in complexity In 2016 we’ll see cloud security evolve into simpler, virtualized…
In response to the news that a group of hackers have threatened to collapse the websites of three banks in Greece if they do not pay 20,000 Bitcoins, Amichai Shulman, CTO of Imperva have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Amichai Shulman, CTO of Imperva : “These kind of threats should be handled full force by authorities up the point where individuals involved in the activity are apprehended and indicted. I’m not suggesting that banks and other organizations do not take any measures to protect their data assets and online presence (much like I don’t suggest people to stop…
Security experts from Lastline and Balabit have the following comments on SQL Injections. [su_note note_color=”#ffffcc” text_color=”#00000″]Péter Gyöngyösi, Product Manager of Blindspotter, Balabit : “The VTech breach: sneak peek into the IoT security nightmare “As it was reported by multiple sites, the Hong Kong-based toy manufacturer VTech was breached and a massive data dump containing the personal information and passwords of 4.8 million parents and their children became public. On top of being a massive security breach that involves under-aged kids, this incident showcases two things that can possibly go wrong if security does not evolve as the Internet-of-Things becomes more…
Tod Beardsley, Security Engineering Manager, Rapid7 have the following comments on OpenSSL Vulnerability. [su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 : “IT folks should prioritise applying the announced patches against their usual business needs; after all, the highest rated OpenSSL vulnerability is merely “moderate,” and I’d expect the OpenSSL Project to err on the side of more severe than less. While online retailers are going to be particularly sensitive to downtime this week, anyone who can afford the time it takes to test and push patches to production should do so. Having these issues buttoned up well before the holidays…
JC Gaillard of Corix Partners shares his top 4 tips for CIOs to effectively and efficiently deal with the matter of Shadow IT. Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security. Shadow IT is a…