3 new tools that can detect hidden malware
New tools can detect hidden malware Image by Shutterstock We tested new security appliances from Damballa, Lancope and LightCyber that are designed to detect the latest cyber-attacks by monitoring network traffic and identifying when a piece of malware is communicating back to its command and control center. (Read the full review here.) To read this […] more…Deploying a Smart Sandbox for Unknown Threats and Zero-Day Attacks
Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, […] more…Windows 10 will work with FIDO specs for password-free access, says Microsoft
Microsoft has announced that its forthcoming revamp of Windows will be compliant with FIDO’s current specifications for advanced authentication. Or has it? more…Password cracking experts decipher elusive Equation Group crypto hash
Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about Monday, password crackers have deciphered a cryptographic hash buried in one of the hacking crew’s exploits. It’s Arabic for “unregistered.” Tags: Encryption more…Fanny superworm likely the precursor to Stuxnet
The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet. The USB worm is called Fanny and is part of a sophisticated malware toolset used […] more…A Fanny Equation: "I am your father, Stuxnet"
At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack. Perhaps the most interesting zero-day exploit from Stuxnet was the LNK exploit (CVE-2010-2568). This allowed Stuxnet […] more…How "omnipotent" hackers tied to NSA hid for 14 years—and were found at last
In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn’t know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least […] more…Equation: The Death Star of Malware Galaxy
Download “Equation group: questions and answers” PDF “Houston, we have a problem” One sunny day in 2009, Grzegorz Brzęczyszczykiewicz1 embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. As a leading scientist in his field, such trips were common for Grzegorz. Over the next couple of days, […] more…The Great Bank Robbery: the Carbanak APT
Download Full Report PDF The story of Carbanak began when a bank from Ukraine asked us to help with a forensic investigation. Money was being mysteriously stolen from ATMs. Our initial thoughts tended towards the Tyupkin malware. However, upon investigating the hard disk of the ATM system we couldn’t find anything except a rather odd […] more…The Upload: Your tech news briefing for Monday, February 16
Kaspersky exposes huge, ongoing bank-robbery-by-hack Russian cybersecurity firm Kaspersky Lab is releasing a report Monday with some details on a wide-ranging series of hacks into at least 100 banks in 30 counties—some of which are apparently still ongoing. Kaspersky gave the New York Times an advance look at the material, and says that losses total […] more…Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
Recently, both HP’s Zero Day Initiative (ZDI) and Google’s Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where […] more…Microsoft’s patch info ‘blockade’ pinches security staffs
Security experts yesterday were still frustrated about Microsoft’s decision last month to halt advance warnings of each month’s patch slate, with one calling it a “blockade” and another arguing that it makes it difficult for IT administrators to do their job. “For the second straight month Microsoft is holding fast to their blockade of information,” […] more…The security implications of IoT: A roundtable discussion with four experts
The Internet of Things (IoT) will usher in a new era of network intelligence and automation, but its arrival raises a host of serious security questions. Network World Editor in Chief John Dix explores the topic in depth with four experts: * Marc Blackmer, Product Marketing Manager, Industry Solutions, Cisco * Ari Juels, Professor in […] more…Russian hackers have a foothold in Sony Pictures’ network, security firm says
Sony Pictures Entertainment (SPE) might have a second security breach on its hands, or maybe the hackers from November’s scandalous attack are still inside the company systems, according to a security firm that claims to have seen evidence of Russian hackers having access to SPE internal data. The hackers accessed SPE’s Culver City, California network […] more…APT developers not as smart as they’re made out to be
Criminal hackers aren’t as smart as those portrayed in the movies and on TV, according to a new report from Sophos Ltd. — but those behind advanced persistent threats are even dumber. To measure hackers intelligence, SophosLabs’ principal researcher Gabor Szappanos picked a particular exploit that went after a vulnerability in Microsoft Office. The exploit […] more…The worst of the worst phishing scams
Anything for a buck Image by Thinkstock No one is immune to the regular enslaught of spam and various scams that run across our inboxes. Just when you think the circumstances can’t get any worse, another disaster strikes that makes way for another opportunity by scammers. Here are some more famous ones. Editor’s Note: If […] more…More information
- When is a bug not a bug? When Microsoft say’s ‘it’s a feature’
- How to make a late career switch into cyber
- Vast data-berg washes up 1.16 billion pwned records
- Oracle Patches 200 Vulnerabilities With January 2024 CPU
- Mirai, Mirai, on the wall – through the looking glass of the attack on Dyn
- Phishers Use New Method to Bypass Office 365 Safe Links
- "That’s not a hack…" – 60 Sec Security [VIDEO]
- How big data is transforming information security
- Nvidia releases new Unix driver to fix high-risk exploit on Linux
- China-Linked Hackers Target U.S. Trade Group