13 Nov November Adobe Patches
14 Aug NSAccess Control Lists
12 Apr Hello from Infiltrate 2013
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
After the discovery of a major breach at Adobe recently some would perhaps have expected a bigger number of CVEs to get patched this round. It will be interesting to see how the breach will affect patch cycles in the coming months.
We're currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria.
Clicking the shortened link will lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and Java. The attackers favor using the Java exploit over the Reader exploit, as Java exploits are generally more reliable.
The exploit will download a Trojan-Downloader onto the system, which will subsequently download various other malware.
Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA which drew a lot of attention.
FBI Director Robert Mueller speaking at the closing panel
Throughout the conference, there was a strong push for more cooperation internationally and between different sectors. While cooperation has come a long way, we still have a long way to go.
The topic of cyber-espionage didn't come up as much as I've been used to in recent times. Instead, there was more talk on cyber-sabotage with several presentations talking about this problem.
Today is the second and last day of Infiltrate 2013 which is taking place in Miami Beach. It's my first time at Infiltrate and so far I've been really impressed with the quality of the conference.
The opening keynote by Chris Eagle definitely set the tone for the rest of the con, with a very clear focus on offense. Chris shared his own view on various issues concerning how the US Armed Forces - and the Navy in particular - deal with educating people on cyber.
One of the bits I found particularly interesting was the Title 10 issue. Many of the experts creating cyber-tools, which would make them best equipped to handle them, are civilians. However under Title 10, only military personnel can actually 'pull the trigger'. You can see how this can be problematic.
"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why." Well, "a bit more sluggish" for limited sets of communications in parts of Europe for a few days is not a broken internet, and is certainly not close to a critical infrastructure disaster.
There's been a lot of attention for the recent reports regarding a DDoS attack against Spamhaus which reached a peak of 300gbps. Yes, such enormous amount of throughput definitely makes this one of the biggest DDoS attacks ever seen. DDoS attacks have seen an increase in popularity in recent times and there's no sign they'll go away anytime soon. Cyber-criminals, competitors, hacktivists and nation-state sponsored actors all have their motives to use DDoS attacks. In this case, a suspected entity behind these attacks is a Dutch hosting company called CyberBunker, whose owner denies being responsible, but claims to be a spokesman for the attackers. The conflict between Spamhaus and CyberBunker goes back to 2011 and has now escalated after Spamhaus blacklisted CyberBunker earlier this month. The timing and conflict is uncanny. And, Spamhaus is certainly under attack from some determined group capable of generating massive amounts of traffic, forcing them to move to hosting and service provider CloudFlare, known for effectively dissipating large DDoS attacks.
Like many others, I took advantage of Amazon.com's sale and ordered a Kindle Fire HD last week. When I got around to exploring the Amazon App Store, it didn't take long before running into malware.
While searching for a particular benchmarking app I was presented with some additional apps. One of them immediately looked suspicious.
Yesterday the Iranian CERT made an announcement about a new piece of wiper-like malware. We detect these files as Trojan.Win32.Maya.a.
This is an extremely simplistic attack. In essence, the attacker wrote some BAT files and then used a BAT2EXE tool to turn them into Windows PE files. The author seems to have used (a variant of) this particular BAT2EXE tool.
There's no connection to any of the previous wiper-like attacks we've seen. We also don't have any reports of this malware from the wild.
BlackHat USA may have been wrapped up for the year but DEFCON is in full swing. I didn't stay around for DEFCON though, which means I finally have some time to reflect on BlackHat.
This year featured the first time Apple presented at BlackHat, about iOS security. While the presentation lacked the details usually seen in BH talks it definitely showed Apple is trying to open up. Being (more) communicative is vital to doing security response right.
This is of particular importance for Apple as there were quite a few talks focusing on Apple's security. Ranging from attacks on iOS to Mac-oriented EFI rootkits.
At the recent SOURCE Boston conference, one presentation that caught my attention was called SexyDefense - Maximizing the home-field advantage.
This was quite a thought-provoking presentation that was based on the old concept that offense is always the best defense.
Today is the last day of CanSecWest - a security conference taking place in Vancouver, Canada. On Wednesday I filled in for Costin Raiu and talked about our forensics work into Duqu's C&C servers.
As I'm writing this, Google Chrome just got popped. Again. The general feeling is that $60k, even with a sandbox escape, isn't a whole lot of money for a Chrome zero-day. So, to see multiple zero-days against Chrome is quite the surprise, especially when considering the browser's Pwn2Own track record.
Separately, I found the Q&A session following Facebook's Alex Rice’s presentation immensely intriguing.