Category: IA News
-
Investigation of a new undocumented instruction trick – Microsoft Malware Protection Center – Site Home – TechNet Blogs
While investigating some new malware samples this week, we came across a few interesting files that use a new trick with an undocumented instruction. We had to do a bit of digging around the Intel instructions list to solve this little mystery. While it turned out that the trick itself isn’t effective in complicating debugging…
-
Microsoft joins list of recently hacked companies – Computerworld
Microsoft finds APT ignored Windows systems and attacked their Macs. Interestingly, everyone else assumed it was their Windows systems. Just some humor at Microsoft’s expense but it is a funny statement for Microsoft’s CIRT to mention their Mac business unit. “During our investigation, we found a small number of computers, including some in our Mac…
-
Red October – Indicators of Compromise and Mitigation Data – AlienVault Labs
This is a nice collection of information on Red October from a partnership between Kaspersky and AlienVault Labs. ————————— Together with our partner, Kaspersky, we’re releasing a whitepaper on the “indicators of compromise” that can be useful to detect and mitigate the threats from Red October. It contains indicators to detect most of the Red October…
-
contagio – Batchwiper Samples
Latest investigation have been done by Maher center in cyber space identified a new targeted data wiping malware. Primitive analysis revealed that this malware wipes files on different drives in various predefined times. Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by…
-
Exploiting Universal Plug-n-Play protocol, insecure security cameras & network printers
A plethora of vulnerable devices due to the flaws in the Universal Plug and Play protocol put around 50 million at risk; somewhere in the neighborhood of about 58,000 security camera systems are vulnerable to hacking, and exploiting network printers top the list today for potential security mayhem. via Exploiting Universal Plug-n-Play protocol, insecure security…
-
Counterattack! Suspected hacker caught on HIS WEBCAM, while spying on Georgia | Naked Security
The country of Georgia has long blamed hackers based in Russia for attacks upon its computer networks, injecting malicious code into websites, and planting spyware to steal classified information. Now the Georgian governments CERT Computer Emergency Response Team claims it has linked an internet attack to Russias security services, and even turned the tables on…
-
Open DNS resolvers increasingly abused to amplify DDoS attacks, report says – Computerworld
An attacker can send rogue DNS requests to a large number of open DNS resolvers and use spoofing to make it appear as if those requests originated from the target’s IP address. As a result, the resolvers will send their large responses back to the victim’s IP address instead of the sender’s address. In addition…
-
How a Google Headhunters E-Mail Unraveled a Massive Net Security Hole | Threat Level | Wired.com
The problem lay with the DKIM key DomainKeys Identified Mail Google used for its google.com e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the domain in the header information on an e-mail is correct and that…
-
How to encrypt your cloud storage for free
BoxCryptor is basically a virtual hard disk that encrypts files on the fly using 256-bit AES encryption. Unlike TrueCrypt, another popular on-the-fly encryption tool, BoxCryptor encrypts individual files, not an entire volume or container. That means that your BoxCryptor-encrypted files sync with your cloud storage service immediately after you save them, whereas with TrueCrypt syncing…
-
Researchers find critical vulnerability in Java 7 patch hours after its release | Security – InfoWorld
Java continues to be the target of choice for attackers in 2012. If Java isn’t needed, remove it, block it, etc. Consider blocking Java at the border of your enterprise and whitelist sites you trust that really need it. Oracle and previously Sun, created a product that is too difficult to patch quickly and easily.…