Collaborate Disseminate
As I took the stage at Def Con 27, I looked out into the crowd. My close friend and mentor of over 10 years had flown out to Las Vegas to watch me present my newest research and was sitting in the front row. I looked to my left, and my co-worker and m… Continue reading The Power of Mentorship in Threat Research
Lessons from the Equifax hack still haven’t spread far enough, it seems. In that case, Chinese military personnel allegedly exploited a known security flaw in Equifax’s systems to steal data on roughly 145 million Americans. The vulnerability, an issue in the software framework called Apache Struts, had been solved with a patch some two months before, though the credit processing company had failed to install the proper fix. Now, an IBM analysis of 70 billion security incidents in 130 countries over the past year has determined that attackers typically used known vulnerabilities or stolen credentials to break into a victims’ networks. By combining purloined usernames and passwords — typically captured via phishing emails, with malicious attachments — hackers are able to break into networks much in the same way they have for a generation, according to the report released Tuesday. So many credentials are available in online data repositories, and malware so widely accessible […]
The post Known bugs and predictable phishing are behind your average security incident, IBM says appeared first on CyberScoop.
Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that moves machinery. In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit […]
The post Airbus researcher explores ‘Stuxnet-type attack’ for security training appeared first on CyberScoop.
Continue reading Airbus researcher explores ‘Stuxnet-type attack’ for security training
This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.… Continue reading Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint
Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices… Continue reading 2019 – Checkmarx Research Roundup
Deconstructing a zombie army of comprised computers — commonly known as a botnet — can tell you a lot about the security weaknesses over a range of digital infrastructure. The unpatched machines the botnet preys on, the protocols it uses, and the malicious code it distributes come into sharp focus. A new study of the MyKings botnet — a notorious horde of computers that has netted crooks some $3 million — by antivirus firm Sophos highlights how Windows servers are vulnerable to a range of attacks from the botnet. The MyKings botnet, also known as Smominru, is like a mash-up of recent security trends: it has been used to mine cryptocurrency, it has taken advantage of users’ failure to patch their systems, and it has employed a software exploit released by the Shadow Brokers. MyKings’ authors have also started experimenting with steganography — an increasingly popular technique in which hackers hide […]
The post The anatomy of the MyKings botnet, and why it matters for security appeared first on CyberScoop.
Continue reading The anatomy of the MyKings botnet, and why it matters for security
There is no shortage of malware that government-backed hackers can get from the public domain, saving them the trouble of developing their own code. But to meet their intelligence-gathering needs, plenty of groups still roll up their sleeves and build their own kits. A Chinese espionage outfit known as Rancor has been particularly active on that front. New findings from Palo Alto Networks’ Unit 42 research unit, shared exclusively with CyberScoop, show how, over the past year, the group has tried to break into the network of an unnamed Cambodian government organization and deploy their custom malware. First, the group laced a Microsoft Excel document with previously undocumented malware in an attempted breach of the Cambodian organization in December 2018 and January 2019, Unit 42 said. When that didn’t work, Rancor packed a computer script with a bunch of potentially infectious code, Unit 42 researchers discovered in July. The research […]
The post This China-linked espionage group keeps trying to hack the Cambodian government appeared first on CyberScoop.
Continue reading This China-linked espionage group keeps trying to hack the Cambodian government
Department of Homeland Security officials could in the coming months issue an order that would require federal civilian agencies to establish vulnerability disclosure programs that allow independent researchers to find flaws in agency websites and software applications, multiple officials told CyberScoop. DHS is mulling the release of a Binding Operational Directive (BOD), an authority that compels agencies to get their security houses in order. The measure would be a response to the lack of federal progress on vulnerability disclosure programs (VDPs). Such programs are commonplace in the private sector as they allow resource-strapped organizations to tap outside security expertise, or at least allow the public to flag a security issue before it is found by hackers with malicious intent. Out of scores of civilian agencies, less than 10 have VDPs in place, according to officials at DHS’s Cybersecurity and Infrastructure Security Agency. “Agencies have not implemented vulnerability disclosure in a consistent fashion,” said Matt Hartman, an […]
The post DHS is mulling an order that would force agencies to set up vulnerability disclosure programs appeared first on CyberScoop.
Thieves are using malware that masquerades as Tor, the anonymizing internet browser, to steal money from Russian-speaking people on the dark web, researchers said Friday. The operation uncovered by researchers at Slovakian cybersecurity company ESET has netted the unidentified attackers some $40,000 in bitcoin so far, but the amount could be larger. “They likely stole more in Qiwi,” said Robert Lipovsky, a senior malware researcher at ESET, referring to a Russian payment service. The insidious attack is a reminder that hackers can upend the privacy and security users expect from software by tricking them into downloading malicious code. Tor is used by everyone from human rights defenders and journalists to criminals trying to hide activities like drug sales and child pornography from law enforcement. This effort, only the latest malicious operation exploiting users who rely on the software, comes as the Tor Project is seeking to spread awareness about Tor, and increase trust […]
The post A malicious Tor browser is helping scammers steal bitcoin, researchers say appeared first on CyberScoop.
Continue reading A malicious Tor browser is helping scammers steal bitcoin, researchers say
The top cyber threats facing financial institutions range from phishing and privileged misuse – to simply too many cybersecurity tools that are not interoperable according to a review of in-depth research.
The post A Review of Research Identifyin… Continue reading A Review of Research Identifying the Top Cyber Threats Facing Financial Services