http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/ By Dan Goodin Ars Technica June 24 2014 Corporate spies have found an effective way to plant their malware on the networks of energy companies and other industrial heavyweights—by hacking the websites of software companies and waiting for the targets to install trojanized versions of legitimate apps. That’s what operators of the Havex malware family have done with aplomb, according to a report published Tuesday by researchers from antivirus provider F-Secure. Over the past few months, the malware group has taken a specific interest in the types of industrial control systems (ICS) used to automate everything from switches in electrical substations to sensitive equipment in nuclear power plants. In addition to the normal infection channels of spam e-mail, the malware operators have added a new tack—replacing the normal installation files of third-party software with tainted copies that surreptitiously install a remote access trojan (RAT) on the computers of targeted companies. “It appears the attackers abuse vulnerabilities in the software used to run the websites to break in and replace legitimate software installers available for download to customers,” F-Secure researchers Daavid Hentunen and Antti Tikkanen wrote. “Our research uncovered three software vendor sites that were compromised in this manner. The software installers available on the sites were trojanized to include the Havex RAT. We suspect more similar cases exist but have not been identified yet.” […]
http://www.technologyreview.com/news/527016/wheres-the-next-heartbleed-bug-lurking/ By Robert Lemos MIT Technology Review April 29, 2014 After causing widespread panic and changing of passwords, the Heartbleed bug has largely disappeared from the news. Yet the implications of the discovery are still being debated across the computer industry. The biggest concern for security experts is how to preëmpt other flaws lurking in the Internet’s foundations. The Heartbleed bug was discovered earlier this month in a piece of software called OpenSSL that is widely used to establish a secure connection between Web browsers and servers by managing the cryptographic keys involved. OpenSSL is an “open source” project, meaning that the underlying code is published along with the software. Also, like many other open-source efforts, it is maintained by a small group of volunteer programmers (see “The Underfunded Project Keeping the Web Secure”). The problem is being recognized by big software companies that rely on efforts like OpenSSL. Last week, the Linux Foundation, which provides support for the popular Linux operating system, launched an effort called the Core Infrastructure Initiative to support small open-source projects. Companies including Google, Amazon, Facebook, IBM, Intel, Cisco, and Dell have so far committed more than $3 million to the effort. A steering committee will try to identify the open-source projects that most need financial support. “The problem with open source is that you have the ‘free rider’ problem,” says Chris Wysopal, a well-known computer security expert and chief technology officer and cofounder of Veracode, an application-security assessment firm. “People and companies who are using it, and getting huge value out of it, are not giving a lot of money to keep it going.” […]
http://english.chosun.com/site/data/html_dir/2013/04/08/2013040801313.html The Chosunilbo April 8, 2013 North Korean leader Kim Jong-un in February expressed confidence in the regime’s cyber warfare capabilities against South Korea. A South Korean official on Sunday quoted Kim as saying at the time, “If we have strong information technology and brave warriors like the Reconnaissance General Bureau, we will be able to break any sanctions and have no problem building a strong and prosperous country.” The official said the North has reason to be confident in its 12,000 highly skilled hackers, who are able to avoid detection by erasing their traces. Talented children in sciences in North Korea get intensive computer training at Kumsong Middle School in Pyongyang. They are then raised as “cyber warriors” for three to five years at either Mirim College under the General Staff Department or Moranbong College under the Reconnaissance Bureau. An estimated 1,000 North Korean hackers work under cover for educational software companies, animation companies and trade firms across China, Southeast Asia, and Europe. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org
I was cruising the Exploit-DB.com site today just to see the latest in the exploits in the wild and noticed right away that there was a new metasploit exploit released on October 1st for Trend Micro’s Internet Security Pro 2010. It always chills me when I see exploits for security vendors. I guess I see them as being special or something. Maybe I shouldn’t put them so much on a pedestal since I guess all programmers can make mistakes. However, the question is… should we expect security vendors to have better security than their customers or other software companies? I wonder if NSS Labs is going to come up with a framework for assessing or certifying security product vendor’s development processes? Hmm… That’d be nice to see.
See the exploit below: