Tag Archives: framework

[ISN] Highly advanced backdoor trojan cased high-profile targets for years

http://arstechnica.com/security/2014/11/highly-advanced-backdoor-trojan-cased-high-profile-targets-for-years/ By Dan Goodin Ars Technica Nov 23 2014 Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran’s nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets. To remain stealthy, the malware is organized into five stages, each of which is encrypted except for the first one. Executing the first stage triggers a domino chain in which the second stage is decrypted and executed, and that in turn decrypts the third stage, and so on. Analyzing and understanding the malware requires researchers to acquire all five stages. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer’s mouse, stealing passwords, monitoring network traffic, and recovering deleted files. Other modules appear to be tailored to specific targets. One such payload included code for monitoring the traffic of a Microsoft IIS server. Another sniffed the traffic of mobile telephone base station controllers. Symantec researchers believe Regin was a sprawling framework that was used in multiple campaigns that data back to 2008 and possibly several years earlier. Liam O’Murchu, manager of operations for Symantec Security Response, told Ars that the roster of modules used against one target was often unique, an indication that Regin was used in multiple campaigns. “Essentially, what we think we’re looking at is different campaigns where in one infection they needed to sniff your keyboard whereas in another infection they wanted grab the user name and password of the admin connected to a base station controller,” O’Murchu said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FIRST standards to clean up messy CERTs

http://www.theregister.co.uk/2014/10/20/first_standards_to_clean_up_messy_certs/ By Darren Pauli The Register 20 Oct 2014 The global gathering of incident responders FIRST is spearheading a global standards effort to reform and unify the operations of government and large enterprise computer emergency response teams (CERTs). The Forum of Incident Response and Security Teams (FIRST) has tipped US$500,000 into the effort and has received backing from many national CERTs and governments including Australia, the US, Canada, and from Britain’s new CERT. FIRST director Peter Allor said at the Australian Information Security Association (AISA) conference last Friday that the framework would cover all operational aspects of national and large enterprise CERTs. “Each CERT invents the way it will operate so they operate differently,” Allor said. “We put our hand up to do this and we received a lot of support.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Reconnaissance code on industrial software site points to watering hole attack

http://news.techworld.com/security/3542635/reconnaissance-code-on-industrial-software-site-points-to-watering-hole-attack/ By Lucian Constantin Techworld.com 01 September 2014 Attackers have rigged the website of an industrial software firm with a sophisticated reconnaissance tool, possibly in preparation for attacks against companies from several industries. The incident was detected last week by researchers from security firm AlienVault who found rogue code injected into the website of a big industrial company that wasn’t named. “The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing,” said Jaime Blasco, director of the AlienVault Labs in a blog post. Unlike most watering hole attacks where hackers inject malware-carrying exploits into websites visited by their intended targets, the purpose of this attack was only to gain detailed information about visiting computers. The rogue code injected into the compromised site loaded a JavaScript file from a remote server that was actually a reconnaissance framework dubbed Scanbox, Blasco said. In addition to collecting basic information like the browser type, computer IP (Internet Protocol) address, operating system and language, this tool uses advanced techniques to detect which security programs are installed on the visitor’s system, he said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New hacking scenario emerges: Wi-Fi signal-sniffing drones

http://defensesystems.com/articles/2014/08/15/drones-can-hack-wifi-networks.aspx By George Leopold Defense Systems Aug 15, 2014 The next major network security threat could come from the sky, in the form of drones equipped with video cameras and the ability to sniff out mobile devices and their unique identifiers, perhaps even establishing rogue network access points in the sky that could be used to hack sensitive government or corporate networks. That’s the potential threat, according to security specialists and at least one network security company offering detection equipment to address the new threat from the sky posed by network-hacking drones. The inherent openness of Wi-Fi and other wireless networks, along with the proliferation of mobiles devices constantly seeking network connections, provide a tempting target for signal-sniffing drones. Experts stressed that the security perimeter of an office building will now have to include the airspace around the structure, because that airspace can be easily surveyed by drones at standoff distances capable of relaying video about, say, an agency’s wireless infrastructure. In another scenario, security analyst Glenn Wilkinson described how he rigged a “distributed, tracking, profiling and data-interception framework” called “Snoopy” to a quadcopter drone. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Taking time to build out a strong health IT security program

http://healthitsecurity.com/2014/06/17/taking-time-to-build-out-a-strong-health-it-security-program/ By Patrick Ouellette Health IT Security June 17, 2014 Department of Health and Human Services (HHS) Chief Regional Civil Rights Counsel Jerome Meites recently predicted that there would be a considerable uptick in HHS data breach penalties within the next year, according to thehill.com. “Knowing what’s in the pipeline, I suspect that that number will be low compared to what’s coming up,” Meites said, adding that he wasn’t speaking on the behalf of HHS. Meites’ comments should be the latest reminder to healthcare organizations that they should be prepared with transparent security programs in the face of upcoming HIPAA audits. Anahi Santiago, Chief Information Security Officer (CISO) and Privacy Officer at Einstein Healthcare Network, explained to HealthITSecurity.com how much of the work that she did years ago within her organization has helped keep it equipped for a potential federal visit. In building her security program over her 9 ½ years at Einstein, Santiago said she has used pieces of a variety of different security frameworks as reference points. She sees all of the frameworks crossing paths and having similarities, so having a mix of the different frameworks makes the most sense. We started with the NIST framework and weren’t overly-prescriptive with it; we used it as a baseline and have taken some pieces from COBIT and ISO, and we’ve certainly started to lean toward utilizing HITRUST. I would love, at some point, to transition the organization fully to HITRUST. But we recognize that no one framework is a good fit for the organization; especially in healthcare you recognize that no one framework will be a one-size-fits-all. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] UK finance industry launches cyber security framework

http://www.computerweekly.com/news/2240222263/UK-finance-industry-launches-cyber-security-framework By Warwick Ashford ComputerWeekly.com 10 June 2014 The UK finance industry has launched a cyber security framework for sharing detailed threat intelligence, testing cyber security and benchmarking financial service providers. The CBEST framework was developed by the Council of Registered Ethical Security Testers (Crest) in collaboration with the Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority (FCA). The framework is the first of its kind to be led by any of the world’s central banks and comes less than a week after the government officially launched its Cyber Essentials Scheme, also supported by Crest. Crest provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] We’re Saved! Experts Show How to Fix U.S. Cybersecurity

http://www.defenseone.com/technology/2014/05/were-saved-experts-show-how-fix-us-cybersecurity/83734/ By Patrick Tucker Defense One May 4, 2014 The date is April 4, 2015. A major cyberattack hits two generators in Florida, knocking out power in the cities of Coral Springs and St. Augustine, leading to multiple deaths and millions of dollars lost. One month later, Congress has to get a bill to the president to fix the vulnerability. But political gridlock, media histrionics and aggressive lobbying from industry makes passage of a bill far from certain. With this as their background, 350 members of the Truman National Security Project ran a massive simulation on Saturday to see if the United States was capable of passing legislation to fix the nation’s cyber vulnerabilities in the aftermath of a national crisis. In a few rooms at the Washington Plaza hotel, the simulation played out dramatically over the course of four hours. The feel was Washington, D.C., at hyper-speed. Five minutes into the experiment, a poll revealed the president’s approval rating falling to 35 percent, with the public trusting Republicans more than Democrats to handle cybersecurity. Rumors about the origin of the attack moved in whispers. Within ten minutes, business interests sought full liability protection for American utility companies and software providers. Players’ phones buzzed with push notifications from dueling press releases, news reports and polls, adding a realistic urgency to the action. The exercise represented something of a first in size and scope for legislative simulations, with players drawn from Hill staff, the cybersecurity field, and the military. In theory, it showed that Congress and the White House are capable of passing a cybersecurity bill with mandatory standards for industry. Matt Rhoades, director of the cyberspace and security program at Truman and the designer of the experiment, described it as an acid test to reveal the effectiveness of the White House’s recent Cybersecurity Framework, released in February. The framework is a set of practices and guidelines for utility companies, software designers and cybersecurity players to protect the nation’s critical infrastructure from attack. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Adobe, Microsoft Push Security Updates

http://krebsonsecurity.com/2014/03/adobe-microsoft-push-security-updates/ By Brian Krebs Krebs on Security March 11, 2014 Adobe and Microsoft today each released software updates to fix serious security flaws in their products. Adobe pushed an update that plugs a pair of holes in its Flash Player software. Microsoft issued five updates, including one that addresses a zero-day vulnerability in Internet Explorer that attackers have been exploiting of late. Microsoft’s five bulletins address 23 distinct security weaknesses in Microsoft Windows, Internet Explorer and Silverlight. The Internet Explorer patch is rated critical for virtually all supported versions of IE, and plugs at least 18 security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks. Microsoft notes that the exploits targeting the IE bug seen so far appear to perform a check for the presence of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET); according to Microsoft, the exploits fail to proceed if EMET is detected. I’ve recommended EMET on several occasions, and would encourage any Windows users who haven’t yet deployed this tool to spend a few minutes reading this post and consider taking advantage of it to further harden their systems. The latest version — 4.1 — is available at this link and requires Microsoft’s .NET Framework 4 platform. For those of you who don’t mind beta-testing software, Microsoft has released a preview version of the next generation of EMET — EMET 5.0 Technical Preview. This month’s updates include a fix for another dangerous bug – deep within the operating system on just about every major version of Windows – that also was publicly disclosed prior to today’s patches. Microsoft’s Technet Blog has more details on these and other bulletins released today. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail