Does Open Source Mean Open Season?

There has long been a debate over whether open source software is generally more secure or less secure than commercial software. Proponents of open source say it’s more secure because more people are looking at the code, increasing the chances that problems will be seen, documented, and corrected. Proponents of commercial software claim that vendors are more accountable than a team of volunteers,

> Read More

German steel works suffered “massive damage” after hack attack

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security.

Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that used social engineering techniques to lull them into a false sense of security.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Energetic Bear
Attacking ICS Space
Havex is Havoc

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Shylock Taken Out
Financial Trojan Demands
For Pound of Flesh Cease

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Changeup Information Sharing

We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp since it flared up again at the end of 2012.

> Read More

DNSChanger Trojan: Not All Doom and Gloom

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do.

This insidious little Trojan – variously known as TDSS, Alureon,

> Read More

Sesame Street Simple Facebook Guide to Surviving Malicious Attacks

It certainly seems that not a week goes by without hearing about yet another attack on Facebook users. Last week it was a phishing scam driven by a botnet, and this week, we have two new and different phishing scams — one cleverly tricking users into revealing their passwords and another installing malware that quietly waits for the user to start a banking transaction only to steal their login credentials.

> Read More

Old Mac Malware is Back for Round Two

A current version of a Mac Trojan horse known as OSX.RSPlug.A originally seen making the rounds back in October 2007 is still active and in the wild today.

The malware alters the DNS server address of an infected Mac, leading the user to a DNS server that redirects the user to fake banking,

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More

Preventing Cyber-Espionage Through Application Security

As you’ve no doubt heard by now, security researchers over the weekend uncovered a computer espionage network – dubbed Ghostnet – based in China that so far has affected nearly 1,300 computers in 100 countries spanning the globe.  What’s particularly interesting or noteworthy about this apparent cyber-espionage incident is the low-level technology used to infiltrate the attack – this lack of innovation actually points the finger at amateur work versus full-on cyber-espionage activity which would likely involve much more sophisticated technology than what was used here.

> Read More

Adobe Vulnerability on the Loose?

An Adobe vulnerability CVE-2009-0658 is actively being used in the wild as “Trojan.Pidief.E.” in targeted attacks and Adobe does currently not plan to release a patch until March 11th at best.

The Adobe vulnerability is a variation of a buffer overflow commonly referred to as a “Heap Spray” in JBIG2 compression routines in PDF files and impacts Adobe Reader 9 and several earlier versions reportedly across all platforms including Windows,

> Read More