Five years after Stuxnet, your USB drive is still being patched

Yesterday was Patch Tuesday, and – as Optimal Security’s Russ Ernst described – Microsoft released fixes for a smorgasbord of vulnerabilities.

Obviously, it’s important that you roll out the patches as soon as possible, and ensure that your computers and networks are protected against threats which malicious hackers could use to target your systems,

> Read More

BadUSB Update

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment.

What is BadUSB?

BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to be updated without being vetted.

> Read More

Unpatchable BadUSB Code Is Now Publicly Available

How sweet would it be to plug and play USB devices without the fear of viruses, malware and other security threats?

It’s everyone’s dream to own 100% foolproof USB devices for their file storage and transfer routine: Fascinating to think about it, but it simply isn’t gonna happen with the raft of current USB-related security threats.

> Read More

How to Protect Corporate Data from Angry Employees

Yesterday, I defined the problem … employees, angry, unaware or otherwise dishonest, are a significant threat to your company’s IP. Today we look into how to safeguard the database and other IT assets from internal threats by angry employees.

First up is device control. Why make it easy for an employee on their way out to download confidential files onto a USB stick or other removable media type when access can be controlled at the individual user level?

> Read More

The Shape of Things to Come with Critical Infrastructure Attacks

How many movies have you seen where the fate of humankind depends on a geeky guy sweating in front of a computer? The specific drama varies from movie to movie, but they generally include the need to: hack into a system to get critical information, crack a password, or disable an evil supercomputer bent on destroying our way of life.

> Read More

Blocking USB Borne Malware Isn’t Rocket Science

In a recent newsletter, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) devoted significant space to a recent malware incident involving a removable media flash drive. Basically, someone connected a personally-owned USB flash drive to an air-gapped or isolated system; this USB stick was later found to be infected with the Hamweq virus.

> Read More

Is FIPS 140-2 Fatally Flawed?

So, upon my return to the Valley of the Sun and after figuring out where our new offices (let alone the coffee machine and bathrooms) were (Lumension has moved, in case you’ve not heard – 3rd floor with a seriously sweet view), I settled down to see what happened over the holidays. First up – the German security consultancy SySS published a method by which certain USB flash drives with “built in” FIPS 140-2 certified encryption are vulnerable to attack.

> Read More

Chris’ Security Cache Contemplation: Week 6

A quick note on some interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed before I head out for the 4th of July weekend…

The Iceman Goeth. Saw where Max Ray Vision (nee Butler), aka “Iceman,” has plead guilty to two counts of wire fraud stemming from the theft of nearly 2M credit card numbers and $86 million in alleged fraudulent purchases.

> Read More

Chris’ Security Cache Contemplation

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with / clean out my RSS feed …

Targeted Attack. It was widely reported last week (see here and here and here) that a convicted Swedish hacker was charged with the 2004 attack on Cisco Systems (where he stole source code),

> Read More

Beware of ATM Card Skimmers

I ran across an interesting post in the Consumerist about a guy who found a card skimmer attached to his local ATM. Apparently, he was alert enough to notice that something wasn’t quite right, and pulled it right off the machine … and discovered that it was designed to read the info off a card as it was being inserted,

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More

Corporate Espionage

There’s no way this ends well.

The Wall Street Journal recently reported (sub. req’d) that Starwood Hotels filed suit against Hilton Hotels and two former employees, Ross Klein and Amar Lalvani, for corporate espionage, theft of trade secrets and unfair competition. Klein was the former President of Starwood Luxury Brands Group,

> Read More