Tuesday, May 19, 2015
While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye discovered that a well established China-based hacking campaign called Deputy Dog had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected and therefore assumed to be safe site.
Thursday, May 14, 2015
Reports of the undoubtedly serious 'Virtualized Environment Neglected Operations Manipulation', or 'Venom', vulnerability have suggested that cloud security is now broken and even that this is a perfect spy tool for the National Security Agency (NSA). But putting the Heartbleed-level hyperbole aside for one moment, just how real a threat is venom to the virtual machine environment?
There has been a lot of reporting regarding the announcement at the Microsoft Ignite conference that Windows 10 will introduce an "Update for Business" system for maintenance updates. The notion of incremental updates courtesy of a shift towards Platform-as-a-Service surprises nobody who is even the slightest bit informed. The thought of constant "rolling upgrades" would be enough, however, to send most enterprise sysadmins and CISOs into terminal shock. Hence, Update for Business which allows the enterprise to determine what is updated and at what time and, importantly, retain full integration with existing management software suites. WUFB, as this is being called by everyone in my circle of work colleagues, will apparently operate using the Windows 10 peer-to-peer update delivery mechanism, although exactly how this will be achieved in a fully secure manner is still somewhat open to question.
It's all too easy to think that spam is an old problem, and one that has largely been dealt with. Certainly, many people will tell you that they see very little evidence of spam in their mailboxes. This, however, has less to do with the demise of the spammer and everything to do with the effectiveness of spam filters. The latest Kaspersky Lab analysis of the spam and phishing threat landscape for the first quarter of 2015 suggests that some 59.2 per cent of email traffic was actually spam, which is good news in as far as that number is six percentage points down on the previous quarter. It's also a pretty good reflection of my own incoming email, which currently sits on around 55 per cent spam. Not that I see it unless it's that time of the month when I pay my spam folder a visit to check for false positives, and they are rarer than rocking horse poop these days.
Thursday, May 07, 2015
The US Department of Homeland Security has issued a warning via the National Vulnerability Database after a security researcher described an internet-connected drug infusion pump manufactured by Hospira as "literally the least secure IP enabled device I've ever touched in my life." The warning, which scored a low on access complexity scale (meaning it was easily exploitable across the network) gained a maximum 10 out of 10 for both severity and impact according to the vulnerability summary. The Hospira Lifecare PCA3 infusion pump, running software version 412, was discovered not to require any authentication for Telnet sessions making it easy for any remote attacker coming in via TCP port 23 to gain root privileges. The wireless encryption keys were apparently stored in plain text on the device, so anyone with physical access (such as a patient) could then access the 'Life Critical Network' responsible for administering the dosage. Unfortunately, that means the attacker would then have access to all the drug pumps connected to that network across the hospital.
Wednesday, May 06, 2015
When looking at the malware attack surface we tend to spend most of our time focused on the common threat vectors such as browser exploits, social engineering/phishing, email attachment infections and remote code executions. This is understandable as that’s where the vast majority of malware comes from; but not all of it. Every now and then a threat emerges from the left field, and takes us and our defence mechanisms by surprise. But are these attacks really that hard to mitigate against?
Sunday, May 03, 2015
When it comes to security, there is a cloud of mistrust hanging over the boardroom. Survey after survey reveals that security, or rather the perceived lack of it, is the single biggest factor preventing business from migrating to the cloud. But how accurate is this perception?
Saturday, May 02, 2015
My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the subject line of the emails it used as a distribution method, and 'Love Letter' because it self-propagated through the use of a Visual Basic Scripting (.vbs) file attachment with the name of LOVE-LETTER-FOR-YOU.txt.vbs, this particular malware threat was incredibly successful.
Wednesday, April 29, 2015
Davey Winder explains why you may need help sniffing out employee use of bring-your-own-cloud services at your business. In this post-Snowden era of data privacy awareness, the last thing you want is someone sniffing around in your cloud. Or do you? Actually, there's an argument to be had that allowing a third party to do just that may strengthen, rather than weaken, your security posture.
Planes, trains and automobiles: I never thought the 1987 movie starring John Candy and Steve Martin was funny, and nor do find stories about hacking them amusing. Recent report suggest connected transport could become a target for hackers, but some of it may well be little more than hype. Here's my look at planes, trains and automobiles - as hacker targets, not a source of comedy - and whether you should be concerned.