If they publicly say they can decrypt alqaeda messages, maybe truly they can’t.
It was dubbed DarkSeoul, not because Seoul is a dark city , instead for the reason that this malicious software was targeting South Korea assets. This malware has infected many corporations, searching machines for credentials with root access to servers. The US-CERT has released a document describing this attack in detail.
Weeks ago Microsoft announced it has successfully disrupted the citadel malware. This malware has been designed to steal banking credentials by capturing keystrokes , video or snapshots(Interesting). It contains the full source code of Zeus Trojan. Instructions of how to remove this crimekit with Microsoft Safety Scanner are explained in the HKCERT .
After restarting my computer today, It reset the time automatically to an outdated one. Eager I was to check my Gmail and Facebook account, while entering the URL in the browser I got the following errors : The certificate will not be valid until 5/18/12 3:00 AM. The current time is 1/1/01 8:44 PM.
(Error code: sec_error_expired_issuer_certificate).
My machine had the 1/1/01 set as date meaning that many webservers could not authenticate to my web browser because of an outdated time leading to an expired certificates. The only way to fix it was to adjust the time accordingly and there I enjoyed my Facebook again and again.
Anonymous has promised to attack a set of target in America on May, 07 2013. According to the post on pastebin, among the target there are NSA, pentagone, White house… It might be a DDOS attack.
The site of the USA department of labor has been hacked, redirecting users and distributing malicious code. The intruders were able to disable certain antivirus vendor such as Avira and Avast if installed in the target computers. To Bypass this, just keep your antivirus up to date.
Denial of service is an attack that makes inaccessible applications and services by exhausting computing resources such as CPU and memory. A nice shot on how to report such attack can be read here
Businesses are using the latest protection for their Infrastructure but are still facing threats. Once the breach has been discovered there are many steps to follow in order to keep the continuity of the operations, this process is called Incident response.
Incident response is the set of actions and rules to follow in front of any event that goes towards the security breach of an infrastructure. These protocols have to be applied as soon as the compromise has been detected. Organization should create written guidelines to prioritizing incidents. The major incidents can be network and application intrusion ,Intellectual property theft investigation ,Copyright Infringement ,Employee misconduct, Insider Threat and malware outbreak. To help the security team in the moment of crisis, The National Institute of Standard And Technology (NIST) has released the NIST Special publication 800-61. This document presents effective guidelines to pay attention to while dealing with a breach.It supports the creation of the computer security Incident response team as well as the duties of the different members.Incident response employees must be familiar with the incident response tools, my favourite is EnCase.
According to the SANS institute,an incident must be addressed using the following life cycle: Preparation,detection,containment, remediation and post-incident activity. The full documentation is here.
The security community has been tuned this week with the discovery of a new malware, Flame. It is a cyber weapon from the same family with Stuxnet and Duqu. Flame is a backdoor with 3000 lines of codes making it too difficult to be analyzed. It is a backdoor , a Trojan with worm capabilities. It infects system through the MS10-033 vulnerability, though it has not yet been confirmed. The post infection phase is rather common, Flame sniffs the network traffic, takes screenshots and record audio conversations and send it to the command-and-control servers. The perpetrators of this complex software can upload further modules to improve the functionality. Another surprising feature is the capability to turn on Bluetooth feature if present in the infected machine, allowing the discovery of other machines nearby.Flame’s code has been written with LUA programming language integrating compression libraries (Zlib) and databases (sqlite3). Kaspersky lab has a detailed analysis of the code here. According to BBC The source of the attack has been pointed to ISRAEL which later denied any implications. Skywiper has been diagnosed by the University of Technology and economics at Budapest as an hidden virus that was not like any others.