Category: News

The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers. Identified as CVE-2013-2028, the vulnerability is a stack-based buffer overflow and was first introduced…

The vulnerability is described as a problem in the way IE “accesses an object in memory that has been deleted or has not been properly allocated.”

The company normally issues updates for its products on the second Tuesday of the month, but will issue an out-of-schedule patch if the problem is deemed serious enough.

The code redirected people to another infected page within the site, which then attempted to exploit the IE 8 vulnerability. AlienVault said the hacking campaign appeared similar to a known China-based one called “DeepPanda,” which installed remote-access trojans (RATs).

Link: http://www.computerworld.com/s/article/9239041/Microsoft_releases_fix_it_for_Internet_Explorer_8_vulnerability?source=CTWNLE_nlt_dailyam_2013-05-09

Rich Bejtlich said the roughly two-dozen groups the firm tracks closely – some of which have links to the Chinese government and military – have been “very busy.” Bejtlich said, has been a noticeable drop in cyber attacks from Unit 61398, a group within the People’s Liberation Army that Mandiant has accused of attempting to hack nearly 150 victims over seven years. Bejtlich’s remarks come a day after Verizon Communications Inc. released a report on cybersecurity in cooperation with 19 other organizations analyzing 47,000 security incidences in 2012 and 621 confirmed data breaches.

She said that China was building a working group on cybersecurity with the U.S. to strengthen cooperation, trust, and constructive dialogue, adding that China hopes both countries will gain a better understanding of explicit breaches and strengthen cybersecurity.

Some have also specifically criticized the Mandiant report, saying it didn’t include thorough analysis of alternative explanations for the cyberattacks it documented, while others have noted that all computer-security companies have an interest in emphasizing threats.

Fang Fenghui, chief of staff of the People’s Liberation Army, said cyberattacks could be “as serious as a nuclear bomb” while simultaneously denying that the PLA was behind cybersyping aimed at U.S. companies.

Nonetheless U.S. officials have remained skeptical that dialogue will slow the pace of attacks from China aimed at U.S. companies, as acquiring trade secrets and intellectual property from U.S. companies is a part of its efforts to beef up weaker industries and those deemed key to national security.

“We’re at this log jam where there’s overwhelming evidence on the classified and unclassified sides that says the Chinese are doing this, and that there are military units [involved], but the Chinese deny it,” Mr. Dempsey said he had not discussed with Chinese officials any specific measures the U.S. might take in response to cyberattacks or what any potential cybersecurity code of conduct might involve. “Cyber continues to evolve whether we would like it to or not,” he said, adding that both sides were still in a phase of trying to understand the problems that needed to be solved.

Link: http://blogs.wsj.com/chinarealtime/2013/04/24/mandiant-no-drop-in-chinese-hacking-despite-talk/

The annual Cyber Defense Exercise (CDX), now in its 13th year, gives students real world practice in fighting off a increasing barrage of cyber attacks aimed at U.S. computer networks by China, Russia and Iran, among others. It also allows the NSA’s top cyber experts and others from military reserves, National Guard units and other agencies hone their offensive skills at a time when the Pentagon is trying to pump up its arsenal of cyber weapons.

While the students sleep or catch up on other work, some of the NSA’s “Red cell” attackers use viruses, so-called “Trojan horses” and other malicious software to corrupt student-built networks or steal data – in this case, long sets of numbers dreamt up by the officials coordinating the exercise.

Army General Keith Alexander, who heads both the Pentagon’s Cyber Command and the NSA, stopped by to see the “red cell” hackers in action at a Lockheed Martin Corp facility near NSA headquarters on Thursday, said spokeswoman Vanee Vines. Alexander often speaks about the need to get more young people engaged in cybersecurity given the exponential growth in the number and intensity of attacks on U.S. networks.

The Pentagon’s budget for cyber operations rose sharply in the fiscal 2014 request sent to Congress, reflecting heightened concerns about an estimated $400 billion in intellectual property stolen from U.S. computer networks in recent years.

“The real payoff of this program is going to be seen 10, 15 years down the road when these individuals are admirals and generals,” he said.

Link: http://uk.reuters.com/article/2013/04/20/us-usa-cyber-academies-idUKBRE93J00T20130420

“CAMP bridges the gap between blacklists and whitelists by augmenting both approaches with a reputation system that is applied to unknown content,” the researchers wrote in the paper, adding: “One of CAMP’s important properties is to minimize the impact on user privacy while still providing protection.”

Google’s own real-world test–deploying the system to 200 million Chrome users over six months–found that CAMP could detect 98.6 percent of malware flagged by a virtual-machine-based analysis platform.

In many ways, CAMP is an answer to Microsoft’s SmartScreen, a technology that Microsoft built into its Internet Explorer and the latest version of its operating system, Windows 8.

The CAMP service renders a reputation–benign, malicious or unknown–for a file based on the information provided by the client and reputation data measure during certain time windows, including daily, weekly and quarterly measurements. Information about the download URL, the Internet address of the download server, any referrer information, the size and hash value of the download and any certificates used to sign the file are sent to Google to calculate a reputation score.

URL classification services–such as McAfee’s SiteAdvisor, Symantec’s Safe Web, and Google’s own Safe Browsing–fared eve

n worse, only detecting at most 11 percent of the URLs from which malicious files were downloaded.

The Google researchers who authored the paper–including Moheeb Abu Rajab and Niels Provos–decided to focus on executables downloaded by the user, not on malicious files that attempted to exploit a user’s system.

Link: http://www.darkreading.com/security-monitoring/167901086/security/client-security/240152413/google-uses-reputation-to-detect-malicious-downloads.html

Shown in a timeline highlighting some of the major milestones over the past 15 years, Nessus was launched on the Linux operating system (OS) on April 4, 1998, by Renaud Deraison, Tenable’s CRO and co-founder. … Today, running on Windows, Mac, FreeBSD, Solaris, and a variety of Linux-based OSes or from our cloud service, Nessus scans more OSes, applications, and network infrastructures than any other solution.

Following the product’s 10-year anniversary, Nessus continued expanding and gained significant recognition as it was named one of SC Magazine’s “Top 20 Products” of the last 20 years in 2009, reached 15,000 Nessus and SecurityCenter customers worldwide in 2012, and surpassed 10,000,000 downloads and 54,000 plugins in 2013.

Link: http://bw.newsblaze.com/story/2013040407025700001.bw/topstory.html