**Pushdo spamming botnet gains strength again**
\nComputers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down.
\nThe latest version has been pushing Fareit, which is malware that steals login credentials, and Cutwail, a spam engine module. It has also been used to distribute online banking menaces such as Dyre and Zeus.
\nUsing an elaborate algorithm, the secondary system generates 30 domains names a day that an infected computer can try to contact, according to an advisory on Fidelis\u2019s blog. Fidelis reverse-engineered the algorithm that generates those domain names, allowing it to register some of the domains.
\n**Link:** [ http:\/\/www.itworld.com\/article\/2912535\/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news ] ( http:\/\/www.itworld.com\/article\/2912535\/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news ) <\/p>\n
**Study Uncovers Fears of Potential Domino Effect from Cyberattacks**
\nRedSeal (redseal.co) unveiled its comprehensive survey of high-ranking executives that vividly illustrates widespread concern regarding the potential effects of cyberattacks in corporate America. Most of the C-level professionals surveyed readily acknowledge that a coordinated assault launched by sophisticated cybercriminals would wreak ongoing havoc on business operations, cause considerable harm to a brand, and potentially affect related companies, even entire industries. In addition, many also point out that in the networked economy, containing the problems caused by a sustained network attack will be very difficult. In fact, a major network disruption at a single company or network can easily disrupt or even wreak havoc on a local, state, national and even global level.
\nThe vast majority of the executives surveyed, 74%, acknowledge that cyberattacks on networks of U.S. organizations can cause \u201cserious damage or disruption,\u201d and most of the rest, 21%, admit to fears of \u201csignificant damage or disruption.\u201d More specifically, almost 80% admit that such attacks can inflict \u201cserious impacts to business profitability and growth,\u201d and bring about \u201cserious brand damage.\u201d A large number, 45%, also related personnel concerns, saying such events will lead to a \u201cbig hit on employee productivity.\u201d More than 43% also predict business downtime, while more than 41% fear \u201cinternal\/organizational disruption or chaos.\u201d
\nIn fact, the idea of a domino effect\u2014one successful attack on one network leading directly to attacks on different networks in diverse but connected sectors of the economy\u2014clearly resonated strongly with the executives surveyed. More than half the respondents, 52%, singled out \u201cdefense systems\u201d as being potentially affected by a cyber-criminal incident or data breach, while 45% cited \u201cborder security.\u201d And taking a big picture approach, a significant 59% said such attacks will take their toll on \u201ceconomic security.\u201d
\nLink: [ http:\/\/www.darkreading.com\/attacks-breaches\/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks\/d\/d-id\/1320053 ] (http:\/\/www.darkreading.com\/attacks-breaches\/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks\/d\/d-id\/1320053 )<\/p>\n
**Investment Advisers: Six Areas of Focus for SEC Cybersecurity Exams**
\nThe U.S. Securities and Exchange Commission (SEC), in an effort to consistently reinforce its expectations in the area of cyber risk management, last year issued a cybersecurity-dedicated Risk Alert, as well as other communications to address the growing number and complexity of cybersecurity risks facing investment advisers (IAs). The alert, issued by the Office of Compliance Inspections and Examinations (OCIE)\u00b9, highlights the SEC\u2019s cybersecurity initiative, including a sweep of more than 50 registered IAs and broker-dealers focusing on cybersecurity.\u00b2
\nhe alert also provides a sample document request that lists six primary areas that the OCIE plans to evaluate during cybersecurity exams and the processes and controls examiners expect IAs to have in place to address threats, including those related to networks and information, remote customer access and vendors and other third parties.
\n**Link:** [ http:\/\/deloitte.wsj.com\/riskandcompliance\/2015\/04\/21\/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3\/ ] ( http:\/\/deloitte.wsj.com\/riskandcompliance\/2015\/04\/21\/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3\/ ) <\/p>\n
**U.S. plans a cybersecurity center in Silicon Valley**
\nThe center will function as a satellite office of the National Cybersecurity and Communications Integration Center (NCCIC), a day-and-night operation that acts as an information and threat clearing house for government and private entities.
\n**Link:** [ http:\/\/www.computerworld.com\/article\/2912468\/cybercrime-hacking\/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4 ] ( http:\/\/www.computerworld.com\/article\/2912468\/cybercrime-hacking\/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4 ) <\/p>\n
**New fileless malware found in the wild**
\nSince the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up.
\nThe wait over: Phasebot malware, which also has fileless infection as part of its routine, is being sold online.
\nPhasebot seems to be a direct successor of Solarbot.
\nIts detection evasion tactics include rootkit capabilities, encryption of communications with its C&C server by using random passwords, virtual machine detection.
\n**Link:** [ http:\/\/www.net-security.org\/malware_news.php?id=3021 ] ( http:\/\/www.net-security.org\/malware_news.php?id=3021 ) <\/p>\n
**”Buhtrap” Malware Targeting Russian Banks And Businesses**
\nESET has discovered a malware campaign targeting Russian banks and the accounting departments of Russian businesses, nicknamed Operation Buhtrap. Apparently, the malware has been active for more than a year, and 88 percent of the attacks have been in Russia and 10 percent in the Ukraine.
\nAnalysts at ESET uncovered CVE-2012-0158 late in 2014, which is a buffer overflow vulnerability in the ListView\/TreeView Active X controls found in the MSCOMCTL.OCX library. The malicious code can be activated using a specially modified DOC or RTF file for MS Office 2003, 2007, or 2010, according to Security Affairs.
\n**Link:** [ http:\/\/www.bsminfo.com\/doc\/buhtrap-malware-targeting-russian-banks-businesses-0001 ] ( http:\/\/www.bsminfo.com\/doc\/buhtrap-malware-targeting-russian-banks-businesses-0001 ) <\/p>\n
**Lieberman Software’s Security Double-Tap(TM) Defeats Golden Ticket Cyber Attacks**
\nLOS ANGELES, CA–(Marketwired – April 21, 2015) – Lieberman Software Corporation today announced Security Double-Tap, a solution to block the destructive Golden Ticket cyber attack. This new feature is included in Enterprise Random Password Manager\u2122 (ERPM) — the company’s privilege management platform — and is being exhibited for the first time at RSA Conference 2015 in San Francisco, CA.
\nToday’s enterprises are under assault from sophisticated cyber attacks like pass-the-hash (PTH) and pass-the-ticket (PTT). These advanced persistent threats — at the core of some of the most notorious recent data breaches — operate at nearly a 100% success rate. While PTH is a more widely known threat, the related PTT attack is just as dangerous. PTT attacks target Kerberos, the default authentication protocol in Windows domains.
\nERPM now provides an automated double password reset specifically designed to combat the Golden Ticket attack. The two password resets — a Security Double-Tap — force rapid replication of the changed credentials throughout the domain, to block the use of compromised accounts. In conjunction with this process, ERPM can also force an automatic chained reboot of target system to clear memory of hashes and passwords, and prevent memory scraping.
\n**Link:** [ http:\/\/www.reuters.com\/article\/2015\/04\/21\/idUSnMKWDwJzFa+1ea+MKW20150421 ] ( http:\/\/www.reuters.com\/article\/2015\/04\/21\/idUSnMKWDwJzFa+1ea+MKW20150421 ) <\/p>\n
**RSA supremo rips ‘failed’ security industry a new backdoor, warns of ‘super-mega hack’**
\nRSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year’s RSA computer security conference that they have failed.
\nHe said security bods should drop \u201clegacy approaches\u201d that have led to a false sense of security. Such approaches are akin to building \u201chigher walls\u201d and \u201cdeeper moats,\u201d which will not help address the shortcomings in security.
\n**Link:** [ http:\/\/www.theregister.co.uk\/2015\/04\/21\/rsa_boss_rips_failed_security_industry\/ ] ( http:\/\/www.theregister.co.uk\/2015\/04\/21\/rsa_boss_rips_failed_security_industry\/ )<\/p>\n","protected":false},"excerpt":{"rendered":"
**Pushdo spamming botnet gains strength again** Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down. The latest version has been pushing Fareit, which is malware that steals login…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1023","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1023"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1023\/revisions"}],"predecessor-version":[{"id":3510,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1023\/revisions\/3510"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}