Monthly Archives: October 2013

//October

Top 5 malware that kept researchers up at night

Which malicious code would be most frightening if sinister pieces of malware could rise from the dead on Halloween? Well, malware researchers spend all their time working with the creations of people who intend others harm, so you might expect they would be pretty immune to nervousness about the effects of malicious code. And it is true; a lot of us are very jaded about your average malware. Researchers certainly have a sense of the potential danger of the materials we are working with and are appropriately cautious, but there are some threats that are so scary that we will [...]

By | 2013-12-23T16:23:33+00:00 October 31st, 2013|Computer & Network Security, Malware|0 Comments

MongoHQ Hacked

This goes to show that application dev is not necessarily the biggest risk.  Information Security isn't tied to any single domain of IT or business.  It's a complex relationship between every aspect. http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ http://security.mongohq.com/notice

Phishing With Linkedin’s Intro

In the everchanging landscape of social media, the latest 'features' can often be the newest vulnerabilities.  Social engineering techniques have become very sophisticated, and can be a real problem for enterprises.  Take the recent changes to LinkedIn and the threat they post in the form of phishing emails: http://jordan-wright.github.io/blog/2013/10/26/phishing-with-linkedins-intro/ Are your end users' prepared to spot a well crafted spear phishing email like this?  We can help you find out. [av_button label='Find Out How' link='page,1298' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']

PHP source code compromised?

Source: http://barracudalabs.com/2013/10/php-net-compromise/  It was announced that the PHP website was hacked and serving malware.  If the attackers had access to their internal servers, can we trust the PHP sourcecode anymore? So far PHP Group has been unable to determine the cause of an infection to two of their servers.  According to their reports, they have recreated web servers and have revoked the PHP SSL cert and are reissuing it in case the private key was compromised. According to Rasmus Lerdorf, PHP creator, "Not much to say about the effect on end users who visited the site during that time because [...]

VERIS Community Database (VCDB)

VERIS as described by it's creators: "One of the most critical and persistent challenges plaguing efforts to manage information risk is a lack of data. To aid removal of this barrier to more widely available security data, we offer the Vocabulary for Event Recording and Incident Sharing (VERIS) for public consideration and use. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. The overall goal is to lay a foundation on which we can constructively and cooperatively learn from our experiences to better manage risk."

By | 2013-12-23T16:24:41+00:00 October 22nd, 2013|Research|0 Comments