Researchers have discovered a new backdoor targeting Apache on cPanel-based servers. The attackers have replaced the Apache binary with a malicious one in such a way that it makes it nearly impossible to detect.
It may seem like an unlikely source for practical advice and a solid incident report, but after their Twitter feed was compromised by the Syrian Electronic Army (SEA), The Onion (a popular satire news rag) posted solid details on the incident without the usual jokes.
Is the main purpose of WHOIS data to enhance the overall stability and security of the Internet by providing contact points for network operators and administrators? Or is it to help combat infringements on intellectual property, fraud and other forms of abuse? Both? Neither?
Ryan Naraine talks to Dr. Boldizar Bencsath of CrySyS Lab and Costin Raiu of Kaspersky Lab about Symantec's recent Stuxnet 0.5 discovery and the connections to the other cyber-surveillance operations like Duqu and Flame.
Ryan Naraine and Securosis CEO Rich Mogull discuss the Mandiant APT1 report and all the surrounding noise around advanced threat actors, the U.S. government's response and the disruptive change affecting the IT security industry.
Chances are you’ve never heard of Dr. John Snow. But the methods he used more than 150 years ago to solve the mystery of a cholera outbreak in London can be applied today to help you get to the heart of a malware outbreak in your enterprise.
Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these.
It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.
While the security industry has taken great strides in information sharing, in order to stay one step ahead of the highly organized bad actors, the industry must rally around the same sort of massive sharing model that the “bad guys” use—only better.
Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.
Motivated by the notoriety and knowledge gained by discovering and publicizing a new vulnerability, attackers continue to innovate. By using the latest techniques and technologies we can mitigate the damage from these advanced threats and protect ourselves from future attacks.