fromErik Ribsskog eribsskog@gmail.com
toe-policing.mailbox@northumbria.pnn.police.uk
ccemail@techwebnewsletters.com
dateFri, Oct 21, 2011 at 3:18 PM
subjectReport of crime/Fwd: Waiting For ‘Son Of Stuxnet’ To Attack
mailed-bygmail.com
Images from this sender are always displayed. Don’t display from now on.
hide details 3:18 PM (0 minutes ago)
Hi,
Someone have registered me on a newsletter.
Regards,
Erik Ribsskog
———- Forwarded message ———-
From: Dark Reading Weekly
Date: Thu, Oct 20, 2011 at 5:14 PM
Subject: Waiting For ‘Son Of Stuxnet’ To Attack
To: erib.sskog@gmail.com
If you are unable to see the message below, click here to view.
Dark Reading Weekly: Issue Highlights
• NEWS: Waiting For ‘Son Of Stuxnet’ To Attack
• KEYHOLE: Short On Staff, Many IT Organizations Feel Unprepared For New Threats
• BLOG: FFIEC Goes Beyond Traditional Authentication
• ANALYTIC REPORT: In-House Malware Analysis: Why You Need It, How To Do It
• WHITEPAPER: Proof Of Identity: How To Choose Multifactor Authentication
• NEWS FEED: Trend Micro Expands Mobile Protection For Android
• TECH CENTER: Authentication-As-A-Service Gains Steam
• DEEP INSPECTION: Physical, Logical Security Worlds Continue Slow Convergence
• BEST OF THE WEB: Mac Trojan Disables XProtect Updates (F-SECURE BLOG)
• BUGS: dcs-2121_firmware, dcs-2121
Manage Subscription | Contact Dark Reading | Newsletter Contact
FOLLOW US JOIN US
Thursday, October 20, 2011 KEYHOLE | BLOG | NEWS FEED | TECH CENTERS | DEEP INSPECTION | BEST OF THE WEB | BUGS
THE LATEST SECURITY NEWS ANALYSIS:
Waiting For ‘Son Of Stuxnet’ To Attack
Duqu is considered the intel-gathering step in advance of a new attack — but could it have been part of the original Stuxnet attack?
Mass SQL Injection Attack Hits 1 Million Sites
Attack similar to LizaMoon hits websites lacking input validation
Banking Trojans Adapting To Cheat Out-of-Band Security
As financial institutions adopt out-of-band security, attackers quickly adapt
Strange But True Penetration-Testing Stories
‘Hacker’ gets kudos from his financial services victim, as in-house security cameras go rogue and steal users’ credentials
MORE NEWS
DOWNLOAD DARK READING’S DIGITAL ISSUE
Sensitive data is scattered in forgotten corners of your IT infrastructure. Find and protect it before it winds up in the wrong hands.
Also: • The Practical Side Of Data Defense
• Dueling SIEM Deals
• Poor Marks For Training Programs
And much more, exclusively in our October 10 Digital Issue
DOWNLOAD NOW (Registration Required)
KEYHOLE:
Short On Staff, Many IT Organizations Feel Unprepared For New Threats
Lack of resources causes many enterprises to lose security efficiency, Symantec study says
Researchers: ‘Precursor’ To Son Of Stuxnet Spotted In The Wild
Process-control vendors, certificate authorities among those in the bull’s eye for what might be prelude to a new Stuxnet attack, Symantec and McAfee say
DDoS, Mobile Attacks Are Top Topics Of Discussion Among Hackers
Study of large online forum finds that hackers have a wide variety of interests
MORE KEYHOLE
BLOGS:
FFIEC Goes Beyond Traditional Authentication
Posted by Richard E. Mackey, Jr.
The FFIEC recommends that organizations provide additional business and fraud detection controls to offset weaknesses in authentication technology
RIM’s Biggest Network Disruption Over: Now What?
Posted by Chester Wisniewski
Service disruption becoming all too familiar outcome for BlackBerry users
Pro Pen Testing: The Zero-Knowledge Approach
Posted by Vincent Liu
Special care must be taken in a penetration test that locates targets with ‘zero-knowledge’
McAfee + NitroSecurity: SIEM Merger Done Right
Posted by Rob Enderle
McAfee showcases the perfect security company merger by bringing out a SIEM offering that better anticipates an increasingly hostile world
MORE BLOGS
ANALYTIC REPORTS & WHITEPAPERS:
FEATURED REPORTS
In-House Malware Analysis: Why You Need It, How To Do It
Vulnerability management identifies and closes exploitable holes in your enterprise network. But some systems remain vulnerable, and traditional antivirus and perimeter defenses are proving less effective against sophisticated malware, targeted attacks, and zero-day exploits. In this report, we show you how malware analysis, tied closely to incident response, is an essential complement to enterprise vulnerability management programs.
DOWNLOAD NOW (Registration Required)
Database Breaches: Lessons Learned From Real-World Attacks
There’s been a rash of major database breaches, including those at Gawker.com, McDonald’s, and Walgreens. All the companies had solid resources at their disposal, so what went wrong? In this Tech Center report, we profile five database breaches — and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk.
DOWNLOAD NOW (Registration Required)
MORE ANALYTICS
FEATURED WHITEPAPERS
Proof Of Identity: How To Choose Multifactor Authentication
User names and passwords are no longer sufficient authentication. In a time when so much business depends on the Internet, security requirements and regulatory mandates are putting pressure on business to adopt strong, multifactor authentication methods. Learn how to weigh cost vs. risk to select the Web authentication method for your high-risk applications
DOWNLOAD NOW (Registration Required)
MORE WHITEPAPERS
NEWS FEED:
Trend Micro Expands Mobile Protection For Android
Zscaler ThreatLabZ Releases Free IPAbuseCheck
LANDesk Furthers Cloud Management Capabilities With Service Desk As A Service
Lieberman Integrates Password Manager With McAfee ePolicy Orchestrator
Application Security Inc. Adds Adds ‘Active Response’ Feature Set
MORE NEWS FEED
TECH CENTERS:
From The Advanced Threats Tech Center:
Waiting For ‘Son Of Stuxnet’ To Attack
Duqu is considered the intel-gathering step in advance of a new attack — but could it have been part of the original Stuxnet attack?
From The Authentication Tech Center:
Authentication-As-A-Service Gains Steam
Improved security, scalability, operational flexibility, and even brand differentiation are driving AaaS
From The Cloud Security Tech Center
Survey: Organizations Are Cloud-Conflicted
Symantec survey finds less than 20 percent of organizations worldwide have fully implemented cloud services
From The Compliance Tech Center
Compliance Outside Corporate Walls
Getting third parties that touch regulated data to comply can be as important as your own internal compliance efforts
From The Database Security Tech Center:
Mass SQL Injection Attack Hits 1 Million Sites
Attack similar to LizaMoon hits websites lacking input validation
From The Insider Threat Tech Center:
Air Force Says Malware Discovered ‘A Nuisance,’ Not A Keylogger
Officials say online credential-stealing malware was isolated to mission support systems separate from flight systems
From The Security Monitoring Tech Center:
Many Security Pros In The Dark About Their Own Environments, Study Says
It’s 9 a.m. Do you know how many Internet-facing servers you have? Many IT pros don’t, according to a new RedSeal survey
From The Security Services Tech Center:
Startup To Launch New Brand Of SaaS For Post-Incident Response
‘Data loss management’ firm officially launches this week
From The SMB Security Tech Center:
Yet Another Bank Sued By A Small Business For Fraudulent Hacker Transfers
According to Village View, Professional Business Bank says bank responsible for $465K loss to hackers, plus fees and damages suffered in online account breach
From The Vulnerability Management Tech Center:
More Exploits For Sale Means Better Security
Selling exploits can help companies test their systems, but is there room for an independent market?
DEEP INSPECTION:
Physical, Logical Security Worlds Continue Slow Convergence
‘Guards, gates, and guns’ organizations say cybersecurity has become a top priority
MORE DEEP INSPECTION
BEST OF THE WEB:
Mac Trojan Disables XProtect Updates (F-SECURE BLOG)
Trojan-Downloader:OSX/Flashback.C disables the automatic updater in XProtect, Apple’s built-in OS X anti-malware application
One-In-Ten Leave Passwords In Wills (MOBILEDIA)
One in 10 U.K. residents leave Internet passwords in their wills
We’ll Strike First In Cyber Warfare (THE SUN)
British foreign secretary William Hague says England is prepared to strike first to defend against a cyberattack from an enemy state
MORE BEST OF THE WEB
BUGS: ENTERPRISE VULNERABILITIES:
Vulnerability: dcs-2121_firmware, dcs-2121
Published: 2011-10-16
Severity: High
Description: recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a “semicolon injection” vulnerability.
Vulnerability: dcs-2121_firmware, dcs-2121
Published: 2011-10-16
Severity: High
Description: /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
Vulnerability: mac_os_x, mac_os_x_server
Published: 2011-10-14
Severity: Medium
Description: Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
WEBCASTS:
Becoming A Security Detective: Gathering And Analyzing Security Intelligence In The Enterprise
Oct. 20: In this all-day virtual event, experts will offer detailed insight about how to collect security intelligence in the enterprise, and how to analyze and study it in order to efficiently identify new threats, as well as low-and-slow attacks, such as advanced persistent threats. More Information & Registration
Mobile Devices And Security–What Now?
Oct. 27: The landscape around mobile devices and mobile device security is changing rapidly. Users continue to put demands on IT to connect their personal devices to the network to conduct business, and you need to secure these devices and protect your organization’s data. Join Alan Phillips, mobile security expert with Sophos, to learn about the new security challenges surrounding mobile devices. More Information & Registration
MORE WEBCASTS
RESOURCES AND EVENTS:
Malware War: How Malicious Code Authors Battle To Evade Detection
The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. It’s a war of one-upsmanship, as security labs work ’round the clock to analyze malicious code and the bad guys design new, ingenious ways to frustrate analysts and automated tools. This Tech Center report covers the key methods malware writers use to thwart analysis and evade detection.
Download Now (Registration Required)
SecTor 2011
Oct. 18-19, Toronto: Now entering its 5th year, SecTor brings together experts from around the world to share their latest research and techniques. The conference provides an opportunity for IT professionals and managers to connect with their peers and learn from their mentors.
Register Now
Hacker Halter USA 2011
Oct. 21-27, Miami: Hacker Halted USA 2011 is a comprehensive hacker conference covering a broad topic area to provide IT professionals a platform to understand and discuss today’s information security environment. Hacker Halted covers real information security issues, discusses solutions that fit into global security attacks scenarios, and sheds light on how to deal with increasing threats, compliance, as well as regulatory issues.
Register Now
Black Hat Abu Dhabi
Dec. 12-15: Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training–including new courses on mobile hacking and PHP security–and three tracks of Briefings.
Register Now
This e-mail was sent to erib.sskog@gmail.com
Dark Reading Weekly Newsletter
— Published By Dark Reading
600 Community Drive
Manhasset, NY 11030
UNSUBSCRIBE | SUBSCRIBE
Keep Getting This Newsletter
Don’t let future editions of Dark Reading Weekly go missing.
Take a moment to add the newsletter’s address to your anti-spam white list:
email@techwebnewsletters.com
If you’re not sure how to do that, ask your administrator or ISP.
Or check your anti-spam utility’s documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2011 | United Business Media LLC | Privacy Statement | Terms Of Service
Contact Dark Reading | Newsletter Contact
