Information Security News
Attackers exploited a previously unknown and currently unpatched security bug in Microsoft's Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday.
The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don't appear to be vulnerable. The blog post didn't mention the status of IE 9 or 10.
The attack was triggered by a US Department of Labor website that was compromised to redirect visitors to a series of intermediary addresses that ultimately exploited the vulnerability, according to Invincea. The exploit caused vulnerable Windows machines to be compromised by "Poison Ivy," a notorious backdoor trojan that had been modified so it was detected by only two of 46 major antivirus programs in the hours immediately following the attack. The specific webpages that were hacked dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy, the blog post said, citing this report from NextGov. That's consistent with so-called "watering hole" attacks, in which employees of a targeted organization are infected by planting malware on the sites they're known to frequent.
At first blush, it looked serious: a Web link to a known source of malware buried deep inside of a highly rated app that has been available for months in Apple's iOS App Store. For years, antivirus programs have recognized the China-based address—x.asom.cn—as a supplier of malicious code targeting Windows users. Were the people behind the operation expanding their campaign to snare iPhone and iPad users?
Although Macworld writer Lex Friedman said the link was likely harmless, I wasn't so sure. As he pointed out, an iOS app from antivirus provider Bitdefender warned that the Simply Find It app, last updated in October, contained malware classified as Trojan.JS.iframe.BKD. Even more suspicious, Google's safe browsing service was causing the Firefox and Chrome browsers to block attempts to visit the address on the grounds that it had been reported as an attack page. "Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners," Google's advisory warned as recently as Thursday.
So, what was the link, embedded in an HTML tag known as an iframe, doing in an MP3 file included with the game? Who put it there? And, most importantly, was it infecting people who installed Simply Find It on their iOS devices?
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm
Infosecurity Magazine (blog)
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm. Shortly before the chaos of Infosecurity Europe, I joined David Emm, senior security researcher at Kaspersky Lab, for lunch in a lovely quiet gastro pub in the Oxfordshire countryside.
Infosec 2013: Debate on whether external auditors are a threat or help to ...
SC Magazine UK
At Infosecurity Europe 2013, an Oxford Union-style debate was held on the role of external auditors. The topic voted for by Infosecurity attendees was: “The auditor is a bigger challenge to information security than the cyber criminal”. Part of an ...
Posted by InfoSec News on May 03http://www.darkreading.com/advanced-threats/exploit-devs-at-risk-the-nuclear-scienti/240153960
Posted by InfoSec News on May 03http://arstechnica.com/tech-policy/2013/05/chinese-spy-caught-with-nasa-laptop-full-of-porn-not-secrets/
Posted by InfoSec News on May 03https://www.computerworld.com/s/article/9238863/Breached_dam_data_poses_no_threat_to_public_Army_says
Posted by InfoSec News on May 03https://www.networkworld.com/news/2013/050213-self-detonating-data-269359.html
Posted by InfoSec News on May 03Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>