Think Information. Think Security.
 
Picture
Hackers have made their way into one of the servers of the United Nation's International Atomic Energy Agency, according to Reuters. The agency confirmed that the hackers stole information and published it online. "The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago," agency spokesperson Gill Tudor told Reuters. 

A group that calls itself "Parastoo" claimed responsibility and posted the information online in aPastebin document, which features a list of more than 100 e-mail addresses. According to Parastoo, the e-mails belong to people who "help" IAEA and should sign a petition "demanding an open IAEA investigation into activities at Dimona."


 
Picture
Jeremy Hammond is an alleged member of LulzSec, a hacker group that is part of the hacktivist collective Anonymous. He is accused of hacking the servers of Strategic Forecasting and collecting thousands of emails, credit card numbers and sensitive information about the intelligence firm’s customers. Hammond is currently being held without bail and he is facing 360 months to life in prison if convicted on all the charges filed by the Federal government.

Supporters of Hammond are incensed over several issues concerning the case. The Chicago resident has already been held for eight months without bail and he will not appear for trial until sometime next year. There is also a serious question about the impartiality of the judge assigned to the case, Judge Loretta Preska.


 
Picture
Users who have their websites hosted by Go Daddy are being infected with ransomware following a recent cyberattack on the company’s DNS records, online security experts are reporting.

According to Fraser Howard, a Principal Virus Researcher with SophosLabs, the hackers behind these attacks are “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.” By doing so, the criminals are able to set-up URLs that seem legitimate, potentially sneaking through security filtering systems and duping Internet surfers into believing they are harmless, he explained in a Friday blog entry. In some instances, multiple subdomains were added to each user’s account, with each of them redirecting viewers to at least one malicious IP address.


 
Picture
This fall, the country was hit with a digital pandemic known as the Zeroaccess Botnet. This sophisticated malware actually has the ability to “learn” and evolve, to become one of the most infectious computer viruses to hit the globe. It also seems that no country is safe from the virus. No country, that is, except for China. The United States, Canada, and Great Britain were hit the hardest, with the rest of the European countries trailing closely behind. However, for reasons unknown, it appears that China is emerging almost completely unscathed from the viral attack. China’s overall lack of infection has not gone unnoticed, and has left many wondering, was China itself responsible for the Zeroaccess Botnet pandemic?

Zeroaccess Botnet, or also known as the Zeroaccess Rootkit is a malware threat that has been around since 2010. There are actually four versions of the virus, taking the 32-bit and 64-bit versions into consideration. Initially, it would create its own hidden partition on a hard drive using alternative data streams to keep itself hidden.


 
Picture
Can you protect the data and digital information systems that are the lifeblood of your enterprise without providing the people who use these systems with relevant security training? This question has been thrown into sharp focus by findings from two separate surveys commissioned this year by ESET. In the first survey of U.S,  Harris Interactive in February  found out that only 32% of employed adults conducted computer security training and in a second study, carried out in August, 68% of respondents answer never.

While data security might sound like a technical challenge, there is also a large and important human factor involved. This human factor is particularly important when an organization becomes a target of attack for cyber criminals. The natural focus of investigations into such attacks is the technology they use and abuse, but the actions of users and operators of the systems being attacked are often critical to the success or failure of such attacks.


 
Picture
Hackers broke into two FreeBSD project servers using an SSH authentication key* and login credentials that appear to have been stolen from a developer, it has emerged. Developers behind the venerable open-source operating system have launched an investigation and have taken a few of the servers offline during their probe, but early indications are that the damage might have been far worse. 

On Sunday 11 of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution. They have found no evidence of any modifications that would put any end user at risk. However, they do urge all users to read the report available at http://www.freebsd.org/news/2012-compromise.html and decide on any required actions themselves. 


 
Picture
Users are being warned of the emergence of a new and popular malware exploit kit, dubbed 'Cool', which allows an attacker to remotely target security vulnerabilities in order to perform 'drive by' malware installations. Researchers said that in addition to serving up attacks, the tool is also able to perform more sophisticated functions, including scanning for browser and operating system and detecting potentially vulnerable plug-ins.

According to F-Secure researchers Karmina Aquino and Timo Hirvonen, Cool bears a strong resemblance to another popular malware exploit platform. The duo noted that a number of the attack targets, techniques and updates displayed by Cool match that of the dubious Blackhole kit.


 
Picture
A recently discovered rootkit could provide researchers with insight on the direction being taken in the malware space. Security researchers have begun issuing reports on an un-named and previously unknown Linux rootkit posted earlier this month to a security mailing list. While early analysis has found that the attack is relatively crude and insecure by Windows rootkit standards, the attack has caught the eye of vendors at it appears to be a commercially-designed sample rather than a targeted attack.

Researchers believe that the rootkit is intended for use on web servers, infecting 64-bit Linux kernels and then injecting further attack code into web pages. The discovery of the rootkit could indicate that cybercriminals are increasingly looking to infect Linux systems with sophisticated attacks. Rootkits, which run at the kernel level of a system, have emerged as a favourite means for avoiding the detection of conventional anti-virus software.


 
Picture
You know that hackers will find any way possible to get your company’s financial records, intellectual property or sensitive data about your employees or your customers. Now hackers are targeting the photos you have stored on your computers and smartphones. Trend Micro reported a new malware that steals image files from your computer drives and then sends them to a remote FTP server.

According to the Trend Micro blog: Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly. 


 
Picture
Windows 8 may block most malware out of the box, but there is still malware out there that thwarts Microsoft’s latest and greatest. A new Trojan variant, detected as Backdoor.Makadocs and spread via RTF and Microsoft Word document marked as Trojan.Dropper, has been discovered that not only adds a clause to target Windows 8 and Windows Server 2012, but also uses Google Docs as a proxy server to phone home to its Command & Control (C&C) server.

Symantec believes the threat has been updated by the malware author to include the Windows 8 and Windows Server 2012 references, but doesn’t do anything specific for them (yet). This is no surprise: the two operating systems were released less than a month ago but of course they are already popular, and cybercriminals are acting fast.