Think Information. Think Security.
 
Picture
A targeted phishing attack, possibly the work of state-sponsored Chinese hackers, allowed intruders to breach the White House's computer network.

The Washington Free Beacon broke the news of the incident on Monday, after an unidentified national security official told the publication that the breach was the result of a “spear phishing attack against an unclassified network” at the White House. “In this instance the attack was identified, the system was isolated and there is no indication whatsoever that any exfiltration of data took place,” the official told the nearly year-old, nonprofit online newspaper. No classified computer systems were impacted or targeted, according to the official.


 
Picture
A new phenomenon has recently been gaining momentum to take the cyber security industry by storm. In this unfortunate scenario, dubbed “DDoS-for-hire,” sites are now publicly offering distributed denial-of-service attacks (DDoS) as a service (like the aptly named “DDoS Service”).

Now, anyone with a hidden agenda or even the slightest touch of animosity can hire an “online hitman” to bring your site down. And sites like “DDoS Online” say it can all be done for the low, low price of just $10 per hour. It's an unfortunate and ugly perversion of the “If you build it, they will come” mantra. In this case, what's coming is not only an audience drawn in by your compelling online presence, but also a series of debilitating online attacks that has the potential to cripple your site and make it entirely inaccessible.


 
Picture
 A scan of the Internet over 20 days has yielded terabytes of data and also some alarming weaknesses including misconfigured routers, vulnerability riddled databases and more than 1,000 exposed passwords.

It's a project that HD Moore calls his hobby. The Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries. At the DerbyCon security conference, Moore told a packed room of hundreds of attendees that the project has resulted in a treasure-trove of data that is continually being analyzed. Computing power has increased and costs have come down to enable mapping projects and data correlation, Moore said.


 
Picture
Bank of America, Citigroup, US Bancorp, JPMorgan Chase, Wells Fargo and PNC have all been hit by DDoS attacks for which hacker group the Izz ad-Din al-Qassam Cyber Fighters took credit via a series of posts to PasteBin. The hacktivist group claimed its actions had been prompted by indignation over the Innocence of Muslims, an amateur anti-Islamic film whose trailer had appeared on YouTube. The same film has also provoked riots and attacks on Western diplomatic missions across the world. The DDoS attacks have been responsible for intermittent disruption and slowdowns for bank customers trying to use the targeted websites.



 
Picture
Oracle, which has spent the last month dealing with pervasive security issues in Java, has another problem on its hands: a new flaw affecting multiple versions of the software platform that could grant an attacker control of a targeted machine.  

Polish vulnerability research firm Security Explorations, which has discovered a slew of Java bugs this year, said the latest flaw impacts Java SE versions 5, 6 and 7 running in all major web browsers – Firefox, Google Chrome, Internet Explorer, Opera and Safari. Security Explorations notified Oracle of the vulnerability on Tuesday and also posted a message on BugTraq, a mailing list archive, the same day. Researchers are not aware of any attacks actively exploiting the flaw.


 
Picture
Advanced hackers have broken into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware. As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files, Brad Arkin, senior director of product security and privacy, said in a Thursday blog post.

The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote.