Archive for August, 2012

World Powers Coming Out Of the Closet On Offensive Cyber Ops

August 31, 2012 11:51Comments Off
World Powers Coming Out Of the Closet On Offensive Cyber Ops

Two recent stories provide evidence that, two years after the discovery of the Stuxnet virus, the world’s leading governments are coming out of the closet about their plans for offensive cyber operations. The first comes by way of the U.S. Air Force, which published a Broad Agency Announcement on August 22 that solicited proposals for what the Air Force described as Cyberspace Warfare Attack capabilities for the Air Force. The Air Force says it has $10 million to spend on hardware and software that can be used to “destroy, deny, degrade, disrupt, deceive, corrupt or usurp” adversaries (sp) ability to use the cyberspace domain for his advantage.” The Air Force is also interested in tools to support cyber operations and other functions as well, including network mapping, intrusion, denial of service and “data manipulation.” The proposal comes by way of the Air Force Life Cycle Management Center, based out of […]

Read more ›

Another Oil Producer – RasGas – Offline Following Virus Attack

August 30, 2012 14:282 comments
Another Oil Producer – RasGas – Offline Following Virus Attack

There are reports out Thursday that another major oil producer, Qatari firm RasGas, has been knocked offline by a virus attack, according to a published report. RasGas’s corporate web site was unreachable Thursday and e-mail sent to RasGas e-mail addresses bounced. The report comes by way of the web site arabianoilandgas.com, which quoted an unnamed RasGas spokesperson saying that “an unknown virus has affected” the company’s office systems since Monday, August 27.  The news comes  just days after the Saudi oil producer Saudi Aramco acknowledged that a widespread virus outbreak infected 30,000 systems on its internal network. RasGas Company Ltd. (http://www.rasgas.com/) is based in Qatar and is the second largest producer of liquefied natural gas (LNG) in the world. The report said that RasGas has notified its suppliers by fax that the company is “experiencing technical issues with its office computer systems,” ArabianOilandGas.com reported. However, a company spokesperson said that the […]

Read more ›

Experts Say “Disable Java” As Attacks Using New Zero Day Exploit Mount

August 27, 2012 14:17Comments Off
Experts Say “Disable Java” As Attacks Using New Zero Day Exploit Mount

Security experts warned on Monday that malicious hackers are exploiting a previously unknown hole in recent versions of the Java runtime environments (JREs) in targeted attacks with links back to China. The security firm FireEye said on Sunday that researchers there discovered a new and previously unknown (or “zero day”) Java vulnerability circulating on the Internet. The unpatched hole was being exploited in targeted attacks and works with the latest Java run time environments including JRE 1.7 update 6, FireEye reported. Adding to the heat around the new hole: on Monday, researchers at the firm Rapid7 released a module for the free Metasploit penetration testing tool that can exploit the Java hole. That prompted warnings to Windows users to disable Java pending a patch from Oracle. That, following the publication of a proof of concept (POC) exploit for the hole. Exploitable holes in the ubiquitous Java platform are among the […]

Read more ›

Did Cyber Crooks Use Microsoft Knowledge Base To Build Malware?

August 26, 2012 12:53Comments Off
Did Cyber Crooks Use Microsoft Knowledge Base To Build Malware?

One of the biggest challenges you have if you’re a malicious software architect is creating malware that’s “persistent” – by which virus experts mean that its running whenever the infected system is running and is ‘resistant’ to detection and removal by anti-virus software and other tools. Typically, malware authors borrow from the same bag of tricks. They tap applications like the Windows rundll32.exe to access functions in malicious DLLs, or scan for common AV programs and attempt to shut them down. However, more sophisticated attackers will go the extra mile to achieve their objective (installing Trojans and rootkits on target systems) in ways that are novel and, therefore, less likely to be discovered. And, like any good students, sophisticated malware authors “go to school” on what their peers – both white hats and black hats – are doing. That appears to be the case in an incident that the security […]

Read more ›

Bogus Android App Stores Shuttered In Federal Raid

August 22, 2012 16:41Comments Off
Bogus Android App Stores Shuttered In Federal Raid

Federal agents launched their first-ever seizure of Web domains involved in the sale of fraudulent mobile applications, according to a statement issued Tuesday by the U.S. Department of Justice. Seizure orders were executed against three websites offering illegal copies of copyrighted Android cell phone applications: applanet.net, appbucket.net and snappzmarket.com, according to Assistant Attorney General Lanny A. Breuer of the DOJ’s Criminal Division. The DOJ cooperated with international law enforcement, including Dutch and French officials in the bust. Those sites now display  a banner that notifies them that the domain name has been seized by federal authorities and that copyright infringement is a federal crime. “Software apps have become an increasingly essential part of our nation’s economy and creative culture, and the Criminal Division is committed to working with our law enforcement partners to protect the creators of these apps and other forms of intellectual property from those who seek to steal it,” […]

Read more ›

Security Ledger Uses: