Zombie Zero Underscores Supply Chain Threat

A security start-up, TrapX Security, made a splash this week with the story of a new piece of malware, Zombie Zero, which wormed its way into logistics and shipping firms on shipping scanners sold by a Chinese firm. The malware was discovered during a trial demonstration of TrapX’s technology at a shipping and logistics firm. It was implanted on embedded versions of Windows XP that ran on the scanning hardware and in a software image that could be downloaded from the manufacturing firm’s website. “This malware was shipped to large logistics companies embedded in the operating system,” Carl Wright, an Executive Vice President at TrapX told The Security Ledger. TrapX declined to name the firm on whose behalf it worked or the manufacturer whose scanners were compromised. It said 16 of 64 scanners sold to the victim firm were found to contain malware. Published reports also note that malware say scanners with another variant of the same malware […]

Martin Roesch, Cisco Systems

IDS And The IoT: Snort Creator Marty Roesch On Securing The Internet of Things

Martin Roesch is one of the giants of the security industry: a hacker in the truest sense of the term who, in the late 1990s created a wide range of security tools as a way to teach himself about information security. One of them, the open source SNORT intrusion detection system, turned into one of the mostly widely used and respected security tools in the world. SNORT became the foundation for Sourcefire, the company Marty helped found in 2001. And Sourcefire went on to fantastic success: first as a startup, then as a publicly traded company and, as of October of last year, as part of Cisco Systems, after the networking giant bought Roesch’s company for $2.7 billion. These days, Marty serves as a Vice President and Chief Architect of Cisco’s Security Business Group, where he’s helping shape that company’s strategy for securing the next generation of enterprise (and post-enterprise) networks. […]

News Roundup: Plundering The Internet Of Things

There were two interesting pieces on the fast-evolving topic of security and the Internet of Things that are worth reading. The first is a long piece by Bob Violino over at CSO that takes the pulse of the IoT and security question right now. The big picture: its early days, but that there are some troubling trends.   The vast expansion of IP-enabled devices is matched by a lack of security know-how at device makers, Violino writes. And, as the environment of “smart devices” grows, the interactions between those devices become more difficult to anticipate – especially as devices start sharing contextual data and taking actions based on that data. “As machines become autonomous they are able to interact with other machines and make decisions which impact upon the physical world,” notes Andrew Rose, a principal analyst at Forrester Research Inc. in Cambridge, Mass. Rose says. “But these are coded by […]