Search Results for "APT"

Latest Iranian Malware Targets Financial Software

There appears to be some professional differences of opinion about the latest super malware targeting the nation of Iran.  Just days after Symantec Corp. warned about a new piece of malware, W32.Narilam,  researchers at the Russian anti-virus firm Kaspersky Lab threw cold water on the report, saying their analysis suggests that Narilam is two to three years old and probably targeted financial software packages, rather than high value government or industrial systems. The back and forth started with Symantec’s Nov. 22nd blog post on Narilam, which claimed the malware had recently been found circulating in the “Middle East” – and particularly in Iran. Narilam was programmed to infect systems running Microsoft’s SQL database software, spreading through removable drives and network shared folders. It was designed to corrupt data, not to steal information, Symantec said. Though the Cupertino company made no attestation as to Narilam’s origins, Symantec did say the worm […]

Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day

Google says that it will wait to see what transpires at a New Delhi hacking conference this week before responding to a researcher’s claim that he has discovered a remotely exploitable vulnerability in its Chrome web browser. Speaking with Security Ledger, Google spokeswoman Jessica Kositz said that the company was aware of claims by Georgian researcher Ucha Gobejishvili that he has discovered a previously unknown (zero day) security hole in Chrome and will demonstrate it at this week’s MalCon hacking conference. Gobejishvili described the security hole in Chrome as a “critical vulnerability.” “It has silent and automatically (sp) download function…and it works on all Windows systems” he told Security Ledger in an online chat session. While the Tbilisi-based researcher won’t say much about the hole, he told Security Ledger that he discovered it in July. The vulnerability is in a DLL (dynamic link library) that is part of the browser […]

U.S. Government also Targeted by Malware Used In Attacks on Israelis, Palenstinians

The recently reported malicious software attacks against Israeli and Palestinian targets have expanded to hit other targets, including individuals working within the U.S. Congress, the UK government and government workers in countries ranging from Turkey to Slovenia and New Zealand, according to a report from security firm Trend Micro. In a blog post on Wednesday, Trend Senior Threat Researcher Nart Villenueve wrote on the company’s Security Intelligence blog that  those attacks are ongoing and involve a much wider list of targets that initially reported. The attacks first came to light after a Times of Israel report revealed on October 28 that computer systems used by that country’s police departments were taken offline following a virus infection. Subsequent analysis by Trend and others (PDF) revealed that the malware used in the attacks was a variant of the common Xtreme Remote Access Trojan (Xtreme RAT) – an information stealing program that can be […]

Adobe Acknowledges Hack of User Forum For Connect Service

Software giant Adobe on Wednesday confirmed claims by a self-proclaimed “Egyptian” hacker to have compromised a user support forum frequented by customers of its Connect web conferencing technology, stealing user account information and posting some of it online. Adobe’s Director of Connect, Guillaume Privat, acknowledged in a blog post on Wednesday that the compromise of the Connectusers.com forum by an “unauthorized third-party” was for real and that the company has disabled the forum while it investigates the incident. The breach was first disclosed on Tuesday when a hacker calling himself “ViruS_HimA” posted what appeared to be account e-mail and password information online through web sites like pastebin.com and sendspace.com. The hacker claimed to have compromised a database server used to maintain the Connnectusers.com forum and downloaded information on 150,000 account holders, including the users names, login IDs, hashed password values, employer and e-mail address. The motive for the hack was […]

Support Forums Reveal Soft Underbelly of Critical Infrastructure

We hear a lot about vulnerabilities in industrial control system (ICS) software. In fact, that’s all we seem to hear about these days. The truth is: there’s a lot to write about. In just the last month, the Department of Homeland Security’s ICS-CERT warned its members about the ability of  sophisticated – and even unskilled – attackers to use tools like the Shodan and ERIPP search engines to locate and attack vulnerable industrial control systems (PDF) that are accessible from the public Internet. In the meantime, every couple of weeks brings revelations about serious and remotely exploitable software holes. Most recently, ICS-CERT warned about a critical vulnerability EOScada (PDF), a Windows-based Energy Management System that is used to configure and manage intelligent electronic devices (IEDs) used in electrical, water, sewage and gas applications. But what about real evidence of compromised SCADA and industrial control systems? That’s a taller order. After all: most […]