Dumping Core: Analytical Findings on Trojan.Corebo

Download the full report here.

The Corebot banking trojan was initially discovered and documented last year by researchers at Security Intelligence. Since then, it has evolved rapidly and, in terms of capabilities such as browser-based web injections, it is now similar to the dominant banking malware such as Zeus, Neverquest, and Dyreza although its actual impact to date is nowhere close.

ASERT has been studying and monitoring Corebot since shortly after it was initially documented and an in-depth analysis of Corebot’s inner workings are provided in this threat intelligence report, including coverage of its cryptography, network behavior, and banking targets.

The Big Bong Theory: Conjectures on a Korean Banking Trojan

Download the full report here. ASERT has been analyzing samples of a banking trojan targeting South Korean financial institutions. We call the banker “Big Bong” and provide, in this threat intelligence report, an in-depth behavioral analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and VPN-based […]

The Big Bong Theory: Conjectures on a Korean Banking Trojan

Download the full report here.

ASERT has been analyzing samples of a banking trojan targeting South Korean financial institutions. We call the banker “Big Bong” and provide, in this threat intelligence report, an in-depth behavioral analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and VPN-based network communications. A goal hypothesis is put forth – “The Big Bong Theory,” including some background on the South Korean banking infrastructure. This intelligence report will be of interest to security researchers, incident responders, and anyone interested in advanced malware analysis.

Retired IT specialist shares inside story of botched National Park Moose project

You might think that a niche conference on cabling design and installation held in Orlando in February would be a sleepy little affair, but I found just the opposite to be true. The table setter when I arrived was a humorous/informative look by Ekahau's Jussi Kiviniemi at designing Wi-Fi networks for high capacity. The presenter compared such network installation and design to that of setting up a bar, but also made pointed observations about the conference center’s own imperfect Wi-Fi installation history. The next presentation (“The Moose Project: What Went Wrong? An ICT Case Study from the National Park Service”) was as fiery a talk at a tech conference as I’ve ever heard. Recently retired National Park Service IT specialist Michael Thornton emphasized that he didn’t want to “bash anybody or point fingers” over what he described as a systemic problem with architectural, engineering and construction (AEC) projects, but at the same time he is urging fellow members of the information and communications technology field (ICT) to rise up and convince organizations that ICT pros need to be included in project plans from the start – or else risk botching those projects and wasting millions of dollars.To read this Continue reading

BGP or OSPF? Does Topology Visibility Matter?

One of the comments added to my Using BGP in Data Centers blog post said:

With symmetric fabric… does it make sense for a node to know every bit of fabric info or is reachability information sufficient?

Let’s ignore for the moment that large non-redundant layer-3 fabrics where BGP-in-Data-Center movement started don’t need more than endpoint reachability information, and focus on a bigger issue: is knowledge of network topology (as provided by OSPF and not by BGP) beneficial?

Read more ...

US regulator coming around to view that a Google computer could qualify as car driver

The U.S. federal transport safety regulator is coming around to the view that rules could be updated so that computers in autonomous cars can be considered as drivers, but added that the rule-making could take some time.The move by the National Highway Traffic Safety Administration could be a major boost for Google and a number of companies including traditional car makers that are working on partially or fully autonomous vehicles."If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the driver as whatever (as opposed to whoever) is doing the driving," Paul A. Hemmersbaugh, chief counsel of the NHTSA, wrote in a Feb 4 letter in reply to a Google proposal relating to its self-driving cars.To read this article in full or to leave a comment, please click here

Poseidon hacker group behind long-running extortion scheme

Kaspersky Lab has linked a single group to a long-known campaign of cyberattacks that appears to be aimed at extorting corporate victims.The Poseidon Group may have been active since 2001, according to an analysis of malware samples. The group's tools have been designed to function on systems set to English and Portuguese.Victims are usually sent spear-phishing emails and malware hidden inside office documents. Once on a network, the hackers explore its topology in order to eventually steal intellectual property and commercial information."Then the attacker looks for all administrator accounts on both the local machine and the network," Kaspersky wrote in a post on Tuesday. "This technique allows them to map network resources and make lateral movements inside the network, landing in the perfect machine to match the attacker’s interest."To read this article in full or to leave a comment, please click here

Skyport Systems – Moving the edge

The traditional security model has put significant emphasis on what’s typically called the ‘external edge’.  That is, the connection between your network and any third party network.  This is also where we create a delineation between ‘trusted’ and ‘untrusted’ networks.  Regardless of how you define this boundary, it becomes the focal point for any security related tooling.  This creates some interesting challenges…

Scale – Applying security tooling at the external edge introduces some possible scale concerns.  You now have a single point in the network has to scale to provide connectivity and security services to all of the users and applications.  While this might make sense in smaller networks, aggregating everything in one place on larger networks can be challenging.  Considering that many security tools can handle significantly lower amounts of traffic than routers and switches, you may find that doing this all in one place introduces a bottleneck in the network.  Scaling security appliances is often a much larger task than scaling network links. 

Network magic – I often joke that network engineers have to perform network magic to get all of the security tools all of the traffic they Continue reading

Google will stop accepting new Flash ads on June 30

Google has just hammered another nail in the coffin for Flash, Adobe Systems' multimedia software widely criticized for its frequent security vulnerabilities.On Tuesday, Google set deadlines for when it will stop running Flash ads and accept only those written in HTML5, the latest version of the Web's mother tongue.As of June 30, Google will stop accepting new Flash-based display ads for AdWords and DoubleClick Digital Marketing. And Flash ads won't be allowed on the company's Display Network or DoubleClick after Jan. 2, 2017.Flash is one of the most commonly targeted applications by hackers because it's installed on hundreds of millions of computers. Unpatched vulnerabilities can allow a hacker to install malicious software on a computer if a victim merely views a malicious ad.To read this article in full or to leave a comment, please click here

Should Monitoring Systems Also Perform Mitigation?

Shiny red lights and sundry messages can tell us when a transaction time is too high, an interface is dropping too many packets, database commits are taking too long, or a WAN link’s jitter just went south. That information is wonderful, but doesn’t resolve the issue. A course of action is required.

Carriers celebrate as Telecommunications Act of 1996 turns 20

The winners in a broadband industry heavily shaped by the Telecommunications Act of 1996 celebrated publicly this week, as February 8 marked the 20-year anniversary of the law taking effect.The Act – a sweeping rewrite of America’s 60+ year old laws governing phone service, media ownership, and more – substantially deregulated the telecom and media industries, causing large-scale mergers and a much more centralized landscape.+ ALSO ON NETWORK WORLD: Cisco boosts, broadens Catalyst switches | US government wants to sharply increase spending on cybersecurity +To read this article in full or to leave a comment, please click here

Obama’s new cybersecurity agenda: What you need to know

In response to mounting cyber attacks on federal networks, President Barack Obama is seeking $19 billion for cybersecurity, more than a 35% increase over last year’s spending, and calling for a federal CISO to oversee all the upgrade of outdated and insecure cyber infrastructure.The number of information security incidents grew more than 11-fold between 2006 and 2014 to 67,168, and attacks from other countries have been on the rise.+More on Network World: Feds' primary network security weapon needs more bang+To read this article in full or to leave a comment, please click here

The iconic Boeing 747 is almost 50!

Happy 47thImage by Reuters/Pascal RossignolThe 747 truly ushered in the Jumbo Jet era when it first flew for the first time this week – Feb. 9 -- in 1969. “The fuselage of the original 747 was 225 feet (68.5 meters) long; the tail as tall as a six-story building. Pressurized, it carried a ton of air. The cargo hold had room for 3,400 pieces of baggage and the total wing area was larger than a basketball court. Yet, the entire global navigation system weighed less than a modern laptop computer,” Boeing wrote of the aircraft. The massive airplane required construction of the 200 million-cubic-foot 747 assembly plant in Everett, Wash., the world's largest building by volume. Here’s a brief look at the giant of the skies:To read this article in full or to leave a comment, please click here

1 3,146 3,147 3,148 3,149 3,150 3,841