Iranian cyberespionage group attacked over 1,600 high-profile targets in one year

In a single year, a cyberespionage group with possible ties to the Iranian government has targeted over 1,600 defense officials, diplomats, researchers, human rights activists, journalists and other high-profile individuals around the world.The group, known as Rocket Kitten, has been active since early 2014 and its attacks have been analyzed by various security vendors. However, a major breakthrough in the investigation came recently when researchers from Check Point Software Technologies obtained access to the command-and-control servers used by the attackers.Compared to other cyberespionage groups, Rocket Kitten is not very sophisticated, but it is persistent. It makes extensive use of social engineering through spear-phishing attacks that infect victims with custom-written malware, the Check Point researchers said in a report published Monday.To read this article in full or to leave a comment, please click here

50 years ago today, the Northeast went dark

The Northeast blackout of 1965, which occurred 50 years ago today, was one of those “Where were you?” historical events that those who lived through it will never forget.I was at home in North Attleboro, Mass., and while only eight years old, remember the blackout vividly. About 30 million people living in Ontario, New York, New Jersey and the New England states sparing Maine were plunged into darkness for up to 13 hours.This clip from NBC News captures both the drama of evening – Cold War fears were in full force – and the primitiveness of reporting under such conditions 50 years ago. What caused the outage? From Wikipedia:To read this article in full or to leave a comment, please click here

8 of top 10 vulnerabilities used by exploit kits target Adobe Flash Player

As if you need more reasons to hate Adobe Flash, it’s unsurprisingly a favorite among cyber criminals to roll into exploit kits. The most popular exploit kit right now is Angler, which has been around since 2013, but it is still “regularly tied to malware including Cryptolocker.”According to a new report by Recorded Future, eight of the top 10 vulnerabilities used by exploit kits target Adobe Flash Player. The remaining two non-Flash flaws favored in the crimeware as a service (CaaS) ecosystem were in Microsoft Internet Explorer versions 10 and 11 and other “Microsoft products including Silverlight.”To read this article in full or to leave a comment, please click here

A 360 Degree View of the Entire Netflix Stack

This is a guest repost by Chris Ueland, creator of Scale Scale, with a creative high level view of the Netflix stack.

As we research and dig deeper into scaling, we keep running into Netflix. They are very public with their stories. This post is a round up that we put together with Bryan’s help. We collected info from all over the internet. If you’d like to reach out with more info, we’ll append this post. Otherwise, please enjoy!

–Chris / ScaleScale / MaxCDN


A look at what we think is interesting about how Netflix Scales

Distributed Firewall ALG

In the last post, VMware NSX™ Distributed Firewall installation and operation was verified. In this entry, the FTP (file transfer protocol) ALG (Application Level Gateway) is tested for associating data connections with originating control connections – something a stateless ACL (access control list) can’t do.

An added benefit over stateless ACLs – most compliance standards more easily recognize a stateful inspection-based firewall for access control requirements.

To check ALG support for a particular NSX version, refer to the VMware NSX Administration manual. VMware NSX version 6.2 supports FTP, CIFS, ORACLE TNS, MS-RPC, and SUN-RPC ALGs. Do expect additional ALG protocol support with future versions of NSX.

Assuming a default firewall rulebase for simplicity, and a basic setup:

  • three ESXi vSphere 6.0 hosts in a cluster
  • NSX installed, with the NSX Manager installed on the first host 
  • two guest VMs running Centos: one running an FTP server, the other an FTP client

Simplified diagram, along with connections for the following test:

layout

Previously, an ESXi host command line was used to interact with the Distributed Firewall. Here, the NSX Manager Central CLI  – a new option with NSX 6.2 – is used. Slightly different incantations, but the same results can be Continue reading

Reaction: Thoughts on Certifications

Should you stack up certifications, or should you learn something new? To put the question a different way: should Ethan get his CCDE? This week a couple of posts filtered through to my RSS feed that seem worth responding to on the certification front. Let’s begin with the second question first. This week, Ethan posted:

I’ve already achieved what I personally wanted to with the CCIE program. There is no doubt the certification changed my life, but I’m heading places now that the CCIE can’t take me. The CCDE program is still interesting to me, but I find the focus on service provider and very large enterprise technologies a disadvantage for me. Lots of work to get through the study, and I lack sufficient motivation to make a go of it right now. I still believe it’s a great program. Maybe I’ll get back to it someday.

I think the first part of Ethan’s argument is valid and correct: there comes a point you’ve wrung the value out of a certification (or certification path), and it’s time to move on. But how can you judge when that time has come? My thinking is based around this chart, taken from one Continue reading

File-encrypting ransomware starts targeting Linux Web servers

Ransomware authors continue their hunt for new sources of income. After targeting consumer and then business computers, they've now expanded their attacks to Web servers.Malware researchers from Russian antivirus vendor Doctor Web have recently discovered a new malware program for Linux-based systems that they've dubbed Linux.Encoder.1.Once run on a system with administrator privileges it starts traversing the whole file system and encrypting files in specific directories, including the user's home directory, the MySQL server directory, the logs directory and the Web directories of the Apache and Nginx Web servers.To read this article in full or to leave a comment, please click here

10 reasons why phishing attacks are nastier than ever

Phishing emails have been the scourge of the computer world for decades, defeating even our best efforts to combat them. Most of us can easily spot them by their subject lines and delete without even opening. If we’re not entirely sure and end up opening them, we can immediately identify a phishing attempt by its overly formal greetings, foreign origins, misspellings, and overly solicitous efforts to send us millions of unearned dollars or to sell us dubious products. Most of the time, phishing attempts are a minor menace we solve with a Delete key.Enter spearphishing: a targeted approach to phishing that is proving nefariously effective, even against the most seasoned security pros. Why? Because they are crafted by thoughtful professionals who seem to know your business, your current projects, your interests. They don’t tip their hand by trying to sell you anything or claiming to have money to give away. In fact, today’s spearphishing attempts have far more sinister goals than simple financial theft.To read this article in full or to leave a comment, please click here

Comcast resets nearly 200,000 passwords after customer list goes on sale

Over the weekend, a reader (@flanvel) directed Salted Hash to a post on a Dark Web marketplace selling a number of questionable, if not outright illegal goods. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords.As proof, the seller offered a brief list of 112 accounts with a going rate of $300 USD for 100,000 accounts. However, one wished to purchase the entire list of 590,000 accounts, the final price was $1,000 USD.Saturday evening, Salted Hash contacted Comcast about the account list being sold online. By the time our message reached them, Comcast had already obtained a copy of the list and their security team was checking each record against the ISP's current customer base.To read this article in full or to leave a comment, please click here

Is it time for Identity as a Service?

From Target to TalkTalk to whoever gets breached next week, the litany of companies that have lost customer data should be making businesses rethink not just how they protect customer information and accounts, but whether they want to be running customer and consumer identity services themselves.Despite the fact that attacks are routine, user identity details are often poorly protected. A quick glance at Stack Exchange reveals a worrying number of developers who don’t know how to handle encryption or store usernames and passwords securely. Many companies have support practices that put customer data at risk, from technical mistakes like cross-site scripting vulnerabilities or serving login pages insecurely, to poor architectural decisions like blocking password managers or handling password resets badly, including emailing plain text passwords. The Plain Text Offenders site and security expert Troy Hunt both collect examples, many of them from household names.To read this article in full or to leave a comment, please click here

No surprise here: Adobe’s Flash is a hacker’s favorite target

Adobe Systems' Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers. It looked at more than 100 exploit kits, which are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page. Those who develop exploit kits are often hired by others to help distribute specific kinds of malware. Of the top 10 vulnerabilities found in the exploit kits, eight of them were targeted at Adobe's Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.To read this article in full or to leave a comment, please click here

New products of the week 11.09.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Okta Mobility ManagementKey features: Updates include support for Android for Work, PCs, OS X, as well as private app store capabilities and a Safari iOS extension. More info.To read this article in full or to leave a comment, please click here

New products of the week 11.09.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Okta Mobility ManagementKey features: Updates include support for Android for Work, PCs, OS X, as well as private app store capabilities and a Safari iOS extension. More info.To read this article in full or to leave a comment, please click here

6 super-defenses against super-user attacks

ID managementPrivileged Identity Management is based on a common link in the chain of almost every advanced threat: obtaining the credentials of an administrator, super-user or even a program with local admin rights. PIM tools lock down those special user credentials. Some PIM systems concentrate on auditing or anomaly detection so that even trusted insiders who have gone turncoat can be caught. Others look at the password aspect of identity management, cycling impossibly long randomized passwords. Some concentrate on Linux environments, while others are Windows-based. Almost all PIM tools embrace the concept of least-privilege, giving users only the level of access and privilege that they need to run a specific command. Read the full review.To read this article in full or to leave a comment, please click here

Review: Stop insider attacks with these 6 powerful tools

Privileged Identity Management is based on the idea that a common element of most advanced threats involves obtaining the credentials of an administrator, super-user or even a program with local admin rights. Armed with those credentials, the attacker can turn internal systems against themselves, rewrite security policies and remain undetected.Privileged Identity Management tools lock down those special user credentials so that even successful breaches are only done against low-level endpoints that can’t do much harm. Should attackers on a compromised system attempt to elevate those privileges, not only will they be quickly detected, but any process that attempts to run will be blocked.To read this article in full or to leave a comment, please click here(Insider Story)

1 3,169 3,170 3,171 3,172 3,173 3,755