While origin unclear, Gauss indicates malware tool boom. The computer security firm Kaspersky Lab announced this week that it had found a new cyber surveillance virus in the Middle East that is a descendent of the Stuxnet, Flame and Duqu malware. But they are not calling it "Son of Stuxnet. " Stuxnet is the computer worm widely believed to have been used by the U.S. and Israel to attack Iran's nuclear centrifuges.
Dennis Fisher, writing on the Kaspersky blog Threatpost, said the new malware, discovered in June, had been named Gauss, after the German mathematician Carl Friedrich Gauss. "Gauss contains some of the same code as Flame," Fisher wrote. "But is markedly different in a number of respects, specifically in its ability to steal online banking credentials and has an encrypted payload that experts haven't yet been able to crack. " By Friday, both Kaspersky and the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics had published Gauss detection tools.
"It can be for espionage. Startup envisions CISO collective to share cyberattack information. Network World - A startup called SecurityStarfish intends to become the central point where chief information security officers (CISO) can discreetly share information about cyberattacks and obtain anonymized real-time information from others in order to deter cybercrime against their organizations. This ambitious effort is being led by one of the most influential security professionals in the industry, Dave Cullinane, former CISO at eBay and a founding member and chairman of the Cloud Security Alliance, the group working on security best practices and standards related to cloud-based services. NEWS: NSS Labs to offer security gear picks and pans MORE: World's geekiest license plates (2012 version) "We want to share information about attacks and alert others," says Cullinane, CEO and co-founder of SecurityStarfish, about the venture's goals.
Cullinane says he anticipates about four dozen CISOs to join in the near future. Media sites brace for hacktivist attacks. Traditional news companies and other websites covering this year's presidential election are preparing for a flood of web traffic over the coming months, and not just from political junkies. Politically motivated hacktivist attacks have become a top concern among companies providing election coverage online. RELATED: Senate delays, maybe kills, cybersecurity bill Bill Wheaton, senior vice president and general manager of Akamai's media division, says the 2012 election could generate roughly four-to-five times as much web traffic as it did in 2008. At peak hours, he estimates that as many as 4 million people could be streaming coverage of the election simultaneously, as a result of the increase in devices and social networks facilitating access to streamed content.
To continue reading, register here to become an Insider It's FREE to join RELATED: Whose high-tech exec job hinges on the presidential election? "They're looking out for all sorts of hackers," Wheaton says. Leaked emails indicate tech companies' interest in TrapWire. Emails released by WikiLeaks indicate governments and large corporations including Google and Salesforce.com may be interested in or are already using a spy tool called TrapWire to prevent terrorist attacks against critical facilities. Developed by Abraxas, TrapWire is a video-surveillance program built to detect "various discreet, but identifiable indicators of pre-attack preparations," according to Abraxas documentation made available on the Bitdefender blog. Information gathered from TrapWire can be shared with law enforcement agencies to assist in counterterrorism efforts, reports the Hot for Security blog.
Details on the possible use of TrapWire were found in emails stolen from Stratfor Global Intelligence, a provider of geopolitical analysis. Hackers broke into Stratfor's website in December and took millions of emails that WikiLeaks dumped on the web several months later. [See Bob Bragdon on cybersecurity legislation (or lack thereof): The many seasons of our discontent]
Mysterious font left by malware befuddles. The most famous -- and mysterious -- font (yes, we're talking typeface) in the information security world right now is Palida Narrow. Palida Narrow is a new font that the recently discovered Gauss malware installs on machines it infects. And as Dennis Fisher, writing on Kaspersky Lab's Threatpost blog, noted late last week, "Researchers have been unable to figure out yet what the purpose of the font is, but ... its presence on a PC is a good indicator of a Gauss infection. " So far there are only theories about its purpose. The most popular is that it is a brand mark for the command and control servers. CrySys Lab, which along with Kaspersky has released a Gauss detection tool, says the theory is that "Palida installation can be in fact detected remotely by web servers, thus the Palida installation is a marker to identify infected computers that visit some specially crafted web pages.
" [See also: While origin unclear, Gauss indicates malware tool boom] Call for help on Gauss highlights new malware era. Kaspersky Lab is asking for help in unraveling the mysterious payload of Gauss, a task that security experts say would help enterprises determine whether they are potential targets of the highly sophisticated cyber-surveillance virus. On Tuesday, Kaspersky asked for assistance from cryptographers and mathematicians who could help the security vendor decrypt Gauss' warhead, a module named "Godel. " Breaking the payload's code would make it possible to determine what the malware does within an infected system. "Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets," Kaspersky said on its blog.
"We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload. " The code to decrypt Gauss is more complex than any Kaspersky usually finds in malware. Citadel exploit goes after weakest link at airport: employees. The latest exploit of the Citadel Trojan is yet more evidence that enterprise perimeter security is only as strong as the weakest endpoint device of its employees. Which is another way of saying, not very strong. Amit Klein, CTO of security vendor Trusteer announced in a blog post on Tuesday that the company had discovered a man-in-the-browser attack using the Citadel Trojan that had compromised the virtual private network (VPN) of a major international airport hub. Oren Kedem, director of product marketing for Trusteer, said the company would not name the airport or even the country where it is located.
"It is the major international hub," he said, "so to name the country would be to name the airport. " Kedem said the attack was serious enough to prompt the airport to shut down the VPN, essentially leaving 5,000 employees without outside access to the network, and also to involve federal agencies. "At the least, somebody inside could get a list of employees and their emails," he said. 'Crisis' malware targets VMware virtual machines | Security & Privacy. Security researchers have discovered a single piece of malware that is capable of spreading to four different platform environments, including Windows, Mac OSX, VMware virtual machines, and Windows Mobile devices. First uncovered last month by security company Integro, Crisis was originally described as a Mac Trojan capable of intercepting e-mails and instant messages and tracking Web sites visited. Additional scrutiny by Symantec has found that the malware targets both OSX and Windows users with executable files for both operating systems.
Crisis is distributed using social engineering techniques designed to trick users into installing a JAR, or Java archive, file masquerading as an Adobe Flash installer. The malware then identifies the computer's OS and installs the corresponding executable (see diagram below). "This may be the first malware that attempts to spread onto a virtual machine," Takashi Katsuki, a researcher with antivirus provider Symantec, wrote in a blog post Monday. New raise of Citadel malware…banking again under attack. One of the sector most targeted by cyber attacks and by malware is the banking, during the last months we have read several time of agents developed to steal credentials of accounts and to realize complex frauds.
We all remember malicious applications such as Spyeye and Zeus, the second is considered for example one of the most prolific malware due the great variety of agent isolated all around the world in the last period and that have affected different platforms. Financial institutions and banks need to take in serious consideration this cyber threats, that for the first time are creating great problems to the diffusion of the web based service banking. Ransomware, malware and phishing are the most insidious menaces for the sector, they have registered an impressive growth in the last year and the trend is really frightening. to explain that the IC3 has been made aware of a new Citadel malware platform used to deliver ransomware named Reveton. Returning to the FBI alert, it suggests : Cloud, mobility and open source drive application development. Posted on 22 August 2012. The worldwide application development (AD) software market is expected to reach more than $9 billion in 2012, an increase of 1.8 percent over 2011, according to Gartner.
In Australia, spending on application development software is expected to reach A$153.4 million in 2012, up 5 percent over 2011. Growth will be driven by evolving software delivery models, new development methodologies, emerging mobile application development and open source software. “Application modernization and increasing agility will continue to be a solid driver for AD spending, apart from other emerging dynamics of cloud, mobility and social computing,” said Asheesh Raina, principal research analyst at Gartner. “These emerging trends are directing AD demand towards newer architectures, programming languages, business model and user skills.” According to Gartner, cloud is changing the way applications are designed, tested and deployed, resulting in a significant shift in AD priorities.
BYOD 2.0 and spotting the next big trend. By Christos K. Dimitriadis - International VP of ISACA - Wednesday, 22 August 2012. In the 1960s and 70s the IT department was seen as a secret place ruled by powerful niche experts. They had total control of the department and who could access systems. The PC and its software allowed people to spread their wings. The people who ran the IT department those days came out of a corporate, hierarchical structure that owed much to the way companies had been run since the 1940s. Then, along came a company that created a great business selling cloud-based sales force automation software directly to business executives and thereby bypassing the IT department. As a result of outsourcing, corporate reliance on management gurus such as W.
The very flexibility that corporate management demanded of its workforce has bounced back as the same workforce demanded flexible methods of working. The increase of workers adopting social media tools outside of work has also changed the game forever. How to Protect Your Commercial Web Server. 5 Systems You're Forgetting To Patch. Crisis malware infects VMware virtual machines, researchers say. The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec. Crisis is a computer Trojan program that targets Mac OS and Windows users.
The malware was discovered by antivirus vendor Intego on July 24 and can record Skype conversations, capture traffic from instant messaging programs like Adium and Microsoft Messenger for Mac and track websites visited in Firefox or Safari. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user's OS -- Windows or Mac OS X -- and executes the corresponding installer. Security researchers from antivirus vendor Kaspersky Lab, whose products detect the Crisis malware as Morcut, have confirmed the existence of this functionality in the Trojan program. Morcut doesn't do this, Golovanov said. Security experts scoff at Mars rover hack threat. The word has been out for more than a week now that the hacktivist group Anonymous is looking to break into the communication system between NASA and the Mars rover, Curiosity.
The New York security firm Flashpoint Partners reported that it found a message on an Internet Relay Chat (IRC) by a user called "MarsCuriosity," asking for help to hack into the signals NASA uses to communicate with the rover. But within the security community, the rumor has been greeted mostly with yawns, shrugs or a few scornful chuckles. No panic buttons are being pressed. It is being viewed either as a "weak" attempt at trolling, or an effort by law enforcement to lure hackers to fall for a sting. Mikko Hypponen, chief research officer at F-Secure, posted a tweet late last week saying, "The Daily Mail has an article about Anonymous planning to hack the Mars rover. He called MarsCuriosity's message "a weak attempt to troll at best. [See slide show: Anonymous and LulzSec -- 10 greatest hits] Cybercrime Bill passes Senate, set to become law. The controversial Cybercrime Legislation Amendment Bill 2011 passed the Australian Senate today.
The Bill amends the Mutual Assistance in Criminal Matters Act 1987, the Criminal Code Act 1995, the Telecommunications (Interception and Access) Act 1979 and the Telecommunications Act 1997, and allows Australia to accede to the Council of Europe Convention on Cybercrime. The latter treaty is designed to foster cooperation and common policy between nations to deal with multi-national crimes committed on computer networks across the globe, such as online fraud or child pornography offences. The proposed amendments have been debated rigorously, with some concerned that the legislation is a backward step, and many internet service providers are concerned over the new requirements that may be placed upon them to retain data on individuals under investigation. The Greens' amendments were voted against.