Television Development Community
Daily Report - January 19, 2010
Top Story - Chinese Cyber-Attacks on Google Further Highlights Need to Improve American Cybersecurity Infrastructure -- WASHINGTON, D.C. -- Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, issued the following statement following Google’s announcement expressing concerns about cyber-attacks originating from China to its corporate infrastructure. The company revealed that it has evidence to suggest that a primary goal of the attackers was access to Gmail accounts, specifically the accounts of Chinese human rights activists, and that it will be reviewing business operations with the country.
“Cyber-attacks are increasing exponentially and we need to get serious about America’s cybersecurity — our nation’s public and private infrastructure is too critical to remain vulnerable and unprotected,” said Chairman Rockefeller. “I intend to markup my cybersecurity bill early this year to address these ever-evolving attacks and secure our networks. It’s an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.”
Key Elements of Rockefeller-Snowe Comprehensive Cybersecurity Legislation:
An important component of this legislation is to establish the Office of the National Cybersecurity Advisor within the Executive Office of the President. The National Cybersecurity Advisor will lead this office and report directly to the President. The Advisor will serve as the lead official on all cyber matters, coordinating with the intelligence community, as well as the civilian agencies.
January 14, eWeek – (National) Rockefeller ready with cyber-security bill. Prompted by Google’s report that the search giant and some 20 other companies were victims of sophisticated cyber-attacks from within China, a senator promised on January 13 to mark up his cyber-security legislation early this year. Introduced by the senator and another senator from Washington in April and redrafted late this summer, the bill would create a National Cybersecurity Adviser under the authority of the president to coordinate cyber-security efforts. The two senators drafted the legislation in response to years of post-9/11 complaints that neither the private sector nor government officials were doing enough to adequately protect the nation’s critical cyber-infrastructure. According to a number of reports, the senators drafted the bill after consulting with the White House. While no one particularly objected to a cyber-czar, there were howls of protest about the details in the bill. As originally drafted, the Cybersecurity Act gave the president an Internet “kill switch” for reasons of national security or in an emergency and the authority to designate private networks as critical infrastructure subject to cyber-security mandates, including standardized security software and testing, and licensing and certification of cyber-security professionals. The new language dropped all references to the president’s ability to shut down the Internet. Instead, the two senators granted the president the authority to declare a cyber-security emergency and to direct the “national response to the cyber threat.”
Source: http://www.eweek.com/c/a/Government-IT/Rockefeller-Ready-With-Cyber...
January 15, IDG News Service – (International) UK defendants await sentencing in carding scheme. Two U.K. men have pleaded guilty to charges related to the infamous DarkMarket payment-card fraud ring busted by authorities in October 2008, according to British police. The two men both pleaded guilty to conspiracy to defraud in Blackfriars Crown Court in London on January 14. DarkMarket was a highly organized, password-protected online forum where criminals worldwide could buy and sell credit card numbers, a practice known as “carding.” Since its shutdown, more than 60 people have been arrested by law enforcement agencies in the U.K., U.S., Germany, Turkey and other countries. The 33 year old suspect was an “itinerant loner” who was allegedly observed selling lists of credit cards near the Java Bean Internet Cafe in Wembley where he frequently accessed the DarkMarket site, according to the Serious Organised Crime Agency (SOCA). He used a memory stick to carry data around and seemed to think using Internet cafes would help shield his activities, SOCA said. The 66 year old suspect was arrested in December 2008 after investigators found he was allegedly running a counterfeit credit card factory, SOCA said. This suspect, a retiree who lived in Doncaster, England, allegedly had details for more than 2,000 credit cards in his home along with a “suite of images and logos” needed to produce fake cards.
Source: http://www.networkworld.com/news/2010/011510-uk-defendants-await-se...
January 15, IDG News Service – (International) Romanian faces five years in prison for phishing scheme. A Romanian national pleaded guilty on January 14 to a charge related to a phishing operation that sought to defraud customers of banks such as Citibank and Wells Fargo, and of Web sites such as eBay. The 28 year old, of Galati, Romania, could face up to five years in prison when he is sentenced on April 5 in U.S. District Court for the District of Connecticut, according to the U.S. Department of Justice. He pleaded guilty to a single charge of conspiracy to commit fraud related to spam. The suspect and another Romanian were accused of setting up fake Web sites in order to steal passwords and sensitive financial information. They also were allegedly passing payment card details to others who would then make fraudulent cards. A third Romanian co-conspirator was the first foreign national convicted in the U.S. of phishing and was sentenced in March 2009 to more than four years in prison. The main the 28 year old admitted using software to collect e-mail addresses in order to send spam that would then try to entice people into browsing one of the fake Web sites.
Source: http://www.pcworld.com/businesscenter/article/186981/romanian_faces...
January 14, DarkReading – (New Hampshire) Lincoln National discloses breach of 1.2 million customers. Lincoln National Corp. (LNC) recently disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter sent to the attorney general of New Hampshire January 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on January 6, the letter says. The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system. “This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies,” the letter says. “The sharing of usernames and passwords is not permitted under the LNC security policy.” Upon further investigation, Lincoln found another of its subsidiaries, Lincoln Financial Advisers, was using shared usernames and passwords to access the portfolio information management system, the letter states. In the end the company found a total of six shared usernames and passwords, which were created as early as 2002. The forensic team that investigated the breach found no evidence that the data had been used outside of the company, either by hackers or former employers, according to the letter.
Source: http://www.darkreading.com/vulnerability_management/security/privac...
January 14, Health Data Management – (Connecticut; National) Health Net sued for HIPAA violations. Connecticut’s Attorney General has filed a lawsuit charging Health Net of Connecticut Inc. with violations of the HIPAA privacy and security rules following a large breach of identifiable medical records and Social Security numbers. His office believes this is the first lawsuit by a state’s chief legal officer since the HITECH Act last year gave state attorneys general authority to prosecute HIPAA privacy and security violations. Parent company Health Net in Los Angeles last November reported to insurance officials in four states the disappearance in May of a hard drive with protected health information on 1.5 million members, including 446,000 in Connecticut. The data was not encrypted, but Health Net said it is invisible without the use of specific software. The company attributed the delay in reporting the breach to a lengthy forensic investigation to determine what information was on the hard drive.
Source: http://www.healthdatamanagement.com/news/breach_hipaa_privacy_secur...
January 15, IDG News Service – (International) Conficker worm hasn’t gone away, Akamai says. Variants of the Conficker worm were still active and spreading during the third quarter, accounting for much of attack traffic on the Internet, according to Akamai Technologies. “Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly since peaking in the second quarter, it is clear from this data that the worm (and its variants) is apparently still quite active, searching out new systems to infect,” Akamai said in its State of the Internet report for the third quarter of 2009, released on January 14. During the third quarter, 78 percent of Internet attacks observed by Akamai targeted port 445, up from 68 percent during the previous quarter. Port 445, which is used by Microsoft Directory Services, is the same port that Conficker targets, aiming to exploit a buffer overflow vulnerability in Windows and infect the targeted computer. Most attacks originated from Russia and Brazil, which replaced China and the U.S., as the top two sources of attack traffic. Russia and Brazil accounted for 13 percent and 8.6 percent of attack traffic, respectively, Akamai said. The U.S., which came in at No. 3, accounted for 6.9 percent of attack traffic and No. 4 China accounted for 6.5 percent, it said.
Source: http://www.computerworld.com/s/article/9145018/Conficker_worm_hasn_...
January 15, SC Magazine – (International) Adobe offers conflicting statements on whether its software was connected to the Google attack. Adobe has said in a statement that researchers have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe technologies were used in the Google incident. Adobe issued a statement on January 12, saying it was aware of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. In an update posted on January 14, Adobe’s director of product security and privacy acknowledged the ‘media coverage and headlines indicating that vulnerabilities in Adobe Reader may have been the attack vector in this incident’. He said: “Just like we always do in the case of reports of security vulnerabilities in an Adobe product, we have been actively tracking down samples or other information regarding potential vulnerabilities in Adobe products related to this incident.” “Similar to the McAfee researchers, we have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe technologies were used as the attack vector in this incident. As far as we are aware there are no publicly known vulnerabilities in the latest versions (9.3 and 8.2) of Adobe Reader and Acrobat that we shipped on January 12, 2010. Even though we do not have any information regarding a zero-day vulnerability in an Adobe product, the sophistication of this incident also serves as a reminder to all of us the importance of layers of security to provide the best possible defense against those with malicious intent.”
Source: http://www.scmagazineuk.com/adobe-offers-conflicting-statements-on-...
January 14, eWeek – (International) IETF completes fix for SSL security vulnerability. The Internet Engineering Task Force (IETF) has finished work on a fix to a vulnerability in the Secure Sockets Layer protocol security researchers uncovered last August. The vulnerability partially invalidates the SSL lock and allows attackers to compromise sites that use SSL for security — including banking sites and back-office systems that use Web services-based protocols. “The bug allows a man-in-the-middle to insert some malicious data at the beginning of a vulnerable SSL/TLS connection, but does not allow him to directly read the data sent by the legitimate parties,” explained one of the individuals who found the vulnerability. “This capability is referred to as a ‘blind plaintext injection attack.’ Initially, it was hoped that this limited capability would offer some mitigation. Unfortunately, it seems that HTTPS is particularly strongly affected because of its design, and an effective attack on the Twitter HTTPS API was demonstrated shortly after the vulnerability was publicly disclosed.” After incorporating feedback from the TLS community, the proposed fix was approved by the IESG on Jan. 7, 2010. The IESG is responsible for the technical management of IETF activities and the Internet standards process. The decision means customers can now begin to deliver patches that implement IETF’s change.
Source: http://www.eweek.com/c/a/Security/IETF-Completes-Fix-for-SSL-Securi...
January 14, Computerworld – (International) Microsoft confirms IE zero-day behind Google attack. Microsoft issued a security advisory Thursday that warned users of a critical and unpatched vulnerability in Internet Explorer (IE), and acknowledged that it had been used to hack several companies’ networks. “We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” said the director of Microsoft’s Security Response Center (MSRC), in a post to the group’s blog. Earlier on January 14, antivirus company McAfee said the IE bug had been exploited by hackers who had attacked computer networks of nearly three dozen major companies between mid-December 2009 and January 4, 2010. McAfee said then that Microsoft would soon release this advisory. The security advisory said that the only version of IE not containing the critical flaw was IE 5.01 running on Windows 2000. All other versions, including IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are vulnerable to attack. Even so, the director downplayed the threat to average Windows users.
Source: http://www.computerworld.com/s/article/9144938/Microsoft_confirms_I...
January 14, Washington Post – (National) Google China cyberattack part of vast espionage campaign, experts say. Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said. At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman, and Dow Chemical — were attacked, according to congressional and industry sources. Google, which disclosed on January 12 that hackers had penetrated the Gmail accounts of Chinese human rights advocates in the United States, Europe, and China, threatened to shutter its operations in the country as a result. Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit. Security experts say the attacks showed a new level of sophistication, exploiting multiple flaws in different software programs and underscoring what senior administration officials have said over the past year is an increasingly serious cyber threat to the nation’s critical industries. “Usually it’s a group using one type of malicious code per target,” said the head of international cyber-intelligence for VeriSign’s iDefense Labs, a Silicon Valley company helping some firms investigate the attacks. “In this case, they’re using multiple types against multiple targets — but all in the same attack campaign. That is a marked leap in coordination.”
Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/01/13/AR2...
January 13, Network World – (International) DDoS attacks are back (and bigger than before). Distributed denial-of-service (DDoS) attacks are not new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks. The targets are basically the same — private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves. In fact, said the CSO of Cambridge, Massachusetts-based Akamai Technologies, the botnets launching many of today’s DDoS attacks are so vast that those controlling them probably lost track of how many hijacked machines they control a long time ago. “We see a lot less of the fire-and-forget malware-based attacks designed to bog down the machines that were infected,” the CSO said, referring to old-school worm attacks like Blaster, Mydoom, and Code Red. “Now the malware is used to hijack machines for botnets and the botnets themselves are used as the weapon.”
Source: http://www.networkworld.com/news/2010/011410-ddos-attacks-are-back-...
The abstracts above are selected from today's DHS Daily Open Source Infrastructure Report (Daily Report). The Daily Report is collected each week day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan. Items selected by Cybercrime.TV are drawn from Banking and Finance, Information Technology, and Communications, as well as other sectors when an item is computer-related.
“Cyber-attacks are increasing exponentially and we need to get serious about America’s cybersecurity — our nation’s public and private infrastructure is too critical to remain vulnerable and unprotected,” said Chairman Rockefeller. “I intend to markup my cybersecurity bill early this year to address these ever-evolving attacks and secure our networks. It’s an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.”
Key Elements of Rockefeller-Snowe Comprehensive Cybersecurity Legislation:
- Significantly raising the profile of cybersecurity within the Federal government and streamlining cyber-related government functions and authorities.
- Promoting public awareness and protecting civil liberties.
- Creating teamwork and a partnership between government and the private sector on cybersecurity.
- Fostering innovation and creativity in cybersecurity to develop long-term solutions.
An important component of this legislation is to establish the Office of the National Cybersecurity Advisor within the Executive Office of the President. The National Cybersecurity Advisor will lead this office and report directly to the President. The Advisor will serve as the lead official on all cyber matters, coordinating with the intelligence community, as well as the civilian agencies.
January 14, eWeek – (National) Rockefeller ready with cyber-security bill. Prompted by Google’s report that the search giant and some 20 other companies were victims of sophisticated cyber-attacks from within China, a senator promised on January 13 to mark up his cyber-security legislation early this year. Introduced by the senator and another senator from Washington in April and redrafted late this summer, the bill would create a National Cybersecurity Adviser under the authority of the president to coordinate cyber-security efforts. The two senators drafted the legislation in response to years of post-9/11 complaints that neither the private sector nor government officials were doing enough to adequately protect the nation’s critical cyber-infrastructure. According to a number of reports, the senators drafted the bill after consulting with the White House. While no one particularly objected to a cyber-czar, there were howls of protest about the details in the bill. As originally drafted, the Cybersecurity Act gave the president an Internet “kill switch” for reasons of national security or in an emergency and the authority to designate private networks as critical infrastructure subject to cyber-security mandates, including standardized security software and testing, and licensing and certification of cyber-security professionals. The new language dropped all references to the president’s ability to shut down the Internet. Instead, the two senators granted the president the authority to declare a cyber-security emergency and to direct the “national response to the cyber threat.”
Source: http://www.eweek.com/c/a/Government-IT/Rockefeller-Ready-With-Cyber...
January 15, IDG News Service – (International) UK defendants await sentencing in carding scheme. Two U.K. men have pleaded guilty to charges related to the infamous DarkMarket payment-card fraud ring busted by authorities in October 2008, according to British police. The two men both pleaded guilty to conspiracy to defraud in Blackfriars Crown Court in London on January 14. DarkMarket was a highly organized, password-protected online forum where criminals worldwide could buy and sell credit card numbers, a practice known as “carding.” Since its shutdown, more than 60 people have been arrested by law enforcement agencies in the U.K., U.S., Germany, Turkey and other countries. The 33 year old suspect was an “itinerant loner” who was allegedly observed selling lists of credit cards near the Java Bean Internet Cafe in Wembley where he frequently accessed the DarkMarket site, according to the Serious Organised Crime Agency (SOCA). He used a memory stick to carry data around and seemed to think using Internet cafes would help shield his activities, SOCA said. The 66 year old suspect was arrested in December 2008 after investigators found he was allegedly running a counterfeit credit card factory, SOCA said. This suspect, a retiree who lived in Doncaster, England, allegedly had details for more than 2,000 credit cards in his home along with a “suite of images and logos” needed to produce fake cards.
Source: http://www.networkworld.com/news/2010/011510-uk-defendants-await-se...
January 15, IDG News Service – (International) Romanian faces five years in prison for phishing scheme. A Romanian national pleaded guilty on January 14 to a charge related to a phishing operation that sought to defraud customers of banks such as Citibank and Wells Fargo, and of Web sites such as eBay. The 28 year old, of Galati, Romania, could face up to five years in prison when he is sentenced on April 5 in U.S. District Court for the District of Connecticut, according to the U.S. Department of Justice. He pleaded guilty to a single charge of conspiracy to commit fraud related to spam. The suspect and another Romanian were accused of setting up fake Web sites in order to steal passwords and sensitive financial information. They also were allegedly passing payment card details to others who would then make fraudulent cards. A third Romanian co-conspirator was the first foreign national convicted in the U.S. of phishing and was sentenced in March 2009 to more than four years in prison. The main the 28 year old admitted using software to collect e-mail addresses in order to send spam that would then try to entice people into browsing one of the fake Web sites.
Source: http://www.pcworld.com/businesscenter/article/186981/romanian_faces...
January 14, DarkReading – (New Hampshire) Lincoln National discloses breach of 1.2 million customers. Lincoln National Corp. (LNC) recently disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter sent to the attorney general of New Hampshire January 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on January 6, the letter says. The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system. “This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies,” the letter says. “The sharing of usernames and passwords is not permitted under the LNC security policy.” Upon further investigation, Lincoln found another of its subsidiaries, Lincoln Financial Advisers, was using shared usernames and passwords to access the portfolio information management system, the letter states. In the end the company found a total of six shared usernames and passwords, which were created as early as 2002. The forensic team that investigated the breach found no evidence that the data had been used outside of the company, either by hackers or former employers, according to the letter.
Source: http://www.darkreading.com/vulnerability_management/security/privac...
January 14, Health Data Management – (Connecticut; National) Health Net sued for HIPAA violations. Connecticut’s Attorney General has filed a lawsuit charging Health Net of Connecticut Inc. with violations of the HIPAA privacy and security rules following a large breach of identifiable medical records and Social Security numbers. His office believes this is the first lawsuit by a state’s chief legal officer since the HITECH Act last year gave state attorneys general authority to prosecute HIPAA privacy and security violations. Parent company Health Net in Los Angeles last November reported to insurance officials in four states the disappearance in May of a hard drive with protected health information on 1.5 million members, including 446,000 in Connecticut. The data was not encrypted, but Health Net said it is invisible without the use of specific software. The company attributed the delay in reporting the breach to a lengthy forensic investigation to determine what information was on the hard drive.
Source: http://www.healthdatamanagement.com/news/breach_hipaa_privacy_secur...
January 15, IDG News Service – (International) Conficker worm hasn’t gone away, Akamai says. Variants of the Conficker worm were still active and spreading during the third quarter, accounting for much of attack traffic on the Internet, according to Akamai Technologies. “Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly since peaking in the second quarter, it is clear from this data that the worm (and its variants) is apparently still quite active, searching out new systems to infect,” Akamai said in its State of the Internet report for the third quarter of 2009, released on January 14. During the third quarter, 78 percent of Internet attacks observed by Akamai targeted port 445, up from 68 percent during the previous quarter. Port 445, which is used by Microsoft Directory Services, is the same port that Conficker targets, aiming to exploit a buffer overflow vulnerability in Windows and infect the targeted computer. Most attacks originated from Russia and Brazil, which replaced China and the U.S., as the top two sources of attack traffic. Russia and Brazil accounted for 13 percent and 8.6 percent of attack traffic, respectively, Akamai said. The U.S., which came in at No. 3, accounted for 6.9 percent of attack traffic and No. 4 China accounted for 6.5 percent, it said.
Source: http://www.computerworld.com/s/article/9145018/Conficker_worm_hasn_...
January 15, SC Magazine – (International) Adobe offers conflicting statements on whether its software was connected to the Google attack. Adobe has said in a statement that researchers have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe technologies were used in the Google incident. Adobe issued a statement on January 12, saying it was aware of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. In an update posted on January 14, Adobe’s director of product security and privacy acknowledged the ‘media coverage and headlines indicating that vulnerabilities in Adobe Reader may have been the attack vector in this incident’. He said: “Just like we always do in the case of reports of security vulnerabilities in an Adobe product, we have been actively tracking down samples or other information regarding potential vulnerabilities in Adobe products related to this incident.” “Similar to the McAfee researchers, we have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe technologies were used as the attack vector in this incident. As far as we are aware there are no publicly known vulnerabilities in the latest versions (9.3 and 8.2) of Adobe Reader and Acrobat that we shipped on January 12, 2010. Even though we do not have any information regarding a zero-day vulnerability in an Adobe product, the sophistication of this incident also serves as a reminder to all of us the importance of layers of security to provide the best possible defense against those with malicious intent.”
Source: http://www.scmagazineuk.com/adobe-offers-conflicting-statements-on-...
January 14, eWeek – (International) IETF completes fix for SSL security vulnerability. The Internet Engineering Task Force (IETF) has finished work on a fix to a vulnerability in the Secure Sockets Layer protocol security researchers uncovered last August. The vulnerability partially invalidates the SSL lock and allows attackers to compromise sites that use SSL for security — including banking sites and back-office systems that use Web services-based protocols. “The bug allows a man-in-the-middle to insert some malicious data at the beginning of a vulnerable SSL/TLS connection, but does not allow him to directly read the data sent by the legitimate parties,” explained one of the individuals who found the vulnerability. “This capability is referred to as a ‘blind plaintext injection attack.’ Initially, it was hoped that this limited capability would offer some mitigation. Unfortunately, it seems that HTTPS is particularly strongly affected because of its design, and an effective attack on the Twitter HTTPS API was demonstrated shortly after the vulnerability was publicly disclosed.” After incorporating feedback from the TLS community, the proposed fix was approved by the IESG on Jan. 7, 2010. The IESG is responsible for the technical management of IETF activities and the Internet standards process. The decision means customers can now begin to deliver patches that implement IETF’s change.
Source: http://www.eweek.com/c/a/Security/IETF-Completes-Fix-for-SSL-Securi...
January 14, Computerworld – (International) Microsoft confirms IE zero-day behind Google attack. Microsoft issued a security advisory Thursday that warned users of a critical and unpatched vulnerability in Internet Explorer (IE), and acknowledged that it had been used to hack several companies’ networks. “We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” said the director of Microsoft’s Security Response Center (MSRC), in a post to the group’s blog. Earlier on January 14, antivirus company McAfee said the IE bug had been exploited by hackers who had attacked computer networks of nearly three dozen major companies between mid-December 2009 and January 4, 2010. McAfee said then that Microsoft would soon release this advisory. The security advisory said that the only version of IE not containing the critical flaw was IE 5.01 running on Windows 2000. All other versions, including IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are vulnerable to attack. Even so, the director downplayed the threat to average Windows users.
Source: http://www.computerworld.com/s/article/9144938/Microsoft_confirms_I...
January 14, Washington Post – (National) Google China cyberattack part of vast espionage campaign, experts say. Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said. At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman, and Dow Chemical — were attacked, according to congressional and industry sources. Google, which disclosed on January 12 that hackers had penetrated the Gmail accounts of Chinese human rights advocates in the United States, Europe, and China, threatened to shutter its operations in the country as a result. Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit. Security experts say the attacks showed a new level of sophistication, exploiting multiple flaws in different software programs and underscoring what senior administration officials have said over the past year is an increasingly serious cyber threat to the nation’s critical industries. “Usually it’s a group using one type of malicious code per target,” said the head of international cyber-intelligence for VeriSign’s iDefense Labs, a Silicon Valley company helping some firms investigate the attacks. “In this case, they’re using multiple types against multiple targets — but all in the same attack campaign. That is a marked leap in coordination.”
Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/01/13/AR2...
January 13, Network World – (International) DDoS attacks are back (and bigger than before). Distributed denial-of-service (DDoS) attacks are not new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks. The targets are basically the same — private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves. In fact, said the CSO of Cambridge, Massachusetts-based Akamai Technologies, the botnets launching many of today’s DDoS attacks are so vast that those controlling them probably lost track of how many hijacked machines they control a long time ago. “We see a lot less of the fire-and-forget malware-based attacks designed to bog down the machines that were infected,” the CSO said, referring to old-school worm attacks like Blaster, Mydoom, and Code Red. “Now the malware is used to hijack machines for botnets and the botnets themselves are used as the weapon.”
Source: http://www.networkworld.com/news/2010/011410-ddos-attacks-are-back-...
The abstracts above are selected from today's DHS Daily Open Source Infrastructure Report (Daily Report). The Daily Report is collected each week day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan. Items selected by Cybercrime.TV are drawn from Banking and Finance, Information Technology, and Communications, as well as other sectors when an item is computer-related.
Views: 14
Comment
© 2012 Created by Cybercrime.TV.
You need to be a member of CYBERCRIME.TV to add comments!
Join CYBERCRIME.TV