You may remember that last year, a hacker exposed the inner workings of Hacking Team, a company that makes spyware for governments. Now that the dust has settled down, someone claiming to be the hacker has posted all the details on how he did it.
The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom.
Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,” and was finally published in early 2014 as ISO/IEC 29147 Vulnerability disclosure, is now available for download at no cost.
Warnings about U.S. critical infrastructure’s vulnerabilities to a catastrophic cyber attack – a cyber “Pearl Harbor” or “9/11” – began more than 25 years ago. But they have become more insistent and frequent over the past decade.
Former Defense Secretary Leon Panetta warned in a 2012 speech of both a “cyber Pearl Harbor” and a “pre-9/11 moment.”
Although patch management plays a critical role in minimising business risk caused by outdated software in any IT infrastructure, its mere mention can frighten many companies and their IT departments.
This can result in a lack of action, meaning many organisations find themselves with outdated systems, with the number of patches available to fix potential vulnerabilities and exploits becoming increasingly overwhelming.
Whether you are looking to introduce patch management or have an existing policy in place, here are some tips that will help develop a concrete strategy:
A group of cybercriminals have combined two powerful malware programs to create a new online banking Trojan that has already stolen millions of dollars from customers of 24 U.S. and Canadian banks.
The new threat has been dubbed GozNym by researchers from IBM X-Force because it combines the stealthy Nymaim malware and the Gozi banking Trojan.