puppy.cdma007
New member
Hi
anybody having the corporate IT Security PPT that will be shown to clients.
anybody having the corporate IT Security PPT that will be shown to clients.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
IT security
- Thread starter puppy.cdma007
- Start date
-
- Tags
- security
IE flaw gave attackers entry, says McAfee
Published: 2010-01-14
A remotely exploitable flaw in Microsoft's Internet Explorer allowed attackers operating from Chinese servers to infiltrate at least one company, security firm McAfee stated in an advisory on Thursday.
The previously unreported vulnerability allows an attacker to compromise a victim's system just by loading a page from the Internet, the company said. The vulnerability is in all versions of Microsoft's Windows operating system, including Windows 7, it's most recent and secure OS, McAfee claims.
Previous reports claimed that attackers used a flaw in Adobe's Acrobat and Reader software to infiltrate targeted systems. McAfee's report underscores that some of the attacks used other vectors.
"While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios," said George Kurtz, chief technology officer of McAfee in a blog post. "So there very well may be other attack vectors that are not known to us at this time."
On Tuesday, Google announced that it is considering exiting the Chinese market after sophisticated online attacks targeted its systems to breach the Gmail accounts of pro-democracy activists. The attack -- first noticed in mid-December and considered "highly sophisticated and targeted" -- resulted in the "theft of intellectual property" and affected at least twenty other companies, and as many as 34, according to sources.
Microsoft released an advisory on Thursday, describing the issues as an invalid pointer reference that affects Internet Explorer 6, 7, and 8 on all versions of Windows. Running in protected mode on Windows Vista and later versions of Windows limits the vulnerability, Microsoft said.
The exploit, as written, would only work on Internet Explorer 6 and Windows XP, according to Dan Kaminsky, IOActive's director of penetration testing. Kaminsky, who had analyzed a "couple of samples," said that, while the exploit could be made to work on Internet Explorer 7 and 8 on Windows XP, getting it to work on Windows Vista and Windows 7 would be very difficult, because of those operating systems' defenses.
"The vulnerability is present on all versions of IE, but because ASLR (Address Space Layout Randomization) is in place on Windows 7 and Windows Vista, those are much harder to attack," Kaminsky said.
McAfee researchers found the name "aurora" in the file path of the software, so they have dubbed the attacks "Aurora." Confusingly, the name was also used in 2007 to describe a specific test showing the efficacy of cyber attacks on power infrastructure.
McAfee's Kurtz stated that the attacks demonstrate that companies have to worry about more than just data breaches and financial threats.
"The world has changed," Kurtz stated. "Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private non-financial customer information and anything else of intangible value."
Published: 2010-01-14
A remotely exploitable flaw in Microsoft's Internet Explorer allowed attackers operating from Chinese servers to infiltrate at least one company, security firm McAfee stated in an advisory on Thursday.
The previously unreported vulnerability allows an attacker to compromise a victim's system just by loading a page from the Internet, the company said. The vulnerability is in all versions of Microsoft's Windows operating system, including Windows 7, it's most recent and secure OS, McAfee claims.
Previous reports claimed that attackers used a flaw in Adobe's Acrobat and Reader software to infiltrate targeted systems. McAfee's report underscores that some of the attacks used other vectors.
"While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios," said George Kurtz, chief technology officer of McAfee in a blog post. "So there very well may be other attack vectors that are not known to us at this time."
On Tuesday, Google announced that it is considering exiting the Chinese market after sophisticated online attacks targeted its systems to breach the Gmail accounts of pro-democracy activists. The attack -- first noticed in mid-December and considered "highly sophisticated and targeted" -- resulted in the "theft of intellectual property" and affected at least twenty other companies, and as many as 34, according to sources.
Microsoft released an advisory on Thursday, describing the issues as an invalid pointer reference that affects Internet Explorer 6, 7, and 8 on all versions of Windows. Running in protected mode on Windows Vista and later versions of Windows limits the vulnerability, Microsoft said.
The exploit, as written, would only work on Internet Explorer 6 and Windows XP, according to Dan Kaminsky, IOActive's director of penetration testing. Kaminsky, who had analyzed a "couple of samples," said that, while the exploit could be made to work on Internet Explorer 7 and 8 on Windows XP, getting it to work on Windows Vista and Windows 7 would be very difficult, because of those operating systems' defenses.
"The vulnerability is present on all versions of IE, but because ASLR (Address Space Layout Randomization) is in place on Windows 7 and Windows Vista, those are much harder to attack," Kaminsky said.
McAfee researchers found the name "aurora" in the file path of the software, so they have dubbed the attacks "Aurora." Confusingly, the name was also used in 2007 to describe a specific test showing the efficacy of cyber attacks on power infrastructure.
McAfee's Kurtz stated that the attacks demonstrate that companies have to worry about more than just data breaches and financial threats.
"The world has changed," Kurtz stated. "Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private non-financial customer information and anything else of intangible value."
Law firm suing China suffers attack
Published: 2010-01-14
A law firm suing China and two Chinese software developers over the Green Dam Youth Escort monitoring program suffered several targeted attacks earlier this week, when documents containing malicious exploits were sent to attorneys, the firm stated late Wednesday.
On Monday evening, lawyers at the firm of Gipson Hoffman & Pancione received e-mails that appeared to have been sent by associates, the group said in its statement. The Trojan e-mail messages contained either links to Web sites or attachments and were specially constructed to retrieve data from the victim's computer or the company's server.
"The specific source of the attacks has not yet been determined, but it appears that they attacks were initiated within China," the firm said in its statement.
Last week, filtering software firm CYBERsitter announced that it had retained Gipson Hoffman & Pancione to sue the Chinese government, two Chinese software developers and seven PC makers for allegedly distributing its software code as part of the Chinese state-sponsored filtering and monitoring program known as Green Dam Youth Escort. The latest incident follows Google's announcement on Tuesday that it was considering pulling out of China following serious attacks on its networks that resulted in stolen intellectual property and the surveillance of human-rights activists in China.
The attacks on law firm GHP are not the first attempt to infiltrate companies involved in the claims against China and Green Dam. Last summer, CYBERsitter also received two PDF files containing malicious code.
The law firm has contacted the FBI and the U.S. government and the incident is under investigation, according to its statemen
Published: 2010-01-14
A law firm suing China and two Chinese software developers over the Green Dam Youth Escort monitoring program suffered several targeted attacks earlier this week, when documents containing malicious exploits were sent to attorneys, the firm stated late Wednesday.
On Monday evening, lawyers at the firm of Gipson Hoffman & Pancione received e-mails that appeared to have been sent by associates, the group said in its statement. The Trojan e-mail messages contained either links to Web sites or attachments and were specially constructed to retrieve data from the victim's computer or the company's server.
"The specific source of the attacks has not yet been determined, but it appears that they attacks were initiated within China," the firm said in its statement.
Last week, filtering software firm CYBERsitter announced that it had retained Gipson Hoffman & Pancione to sue the Chinese government, two Chinese software developers and seven PC makers for allegedly distributing its software code as part of the Chinese state-sponsored filtering and monitoring program known as Green Dam Youth Escort. The latest incident follows Google's announcement on Tuesday that it was considering pulling out of China following serious attacks on its networks that resulted in stolen intellectual property and the surveillance of human-rights activists in China.
The attacks on law firm GHP are not the first attempt to infiltrate companies involved in the claims against China and Green Dam. Last summer, CYBERsitter also received two PDF files containing malicious code.
The law firm has contacted the FBI and the U.S. government and the incident is under investigation, according to its statemen