|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Oct 01 2010 - 12:57:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Six new hands-on courses target the newest security challenges facing enterprises:
(1) Network Forensics
(2) Virtualization Security
(3) Combating Malware In the Enterprise
(4) Metasploit Kung-Fu for Enterprise Pen Testing
(5) Implementing and Auditing the 20 Critical Security Controls
(6) Advanced Penetration Testing, Exploits and Ethical Hacking
You'll find them (plus pen testing, hacker exploits, IDS, reverse
engineering malware, security essentials boot camp, auditing, legal,
and more) in London and/or in DC at the two largest cybersecurity
training events of the fall:
- -- SANS London starts November 27: http://www.sans.org/london-2010/
- -- SANS Cyber Defense Initiative in DC starts December 10: http://www.sans.org/cyber-defense-initiative-2010/
*************************************************************************
SANS NewsBites October 1, 2010 Vol. 12, Num. 78
*************************************************************************
TOP OF THE NEWS
Dozens Charged in Connection with ZeuS-Enabled Bank Fraud
Survey: Cyber Security Hampering Productivity
THE REST OF THE WEEK'S NEWS
Adobe to Release Patches for Acrobat and Reader on October 5
Senate Committee Tries to Fast-Track Anti-Piracy Bill
Researchers Find Android Apps are Sharing Data
ZeuS Turns to LinkedIn as Vector of Infection
Nine Arrested in SIM Card Fraud Case
Survey: State CISO's Budget Cuts Take Toll on Data Protection
Microsoft Issues Out-of-Band Fix for ASP.Net Flaw
Malicious Online Impersonation Now a Crime in California
Cyber Storm III to Test National Cyber Incident Response Plan
*********************** Sponsored by SANS **************************
Special Webcast in Conjunction with SANS 2010 EU SCADA and Process
Control Summit! Smart Grid: New Sweet Spot for Criminals and Terrorists
Tuesday, October 19, 1 PM EST. As energy providers move to more open,
public-facing Smart Grid technologies, the integrated fabric of our
most critical infrastructure is already under attack. Learn how to
plug the gaps between legacy SCADA control systems using 21st-Century
security technologies, with experts Jonathan Pollet, founder of
infrastructure consulting firm, RedTiger, and Eric D. Knapp, director
of critical infrastructure technologies at NitroSecurity. Sign in at
your SANS Portal Account or follow the link, here:
http://www.sans.org/info/65318
*********************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10):
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
- - -- SOS: SANS October Singapore, October 4-11, 2010
7 courses
http://www.sans.org/singapore-sos-2010/
- - -- SANS Chicago 2010, Skokie, Illinois, October 25-30, 2010
6 courses. Bonus evening presentations include Weaponizing LISP:
Advancing the Art of Network Security and Examining the Global
Underground of Malicious Actors
http://www.sans.org/chicago-2010/night.php
- - -- SANS San Francisco 2010, November 5-12, 2010
7 courses. Bonus evening presentations include Weaponizing LISP:
Advancing the Art of Network Security
http://www.sans.org/san-francisco-2010/
- - -- SANS London 2010, November 27-December 6, 2010
14 courses. Bonus evening presentations include Latest Advances in
Computer Forensics and Continuous Vulnerability Testing and
Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/
- - -- SANS Cyber Defense Initiative 2010, Washington DC, December 10-17, 2010
24 courses. Bonus evening presentations include Browser Based
Defenses; Continuous Vulnerability Testing and Remediation: the 20
Critical Security Controls Perspective; and Cyberwar or Business as
Usual? The State of US Federal CyberSecurity Efforts
http://www.sans.org/cyber-defense-initiative-2010/
- - -- SANS Security East 2011, New Orleans, LA, January 20-27, 2011
12 courses. Bonus evening presentations and special events include
Happy Little Clouds: Governing, Assessing and Auditing Cloud
Environments and Future Trends in Network Security
http://www.sans.org/security-east-2011/
- - - - -- Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Dubai, Geneva, Bangalore, San Antonio and Sydney all in the
next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*********************************************************************
TOP OF THE NEWS
--Dozens Charged in Connection with ZeuS-Enabled Bank Fraud
(September 30, 2010)
Authorities on both sides of the Atlantic have charged dozens of
people in connection with massive bank fraud using the ZeuS Trojan
horse program. US authorities charged 92 people believed to have been
involved in cyber attacks that stole more than US $200 million from
bank accounts over the last four years. In the UK, authorities
arrested 20 people who are believed to have stolen GBP 6 million (US
$9.5 million) in just three months using ZeuS. While the charges in
the US may have dealt a blow to the scheme's operations, the code's
developers, those who run the back-end servers and the scheme's
masterminds remain at large.
http://online.wsj.com/article/SB10001424052748704483004575523811617488380.html?mod=WSJ_hps_LEFTWhatsNews#
http://www.computerworld.com/s/article/9189019/Feds_hit_Zeus_group_but_the_brains_remain_overseas?taxonomyId=17
http://www.infoworld.com/t/malware/governments-take-zeus-the-god-cybercrime-393
http://www.reuters.com/article/idUSN3019563220100930
http://www.wired.com/threatlevel/2010/09/zeus-raid/
http://www.theregister.co.uk/2010/09/30/zeus_money_mules_charged/
http://money.cnn.com/2010/09/30/technology/cyber_crime_charges/index.htm
http://news.cnet.com/8301-27080_3-20018177-245.html?tag=mncol;title
[Editor's Note (Honan): Well done to all involved and hopefully more
arrests will follow. Unfortunately the Zeus botnet is still very
active with the Zeus Tracker website showing there are still 170 C&C
servers online https://zeustracker.abuse.ch/]
--Survey: Cyber Security Hampering Productivity
(September 30, 2010)
A survey conducted by the Government Business Council found that
officials at US federal government agencies feel that cyber security
has a negative impact on productivity. Two of the most often cited
issues are restricted access to information and delayed
communications. Nearly two-thirds of the 162 respondents from 28
agencies said that security controls prevented them from accessing
certain websites or applications they needed for their jobs. The
officials said they often circumvented security controls to get their
jobs done; some reported using non-agency devices to access the
information they needed. The respondents also noted that security
measures slowed down computers' performance. The respondents said
that the most important consideration in implementing security
policies should be access to information.
http://www.eweek.com/c/a/Security/CyberSecurity-Cutting-Federal-Government-Productivity-Survey-744792/
[Editor's Note (Pescatore): The blade guard on my power saw hampers my
productivity in cutting wood, but chopping off my hand or even just
a few fingers tends to also have an impact on my productivity. That
said, there are a lot of very, very silly URL blocking and email
policies in place out there that *do* impact productivity, *don't*
increase security and *do* encourage users to bypass IT systems.]
**********************************************************************
THE REST OF THE WEEK'S NEWS
--Adobe to Release Patches for Acrobat and Reader on October 5
(September 30, 2010)
On Tuesday, October 5, Adobe plans to release a fix for a critical
flaw in Adobe Reader and Acrobat that is being actively exploited to
take control of vulnerable computers. Adobe fixed the same flaw in
Flash with an out-of-band patch last week. The release of the fix
comes a week earlier than Adobe's regular quarterly security update
for Acrobat and Reader.
http://news.cnet.com/8301-27080_3-20018195-245.html?tag=mncol;title
http://www.adobe.com/support/security/advisories/apsa10-02.html
--Senate Committee Tries to Fast-Track Anti-Piracy Bill
(September 29, 2010)
An anti-piracy bill introduced in the US Senate has inspired heated
response on both sides of the debate. Some have questioned the
timing of the proposed legislation, which was introduced just days
before lawmakers adjourn to return home and campaign for the November
midterm election. The Combating Online Infringement and Counterfeits
Act would give the US Justice Department (DoJ) the authority to file
civil action against the suspect domain names. If the suspect site is
in the US, the Attorney General could ask court to find the domain name
"is dedicated to infringing activities." The DoJ could then order the
site's registrar to shut it down. DoJ would also have the authority
to take steps to block US Internet users' access to overseas sites
that have pirated content. ISPs could be ordered to block those
sites and to order companies to stop doing business with the sites.
http://news.cnet.com/8301-31001_3-20018091-261.html?tag=topStories1
http://www.computerworld.com/s/article/9188780/Outcry_prompts_amendments_to_online_IP_protection_bill?taxonomyId=71
http://www.pcmag.com/article2/0,2817,2369948,00.asp
--Researchers Find Android Apps are Sharing Data
(September 29 & 30, 2010)
Researchers from Duke University, Penn State University and Intel
labs have found that some applications for the Android smartphone are
sharing information about their users. The researchers developed
a tool called TaintDroid, which detects when applications send
private data. TaintDroid was tested on 30 randomly selected free
applications available in Android marketplace; half were found to
be sending information to remote advertising servers. Two-thirds of
the applications "handled data in ambiguous ways." The data shared
include phone number, contacts, SIM card serial numbers and location
information. In some cases, the information was being shared only when
advertisements were being displayed on the users' phones. In other
cases, location data were being sent even when the user was not running
the application. The permissions granted by users to applications to
access certain data do not explain how that information will be used.
The researchers plan to present a report on their findings at the
USENIX Symposium on Operating System Design and Implementation in
Vancouver.
http://www.pcworld.com/businesscenter/article/206644/android_apps_more_open_than_users_know.html?tk=hp_new
http://www.bbc.co.uk/news/technology-11443111
http://news.cnet.com/8301-27080_3-20018102-245.html
[Editor's Note (Pescatore): Android was developed by Google, and
the vast majority of Google's revenue comes from selling advertising
around other people's information. It should be no surprise to anyone
using applications on Android to find that many apps are advertising
friendly and privacy hostile. A much, much better "curated" app store
model is needed for Android phones if this is going to change at all.
(Northcutt): The good news is you only paid $1.00 for the app; the
bad news is that some marketing service paid the developer $5.00
for your information. The crazy thing is that some people not only
don't care, they love it. I was talking with a real estate agent
who had an iPhone/Android app on his phone called bump (like fist
bump). If you bumped two bump-enabled phones together they share
your contact information and any or all selected contacts with each
other. He actually wanted me to install bump so I could bump him.
Yikes! http://bu.mp/ ]
--ZeuS Turns to LinkedIn as Vector of Infection
(September 29, 2010)
In what has been described as "the largest such attack known to
date," miscreants attempting to spread ZeuS malware have been sending
malicious LinkedIn contact requests to users of the social networking
service. When users click on the link in the phony invitation, they
are sent to a web page that asks them to wait, during which time
ZeuS is downloaded onto their computers. ZeuS lurks in browsers
and harvests sensitive personal information, like online banking
login credentials.
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=227501020&subSection=Attacks/breaches
--Nine Arrested in SIM Card Fraud Case
(September 27 & 28, 2010)
French authorities have arrested nine people in connection with a
scheme that allegedly defrauded telecommunications companies of
millions of Euros. The people allegedly bought SIM card codes from
unscrupulous telecommunications company employees and resell them for
about 30 Euros (US $41) on the Internet. The group is believed to
have been operating for five years and reportedly earned US $675,000
every month.
http://www.technewsdaily.com/sim-card-crime-ring-arrested-is-your-phone-safe-1325/
http://www.theregister.co.uk/2010/09/28/france_mobile_fraud_investigation/
http://sip-trunking.tmcnet.com/topics/security/articles/104649-french-police-bust-mobile-phone-hackers.htm
--Survey: State CISO's Budget Cuts Take Toll on Data Protection
(September 28 & 29, 2010)
A survey from Deloitte & Touche and the National Association of
State Chief Information Officers found that most state CISO's lack
the necessary funds to adequately protect citizens' personal data.
Seventy-nine percent of state CISOs said their budgets were remaining
the same or being cut. Half of respondents said that just 1-3 percent
of their budget is allocated specifically to information security.
Other factors impeding states' abilities to protect information include
increasing cyber threats and lack of qualified security professionals.
In addition, "many state CISOs lack the visibility and authority
to effectively drive security down to the individual agency level,"
according to Deloitte & Touche director and leader of state government
security and privacy services Srini Subramanian.
http://content.usatoday.com/communities/technologylive/post/2010/09/most-states-cannot-protect-citizens-personal-and-health-data/1?loc=interstitialskip
http://cybersecurityreport.nextgov.com/2010/09/state_cybersecurity_budgets_declining.php?oref=latest_posts
http://civsourceonline.com/2010/09/29/budget-cuts-harm-cybersecurity-in-the-states-survey-says/
http://www.infosecurity-us.com/view/12812/state-cisos-see-budget-cuts-coming/
http://www.deloitte.com/view/en_US/us/press/Press-Releases/4afd1754d835b210VgnVCM1000001956f00aRCRD.htm
[Editor's Note (Pescatore): Since we are all in the "security union"
together, it is always bad to see security budgets cut but state
government funding overall is a disaster area. When your house is
collapsing, not a good time to complain about the lack of a burglar
alarm system.]
--Microsoft Issues Out-of-Band Fix for ASP.Net Flaw
(September 28 & 29, 2010)
Microsoft has issued an out-of-band fix for a vulnerability in ASP.Net
encryption. The flaw has already been exploited in limited attacks.
ASP.Net is a web application framework used in millions of websites
and applications. The fix was released to Microsoft Download Center
so users have to download the patch and install it themselves.
Microsoft plans to release the patch to Windows Update in several days.
http://www.theregister.co.uk/2010/09/29/ms_emergency_asp_net_fix/
http://www.computerworld.com/s/article/9188440/Microsoft_issues_emergency_patch_for_Windows_Web_bug?taxonomyId=82
http://www.h-online.com/security/news/item/Patch-fixes-vulnerability-in-ASP-NET-1098257.html
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
--Malicious Online Impersonation Now a Crime in California
(September 28, 2010)
California Governor Arnold Schwarzenegger has signed into law a bill
that makes it a crime to impersonate someone online with malicious
intent. People who impersonate others online for "purposes of
harming, intimidating, threatening or defrauding another person" could
find themselves facing misdemeanor charges. While the law's intent
does not criminalize parody or satire, there are some who fear it
could have a chilling effect of free speech online and that companies
and public officials could abuse the law to quash their critics.
http://www.computerworld.com/s/article/9188498/California_bans_malicious_online_impersonation?taxonomyId=17
--Cyber Storm III to Test National Cyber Incident Response Plan
(September 28 & 29, 2010)
The US Department of Homeland Security has kicked off Cyber Storm III,
a cyber security preparedness exercise that this year involves seven
federal agencies, 11 states, 12 foreign countries and 60 private
companies, representing the banking, chemical, communications,
defense, nuclear, IT, transportation and water components of
critical infrastructure. Cyber Storm III will simulate large
attacks on various systems at government organizations and in the
critical infrastructure. Cyber Storm attack simulations are run
every other year. The exercise will draw upon the support from
the National Cybersecurity and Communications Integration Center,
which opened a year ago; the exercise is hoped to help clarify
how the Center fits into the big picture of cyber threat response.
The exercise will also test the National Cyber Incident Response Plan,
a document that is still in a draft stage.
http://fcw.com/articles/2010/09/28/dhs-testing-new-cyber-response-plan-in-global-drill.aspx?admgarea=TC_SECCYBERSEC
http://www.informationweek.com/news/government/security/showArticle.jhtml;jsessionid=45BRGGBRDA5ARQE1GHRSKHWATMY32JVN?articleID=227500797&pgno=1&queryText=&isPrev=
http://www.computerworld.com/s/article/9188720/Cyber_Storm_III_simulates_large_scale_cyberattack?taxonomyId=17
http://www.nextgov.com/nextgov/ng_20100929_4557.php?oref=topnews
http://darkreading.com/vulnerability_management/security/cybercrime/showArticle.jhtml?articleID=227500997
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and
he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune
50 company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner
for Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer
at the North American Energy Reliability Commission (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and
is widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFMphdv+LUG5KFpTkYRAipQAKCJlffFvawiqo4ZoNOvJpHBApz8NgCfeQ3B
PEpo9ktByLMYO5TjvTyQ1us=
=v0e3
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]