By Ryan Kamauff
- Brace for malware-fighting IE, Office patches – Microsoft is finally patching the vulnerabilities in IE this week. The weakness is in versions 6-10 of the software. 19 of the 23 patches Microsoft is rolling out today are based around patching IE. Via ComputerWorld, more here.
- Pentagon Five-Year Cybersecurity Plan Seeks $23 Billion – The DoD is asking for $23B in the next five years to spend on securing networks as well as creating offensive capabilities. It appears that there will also be a commitment to protecting the critical infrastructure. The funding “calls for requesting $9.3 billion through 2018 for information-assurance systems aimed at blocking hackers and preventing disruptions of information on Pentagon computers, and $8.9 billion for cyber-operations, which include both defensive and offensive capabilities.” Via Bloomberg, more here.
- Researchers find self-propagating Zeus variant – Researchers have found a version of the Zeus malware that automatically spreads itself to removable drives if they are connected to an infected system. The software also pings the C&C server looking for updates, then settles in and “perform[s] MitM attacks, log keystrokes and grab information entered in online forms. ” Via Help Net Security, more here.
- Obama and Xi fail to bridge cybersecurity gap – When the US President and the Chinese President met this weekend, Mr Obama made sure the Chinese leader knew how serious the US was taking cyber attacks. Despite that being communicated, no definable progress has been made in the issue. While naming (and attempting to shame) the Chinese government is a one step, it is not enough to protect our networks from these attacks. Via CNN, more here.
- New Android Trojan Is Nearly Impossible to Remove – “Identified by Kaspersky as “Backdoor.AndroidOS.Obad.a,” the mobile menace can send SMS to premium-rate numbers, download other malware and install them on the infected device, as well as send malware to other devices via Bluetooth, and remotely perform commands in the console.” This malware immediately looks to gain admin priviliges, and then sits back and pretends not to have them. The malware has infected only .15% of Android devices, but it is extremely capable. Via Mashable, more here.
- Web Hosting Provider Hacked – Apparently, a German hosting company was hit by a malicious attack which featured software, that ‘”To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before,” Hetzner wrote in a note to the company’s customers.’ This software hit the RAM alone, which most likely infiltrated Apache and sshd process. Their administrative software had also been compromised, allowing the attacker to copy pieces of customer data. Via ISS Source, more here.
- Cyber Attacks focusing on Infrastructure, not Data – “Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, and Nazli Choucri, a political science professor at Massachusetts Institute of Technology, talk about the challenges in global cyber security. They speak with Guy Johnson on Bloomberg Television’s “The Pulse.” (Source: Bloomberg)”. Check out the video, here.