Latest on Flame, Stuxnet, Duqu and more
DOJ's charges against China reframe security, surveillance debate
The U.S. Department of Justice's decision to bring computer hacking and economic espionage charges against five alleged members of the Chinese army is an attempt by President Barack Obama's administration to redirect a global discussion about cyberhacking and surveillance, some cybersecurity experts said.
Hacker indictments against China's military unlikely to change anything
The U.S. government's decision to formally indict five members of the Chinese military on criminal hacking charges marks a significant escalation of what's been a war of words between both countries.
U.S. to formally accuse Chinese military of hacking
U.S. officials later today will charge several individuals connected to China's military with hacking American firms, online reports said early Monday.
Cyberattacks could paralyze U.S., former defense chief warns
As the U.S. Secretary of Defense, Leon Panetta delivered strong warnings about the risks of cyberattacks on the country. His conviction that a possible 'cyber Pearl Harbor' may be looming has not tempered since leaving the post last year.
Defining how a no-holds-barred Russia-Ukraine cyberwar would play out
With some opening shots in a cyber component to the war of nerves in the Ukraine already fired, security analysts today offered a look at how a full-fledged cyberwar in the region would unfold.
Update: Obama's NSA proposals underscore reform challenges
President Obama's proposals to reform the National Security Agency's surveillance practices reflect the enormous challenges the administration faces in finding the right balance between national security needs and privacy and civil rights concerns.
The NSA blame game: Singling out RSA diverts attention from others
Singling out RSA for reproach for allegedly enabling a backdoor in one of its encryption technologies in a deal with the National Security Agency deflects attention from the role other technology vendors may have had in enabling NSA's secret data collection activities.
Malware: War without end
After decades of fighting off viruses, worms, Trojans and other malware and cyberattacks, total victory remains beyond reach.
Jury still out on FISA court
Data released by the presiding judge of the Foreign Intelligence Surveillance Court suggest that the secret court is tougher on government requests for wiretaps on foreign terrorism suspects than had been generally assumed.
Suspected China-based hackers 'Comment Crew' rises again
The suspected China-based hackers known as the "Comment Crew" are back at it again, a development likely to contribute to continued tensions between the U.S. and China over cyberattacks.
Chinese hackers master the art of lying in wait
The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign that China is gaining technical superiority over the U.S. in cyberspace, security experts say.
Spy court OK'd all U.S. wiretap requests it received in 2012
A special court established to review government requests for warrants to conduct electronic surveillance of suspected foreign spies received close to 1,900 warrant requests last year -- all of which it approved.
Groups denounce FBI plan to require Internet backdoors for wiretaps
Privacy groups are denouncing a federal government move to force Internet companies like Facebook and Google to build backdoors that would let the FBI and other agencies snoop in on real time online communications.
Update: House Intelligence panel OKs CISPA after closed door meeting
The U.S. House Intelligence Committee on Wednesday voted 18-2 in favor of a controversial information-sharing bill that was reintroduced in Congress this February after failing last year amid widespread protests from rights group and a White House veto threat.
South Korea cyberattacks hold lessons for U.S.
U.S. companies and government agencies can learn from the large-scale disruptions that have hit several banks and media outlets in South Korea in the last 24 hours, security analysts said.
U.S. military networks not prepared for cyberthreats, report warns
The U.S. is dangerously unprepared to face a full-scale cyber conflict launched by a peer adversary, a report by the military's Defense Science Board (DSB) warns.
BitDefender traces MiniDuke espionage malware back to June 2011
Romanian security company BitDefender has traced the cyber-espionage malware "MiniDuke" back to June 2011, more than a year and a half before the campaign was uncovered
Return of CISPA: Cybersecurity boon or privacy threat?
Rights groups fear widespread sharing of personal information; security managers see threat information sharing as key part of corporate cyber defenses
New report says cyberspying group linked to China's army
A new report traces a large cybersecurity threat group to China's People's Liberation Army, specifically an unit that goes under the cover name "Unit 61398".
Adobe to patch Reader zero-day this week with rush update
Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.
Obama executive order redefines critical infrastructure
President Barack Obama's cybersecurity executive order, signed on Tuesday, could significantly expand the list of companies categorized as part of U.S. critical infrastructure sector, security experts said Wednesday.
Obama cybersecurity order lacks bite, security experts say
President Barack Obama's cybersecurity executive order elicited guarded praise from several quarters even as it revived calls for more comprehensive bipartisan legislation to address long-term security threats.
Obama seen likely to urge Congress to pass cybersecurity laws in State of the Union address
President Obama could use tonight's State of the Union address to continue a push for new cybersecurity legislation, even as he's widely expected to issue an executive order Wednesday to impose rules aimed at protecting critical infrastructure targets, security experts say.
Obama to issue cybersecurity executive order this month
President Barack Obama is expected to issue a cybersecurity executive order in the days after his Feb. 12 State of the Union address.
Cyberwarfare now menacing the enterprise, Kaspersky Lab says
Enterprise security managers have yet another worry to add to their list: cyberwarfare attacks.
Microsoft kicks off 2013 with clutch of critical Windows updates
Microsoft today patched 12 vulnerabilities in Windows, Office and several server and development products, but did not come up with a fix for the IE bug that cyber criminals have been exploiting for at least a month.
Security lessons from 2012
More DDoS attacks on banks, cyberwarfare, and targeted attacks could well be in store in 2013, security experts warn.
Experts question Microsoft's decision to retire XP
Microsoft will 'draw a line in the sand' in 2014 when Windows XP exits support, security researchers said today, even if millions of people are still running the aged OS and a zero-day bug threatens the Windows ecosystem.
Cyberwarfare evolves faster than rules of engagement
As the rhetoric heats up over cyberwar -- including warnings that attacks on the U.S. are imminent and alarms that the U.S. has escalated the risk via malware attacks on Iran's nuclear program -- the rules of engagement are missing in action.
Can the US military fight a war with Twitter?
Students at a military graduate school in California are mining social media with new methods that may change the way the armed forces collect intelligence overseas.
After Stuxnet: The new rules of cyberwar
Critical infrastructure providers face off against a rising tide of increasingly sophisticated and potentially destructive attacks emanating from hacktivists, spies and militarized malware.
Kaspersky discovers miniFlame cyberespionage malware directly linked to Flame and Gauss
Security researchers from Kaspersky Lab have identified another piece of malware targeting the Middle East that is likely part of the interrelated cyberespionage efforts behind Stuxnet, Duqu, Flame and Gauss.
Kaspersky pleads for crypto help to probe Gauss malware
Kaspersky Lab today appealed for help from top-notch cryptographers to help it break the encryption of a still-mysterious warhead delivered by the Gauss cyber-surveillance malware
Security experts push free Gauss detection tools
Two security organizations have released online tools that let Windows users check for possible infections by Gauss, the newly-revealed cyber surveillance malware thought to have been government- built.
Nation-backed surveillance malware monitors Middle East bank accounts
A sophisticated cyber surveillance tool that monitors financial transactions with Middle Eastern banks was probably built by or under the auspices of a government, security researchers said today.
Report: Flame part of US-Israeli cyberattack campaign against Iran
The highly sophisticated Flame malware was jointly developed by the U.S. and Israeli governments in preparation for a cybersabotage campaign to disrupt Iran's nuclear fuel enrichment efforts, according to a media report.
Scot Finnie: Stuxnet was a wake-up call, but don't fall back asleep
It's clear that U.S. businesses and infrastructure operators haven't even begun to prepare to defend against cyber-espionage and sabotage.
Microsoft readies post-Flame Windows Update changes
Microsoft will start feeding users an update to the critical Windows Update service in the next few days, several security experts said today.
Microsoft scrambles as it patches 26 bugs, warns users of active attacks
Microsoft patched 26 vulnerabilities, including one in Internet Explorer that's already being exploited. The company also warned customers of a new zero-day attack and quashed yet another instance of a bug that the Duqu intelligence-gathering Trojan leveraged.
Flame's Windows Update hack required world-class cryptanalysis, researchers say
The Flame cyber-espionage malware makes use of a previously unknown cryptographic attack variant that required world-class cryptanalysis to develop, experts from the Dutch national research center for mathematics and computer science (CWI) said on Thursday.
Microsoft's moves against Flame may throw wrench in Patch Tuesday
Microsoft plans to deliver seven security updates next week to patch 28 bugs, but its plans to update Windows Update in response to the Flame malware could disrupt this month's patching.
Flame authors order infected computers to remove all traces of the malware
The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis, security researchers from Symantec said on Wednesday.
Microsoft's reaction to Flame shows seriousness of 'Holy Grail' hack
Microsoft appears to agree with experts that the exploit of its Windows Update system by the Flame cyber espionage malware was a 'significant' event in the history of Windows hacking.
Microsoft will update Windows Update to stymie Flame-like attacks
Microsoft today announced it will issue an update to its Windows Update to prevent copy-cat hackers from duplicating Flame's feat of infecting fully-patched PCs by faking the service.
Google warns Gmail users of 'state-sponsored' hacks
Google began warning users today of its Gmail online email services when it suspects they may be targets of "state-sponsored" attacks.
QuickPoll: Does the Flame malware increase the odds of a cyberwar?
The sophisticated cyber espionage malware known as 'Flame' was discovered after computers within Iran's energy industry were wiped clean of data. Does the Flame malware increase the odds of a cyberwar?
Researchers reveal how Flame fakes Windows Update
Security researchers today published detailed information about how the Flame cyber-espionage malware spreads through a network by exploiting Microsoft's Windows Update mechanism.
Microsoft throws 'kill switch' on own certificates after Flame hijack
Microsoft on Sunday revoked several of its own digital certificates after discovering that the makers of the Flame super-cyber spy kit figured out a way to sign their malware with the company's digital "signature."
Government role in Stuxnet could increase attacks against U.S. firms
The U.S government's extensive involvement in the Stuxnet attacks against Iran is sure to trigger a sharp increase in state-sponsored cyber attacks against American businesses and critical infrastructure targets, security experts warn.
Report: Obama ordered Stuxnet attacks on Iran
President Barack Obama ordered the Stuxnet cyberattacks on Iran in an effort to slow the country's development of a nuclear program, according to a report in The New York Times.
Flame's Bluetooth functionality could help spies extract data locally, researchers say
The Bluetooth functionality of the Flame cyberespionage malware could potentially be used to pinpoint the physical location of infected devices and allow local attackers to extract data if they get in close proximity to the victims, according to security researchers from antivirus vendors Symantec and Kaspersky Lab.
Development timeline key to linking Stuxnet, Flame malware
Nailing down a timeline for the development of Flame, the super-cyber spying malware recently found infecting PCs in Iran and other Middle Eastern nations, will be critical to connecting it to Stuxnet and Duqu, experts said.
Attacks on Iranian oil industry led to Flame malware find
The sophisticated cyber espionage malware known as 'Flame' was discovered after computers within Iran's energy industry were wiped clean of data, a security expert said today.
Researchers identify Stuxnet-like malware called 'Flame'
A new, highly sophisticated malware threat that was predominantly used in cyberespionage attacks against targets in the Middle East has been identified and analyzed by researchers from several security companies and organizations.
Iran admits expanded cyberattacks, claims it's identified hackers
The Iranian government acknowledged today that authorities have found evidence of recent cyberattacks against several agencies, according to reports by state-sponsored media outlets.
Iran confirms cyberattacks against oil facilities
Iran's oil ministry today confirmed that it was the target of malware attacks over the weekend, adding to reports by state-run media that the country's oil industry was hit by hackers.
Duqu malware resurfaces after four-month holiday
Duqu, the malware that has been compared to 2010's notorious Stuxnet, is back, security researchers said today.
Duqu trojan built by 'old school' programmers, Kaspersky says
The Duqu Trojan, an espionage tool that last year attracted lots of attention for its many Stuxnet-like features, may have been written by experienced old school programmers, a security researcher at Kaspersky Labs said Monday.
Researchers can't identify programming language used in Duqu, ask for help
Malware experts from Kaspersky Lab have asked the programming community for help identifying the programming language, compiler or framework that was used to write an important part of the Duqu Trojan, in the hope that it could reveal clues about who created it or why.
Researchers unearth more Chinese links to defense contractor attacks
Symantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors.
Expect more cyber-espionage, sophisticated malware in '12, experts say
The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for the attcks to become increasingly sophisticated.
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
Microsoft today issued 13 security updates, one less than expected, that patched 19 vulnerabilities in Windows, Internet Explorerr, Office, and Windows Media Player.
Duqu hackers scrub evidence from command servers, shut down spying op
The hackers behind the Duqu botnet have shut down their snooping operation, according to Moscow-based Kaspersky Lab.
4 lessons from the Springfield, Ill. SCADA cyberattack
The recent cyberattack on a public water utility in Springfield, Ill. has stoked concerns about the vulnerability of critical infrastructure equipment across the U.S.
Will 2012 REALLY be the year of the cyberwar?
Much has been made of prospects for a cyberwar. Many believe we're already in one. So what are security practitioners to do as they plan for 2012?
FAQ: What's the big deal about Duqu?
The recently discovered Duqu Trojan has gotten a lot of attention in the security research community. Here's why.
Security researcher says Iran to blame for its own Duqu infections
An Iranian government official yesterday acknowledged that the Duqu attacks had infected computers in the country but claimed that the Trojan was "under control," according to a report by a state-run news agency.
Hackers may have spent years crafting Duqu
The hacker group behind Duqu may have been working on its attack code for more than four years, new analysis of the Trojan revealed Friday.
Open-source toolkit finds Duqu infections
The lab credited with discovering the Duqu malware has built an open-source toolkit that administrators can use to see whether their networks are infected.
NSS Labs claims new tool can detect all Duqu drivers
Security research firm NSS Labs has released an open source scanning tool that is capable of detecting all malicious drivers used by the new Duqu threat, according to its engineers. However, other security vendors believe that the malware's creators are capable of evading detection at any time.
Duqu exploits same Windows font engine patched last month, Microsoft confirms
Microsoft on Thursday confirmed that the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month.
Microsoft issues workaround for Duqu attack while it prepares a patch
Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software still being closely analyzed by security researchers.
Microsoft expected to offer hot fix for Duqu soon
The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet" - but researchers don't expect Microsoft to include a patch for it in next week's Patch Tuesday. Instead, a manual fix could be out as soon as this week.
Update: Duqu exploits zero-day flaw in Windows kernel
The Duqu trojan infects systems by exploiting a previously unknown Windows kernel vulnerability that is remotely executable.
Duqu, Stuxnet link unclear
A report by Dell SecureWorks debunks the idea that the newly discovered Duqu Trojan is related to last year's Stuxnet worm or was created by the same authors.
Hard to fully assess Duqu threat yet, researchers say
As new information about the Duqu continues to come out, some experts are starting to question whether the danger from the trojan has been exaggerated.
Despite Stuxnet, Duqu, control system flaws still overlooked
Efforts to strengthen critical infrastructure targets continue to focus on front-end systems rather than on underlying industrial control systems where the real problems exist, security experts warned this week.
Symantec, McAfee differ on Duqu threat
Symantec and McAfee appear to have come to slightly different conclusions about the specific dangers posed by a newly discovered Trojan program called Duqu.
Duqu Trojan a precursor to next Stuxnet, Symantec warns
Security vendor Symantec is warning of a new malware threat that it says could be a precursor to the next Stuxnet.
After Stuxnet, a rush to find bugs in industrial systems
Kevin Finisterre isn't the type of person you expect to see in a nuclear power plant. With a beach ball-sized Afro, aviator sunglasses and a self-described "swagger," he looks more like Clarence Williams from the '70s TV show "The Mod Squad" than an electrical engineer.
On the front line against the next Stuxnet
Something has gone terribly wrong on the plant floor at ACME Specialty Chemical International Inc.
Take cyberthreats seriously, says counterterrorism expert
Cofer Black warns that government officials shouldn't dismiss warnings of imminent cyberattacks.
Security experts can't verify Iran's claims of new worm
Without a sample of the new worm that an Iranian official says attacked the country's computers, it's impossible to verify his claims, a security researcher said.
DHS chief: What we learned from Stuxnet
A lesson from the Stuxnet worm is that the private sector needs to be able to respond quickly to cyber-emergencies, said Janet Napolitano, secretary of U.S. Department of Homeland Security
Update: Iran says it was targeted with second worm, 'Stars'
An Iranian general who has been investigating the Stuxnet attack on Iran's nuclear program says the country has also been hit by a second targeted attack, called Stars.
Iranian general accuses Siemens of helping U.S., Israel build Stuxnet
An Iranian military commander accused the German electronics giant Siemens with helping U.S. and Israeli teams craft the Stuxnet worm that attacked his country's nuclear facilities.
If Stuxnet was act of cyberwar, is U.S. ready for a response?
The complex Stuxnet worm proved attacks on SCADA and other industrial control systems were possible. Are we ready if one comes our way?
Stuxnet scored quick hit on first target, says researcher
Stuxnet infected its first target just 12 hours after hackers finished the worm, an indication that the malware scored an almost instant bulls-eye, a Symantec researcher said today.
Stuxnet struck five targets in Iran, say researchers
Symantec researchers today said that the notorious Stuxnet worm targeted five separate organizations -- all with a presence in Iran -- and that attacks began in June 2009, more than a year before experts raised the alarm.
Israel tested Stuxnet worm, says report
The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was reportedly created by Israel and the U.S.
Report: Iran confirms Stuxnet hit centrifuges
Iran has reportedly confirmed that the Stuxnet worm hit centrifuges used to refine uranium in the country.
Experts: Stuxnet changed the cybersecurity landscape
The appearance of the Stuxnet worm in June should serve as a wake-up call to governments and businesses, especially those relying on Internet-based industrial control systems, a group of cybersecurity experts told U.S. lawmakers Wednesday.
New Stuxnet clues suggest sabotage of Iran's uranium enrichment program
Researchers have uncovered new clues that the Stuxnet worm may have been created to sabotage Iranian attempts to turn uranium into atomic bomb-grade fuel.
Iran blames Stuxnet worm on Western plot
Iran today made its strongest statement yet that it believes a Western plot is behind the Stuxnet worm that has infected tens of thousands of computers in the country, including some at its sole nuclear power plant.
Iran arrests 'spies' after Stuxnet attacks on nuclear program
An Iranian intelligence official Saturday said that authorities had detained several "spies" connected to cyber attacks against its nuclear program.
Why did Stuxnet worm spread?
Stuxnet's inability to stay stealthy may be fall-out from a failure to hit its intended targets last year, security researchers said today.
Stuxnet code hints at possible Israeli origin, researchers say
Security researchers today offered another tantalizing clue about the possible origins of the notorious Stuxnet worm, but cautioned against reading too much from the obscure tea leaves.
Stuxnet worm can re-infect scrubbed PCs
A security researcher today revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware.
Iran admits Stuxnet worm infected PCs at nuclear reactor
Although some computers at Iran's Bushehr nuclear reactor were infected by the Stuxnet worm, none of the facility's crucial control systems were affected, Iranian officials said.
Iran confirms massive Stuxnet infection of industrial systems
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.
Our bloggers on Flame, Stuxnet and other cyberwarfare
Chinese government bans Apple, really?
The situation for US tech firms in China has certainly become more difficult as a result of US surveillance activities.
Leaked slide shows NSA hackers secretly infected 50,000 computer networks with malware
As if the NSA doesn’t engage in enough surveillance and intelligence-gathering operations, NSA hackers have infected over 50,000 computer networks globally with specialized malware, referred to as “implants,” that were compared to “digital ‘sleeper cells’ that can be activated with a single push of a button.”
Red October 5-year cyber espionage attack: Malware resurrects itself
Kaspersky Lab discovered 'Red October,' another highly targeted cyber espionage attack that has been active since 2007. The Red October, or 'Rocra' campaign, was designed to steal—including encrypted files and from mobile devices—and has successfully infiltrated government, diplomatic and scientific agencies. The malware used in the Red October campaign includes a unique "resurrection" module that allows attackers to "resurrect" infected machines. Kaspersky identified victims from 69 countries including the six infected machines in the United States. The Russian security researchers reported that victims fall into eight categories: Government, Diplomatic / embassies, Research institutions, Trade and commerce, Nuclear / energy research, Oil and gas companies, Aerospace and Military.
New Iranian malware will wipe your data. PANIC?
Batchwiper (a/k/a GrooveMonitor) deletes drives and desktop. The Iranian CERT is sounding the alarm over another bit of data-deleting malware it's discovered on PCs in the country. It's simple, but effective. And there's no obvious connection to Gauss, Flame, or Stuxnet. In IT Blogwatch, bloggers get to the bottom of the nastiness.
Malware wars heat up: Shamoon steals, wipes and leaves PCs unbootable
Be extra careful about opening email attachments since the new Shamoon malware can do more than corrupt, destroy or delete files; it can overwrite the master boot record and leave a computer unusable. Was this what hit Saudi Aramco, the world’s largest oil company? Shamoon is in the wild now. The Guass malware installs a new font, so was the malware writer a typeface fan? Malware allegedly caused AC/DC’s Thunderstruck to blast at maximum volume in the middle of the night from Iranian nuclear facilities. Was the malware writer a heavy metal fan? Or are these uncracked mysteries merely a sign that the malware wars heating up?
Gauss malware: Nation-state cyber-espionage banking Trojan related to Flame, Stuxnet
There's a new cyber espionage malware related to Flame, Stuxnet and Duqu that Kaspersky called 'nation-state cyber-surveillance meets banking Trojan." There's also been an increase in ethically questionable, lawful intercept, cross-platform malware infections such as spyware used by government and intelligence agencies and sold by Gamma / FinFisher and the Italian Hacking Team.
HUGE Microsoft security FAIL helped Flame virus spread
The Flame (aka Flamer) virus managed to pass itself off as a legitimate Windows update package. As a result, Microsoft (NASDAQ:MSFT) has revoked some of its own digital certificates. It also appears that the malware authors employed some highly sophisticated means to cover their tracks. In IT Blogwatch, bloggers see the plot thickening.
Report: USA and Israel created Stuxnet, ordered cyberattacks against Iran
After 18 months of interviewing officials, the New York Times reported that the USA and Israel created Stuxnet before losing control of it. The George W. Bush administration began the cyber weapon program code-named Olympic Games. Then President Obama continued it and ordered increased cyberattacks against Iran.
Flame virus is mid-east cyber-broiler
Supposedly, the Flame virus is the biggest cyber-weapon yet discovered. The malware is targeting middle-eastern countries and stealing information, but who wrote it, and why? In IT Blogwatch, bloggers toss out their theories.
Transparency Grenade: Detonate cyberwar weapon to leak sensitive data
There's a new information weapon in the form of a transparent grenade. Pull the pin and the grenade detonates to capture audio and network traffic before anonymously streaming to a secure server for data mining and leaking.
Doing battle on the Information Superhighway!
I just read a timely article at networkworld.com. In her article “10 things you didn't know about cyberwarfare” , Carolyn Duffy Marsan reminded me that now more than ever the cyber realm has a high profile in conflicts the world over.