Threatpost News Wrap #5: Microsoft Vulnerabilities, DDoS Attacks

Threatpost editors Dennis Fisher and Ryan Naraine discuss the recent vulnerabilities in ActiveX controls, Microsoft’s slow response to the video control flaw and the slew of DDoS attacks against U.S. government and commercial sites. Download SHOW NOTES: MyDoom DDoS Attacks Likely Work of...

MyDoom DDoS Attacks Likely Work of Unsophisticated Attackers

The ongoing DDoS attacks that have been targeting a series of U.S. government sites as well as some commercial sites is likely not the work of any government organization and is being executed by an old piece of malware that is designed to ruin files on infected PCs rather than steal data, expert...

DDoS Attacks Cripple U.S. and Korean Sites

From The New York Times Choe Sang-Hun Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea’s main government spy agency said on...

DDoS Attacks Ongoing Against FTC, Other Sites

It looks like the distributed denial-of-service attack, once the favorite tactic of script kiddies and professional hackers alike, is coming back into favor. Attackers have been conducting an ongoing DDoS attack against the Federal Trade Commission’s main site, as well as some other government...

Green Dam 3.17 (Windows XP SP2) - URL Remote Buffer Overflow

Green Dam 3.17 Windows XP SP2 - URL Remote Buffer Overflow Green Dam remote buffer overflow exploit "Green Dam" is a software used for monitoring and anti-pornography, popularizing by Chinese goverment. After July 1st, it will be forced to install on all new Chinese PCs. Now it already has 50...

Green Dam 3.17 (URL) Remote Buffer Overflow Exploit (xp/sp2)

Exploit for windows platform in category remote exploits ============================================================ Green Dam 3.17 URL Remote Buffer Overflow Exploit xp/sp2 ============================================================ Green Dam remote buffer overflow exploit "Green Dam" is a...

A cynic's take on cyber czars and 60-day reports

On July 17, 2008, then Senator Barack Obama held a town hall meeting on national security at Purdue University. He and his panel covered issues of nuclear, biological and cyber security. I blogged about the event here and here. As part of his remarks at the event, Senator Obama stated: Every...

30,000 legit websites hit by malware infection

From The Register Dan Goodin A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday websense.com. The infection sneaks malicious...

Private sector relations should be job one for cyber security czar

Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to...

Unfixed XSS vulnerability at www.careersingovernment.com

Security researcher Rohit Bansal, has submitted on 18/05/2009 a cross-site-scripting XSS vulnerability affecting www.careersingovernment.com, which at the time of submission ranked 1960899 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Counterpoint: The need for a cybersecurity czar is real

As everyone prepares to examine the results of the Obama Administration’s cyber-security review, one of the largest issues in play remains to what extent the White House will embrace recommendations to create a Cabinet-level position to address the matter or some role superior to today’s “cyber...

Do we really need a cybersecurity czar?

The back-and-forth in Washington over who should run the cybersecurity program for the federal government has reached a fever pitch, as lawmakers, federal agencies and other interested parties jockey for position and budget dollars in the run-up to the release of the results of the Obama...

Cybercriminals in the cloud

From Forbes Charlotte Dunlap Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals. Recently, it was reported that foreign hackers broke into t...

Audit finds 700 high-risk flaws in air traffic systems

From Computerworld Jaikumar Vijayan A government audit has found more than 760 high-risk vulnerabilities in Web applications used to support Air Traffic Control ATC operations around the country. The flaws, which were discovered in 70 Web applications tied to ATC operations, give attackers a way ...

Feds should let private sector lead on cybersecurity

From SearchSecurity.com Eric Ogren The federal government has whipped itself into a frenzy on the issue of cybersecurity recently, as evidenced by the numerous competing bills in the House and Senate and the high-level wrangling over which agency should run cybersecurity. Washington certainly has...

Defense Industrial Base information-sharing program a good start

The recent flood of stories on attacks against the electrical grid, various government agencies and other portions of the critical infrastructure has renewed the calls for improvements in federal cybersecurity and, especially, information sharing between the government and the private sector on...

Microsoft develops secure Windows XP for military

Microsoft has developed an ultra-secure version of Windows XP, with many settings locked down by default. But the hardened OS isn’t for sale to the general public; it’s made specifically for the military. Microsoft built the secure version of XP a few years ago at the direction of the Air Force,...

Can someone be too connected?

There are those that would argue U.S. House Representative Pete Hoekstra is too connected. According to a recent article in a top security trade publication, Rep. Hoekstra sent tweets during his recent trip to Iraq. Some of the tweets included: “Just landed in Baghdad. I believe it may be first...

U.S. Should Play Larger Role in Securing Internet, Hathaway Says

In her much anticipated talk, acting senior director for cyberspace by President Obama, Melissa Hathaway generally reviewed what we already knew, and what has been previously reported when it comes to federal cyber security: The White House should coordinate IT security efforts; private sector...

Bad outweighs the good in Senate cybersecurity bill

The Senate bill introduced earlier this month that would make sweeping changes to the way that information security is practiced both in the federal government and the private sector has a number of good elements, but the flaws in the proposed legislation outweight the benefits, writes Steve...