17 matches found
Operation Cleaver — Iranian Hackers Targeting Critical Infrastructure Worldwide
For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies,...
Using Kernel Exploits to Bypass Sandboxes for Fun and Profit
Researchers and attackers alike are quickly discovering you don’t need a fancy Java or Flash exploit to beat application sandboxes. Exploiting an unpatched kernel vulnerability in the underlying operating system, one that’s likely to stay unpatched for a long time, will do just fine. Twice this...
Attorney General Holder Announces Probe Into Cyberwar Leaks
U.S. Attorney General Eric Holder has issued an assignment to the U.S. District Attorneys to start an investigation into possible leaks of classified information, presumably by individuals within the Obama administration who recently spoke anonymously about the administration’s ties to the...
Face to Face with Duqu malware
Face to Face with Duqu malware Once again we discuss about Stuxnet, cyber weapons and of the malware that appears derivate from the dangerous virus. The international scientific community has defined a Stuxnet deadly weapon because been designed with a detailed analysis of final target environmen...
Boldizar Bencsath
Boldizar Bencsath discussed several recent targeted attacks, including Duqu, an attack he experienced firsthand. Bencsath led a small group of researchers in September 2011 in the Laboratory of Cryptography and System Security CrSyS of Budapest University of Technology and Economics, to identify...
MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
The remote host is running a version of the Windows kernel that is affected by a remote code execution vulnerability. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by trickin...
Researchers 'Convinced' Duqu Written By Same Group as Stuxnet
Researchers are fairly confident now that whoever wrote the Duqu malware also was involved in some way in developing the Stuxnet worm. They’re also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that...
Duqu Attackers Using Word Docs As Attack Vector
As the analysis of the Duqu malware continues to evolve, the picture that’s emerging is becoming more and more intriguing. The latest bits of evidence uncovered show that not only do the attackers create custom files for each individual attack, there is evidence indicating that they might have be...
Duqu malware was created to spy on Iran's nuclear program
Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT Iran's Computer Emergency Response Team Duqu is an upgraded version of "Stars". Back in April this year, The...
Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing
Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...
MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)
The remote host has an unspecified code execution vulnerability in the Win32k TrueType font parsing engine. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user...
No Fix for Duqu Bug in November Microsoft Patches?
Microsoft plans on shipping four bulletins, of which only one is rated critical, in the November edition of Patch Tuesday. But it looks doubtful that the company will issue a fix for the vulnerability discovered this week being used by the Duqu installer. The patch is set for release on Tuesday,...
Microsoft Mum On Duqu Fix In November
Microsoft said that its looking into a reported zero day vulnerability in Windows that was used by the Duqu malware to spread, but isn’t committing to a patch for the problem in time for this months scheduled update. “Microsoft is collaborating with our partners to provide protections for a...
Windows Kernel Zero Day Vulnerability Found in Duqu Installer
Windows Kernel Zero Day Vulnerability Found in Duqu Installer Duqu malware attack exploited a zero-day vulnerability in the Windows kernel, according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan. The vulnerability has since been reported to Microsoft and Microsoft i...
Duqu Installer Contains Windows Kernel Zero Day
A newly discovered installer for the Duqu malware includes an exploit for a previously unknown vulnerability in the Windows kernel that allows remote code execution. Microsoft is working on a fix for the kernel vulnerability right now. The exact location and nature of the flaw isn’t clear right...
The Mystery of Duqu: Part Two
Our investigation and research of Duqu malware continues. In our previous report, we made two points: there are more drivers than it was previously thought; it is possible that there are additional modules. Besides those key points, we concluded that unlike the massive Stuxnet infections, Duqu...
Analysis: Duqu Targets Certificate Authorities
With virus researchers scrambling to decode a new piece of malware that is based on the code of the Stuxnet worm, an analyst at McAfee is speculating that the new worm, Duqu, may have been created to target certificate authorities. Writing on McAfee’s research blog, Guilherme Venere and Peter Szo...