VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned … Читать далее

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets … Читать далее

R.I.P. root9B? We Hardly Knew Ya!

root9B Holdings, a company that many in the security industry consider little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year. Founded in 2011 as root9B Technologies, the company touted itself … Читать далее

Microsoft to Offer Standing Bug Bounty

Microsoft said today it will pay up to $100,000 to security researchers who find and report novel methods for bypassing the security built into the latest version of the company’s flagship operating system. Researchers who go the extra mile and can also demonstrate a way to block the new attack method they’ve reported can earn … Читать далее

How to Break Into Security, Miller Edition

For this fifth edition in a series of advice columns for folks interested in learning more about security as a craft or profession, I interviewed Charlie Miller, a software bug-finder extraordinaire and principal research consultant with Accuvant LABS. Probably best known for his skills at hacking Apple‘s products, Miller spent five years at the National … Читать далее

NSA on Computer Network Attack & Defense

I spent the past few days in Mexico City participating in the annual meeting of the Honeynet Project, an international group dedicated to developing and deploying technologies that collect intelligence on the methods malicious hackers use in their attacks. The event brought in experts from around the globe, and our hosts — the National Autonomous … Читать далее

Zeus Attack Spoofs NSA, Targets .gov and .mil

Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack. According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal … Читать далее