Tag Archives: Exploit

Consumer AVs And Exploit Prevention

Targeted attacks exploiting endpoint vulnerabilities are becoming more and more common and increasingly aggressive.

For this reason I could not help but notice the last report from NSS Labs dealing with the capability of 13 consumer grade AV products, to protect against two critical Microsoft vulnerabilities (CVE-2012-1875 and CVE-2012-1889). The successful exploitation of these critical vulnerabilities could result in arbitrary remote code execution by the attacker leading to very harmful consequences for the victim, such as, for instance, to make it become part of a botnet. Unfortunately a very common scenario in these troubled days.

read more

January 2012 Cyber Attacks Timeline (Part 1)

Click here for part 2.

New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January. This month has been characterized so far by the leak of Symantec Source Code and the strange story of alleged Cyber Espionage revolving around it. But this was not the only remarkable event: chronicles tell the endless Cyber-war between Israel and a Saudi Hacker (and more in general the Arab World), but also a revamped activity of the Anonymous against SOPA (with peak in Finland). The end of the month has also reserved several remarkable events (such as the breaches to T-Mobile and Zappos, the latter affecting potentially 24,000,000 of users). In general this has been a very active period. For 2012 this is only the beginning, and if a good beginning makes a good ending, there is little to be quiet…

read more

Advanced Persistent Threats and Security Information Management

Advanced Persistent Threats are probably the most remarkable events for Information Security in 2011 since they are redefining the infosec landscape from both technology and market perspective.

I consider the recent shopping in the SIEM arena made by IBM and McAfee a sign of the times and a demonstration of this trend. This is not a coincidence: as a matter of fact the only way to stop an APT before it reaches its goal (the Organization data), is an accurate analysis and correlation of data collected by security devices. An APT attack deploys different stages with different tactics, different techniques and different timeframes, which moreover affect different portion of the infrastructure. As a consequence an holistic view and an holistic information management are needed in order to correlate pieces of information spread in different pieces of the networks and collected by different, somewhat heterogeneous and apparently unrelated, security devices.

read more

Mobile Warfare

It has been recognized that mobile technologies have had a significant impact on the events that occurred in North Africa. In my opinion, their impact was so impressive that I refer to them with the term of “mobile warfare” indicating with this term the fact that they are going to play a crucial role in the (let us hope fewer and fewer) wars of the future.

read more

L’Androide Minacciato Alla Radice

Questa mattina, il buongiorno non ce lo porta l’aroma di caffè e un bel croissant al burro, ma l’ennesima nota di Lookout che segnala l’ennesimo malware per il mai troppo cagionevole Androide. La minaccia viene ancora dall’Estremo Oriente, ed in particolare dalla Cina che si conferma terra ostica per la salute virtuale del Sistema Operativo di Mountain View (mi verrebbe da dire che l’Androide è proprio sensibile alla Cinese).

read more

Non C’è Pace Per l’Androide

Non c’e’ dubbio, le facili previsioni che davano l’Androide al centro dei problemi di sicurezza per il 2011 hanno centrato l’obiettivo.
Non sono passate che poche ore dall’annuncio di un proof of concept per trasformare l’Androide in un telefono zombie e già nel web rimbalzano i cinguettii di una nuova grave vulnerabilità nel browser fornito di default che rende possibile il furto di informazioni sensibili da parte di un malintenzionato.

read more