blog trackingRealtime Web Statistics Confirms | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘confirms’

Postal Service confirms security breach, Chinese government hackers reportedly suspected

Postal Service confirms security breach, Chinese government hackers reportedly suspected

Chinese government operatives reportedly are suspected of hacking the U.S. Postal Service, in a security breach that may have compromised personal information for more than 800,000 workers. The breach was announced Monday, as President Obama arrived in Beijing. The Postal […]

For more information go to, http://www., or

View full post on National Cyber Security

Congressman confirms high-level U.S.-Israel spat over Iran

WASHINGTON (Reuters) – Israeli Prime Minister Benjamin Netanyahu blew up at the U.S. ambassador last month because he was “at wit’s end” over what he sees as the Obama administration’s lack of clarity on Iran’s nuclear program, a U.S. congressman who was at the meeting said. House Intelligence Committee Chairman Mike Rogers, a Republican, made […]

For more information go to, http://www., or

View full post on National Cyber Security

Senate confirms privacy oversight board nominees, but leaves out chairman

Mark Rockwell Top Priority Sector:  federal_agencies_legislative Image Caption:  Sen. Patrick Leahy (D-VT) Before it left for its summer recess, the Senate confirmed four nominees to the Privacy and Civil Liberties Oversight Board (PCLOB), but failed to confirm a committee chairman, in a move that could hobble the board’s work. Congress created the PCLOB in 2004, […]

View full post on The Cyber Wars

Senate confirms privacy oversight board nominees, leaves out chairman

Mark Rockwell Top Priority Sector:  federal_agencies_legislative Image Caption:  Sen. Patrick Leahy (D-VT) Before it left for its summer recess, the Senate confirmed four nominees to the Privacy and Civil Liberties Oversight Board (PCLOB), but failed to confirm a committee chairman in a move that hobbles the board’s work. Congress created the PCLOB in 2004, on […]

View full post on The Cyber Wars

Queen’s Speech Confirms Government Snooping Plans Still In Place

View full post on News ≈ Packet Storm

View full post on National Cyber Security

Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan

Security firm Kaspersky Lab today weighed in on the Flashback Trojan controversy, confirming that the flaw likely infected more than half a million Macs.

In a blog post, Kaspersky Lab expert Igor Soumenkov said the firm analyzed the latest variant of the botnet – dubbed Flashfake – to try and nail down where the infected computers resided and how many were affected.

“We reverse engineered the first domain generation algorithm and used the current date, 06.04.2012, to generate and register a domain name, ‘,’” Soumenkov wrote. “After domain registration, we were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots.”

Kaspersky’s analysis saw more than 600,000 unique bots connect to its servers in less than 24 hours, using a total of 620,000 external IP addresses. More than 50 percent came from the United States.

That’s in line with Wednesday data from anti-virus firm Doctor Web, which said that about 550,000 Macs were likely infected by the Java flaw, known as the Flashback Trojan.

Approximately 300,917 of the active bots were located in the U.S., followed by 94,625 in Canada, 47,109 in the U.K., and 41,600 in Australia, Kaspersky said. A smaller number of devices in France, Italy, Mexico, Spain, Germany, and Japan were also affected.

Soumenkov said Kaspersky could not confirm or deny that all the bots were running Mac OS X, but the firm was able to get a “rough estimation” using passive OS fingerprinting techniques.

“More than 98 percent of incoming network packets were most likely sent from Mac OS X hosts,” he wrote. “Although this technique is based on heuristics and can’t be completely trusted, it can be used for making order-of-magnitude estimates. So, it is very likely that most of the machines running the Flashfake bot are Macs.”

Yesterday, Apple issued a second update to address this issue, though it did not appear to be too in depth.

Security experts are suggesting that Mac users, particularly those on older versions of OS X, update their software as soon as possible. For the technically inclined, F-Secure also has instructions on how to locate a Flashback infection.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source:,2817,2402715,00.asp?kc=PCRSS05079TX1K0000992

View full post on National Cyber Security

Symantec confirms Adobe Reader exploits targeted defence companies

Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.

“We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview Wednesday.

Symantec mined its global network of honeypots and security detectors – and located email messages with attached malicious PDF documents – to come to that conclusion.

The inclusion of defense contractors was not unexpected.

Yesterday, when Adobe warned Reader and Acrobat users that hackers were exploiting a “zero-day” bug on Windows PCs, it credited Lockheed Martin’s security response team and the Defense Security Information Exchange (DSIE), a group of major defense contractors that share information about computer attacks, with reporting the vulnerability.

The DSIE is composed of companies that are also part of what the federal government calls the “Defense Industrial Base,” or DIB. Among the DIB’s members are some of the country’s largest defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrup Grumman, Pratt Whitney and Raytheon.

Symantec found attack emails dated 1 November and 5 November, 2011.

It also published an image of a redacted email of the attack’s bait – the promise of a 2012 guide to policies on new contract awards – that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The message’s subject heading read, “FY12 XXXXX Contract Guide,” and the body simply stated, “FY12 XXXXX contract guide is now available for all contractors of XXXXX. The new guide contains update information of XXXXX policy on contract award process.

Opening the attached attack PDF also executed the malicious code – likely malformed 3-D graphics data – hidden in the PDF, compromising the targeted PC and letting the attacker infect the machine with malware.

That malware, Talbot said, was identical to what was used in early 2010 by hackers exploiting a then-unpatched bug in Microsoft’s Internet Explorer 6 (IE6) and IE7.

Symantec labeled the malware “Sykipot” last year.

“It’s not overly sophisticated,” said Talbot. “It’s a general-purpose backdoor. One of the interesting things about it is that it does use a form of encryption of the stolen information, which helps the attack hide what information is stolen.”

Sykipot encrypts the pilfered data after it has been retrieved from the victimised firm but while it is still stored on the company’s network, as well as when it’s transmitted to a hacker-controlled server.

Those command-and-control (CC) servers are still operating, Talbot said.

Because of the similarities – using Sykipot, which isn’t widely in play, and exploiting zero-day vulnerabilities – Symantec suspects that the same group of hackers who launched the attacks against IE6 and IE7 last year were also responsible for the Reader-based attacks seen last month.

Microsoft patched the IE6 and IE7 vulnerability on 30 March, 2010, in an emergency, or “out-of-band,” update.

Although Symantec found evidence of only the early-November attacks, Talbot said he wouldn’t be surprised if the criminals fired off another information-stealing campaign between now and next week, when Adobe promised to patch the bug in Reader and Acrobat 9.x on Windows, the versions that have been exploited in the wild.

Talbot declined to specify the geographic location of the Sykipot CC servers, or speculate on the origin of the Reader exploits.

Adobe will patch the Windows versions of Reader and Acrobat 9.x by the end of next week, and has promised to deliver fixes to Reader and Acrobat 9.x to Mac and Unix users, and to Reader and Acrobat 10.x for all platforms, next month.

Symantec has shipped detection signatures for the rogue PDFs to its customers, said Talbot.

Article source:

View full post on National Cyber Security » Computer Hacking

Pentagon Confirms Military Action Is an Acceptable Response to Cyber-Attacks

The ability to launch military strikes against cyber-attackers will deter perpetrators considering attacking the United States via cyber-space, the Pentagon said in a report sent to Congress.

View full post on homeland cyber – Yahoo! News Search Results

View full post on National Cyber Security

Vexira Antivirus Test and Review Confirms it’s Ideally Suited to Protect School Districts from Malware, Spyware and …

K-12 school districts nationwide are finding Vexira Antivirus to be an affordable, easy to manage yet powerful malware, spyware and virus protection solution

Medina, OH (PRWEB) November 11, 2011

Central Command Inc., an award winning provider of malware, spyware and virus protection solutions for enterprises, businesses and schools, announced today that Moulton Independent School District in Texas has selected Vexira Antivirus after its comparative test and review of competing products.

Moulton Independent School District in Moulton, Texas is highly regarded among the school districts in Texas. It prides itself in preparing its students to be successful and productive young adults.

“We tested and reviewed many different products before standardizing on Vexira Antivirus for our school district. It was clear after our test and review of Vexira Antivirus that it is ideally designed and built to protect our district’s computers from viruses, spyware and malware infections. It’s highly configurable central management gives our tech staff the ability to tailor the malware protection policies precisely. I would recommend Vexira Antivirus to any school district looking for top notch virus, spyware and malware protection,” said Mark Shafer, Technology Coordinator, Moulton ISD.

Vexira Antivirus is an award-winning next generation malware, spyware and virus protection solution designed to protect desktops, laptops, netbooks and servers contained within a network with both proactive and reactive malware, spyware and virus defenses.

“Vexira Antivirus is purpose-built to defend large scale, widely dispersed networks commonly found within K-12 schools and other large organizations,” said Keith Peer, CEO, Central Command, Inc.

All Vexira solutions share the same underlying technology that protects against malware, spyware and viruses to ensure consistent protection regardless of the operating system being used.

About Central Command: Central Command, Inc., founded in 1990, is a privately held corporation that serves enterprises, businesses, schools, universities, and colleges with malware, spyware and virus protection solutions. Visit Central Command at, or call 1 888-583-9472 for more information.

Central Command and Vexira are trademarks of Central Command, Inc. All other trademarks, trade names, and products referenced herein are property of their respective owners.


Mike Stone

Director of Sales

Central Command, Inc.


1 888-583-9472 Ext. 802


Mike Stone
Central Command, Inc.
330-723-2062 802
Email Information

Article source:

View full post on National Cyber Security » Spyware/ Cyber Snooping

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Valve confirms Steam user forums and database hacked

It turns out that the recent Steam forum breach is more serious than originally thought. Head of Valve Gabe Newell issued a statement today apologizing for the inconvenience and confirming that, along with the forums, the Steam database had been compromised.

View full post on hacking tools – Yahoo! News Search Results

View full post on National Cyber Security

Page 1 of 212»

My Twitter

Gregory D. Evans On Facebook