An Iranian cyber-group has launched espionage campaigns using customized malware against United States defense companies, FireEye researchers said. The group, with the name Ajax Security Team, is behind an ongoing series of attacks against both U.S. defense companies as well as individual Iranians who attempt to bypass the Iranian government’s Internet censors, FireEye said in a report…
DetailsThis week FireEye announced both its quarterly results and the acquisition of nPulse, a network forensics tool. I was critical of FireEye’s Mandiant acquisition for one billion dollars mostly because they stressed the endpoint product, not the accretive revenue from Mandiant’s vaunted breach response services. (Taking into account today’s stock price of FEYE the Mandiant…
DetailsAt the bottom of yesterday’s post on General Alexander’s extended interview with The Australian Financial Review, Glenn Greenwald appended: “The release date for my book on the NSA, privacy, and our reporting of the surveillance story, No Place to Hide, is next Tuesday, May 13, at which time all of the previously unpublished NSA documents…
DetailsThe list of top executives at Target who have been ousted because of the massive breach late last year has now extended to its President and CEO, Gregg Steinhafel. Target’s Chief Financial Officer John Mulligan will serve as interim CEO. This is the biggest impact on a major corporation’s C-suite since the blood bath at CSX…
DetailsWindows XP users should immediately apply Microsoft’s out-of-band patch addressing the critical flaw in Internet Explorer because attackers are specifically targeting users on the older operating system, FireEye researchers warned. The zero-day vulnerability in Internet Explorer, disclosed by Microsoft on Saturday and fixed Thursday, affected all versions of Internet Explorer, from IE 6 to IE…
Details“Should I change my password?” “OK, I changed my password, now I’m secure, right?” Media reports over the past month certainly heightened security awareness and drove the public to sit up, pay attention, and do “something.” What that something is, depends on the guidance people heard, the importance of the service they are using and what…
DetailsAcademia is acquiring an interest in cyber education on many fronts. Not likely to crank out cyber warriors at anywhere close to the rate needed to meet current demand, they are nonetheless anxious to participate in a real trend. De Montfort University’s Cyber Security Centre in Leicester, England offers undergrad, graduate, and PhD degrees in…
DetailsMicrosoft released an out-of-band patch today for an Internet Explorer zero-day flaw, which was already being exploited in the wild. Surprisingly, Microsoft opted to release a patch for Windows XP, which officially ended support earlier this month. Microsoft disclosed the zero-day vulnerability (CVE-2014-1776) in all versions of Internet Explorer, from IE 6 to IE 11,…
DetailsWhen it comes to penetration testing, it’s a fact that many organizations will engage third party consultants to perform the service. The reasons why this is so aren’t hard to understand: doing penetration testing well requires a specialized set of skills and tools, and keeping those resources and tools at an acceptable skill/performance level (to…
DetailsHere we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.” The fact that a zero day in IE6 through…
Details