Operation Windigo Victimizes cPanel, kernel.org, and 25k Servers

Mar
18

Security researchers at the Antivirus company ESET collaborated with CERT-Bund, the Swedish National Infrastructure for Computing and other agencies to uncover a widespread attack that has been named "Operation Windigo". Among the 25,000 Unix and Linux Servers compromised were well known organizations cPanel and kernel.org.

Posted By Ken Walling read more

Microsoft Security Advisory (2934088) Vulnerability in Internet Explorer Could Allow Remote Code Execution

Feb
27

Microsoft has issued a security advisory for a zero-day exploit which was first identified in January and recently used in attacks against users of the US Veterans of Foreign Wars official site, as well as a decoy site for the French aerospace association GIFAS.

Posted By Ken Walling read more

Apple Releases Critical Patches For iOS and Mac Software To Fix SSL Implementation

Feb
25

Apple Released major critical updates to iOS and Mac OS X software, fixing issues with their implementation of SSL (Secure Sockets Layer) which could lead to MITM (Man-In-The-Middle) attacks against their users. Updates can be easily applied in the normal way through "Software Update" or can be manually downloaded.

iOS update released 21 February, 2014:
http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US

Posted By Ken Walling read more

Adobe Flash Zero-Day Exploit Drops PlugX Remote Access Tool

Feb
21

Adobe has released a patch out of their normal patch release cycle to address three critical vulnerabilities in their Flash Player software, including removing a vulnerability being used by a zero-day exploit which drops PlugX, a remote access tool which can be used by an attacker to maintain covert access of a victim's compromised system. Update APSB14-07 should be applied as soon as possible to Windows and Linux systems that have Adobe Flash Player installed.

Posted By Ken Walling read more

One Malware Scanner is not Enough

Feb
15

I decided to put up a quick post for folks who might not be up to date on the malware (malicious software) arms race. This isn't really anything new - but some of you may not be familiar with the reality of getting virus programs, and other malware, off of your computers.

Posted By Ken Walling read more

CIO Brief: Cyber Attack Destroys Data on 32K Computers in South Korea

Mar
25

Approximately 32,000 financial and media industry computers were infected by an attack in South Korea last Wednesday.  Originally, it was thought that the IP address of origin was Chinese.  But as per a BBC report, the IP address was configured on a server at the Nonghyup Bank, which was one of the banks hit in the attack.  In other words, the attack seems to have come from within. Another thing to consider is this:  the attacks were very successful at destroying data and bringing down systems.

Posted By Ken Walling read more

Customers Can't Trust Vendors to Act Responsibly

Mar
21

A back door has been discovered in theTP-Link TL-WDR4300 dual band WiFi router. This is a popular SOHO class router with a major problem that the vendor seems to be ignoring. Sekurak, a Polish Security group, reportedly reached out to TP-Link several times (out of a professional courtesy that shows a responsible blend of full disclosure and caution), but received no reply.

Posted By Ken Walling read more

23 FEB 13 Cyber-Warfare and China

Feb
23

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

NYTimes Article of interest: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied...

Posted By Ken Walling read more

Linux Firewall Presentation at SIG

Feb
23

CyberCede will be hosting a presentation on setting up a basic host-based firewall on a Debian based Linux server with Netfilter and iptables on the 23rd of February, 2013, at 1PM EST. The presentation will be given at the hacker/maker space in Syracuse.

Check out the Meetup page for more details: http://www.meetup.com/Syracuse-Innovators/

Posted By Ken Walling read more

Education

CyberCede conducts learning seminars and presentations at the Syracuse Innovator's Guild (SIG) free of charge. Donations are accepted to help support SIG, which is a non-profit corporation dedicated to maintaining a hacker/maker space for members, and offering training and education to the public at large.

You can find out more about SIG at their website: http://www.sig315.org

Join their Meet-Up Group at http://www.meetup.com/Syracuse-Innovators

Pages

Subscribe to CyberCede Corporation RSS