Infosec Weekly Radar, January 2 – 8, 2012

online_news

phew what a week! We used to summarize what we have on the information security news in four to five articles but this week we have more to share, the first one is about security software company Symantec.

Hacker group threatens to release Symantec AV source code

Symantec old Anti-Virus source code stolen by an Indian group of hackers, this incident is very critical for a security company  as this may affect customers and trusting their product, if hackers have the source code of any application this will help them to find new zero-days in the product without alerting the company.

So for malware editors this can be a good news but if the product in the end of sale I hope that most users apply best practices by upgrading their applications to latest versions.

http://www.computerworld.com/s/article/9223190/Hacker_group_threatens_to_release_Symantec_AV_source_code

100 Million user name and passwords leaked out from China

This article covers a big breach on Chinese websites massive leak of online user information including China’s most popular online shopping, micro blogging, social networking and gaming websites.

“CSDN.net has issued a public apology, urging its users to immediately change their passwords. Sina Weibo said the rumored 4.76 million list of Sina Weibo accounts were not from the company’s files, as Sina encrypts all its passwords.” According to the article

http://english.caixin.com/2011-12-29/100344138.html

Bootkit Threat Evolution in 2011

Eset published an interesting analyses about 2011 evolution of bootkit with comparison of most stealthy malwares such as TDL4, ZeuS and zeroaccess rootkits.

“The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular”

http://blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2

Bloggers Bypass Russian Military Rocket Factory Security, Post Pictures Online

Another article about physical security breach where bloggers have managed to take pictures for very sensitive Russian military rocket motor factory.
“Lana Sator, a blogger, entered state rocket-maker Energomash’s plant with a group of friends on five separate occasions without being caught once. She managed to take nearly 100 pictures of the plant’s control room, its roof, and hardware in an engine-fuel testing tower.”

http://www.dailytech.com/Bloggers+Bypass+Russian+Military+Rocket+Factory+Security+Post+Pictures+Online/article23644.htm

30 Pakistan government Sites goes down !

“Indian Hacking Group Indishell claiming to hack and Bring down 30 Pakistan government websites, Including  Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address.”
http://thehackernews.com/2012/01/30-pakistan-government-sites-goes-down.html

Ramnit Goes Social

Ramnit is a financial malware that is now targeting social network on this week it has been reported to steal about 45K Facebook accounts.

“Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report [PDF] estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.”
http://blog.seculert.com/2012/01/ramnit-goes-social.html

Enter_at_your_own_Risk Cyber Awareness Magazine, January edition

The last up is the new release of the hackernews magazine Enter_at_your_own_Risk Cyber Awareness January edition where you can find several valuable contributions from a bunch of popular information security bloggers.
http://news.thehackernews.com/THN-Jan2012.pdf

Share
You can leave a response, or trackback from your own site.