blog articles under the 'General' category

WordPress is an open-source blogging platform and content management system (CMS). Since its inception in 2003, WordPress has become widely used and is very active. It is made up of more than 200,000 lines of code (written mostly in the PHP scripting language) and is used by more than 64 million websites on the Internet. Although WordPress is considered a mature platform, regular updates address serious security vulnerabilities that may be used by an attacker targeting a WordPress site.

Think back for a moment to 2003. You may recall the tragic Space Shuttle Columbia disaster, the creation of the Department of Homeland Security, or the growing hostilities in Iraq leading to Operation Iraqi Freedom. But there was also a significant event in the history of Internet security that helped to shape the current threat landscape and will continue to have an effect for years to come. I'm referring to the SQL Slammer worm, which first appeared ten years ago today.

The rapid evolution of threats targeting the Android mobile platform continued in 2Q2012. Malicious actors are beginning to use variations of existing attacks, which have historically been successful on traditional computers. Hybrid attacks are emerging that combine traditional computer and mobile threats. While the majority of Android malware is still found in unofficial third-party markets, attackers are increasingly leveraging drive-by downloads, luring victims to malicious sites using in-app advertising links, social networking profile pages, and email-borne campaigns. Similarly, recent malware uses Twitter for command and control (C2) communication. Perhaps most concerning is the high frequency of mobile malware families that use rooting (also known as jailbreaking) privilege escalation exploits. These exploits effectively grant more administrative access to malware than a typical user or device management software has.

Dell SecureWorks Counter Threat Unit (CTU) detects and disrupts Waledac/Kelihos botnet which shares patterns with previous DDoS attacks.

Carrier IQ, Inc. has received more public attention in the past 60 days than it has in the previous five years that the company has existed. The software, Carrier IQ (CIQ), is analytics software designed to improve the end user experience by providing information such as dropped calls, service coverage and software crashes to wireless providers. Recent legal action by Carrier IQ, Inc. met with reactive action by the Electronic Frontier Foundation (EFF) and has caused a recent media frenzy around privacy and disclosure issues surrounding the software.

On April 11, 2011, the Dell SecureWorks Counter Threat Unit (CTU) posted a blog entry titled 'Certificate Authorities for SSL/TLS: Crypto's weak link', which discussed some of the strains of the current Certificate Authority (CA) system for validating web site identity. The backdrop to this blog entry was the breach of Comodo and their resulting issuance of untrustworthy, but valid, certificates. In recent weeks, another CA breach has hit the news and drawn much attention...

Recently, the PCI-SSC released an Information Supplement providing guidance for compliance with the DSS in virtualized and cloud environments. Great news for anyone with virtualization within their cardholder data environment (CHDE), or who has been considering it.

On March 18, 2011, we blogged about a breach at RSA regarding the disclosure of unspecified sensitive materials related to SecurID. At the time, little information was made available as to the extent of the breach, the exact information that was compromised, or how it would affect RSA's customers.

Earlier today, Imperva publicly announced a vulnerability in their flagship SecureSphere WAF (Web Application Firewall). This issue was discovered by Sean Talbot of Dell SecureWorks and disclosed in a coordinated fashion with Imperva. We thank Imperva for their timely confirmation of our findings and the rapid deployment of patches to address the issue. Affected users are advised to patch their systems as soon as feasible. Details of the vulnerability and information regarding patches are available in our SWRX-2011-001 advisory and also in Imperva's announcement.

Between April 17 and April 19, 2011, Sony became aware that the PlayStation Network (PSN) and Qriocity user account information was compromised in conjunction with a breach into Sony’s network. These services allow users to play games with others on the Internet, make in-game purchases and stream music and movies to Sony devices. On Wednesday, April 20, PlayStation Network and Qriocity services were disabled to investigate the incident. Most alarming is the database of customer information exposed to the unknown attacker.