About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Researchers have found a new vulnerability in the SMB2 protocol in Windows Vista and Windows 7 that enables an attacker to remotely crash vulnerable machines. There is proof-of-concept exploit available for the vulnerability, as well.
The Apache Software Foundation last week was the victim of a serious network attack in which a number of its Web servers and other machines were compromised by attackers who were able to gain root privileges and jump from machine to machine. The incident was embarrassing and a serious problem for the foundation, but instead of making excuses and hiding behind the veil of confidentiality, Apache officials have published the gory details of the attack.
The group of hackers alleged to have broken into the networks of a string of companies, including TJX, Hannaford and Heartland Payment Systems, were in no hurry once they worked their way into the companies’ systems. In fact, they had plenty of time to do their dirty work, in some cases sitting inside the networks and stealing data for as long as a year.
Dennis Fisher talks with Alex Howard, associate editor of Searchcompliance.com, about the burden compliance places on security staffs, the growing tide of breach notification laws and the misunderstandings surrounding the Rockefeller bill and the Internet kill switch.
There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008.
There is exploit code circulating for a newly discovered vulnerability in the FTP service of Microsoft IIS, a flaw which could enable an attacker to run his own code on a remote server. The flaw mainly affects older versions of IIS, Microsoft’s Web server product, but the existence of a working exploit and the popularity of IIS make the vulnerability a serious concern.
The powers that be in Washington are not known for getting things done quickly, and the current power vacuum in information security in the capital is a painful case in point. The well-documented failure to find a coordinator to oversee security for the country is only one piece of the puzzle, and as time continues to pass with no help on the horizon, those in the know are growing increasingly restless and discouraged by the process.
Officials at MicroSolved, the security services company that was involved in the penetration test that set off concerns about malware-infected CDs being sent to credit unions, have posted a detailed explanation of the technique and how it turned into a national news story.
The main site of the Apache Software Foundation was compromised on Friday through an attack using a compromised SSH key, leading to concerns about the integrity of copies of the hugely popular Apache Web server, which is distributed through the Apache.org site.
Dennis Fisher talks with Amit Yoran, former director of the National Cyber Security Division at DHS and CEO of NetWitness, about state-sponsored attacks, federal cybersecurity and the changing nature of security threats.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
