One of the key infection methods for the Stuxnet worm was hard-coded to stop working on June 24, removing one of its techniques for propagation. Researchers say that the date, which is found in coded form in the worm’s instructions, is nearly three years to the day from the date that the first version of Stuxnet was seeded.
Security researchers have come across a new worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm’s infection rates are dropping at this point and it doesn’t seem to be part of a targeted attack campaign.
Bank robbers have a clear motivation for their crimes: money. It’s there for the taking; all you have to do is get to it. But there are a lot of inherent risks involved with robbing banks, and, as a new study shows, not a great deal of return. And yet people keep robbing banks. In cybercrime, the motivation is the same, the rewards are huge and the risk of being caught is far lower. So the question is, why isn’t cybercrime worse?
There is a line of thinking that pervades and pollutes the discussions of many sporting events, and it goes something like this: “You can’t let LeBron James/Derek Jeter/Lionel Messi beat you. You have to force someone else to beat you.” It’s a flawed strategy for a number of reasons, but it’s even more problematic when you realize that this same mentality could be applied to information security.
Software failures were behind 24 percent of all the medical device recalls in 2011, according to data from the U.S. Food and Drug Administration, which said it is gearing up its labs to spend more time analyzing the quality and security of software-based medical instruments and equipment.
One of the attackers who has been targeting Syrian anti-government activists with malware and surveillance tools has returned and upped the ante with the use of the BlackShades RAT, a remote-access tool that gives him the ability to spy on victims machines through keylogging and screenshots.
The number of compromised sites detected each month by Google’s antimalware and anti-phishing systems has been dropping rather steadily from a peak of more than 300,000 in early 2009 and is now down around 150,000. However, the company’s statistics also show that the number of outright malicious attack sites is back on the rise.
New evidence suggests that a Web site hosting software updates for life saving medical equipment was the victim of a massive SQL injection attack and may have been redirecting visitors to a site serving up attacks and malicious software for months before the company became aware of the compromise.
A little known United Nations body, The International Telecommunications Union (ITU), is quietly making moves that would give that U.N. and its 192 member-states increased control of the Internet according to a report in the Wall Street Journal.
In case you thought that the mass exodus of researchers from TippingPoint’s Zero Day Initiative in recent months meant that the demand for third-party vulnerability markets was waning, fear not. Several former members of the ZDI team have come back together to form a new firm called Exodus Intelligence that will have its own vulnerability purchasing program, among other offerings.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
