Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article, no one had connected the dots and linked them all together.
Dubbed “Darkleech,” thousands of Web servers across the globe running Apache 2.2.2 and above are infected with an SSHD backdoor that allows remote attackers to upload and configure malicious Apache modules. These modules are then used to turn hosted sites into attack sites, dynamically injecting iframes in real-time, only at the moment of visit.
Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Further, the attackers employ a sophisticated array of conditional criteria to avoid detection:
- Checking IP addresses and blacklisting security researchers, site owners, and the compromised hosting providers;
- Checking User Agents to target specific operating systems (to date, Windows systems);
- Blacklisting search engine spiders;
- Checking cookies to “wait list” recent visitors;
- Checking referrer URLs to ensure visitor is coming in via valid search engine results. Read More »
Tags: apache, apache darkleech compromise, apache module injection attacks, Cisco Security, cisco sio, SSHD backdoor, TRAC
“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”
This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.
Read More »
Tags: advisories, CVSS, cybersecurity, exploits, incident response, malware, psirt, security advisories, security advisory, security notice, security notices, security top of mind, vulnerability
Today, many encrypted networks use insecure cryptography. Attackers exploiting weak cryptography are nearly undetectable, and the data you think is secure is less safe every day. Legacy encryption technology can’t keep up with current advances in hacking and brute force computing power. Additionally, legacy solutions are increasingly inefficient as security levels rise, and perform poorly at high data rates. In order to stay ahead of this challenge, encryption needs to evolve.
Read More »
Tags: 1105 Media, crypto, cryptography, David McGrew, encryption, Mike Danseglio, NGE, security
With the industry’s drive toward personal and wearable devices, soon people will be walking around with smart glasses, watches, phones, and even shoes. Not to mention they’ll be driving networked cars.
In the future, the task of securing your personal network will become increasingly difficult, which creates a new frontier to the threat landscape, one that is certainly personal. How are people expected to secure all these devices in their everyday personal network? How will we be protected while walking around a crowded shopping mall, admiring koalas at the zoo, or boogieing down in a busy nightclub? Who will combat this emerging threat?
Read More »
Tags: IPS, security, wearable computing
Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March Madness bracket. Productivity in many offices drops significantly as employees search and watch videos to see how their bracket picks are progressing. At Cisco, we have an open policy and employees can watch and search the scores of their favorite teams. Watch this video posted by CNN where Kip Compton, Cisco’s Video Collaboration Group CTO, talks about March Madness.
A few things to keep in mind:
- Legitimate business sites may have vulnerabilities that allow a hostile site to deliver malware.
- In most drive-by downloads, the victim is willing to dismissively click pop-ups and warnings as they navigate to the desired content. In this case, users may just click on pop-ups or ads to watch videos about their favorite team.
- Most drive-by downloads can be prevented by keeping software up to date. Read More »
Tags: Cisco Security, cisco sio, crimeware, dns, exploit kit, java vulnerability, malware, march madness, XSS