How dangerous is it? It is an inherent Linux glibc vulnerability. RedHat is discussing it on their articles page – has the CVE number 2015-0235 https://access.redhat.com/articles/1332213 It is nicknamed “Ghost” due to the ghostbyname() function calls in the glibc library, specifically: “GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the … Read more
Yes you knew it would happen, Jan 28 is International Day of Privacy Day https://blog.mozilla.org/blog/2015/01/27/get-smart-on-international-data-privacy-day/ Of course it has many meanings from authoritative sources: http://en.wikipedia.org/wiki/January_28 or http://www.on-this-day.com/onthisday/thedays/alldays/jan28.htm this may be the most useful historical event I can see: 1973 – CBS-TV debuted “Barnaby Jones” on January 28. ————————————————————————— Yes my belief that we create days … Read more
Snowden documents lead to Regin and malware. http://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667 The malware seems to be related to the QWERTY keylogger found in the Snowden documents. The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents. Here is a blog post on the analysis of the QWERTY keylogger to the Regin … Read more
Killer Malware… what does it mean? When is it coming? It means a distributed spam network (hard to blacklist) (as John Stewart from Cisco mentioned http://oversitesentry.com/john-stewart-cisco-security-exec-interviewed-by-bloomberg/ ) A Zero-day malware included in well written (targeted) spam. Like the Flash vulnerability that just came out. https://nakedsecurity.sophos.com/2015/01/23/adobe-issues-emergency-fix-for-flash-zero-day/ And then we come to the “Killer” part, Ransomware … Read more
Cisco Chief Security and Trust Officer John Stewart discusses cybersecurity threats on “Bloomberg West.” (Source: Bloomberg) http://www.bloomberg.com/video/will-companies-change-cybersecurity-strategies-k5cirOKjQeaeHPB0upsCFg.html Interesting conversation (only a few minutes): Experience only 25 years so far (Internet Cyber security) Where does the gap need to be closed (the board versus operations communications and understanding) The spam delivery mechanism changed the game last … Read more
