Wednesday’s report about the 2014 and 2015 Office of Personnel Management (OPM) breaches showed us that unsophisticated attackers can gain access to sensitive information. The highly detailed report by the House Committee on Oversight and Government Reform lists the known evidence of how two groups conducted their CNE (computer network exploitation) operations inside the OPM network. While the…
The recently-discovered Shellshock vulnerability in the popular Unix Bash shell, also known as Bashdoor, has been labeled a black swan event – that is, a “hard-to-predict and rare event beyond the realm of normal expectations”. Patches are being feverishly rolled out even as these lines are written. And security analysts are decrying the unique danger of a vulnerability rooted so deeply in the veteran OS, which has left yet-unknown applications and components exposed to attack.
In case you missed it, Fast flux is back. This time it’s in the newest variant of the infamous Gameover ZeuS botnet, which has apparently been revived following a massive international takedown in early June this year. In case you’ve forgotten, Fast flux is a veteran technique used by botnet operators to hide malware and phishing sites by rapidly changing DNS records.