Information Security in Today's Digital Culture
Header

For those in the oil and gas industry or others with any type of SCADA devices (e.g. electric, water, sewer), we have received numerous notifications on the Havex Trojan. To date we have not supported any incidents involving this threat, but TRUE does understand the challenges Industrial Control Systems present to these organizations. The days …
Read more

In light of the recent Target event, there has been an uptick in activity around malware that specifically targets Point of Sale systems. The most common ones that seem to be referenced are the following: BlackPOS: Affects Windows-based Point of Sale systems. The attack essentially sits in between the card reader and the POS application. …
Read more

If you haven’t heard about it by now, let me clue you in: Java is a security nightmare. A few days ago, a zero-day exploit for Java 7 became widely-known. The exploit bypasses Java 7’s security sandbox and permits attackers to download and execute code without user interaction. The attack is already available in Metasploit …
Read more

On Stuxnet Adaptation

March 21st, 2012 | Posted by Andrew Ridings in Malware | Terrorism - (0 Comments)

With the recent focus on Stuxnet due to the CBS 60 Minutes Special: Stuxnet: Computer worm opens new era of warfare and the 60 Minutes Overtime special Stuxnet copycats: Let the hacking begin, aired earlier this month, I was reminded of the extent our nation’s critical infrastructure is at risk from cyber attack. Andrew RidingsAndrew …
Read more

Well, that didn’t take long. As of Thursday, an MS12-020 PoC (the Remote Desktop Protocol vulnerability) is in the wild. Looks like one of Microsoft’s MAPP partners leaked some test code. This PoC code only causes a Blue-Screen-of-Death, so the damage is limited to a denial-of-service. It won’t be long until the bad guys figure …
Read more