Attacks/Breaches
6/24/2014
11:05 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Dark Reading Radio: RAT Exterminators

Join us Wednesday, June 25, at 1:00 p.m. ET for a conversation with Adam Meyers, director of intelligence for CrowdStrike.

The US Department of Justice on June 2 announced Operation Tovar, a global collaborative effort to disrupt the GameoverZeuS botnet -- responsible for hundreds of millions of dollars in bank theft and fraud. Perhaps more importantly, the operation took aim at the very underpinnings of the cybercrime industry -- the infrastructure criminals use to communicate and manage their ill-gotten gains.

Operation Tovar's plan of attack: Redirect the traffic from the bots so they can't report back to C&C servers, obtain the IP addresses of the infected machines, and share those addresses to help national CERTs and private industry assist victims in removing the GOZeuS malware from their computers.

Authorities said they could disrupt GOZeuS for about two weeks... and that time has now passed.

So... how's it going? In tomorrow's episode of Dark Reading Radio, find out how successful Operation Tovar has been thus far, how cyber criminals have responded, and what happens next.

Join us Wednesday, June 25, at 1:00 p.m. ET for a conversation with Adam Meyers, director of intelligence for CrowdStrike, one of the security companies that played a key part of Operation Tovar. Register now.

Have any questions for Adam you want me to ask? Let me know in the comments below or bring them along with you to the live chat during the radio show, when you can ask him yourself.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/27/2014 | 6:14:21 PM
Re: Fascinating topic
Thanks! I will be sure to give this a listen later.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/27/2014 | 7:52:52 AM
Re: Fascinating topic
Sorry you missed the show, Ryan. But you can revisit any of our Dark Reading radio broadcasts in our show archives and here's the link to the broadcast with Adam Meyers, director of intelligence for CrowdStrike. (It was a good one!)
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/26/2014 | 10:22:19 PM
Re: Fascinating topic
Was this stored somewhere so I can listen to it now? I have always been a huge advocate of Crowdstrike and some of the amazing products they have. I am really interested in hearing this radio cast in particular. Thanks!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/24/2014 | 3:45:30 PM
Fascinating topic
Sounds like another great show Sara with a great guest. I'm looking forward to hearing the inside scoop from about Operation Tovar from CrowdStrike's Adam Meyers. 
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.