Perimeter
3/22/2011
09:19 AM
Tom Parker
Tom Parker
Commentary
50%
50%

A Deep Dive Into The Latest Threats

New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it

Welcome to the Security Views blog for Dark Reading's new Advanced Threats Tech Center. This is the first of what will be an ongoing series of posts, designed to specifically focus on the analysis of threats of note, as well as the offensive and subversive technologies that are commonly associated with them.

Today, for one reason or another, the community at large places an increasing amount of focus on what many consider to be "high-end" threats. Most commonly, this has been due to three reasons: their specific targeting against organizations or individuals perceived as being tough, a high success rate (such as the formation of a comparatively large botnet), and their use of lesser known, or entirely innovative, techniques. When we see such an attack hit the AV analysis message boards, headlines, and blogs, it is often a challenge to make any sense out of the speculation and unsubstantiated grandiose theories of state sponsored acts of war and espionage.

To this end, it's my hope that this blog will feature a predominant note of objective threat analysis in a world that is often subject to much speculation and conjecture, more often than not to our detriment as a community. So who should read this blog regularly? Well, I hope you all will! I will be taking a close look at some fairly technical topics -- but always providing commentary that I hope will be of equal value, whether you are a security executive seeking to make heads from tails of a new threat to your organization, or a malware analyst looking for existing data regarding a threat of interest that you have been tasked to analyze.

Many of you with whom I have chatted or have attended my presentations at Black Hat and other conferences will know that when it comes to threat analysis, I'm big fan of data from proven analysis methodologies. Threat analysis should always be actionable, and that generally means more than gut instinct alone or sticking your finger in the wind and hoping for the best.

Differing threats often warrant different approaches to their analyses and are often contingent on the data available. Because this blog is intended to be more of a commentary on threats of note and not an exhaustive analysis of everything we see, I will, where possible, leverage many of the analysis techniques that I've spoken about (specifically in reference to my analysis of Stuxnet) during the past nine months. Where relevant I will perhaps introduce some new approaches to derive greater meaning out of the data available. Threat analysis isn't yet a precise science, but we can certainly get a lot closer by taking a hard look at the techniques we use and for which goals we are trying to use them to achieve.

Finally, I want to hear from you. If you have spotted something out in the trenches you think might be of interest or have additional data on a subject that you've seen mentioned on this blog, please feel free to send a note. Likewise, if you spot something in the press, or elsewhere, that emanates that distinct whiff of FUD -- or could be flat-out fictitious -- let me know, and I will try to take a closer look.

Please feel free to get in touch either by email at darkreading@rooted.net (PGP: 0x36112650) -- or feel free to post comments with links and other discussion after blog entries.

Tom Parker is director of security consulting services at Securicon.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.