Perimeter
3/22/2011
09:19 AM
Tom Parker
Tom Parker
Commentary
50%
50%

A Deep Dive Into The Latest Threats

New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it

Welcome to the Security Views blog for Dark Reading's new Advanced Threats Tech Center. This is the first of what will be an ongoing series of posts, designed to specifically focus on the analysis of threats of note, as well as the offensive and subversive technologies that are commonly associated with them.

Today, for one reason or another, the community at large places an increasing amount of focus on what many consider to be "high-end" threats. Most commonly, this has been due to three reasons: their specific targeting against organizations or individuals perceived as being tough, a high success rate (such as the formation of a comparatively large botnet), and their use of lesser known, or entirely innovative, techniques. When we see such an attack hit the AV analysis message boards, headlines, and blogs, it is often a challenge to make any sense out of the speculation and unsubstantiated grandiose theories of state sponsored acts of war and espionage.

To this end, it's my hope that this blog will feature a predominant note of objective threat analysis in a world that is often subject to much speculation and conjecture, more often than not to our detriment as a community. So who should read this blog regularly? Well, I hope you all will! I will be taking a close look at some fairly technical topics -- but always providing commentary that I hope will be of equal value, whether you are a security executive seeking to make heads from tails of a new threat to your organization, or a malware analyst looking for existing data regarding a threat of interest that you have been tasked to analyze.

Many of you with whom I have chatted or have attended my presentations at Black Hat and other conferences will know that when it comes to threat analysis, I'm big fan of data from proven analysis methodologies. Threat analysis should always be actionable, and that generally means more than gut instinct alone or sticking your finger in the wind and hoping for the best.

Differing threats often warrant different approaches to their analyses and are often contingent on the data available. Because this blog is intended to be more of a commentary on threats of note and not an exhaustive analysis of everything we see, I will, where possible, leverage many of the analysis techniques that I've spoken about (specifically in reference to my analysis of Stuxnet) during the past nine months. Where relevant I will perhaps introduce some new approaches to derive greater meaning out of the data available. Threat analysis isn't yet a precise science, but we can certainly get a lot closer by taking a hard look at the techniques we use and for which goals we are trying to use them to achieve.

Finally, I want to hear from you. If you have spotted something out in the trenches you think might be of interest or have additional data on a subject that you've seen mentioned on this blog, please feel free to send a note. Likewise, if you spot something in the press, or elsewhere, that emanates that distinct whiff of FUD -- or could be flat-out fictitious -- let me know, and I will try to take a closer look.

Please feel free to get in touch either by email at darkreading@rooted.net (PGP: 0x36112650) -- or feel free to post comments with links and other discussion after blog entries.

Tom Parker is director of security consulting services at Securicon.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?