Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/22/2011
09:19 AM
Tom Parker
Tom Parker
Commentary
50%
50%

A Deep Dive Into The Latest Threats

New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it

Welcome to the Security Views blog for Dark Reading's new Advanced Threats Tech Center. This is the first of what will be an ongoing series of posts, designed to specifically focus on the analysis of threats of note, as well as the offensive and subversive technologies that are commonly associated with them.

Today, for one reason or another, the community at large places an increasing amount of focus on what many consider to be "high-end" threats. Most commonly, this has been due to three reasons: their specific targeting against organizations or individuals perceived as being tough, a high success rate (such as the formation of a comparatively large botnet), and their use of lesser known, or entirely innovative, techniques. When we see such an attack hit the AV analysis message boards, headlines, and blogs, it is often a challenge to make any sense out of the speculation and unsubstantiated grandiose theories of state sponsored acts of war and espionage.

To this end, it's my hope that this blog will feature a predominant note of objective threat analysis in a world that is often subject to much speculation and conjecture, more often than not to our detriment as a community. So who should read this blog regularly? Well, I hope you all will! I will be taking a close look at some fairly technical topics -- but always providing commentary that I hope will be of equal value, whether you are a security executive seeking to make heads from tails of a new threat to your organization, or a malware analyst looking for existing data regarding a threat of interest that you have been tasked to analyze.

Many of you with whom I have chatted or have attended my presentations at Black Hat and other conferences will know that when it comes to threat analysis, I'm big fan of data from proven analysis methodologies. Threat analysis should always be actionable, and that generally means more than gut instinct alone or sticking your finger in the wind and hoping for the best.

Differing threats often warrant different approaches to their analyses and are often contingent on the data available. Because this blog is intended to be more of a commentary on threats of note and not an exhaustive analysis of everything we see, I will, where possible, leverage many of the analysis techniques that I've spoken about (specifically in reference to my analysis of Stuxnet) during the past nine months. Where relevant I will perhaps introduce some new approaches to derive greater meaning out of the data available. Threat analysis isn't yet a precise science, but we can certainly get a lot closer by taking a hard look at the techniques we use and for which goals we are trying to use them to achieve.

Finally, I want to hear from you. If you have spotted something out in the trenches you think might be of interest or have additional data on a subject that you've seen mentioned on this blog, please feel free to send a note. Likewise, if you spot something in the press, or elsewhere, that emanates that distinct whiff of FUD -- or could be flat-out fictitious -- let me know, and I will try to take a closer look.

Please feel free to get in touch either by email at [email protected] (PGP: 0x36112650) -- or feel free to post comments with links and other discussion after blog entries.

Tom Parker is director of security consulting services at Securicon.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31769
PUBLISHED: 2021-06-21
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require autho...
CVE-2020-20469
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2020-20470
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
CVE-2020-20471
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20472
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.