Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/22/2011
09:19 AM
Tom Parker
Tom Parker
Commentary
50%
50%

A Deep Dive Into The Latest Threats

New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it

Welcome to the Security Views blog for Dark Reading's new Advanced Threats Tech Center. This is the first of what will be an ongoing series of posts, designed to specifically focus on the analysis of threats of note, as well as the offensive and subversive technologies that are commonly associated with them.

Today, for one reason or another, the community at large places an increasing amount of focus on what many consider to be "high-end" threats. Most commonly, this has been due to three reasons: their specific targeting against organizations or individuals perceived as being tough, a high success rate (such as the formation of a comparatively large botnet), and their use of lesser known, or entirely innovative, techniques. When we see such an attack hit the AV analysis message boards, headlines, and blogs, it is often a challenge to make any sense out of the speculation and unsubstantiated grandiose theories of state sponsored acts of war and espionage.

To this end, it's my hope that this blog will feature a predominant note of objective threat analysis in a world that is often subject to much speculation and conjecture, more often than not to our detriment as a community. So who should read this blog regularly? Well, I hope you all will! I will be taking a close look at some fairly technical topics -- but always providing commentary that I hope will be of equal value, whether you are a security executive seeking to make heads from tails of a new threat to your organization, or a malware analyst looking for existing data regarding a threat of interest that you have been tasked to analyze.

Many of you with whom I have chatted or have attended my presentations at Black Hat and other conferences will know that when it comes to threat analysis, I'm big fan of data from proven analysis methodologies. Threat analysis should always be actionable, and that generally means more than gut instinct alone or sticking your finger in the wind and hoping for the best.

Differing threats often warrant different approaches to their analyses and are often contingent on the data available. Because this blog is intended to be more of a commentary on threats of note and not an exhaustive analysis of everything we see, I will, where possible, leverage many of the analysis techniques that I've spoken about (specifically in reference to my analysis of Stuxnet) during the past nine months. Where relevant I will perhaps introduce some new approaches to derive greater meaning out of the data available. Threat analysis isn't yet a precise science, but we can certainly get a lot closer by taking a hard look at the techniques we use and for which goals we are trying to use them to achieve.

Finally, I want to hear from you. If you have spotted something out in the trenches you think might be of interest or have additional data on a subject that you've seen mentioned on this blog, please feel free to send a note. Likewise, if you spot something in the press, or elsewhere, that emanates that distinct whiff of FUD -- or could be flat-out fictitious -- let me know, and I will try to take a closer look.

Please feel free to get in touch either by email at [email protected] (PGP: 0x36112650) -- or feel free to post comments with links and other discussion after blog entries.

Tom Parker is director of security consulting services at Securicon.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.