GovInfoSecurity
Compliance
Compliance Twitter Get Permission
Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that can be used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.
Authoritative DNS servers are the final holder of the IP of a domain, responsible for providing details about specific websites to DNS servers, including information on domain names and IP addresses. The security researchers, Giovane C. M. Moura, Sebastian Castro, John Heinemann and Wes Hardaker, note the flaw affects DNS resolvers, which play a key role in converting web links to IP addresses in authoritative DNS servers.
Get Permission
The Cybersecurity and Infrastructure Security Agency has issued an alert providing more details on the threat posed by FiveHands ransomware attacks.
The CISA alert, which follows one issued last week by FireEye s Mandiant research team, describes the ransomware gang s methods and offers risk mitigation tips. Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware and the SombRAT remote access Trojan, to steal information, obfuscate files and demand a ransom from the victim organization, CISA says. Additionally, the threat actors used publicly available tools for network discovery and credential access.
Series of Attacks
FireEye said it observed an attack group using FiveHands in extortion incidents during January and February. The group has mainly targeted small and midsized businesses in telecommunications, healthcare, construction, engineering, food and beverage, education, real estate and other sectors, the
Get Permission
Researchers at Trend Micro have uncovered a new cryptocurrency stealer variant that uses a fileless approach in its global spam email distribution campaign to evade detection.
The gang behind the malware, dubbed Panda Stealer, starts with emails that appear to be business quote requests to entice recipients to open malicious Excel files, Trend Micro says.
Researchers found that the malware, a modification of Collector Stealer, has targeted victims in the United States, Australia, Japan and Germany.
Infection Chains
Trend Micro identified two infection chains. One uses an .XLSM attachment that contains macros that download a loader, which then downloads and executes the main stealer.
LinkedIn
The goal of a software security program is not to find security vulnerabilities; it is to find and fix security vulnerabilities. If you’ve got flaw details describing the vulnerabilities in your code, but don t have the context needed to address them – you don’t have what you need to lower your risk of breach. It s like getting an x-ray, and then only receiving the radiologist s report with no context or guidance from a doctor. You ve got all the details, but don t know what to do with them. At the end of the day, you can’t scan your way to secure code, and software security programs need to move beyond descriptive into prescriptive. Ultimately, there’s only one group that can fix vulnerabilities in code – the development team.
LinkedIn
The goal of a software security program is not to find security vulnerabilities; it is to find and fix security vulnerabilities. If you’ve got flaw details describing the vulnerabilities in your code, but don t have the context needed to address them – you don’t have what you need to lower your risk of breach. It s like getting an x-ray, and then only receiving the radiologist s report with no context or guidance from a doctor. You ve got all the details, but don t know what to do with them. At the end of the day, you can’t scan your way to secure code, and software security programs need to move beyond descriptive into prescriptive. Ultimately, there’s only one group that can fix vulnerabilities in code – the development team.