SPECIAL COMMUNICATION AND INFORMATION SECURITY STATE SERVICE

COMPUTER EMERGENCY
RESPONSE CENTER

Report Incident

News

Password Policy: You Are Doing It Wrong (When 2^56 Becomes 2^42)
11 Feb 2013

Password Policy: You Are Doing It Wrong (When 2^56 Becomes 2^42)

They say the road to hell is paved with good intentions. This is often the case with non-standard password policies. About a month ago I visited my "favorite airplane company" website, and ...

Microsoft to Quash 57 Vulnerabilities in February
9 Feb 2013

Microsoft to Quash 57 Vulnerabilities in February

On Thursday, as part of the ritual of advance notification, Microsoft announced its plans to address 57 security vulnerabilities within Windows, Internet Explorer, and Office. Of the 12 bulletins that ...

Oracle's Java Patch Shipped with Additional Vulnerabilities
8 Feb 2013

Oracle's Java Patch Shipped with Additional Vulnerabilities

Oracle isn’t having a good month as far as PR and security is concerned. Adam Gowdiak, a researcher in Poland with Security Explorations, says that Oracle’s recent patch for Java contains not one, ...

Researchers Attack TLS, DTLS Protocol Vulnerability
6 Feb 2013

Researchers Attack TLS, DTLS Protocol Vulnerability

Two researchers have uncovered a new vulnerability in the Transport Layer Security (TLS) and Datagram TLS (DTLS) protocols that allow attackers to recover plaintext from a TLS/DTLS connection when ...

Eugene Kaspersky: Definition Of 'Cyberwar' In Flux, Threat Of Cyber Weapons Underestimated
4 Feb 2013

Eugene Kaspersky: Definition Of 'Cyberwar' In Flux, Threat Of Cyber Weapons Underestimated

Kaspersky Lab's CEO is on a mission to save the world from cyber-war. And along the way, if he can stop those cyber-criminals, that's a bonus.

Anatomy of an Attack: ESET Uncovers How Trojan Stole Login Credentials of Over 16,000 Facebook Users
30 Jan 2013

Anatomy of an Attack: ESET Uncovers How Trojan Stole Login Credentials of Over 16,000 Facebook Users

ESET, the leader in proactive protection against Internet threats with a 20 year history, has discovered a social engineering trojan horse. The piece of malware was managed to steal the login ...

Cross-Site Scripting Attacks Up 160% in Final Quarter of 2012, Reveals FireHost
30 Jan 2013

Cross-Site Scripting Attacks Up 160% in Final Quarter of 2012, Reveals FireHost

64 million cyberattacks blocked by secure cloud hosting company in 2012 London, UK – January 29, 2013 — Secure cloud hosting company, FireHost, has today announced its Q4 2012 web application ...

Red October - Indicators of Compromise and Mitigation Data
19 Jan 2013

Red October - Indicators of Compromise and Mitigation Data

On January 14, 2013, Kaspersky Lab announced the discovery of “Red October”, a high-level cyber-espionage campaign that has been active for over 5 years.

Flaws in NASA’s GSFC Site Allowed Hackers to Bypass Firewalls, Steal Information.
15 Jan 2013

Flaws in NASA’s GSFC Site Allowed Hackers to Bypass Firewalls, Steal Information.

German hacker D35m0nd142 has identified a couple of vulnerabilities on the website of NASA’s Goddard Space Flight Center (GSFC) that could have been leveraged by cybercriminals to cause some serious ...

The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
15 Jan 2013

The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies

Here's a link to the full paper (part 1) about our Red October research. During the next days, we'll be publishing Part 2, which contains a detailed technical analysis of all the known modules. Please ...

Petition Seeks to Legalize DDoS Activities
12 Jan 2013

Petition Seeks to Legalize DDoS Activities

Anonymous is petitioning the White House to legalize DDoS, urging them to recognize it as a legitimate means of protest. But based on the number of signatures so far, it seems as though few people ...

New Android Malware Steals Personal Data
8 Jan 2013

New Android Malware Steals Personal Data

Symantec has identified new malware targeting Google Android devices that collects personal data.