McAfee Founds Cyber Threat Alliance With Industry Partners

As the largest dedicated security vendor, McAfee’s goal is to help customers and consumers feel secure in the digital world. It’s certainly not simple, and it’s challenging to keep up with the bad guys. One way to do that is to match our adversaries’ aggressive drive to innovate with our own deeper commitment to collaborate with other members of the security industry.

It’s with that in mind that McAfee has joined Fortinet, Palo Alto Networks, and Symantec as cofounders of the Cyber Threat Alliance. The purpose of the alliance is to drive more effective industry-level collaboration on the analysis and eradication of cybersecurity threats, and to deliver stronger protection to individuals and organizations across all industries.

Security vendors already share threat feeds of various kinds. In fact, McAfee currently has more than 50 partners in our security research ecosystem, through which we exchange threat data or consume threat feeds. What’s different about this agreement is that Cyber Threat Alliance members will share fresher, more complete, and more actionable threat data on the complex and subtle aspects of modern threats:

  • Zero-day vulnerabilities
  • Botnet control server information
  • Mobile malware samples
  • Indicators of compromise (IoCs) related to targeted attacks

The alliance establishes a simple model through which member organizations can securely and expeditiously share threat data. This data will help members—and their customers—by bringing greater visibility into threats and techniques that they might otherwise lack.

How will this information sharing benefit McAfee customers? Customers will have access to an even broader and fresher collection of threat intelligence to improve protection. By incorporating new threat knowledge into their McAfee security infrastructure, customers will be able to protect their assets sooner and more comprehensively, despite the increasing complexity of threats.

As soon as the sharing mechanisms are in place—we expect them before the end of the year—the shared data will become part of McAfee’s back-end databases and processes that McAfee Global Threat Intelligence (GTI) uses to enhance protection. It will then be visible to all of McAfee’s network and endpoint security products through their integration with McAfee GTI.

We need to understand and be poised to react to the latest complex and multidimensional attacks of today and tomorrow. This alliance provides a critical framework for educating each other on the infrastructure and evolving tactics behind these attacks.

The post McAfee Founds Cyber Threat Alliance With Industry Partners appeared first on McAfee.

Apple patches “Shellshock” Bash bug in OS X 10.9, 10.8, and 10.7

The patched Bash shell on a system running OS X 10.9.5.
Andrew Cunningham

Apple has just released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell that we first reported on last week. Bash, which is the default shell for many Unix and Linux-based operating systems, has been updated two times to fix the Shellshock remote exploit bug, and many Linux distributions have already issued updates to their users.

When installed on an OS X Mavericks system, the patch upgraded the Bash shell from version 3.2.51 to version 3.2.53, something that users could already do manually if they were so inclined. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on your system first. An Apple representative told Ars that the company would not be releasing an individual patch for users running the current OS X Yosemite developer or public beta builds, but the rep went on to say the bug will be fixed in future builds of the software. The company previously stated that Macs "are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services." Non-jailbroken iOS devices shouldn't be vulnerable to the exploit at all.

Shellshock, in essence, allows attackers to issue commands to systems via malformed environment variables. In the case of Web servers, it can allow attackers to gain full control of the system. Exploits of the bug have already been spotted in the wild, and end users and server administrators are all encouraged to patch their systems as soon as possible.

Read 1 remaining paragraphs | Comments

Hackers Still Trying To Exploit Joomla 1.5 Vulnerability Fixed Six Years Ago

We were recently checking something in our analytics and noticed that a rather odd URL had been accessed. The URL, http://www.whitefirdesign.com/blog/?option=com_user&view=reset&layout=confirm, was for a section of our website running WordPress but the URL parameter, ?option=com_user&view=reset&layout=confirm, was for something Joomla related based on the “com_user” portion. A quick search identified that this was an attempt to exploit a vulnerability in older versions of Joomla. What is interesting about this is that the vulnerability was fixed in Joomla 1.5.6, which was released in August of 2008. Since most hacking attempt will not show up in analytics – due to them not requesting the tracking code – we were curious to see if there had been other attempts to exploit this that would show up in our access logs. We found that in the last six months there were attempts to exploit the vulnerability on 48 days. So hackers still feel there are enough Joomla website that haven’t been updated in six years to try to exploit it regularly.

There are a couple of quick takeaways from this. One is that is that if you still have websites running Joomla 1.5, for which support ended in September of 2012, you should make sure they have been upgraded to the last version, 1.5.26, and had the additional security fix applied so that they are protected against attempts to exploit any vulnerabilities in older versions. The other is that you don’t need concerned just because there has been an attempt to exploit a vulnerability on your website, considering that in this case a hacker tried to a vulnerability in very old versions of Joomla on a website running WordPress.

masscan – The Fastest TCP Port Scanner

masscan is the fastest TCP port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s...

Read the full post at darknet.org.uk