Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Stuxnet

Microsoft hands out more Duqu fixes despite prior patch

May 08, 2012

Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
 

Duqu variant uncovered

March 23, 2012

The year's first variant of the notorius W32.Duqu, a trojan that seems intended for cyber war, has been discovered by Symantec researchers.
 

The not-so-advanced persistent threat

Johannes Ullrich, chief research officer, SANS Institute January 24, 2012

Hacker groups Anonymous and LulzSec have made a name for themselves by scanning large organizations until they find the one weak system ready to be exploited. You can prevent an attack.
 

Hard target: The APT scenario

January 03, 2012

Stealthy, targeted attacks are real -- as evidenced by operations such as Shady RAT and Stuxnet -- and there isn't a one-size-fits-all remedy to deal with them.
 

Thirteen patches from Microsoft, including Duqu fix

December 13, 2011

Tuesday's baker's dozen of security patches from Microsoft includes a fix for a vulnerability that helped spread the dangerous information-stealing Duqu trojan, which targets industrial control systems.
 

Duqu perpetrators wipe command servers of evidence

December 01, 2011

On Oct 20, just two days after researchers released details about the Duqu malware, its creators scrubbed all the files from their command-and-control servers in an effort to conceal their identity.
 

Duqu detection kit released

November 11, 2011

The Hungary-based research lab responsible for detecting the Duqu trojan has released a toolkit to find traces of the trojan on a computer or in a whole network.
 

Part Two: Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 09, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Microsoft releases four security patches, one critical

November 08, 2011

Microsoft on Tuesday patched one "critical" vulnerability, plus three other less-severe flaws. Not patched, as expected, is a bug related to the Duqu trojan.
 

The security industry that cried wolf

Lysa Myers, director of research, West Coast Labs November 04, 2011

The security industry, and the media that covers it, would be better served focusing on the tried-and-true motives for cybercrime, not conspiracy theories.
 

Microsoft issues workaround for Duqu malware

November 04, 2011

Microsoft issued a temporary fix for a vulnerability in the Windows kernel used to spread Duqu, the so-called "son of Stuxnet" trojan.
 

Microsoft security update addresses four flaws, not Duqu

November 03, 2011

Microsoft is prepping four security bulletins for its November update, though it is not expected to provide a fix for the zero-day flaw used to spread Duqu.
 

Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 02, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the first article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Duqu trojan spreads through 0-day Microsoft bug

November 01, 2011

A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
 

Duqu underscores trouble AV industry has in stopping threats

October 21, 2011

The slowness by which an offspring of Stuxnet was discovered may be further proof that attackers have a significant leg up on the security community.
 

New malware appears carrying Stuxnet code

October 18, 2011

A sibling of one of the most complex and potentially menacing computer worms ever created has impacted roughly five Europe-based manufacturers of industrial control systems, security researchers said Tuesday.
 

SCADA system safeguards

September 01, 2011

Stuxnet demonstrated that even isolated physical networks could be hacked.
 

Stuxnet: The way we were

David Harley, ESET senior research fellow June 27, 2011

The way we were is too much like the way we are: There is no way I will ever say there is no way.
 

Security concerns of computer automation and control: Where to start?

Cristiano Cafferata, systems engineer, SonicWALL June 20, 2011

A four-step industry model can be effective in defending control systems against adversaries.
 

Still scared for SCADA?

David Harley, ESET senior research fellow June 20, 2011

The sky hasn't fallen, but we can never again write off infrastructure attacks as science fiction.
 

Stuxnet: Paradigms lost and paradigms regained

David Harley, ESET senior research fellow June 13, 2011

The assumption that the next Stuxnet will be somehow similar but not the same could be seriously misleading.
 

CIPAV: Spy(ware) versus Spy(ware)

David Harley, ESET senior research fellow May 05, 2011

Good viruses and trojans? Legal malware? Does (or should) AV detect the FBI's spyware?
 

"Stars" worm targets systems in Iran, official says

April 25, 2011

On the heels of the Stuxnet worm, Iran officials say they have discovered a new piece of malware also designed to sabotage government systems.
 

Despite threats, security not enough of priority at utilities

April 19, 2011

Critical infrastructure providers have been slow to respond to an increasing number of threats targeting industries such as power, oil, gas and water, according to a new report.
 

Life after Stuxnet: Infrastructure safeguards

April 01, 2011

The cyberattack last summer on Iran's nuclear facilities has upped the ante for decision-makers in charge of critical infrastructure and enterprise networks, reports Greg Masters.
 

I am Comodo hacker, Iranian claims

March 28, 2011

A lone Iranian hacker claimed responsibility over the weekend for an attack on Comodo, a company that issues digital SSL certificates used by websites to validate their identity to visitors.
 

U.S. government warns of SCADA flaws

March 23, 2011

The U.S. government's ICS-CERT has issued alerts for four software products used to control hardware appliances at industrial facilities.
 

Embedded in danger: Web-enabled devices

March 01, 2011

Name a device and, chances are, it soon will have the capability to connect to the internet, if it does not already. Yet, with this web enablement comes a slew of risks for the enterprise.
 

Has cyberwar happened? Interview with Mikko Hypponen, chief research officer of F-Secure

February 23, 2011

Mikko Hypponen, chief research officer of F-Secure, distinguishes among cyberwar and everything else, explains why the anti-virus industry failed when it came to detecting and preventing Stuxnet, discusses why critical infrastructure is at major risk to attack and reveals how he tracked down the authors of the first PC virus, which turns 25 years old this year. SC Magazine Executive Editor Dan Kaplan spoke with Hypponen following a media luncheon at the RSA Conference in San Francisco.
 

What Stuxnet means for the process industry

Eddy Willems, security evangelist, G Data Software February 09, 2011

Governments and process control firms must work together to prevent highly sophisticated malware, such as Stuxnet, from spreading.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws