Paper: Dylib hijacking on OS X

Patrick Wardle shows how OS X is also vulnerable to once common Windows attacks.

A few years ago, DLL hijacking on Windows was really hot, despite the fact that the concept had been discussed by none other than the NSA as far back as 1998.

Many applications load dynamic link libraries (DLLs) without specifying a path name to indicate where the library is to be found in the operating system. When such a path name is absent, the operating system looks for the DLL file in a number of well-defined directories. An attacker could thus 'hijack' the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first.


Will DIME eventually replace email?

Protocol has all the advantages of email, yet is orders of magnitude more secure.

In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email is broken. After all, a lot of email is still flowing over the Internet unencrypted, and even if encryption is used for email delivery, that still leaves the mail servers as weak points that have access to unencrypted emails.

Using PGP to encrypt emails could solve some of these issues, but PGP leaks some important metadata. Moreover, more than 20 years after PGP was invented and more than 20 months after Snowden started leaking NSA slides, PGP's user base remains extremely small. Most crypto experts agree that it is time for the protocol to die and that they wished they could uninstall it.


Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.

Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.

In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.


The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.

Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was discovered in 2010, used a number of zero-day vulnerabilities to reach its target: air-gapped Windows PCs at the Natanz nuclear plant in Iran. Most prominent among these was CVE-2010-2568, which allowed an attacker to execute remote code through a specially crafted .LNK file.

The vulnerability could be triggered by plugging an infected USB drive into a vulnerable PC, thus allowing an attacker to bridge air gaps. Researchers from Kaspersky have since found that the same exploit was used by the 'Equation Group' even before Stuxnet.


VB Conference

VB2015 Prague, 30 Sept - 2 Oct 2015: Covering the global threat landscape The VB conference is a major highlight of the security calendar, with many of its regular attendees citing it as the IT security event of the year. The 25th Virus Bulletin International Conference (VB2015) takes place 30 September to 2 October 2015 at the Clarion Congress Hotel, Prague, Czech Republic.

Previous VB conference delegates said:

‘Organization of the conference was flawless. I really appreciate that the talks were kept strictly on time.’


All but three of the 16 full solutions submitted for this month's test achieved a VBSpam award, and six of them achieved a VBSpam+ award. | Read more...


The latest VB100 comparative on the evergreen Windows 7 resulted in a pleasingly high success rate with just a few products failing to make the grade for certification. | Read more...

Date Event Location
Apr 13 - 14 The Cyber Security Show 2015 London, UK
Apr 13 - 14 NCSC One Conference The Hague, The Netherlands
Apr 14 - 15 EBCG Cyber Security Summit Financial Sector: Fortify your Ability to Counter Dynamic Attacks Prague, Czech Republic
Apr 14 - 15 EBCG Cyber Security Summit Industrial Sector: Intensified Protective Measures Prague, Czech Republic
Apr 16 - 17 AltSecCon Halifax, NC, Canada
Apr 20 - 24 RSA Conference 2015 San Francisco, CA, USA
Apr 22 - 24 Commonwealth Cybersecurity Forum 2015 London, UK
Apr 21 - 24 Cyber Intelligence Asia 2015 Manila, Philippines
Sept 30 - Oct 2 VB2015 Prague, Czech Republic
Oct 05 - 07 VB2016 Denver, CO, USA


virusbtn:New Paper: Dylib hijacking on OS X, by @patrickwardle, speaking on this topic at #CanSecWest right now
Thu Mar 19 17:38:13

virusbtn:As a final reminder, the #VB2015 Call for Papers closes in a little over twelve hours.
Fri Mar 13 21:38:18

virusbtn:New blog: Will DIME eventually replace email?
Thu Mar 12 15:55:38

virusbtn:New Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks, by @goretsky
Thu Mar 12 13:58:23

Jobs Recruit Sidebar