Business

1222 articles

A legacy bug in a legacy code: today’s problem

Microsoft has patched yet another bug in OLE, this time one that’s 19-years-old. While it is extremely surprising this bug hadn’t been discovered earlier, the crucial question here is the use of the underreviewed legacy code that developers have to drag along for decades.

Picturing the future to protect

Will mankind become overrun by technological and information threats while future humans’ raison d’etre would be to keep the machines going “Metropolis” or “Matrix” style? We don’t know. The future remains a product of our imagination until it comes true, while our reality is the consequence of actions.

Hotel IT security: quo vadis?

The newly disclosed Darkhotel APT campaign will surely draw increased scrutiny to hospitality systems’ security worldwide. Hoteliers acknowledge the existence of security problems in their software systems, and many are opting to move these systems into the cloud. Is this a viable solution?

BlackEnergy 2: a good set or bad deeds

Securelist has published extensive research on BlackEnergy. Initially a DDoS crimeware, it turned into a huge collection of various tools currently used in various APT-type activities, including some “significant geopolitical operations”.

The dark story of Darkhotel

Kaspersky Lab has just announced the discovery of an alarming APT campaign codenamed “Darkhotel,” targeted mainly at business executives staying at certain hotels in Asia. Luxury hotels offer not just places to stay, but also comfort and privacy. However, their cybersecurity occasionally fails.

Information Sharing: Key to Addressing Today’s Attacks

Many organizations—especially government agencies or heavily regulated businesses—are nervous about sharing this data, for fear of reprisals if information about successful attacks becomes public. And politicians and security experts say this is an issue that needs to be solved if businesses are going to have the chance to succeed.

The ups and downs of mobile threats

Every fifth Android-based device protected by Kaspersky Lab security solutions was attacked by malware at least once in 2013-2014. In 60% of the registered attacks the malware used had a “financial” nature. While there’s seemingly nothing unexpected a certain twist is present…

Critical systems and bottlenecks

A critical civilian system goes down – it’s a scenario that evokes some apocalyptic pictures of destruction and mayhem; remember, for instance, “Die Hard 4.0”? Actually this could happen with any corporate infrastructure, since all of them have certain critical systems of their own.

How a Linux bug may affect Virtual infrastructure

Linux bugs may affect or directly threaten entire virtualization infrastructures: Whatever OS is used on VMs, an attack on a hypervisor is possible from both the outside and inside, and exploitation of the dreaded Shellshock vulnerability on Linux-based hypervisors is a possibility, too.

Pikes in the lake: new bugs to keep us awake

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

How a Linux bug may affect Windows-based infrastructure

The recent developments with “big bugs” such as Heartbleed and Shellshock created a global security strain, with many questions emerging. Both bugs were open-source software-related, but indirectly they would constitute a threat to Windows-based infrastructure. In this post we review a few scenarios of an attack on mostly Windows-based network with Linux servers at certain points.