Welcome to Process-info.org library

Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.

Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.

It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.

The Latest News

15 latest global news related to computer security

October 1, 2014 3:09:00 AM CEST

Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.


October 1, 2014 3:09:00 AM CEST

Trojan-Spy:W32/FinSpy.A – Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.


September 30, 2014 6:23:00 PM CEST

Survey shows the cost of security breaches are on the rise – The year since our previous Global Information Security Survey won't go down as one of the better years for information security. In fact, it may go down as one of the most grueling.The payment card breaches hitting Target and Home Depot have been massive and the number of victims tallied in the hundreds of millions. The data breach bleed doesn't seem to ever let up. Most recently, nationwide sandwich shop Jimmy John's issued a breach notification. It's certainly not only payment cards that are getting hit hard, either. Healthcare services provider Community Health Systems Inc. reported theft of 4.5 million patient records over this past summer.CSOs and their security teams were also forced to contend with many serious software vulnerabilities throughout the year. For instance, just last week, the news of the Shellshock vulnerability, the name given to a flaw found within the very widely used GNU Project's shell known as Bash, put many enterprises on notice. Because of the number of apps and devices that use Bash, the Shellshock vulnerability could very well surpass the year's previous most pressing vulnerability, Heartbleed, which was a flaw found in the way previous versions of OpenSSL encrypted data traffic between a client and a server. The attack vector in the Community Health Systems Inc. breach was attributed to Heartbleed.With that as the backdrop of the 12th annual Global State of Information Security Survey 2015, conducted by PricewaterhouseCoopers and CSO, some of the results were to be expected, while others are quite surprising. For instance, if all of these attacks and high profile vulnerabilities have a bright side, it's that the board of directors at large companies continue to increase the amount of attention they pay to IT security. No surprise there. What is a surprise however is that IT security spending is down broadly by 4% yar over year.Respondents this year also say that they are detecting more breaches this year over last. The more than 9,700 security, IT, and business executives who participated in the survey reported that the number of incidents that they're detecting climbed to 42.8 million this year, an increase of 48%. ccording to the report authors, the compound annual growth rate of incidents detected annually increased 66% dring the past six years.The financial losses associated with those breaches are also (mostly) up, and trend (generally) by company size. Interestingly, small business reported that the cost of security related incidents is down 37% fr them. Midsized organizations witnessed a more moderate bump, at 25%, hile large companies experienced the largest increase. They're seeing a rise of 53% i security incident related costs. "Larger companies tend to have more regulatory costs associated with data breaches, and are liable to have more records compromised," says Mike Rothman, an analyst at the IT security market research firm Securosis. "I think that is driving a lot of the cost differential," he says.Bigger data, smaller budgetsWhile security budgets may be down generally, interest in leveraging security analytics is not. Roughly 64% o respondents reported using big data analytics as part of their security programs. And of those that do use security data analytics, 55% sid that it has helped them to detect more incidents.Industry analytics aren't so sure how deep the benefits actually go. At least not yet. Javvad Malik, security Analyst at The 451 Group, says that he doubts many enterprises are harvesting much for their efforts. "This is just getting started at most organizations," Malik says. "Security information and event managers are collecting thousands of alerts a day, so the art is trying to make sense of it all. This is where big data platforms can help. But right now most CSOs are going to their vendors and asking how the data tools they have can help with that," Malik says."When people use the term big data security analytics, they could mean anything from traditional log management and queries to Hadoop to cloud services," says Rothman. "There are a lot of companies looking at how they can improve their security analytics in those ways, but how many are doing it in a way that is impacting operations? Not many. How many are spotting security events that they wouldn't otherwise know about, even less," says Rothman.While promising, if the experts are correct, security analytics certainly holds promise for the future, but it's too soon to expect a payoff. So security data analytics certainly doesn't account for the broad drop in security budgets. In fact, with vulnerabilities and threats rising, as well as numerous big name and big impact breaches in the news throughout the year, one would expect security investments to have risen, not fallen or remained essentially flat. But that's what the report found. Small companies are reporting that they reduced security investments by 20%, hile midsized and large companies have bumped their budgets by a near statistically flat 5%.Why is this? It could be largely because information security budgets are beginning to blend into operations budgets as cloud computing initiatives begin to take root. "A greater adoption of cloud computing for enterprise applications and projects is the first reason," says Brian Honan, CEO at Dublin, Ireland-based BH Consulting. "This is moving many large IT projects away from being solely IT budget items to co-shared items with business units," he says. "We may also have witnessed a higher than usual investment in previous years in IT due to companies spending money in IT as the global economy started to recover," says Honan.The numbers support this line of reasoning. In the previous year, which looked at 2013 spending, survey respondents reported increasing IT investments a whopping 40% ad lifting information security spend by a jaw-dropping 51%. hat looks like latent demand from the recession, to be sure. Unfortunately, we've yet to see a corresponding drop in publicly disclosed data breaches or in their associated costs. But there's always hope next year will be different.


September 30, 2014 4:19:00 PM CEST

Cisco, Oracle find dozens of their products affected by Shellshock – Cisco Systems and Oracle are hard at work identifying networking and other products in their portfolios that are affected by the critical Shellshock vulnerability.The Shellshock vulnerability and several related ones found over the past week stem from errors in how the Bash command-line interpreter for Unix and Linux systems parses strings passed to it by external scripts. The flaws allow attackers to trick certain processes running on vulnerable machines to pass malicious strings to Bash that would then get executed as commands on the underlying OS.Security researcher Rob Fuller has put together a collection of Shellshock proof-of-concept exploits gathered from various sources. The most well-known attack vectors are through Web servers that run CGI scripts and through SSH (Secure Shell) daemons, although other applications that interact with Bash are also potential targets.Cisco has identified 71 products so far that are exposed to the vulnerability. These products serve various purposes, including network application, service and acceleration; network content and security; network management and provisioning; routing and switching; unified computing; voice and unified communications; video, streaming, TelePresence and transcoding.The number of Cisco products vulnerable to Shellshock and related bugs far exceeds the 38 confirmed not to be vulnerable. The company is reviewing an additional 168 products and hosted services, so the list of vulnerable products is likely to increase."The impact of this vulnerability on Cisco products may vary depending on the affected product because some attack vectors such as SSH, require successful authentication to be exploited and may not result in any additional privileges granted to the user," Cisco said in its advisory.Oracle is also in the process of identifying which of its products are vulnerable. So far the company has released Shellshock patches for nine products: Oracle Database Appliance 12.1.2 and 2.X; Oracle Exadata Storage Server Software; Oracle Exalogic; Oracle Exalytics; Oracle Linux 4, 5, 6 and 7; Oracle Solaris Operating System 8, 9, 10 and 11; Oracle SuperCluster; Oracle Virtual Compute Appliance Software and Oracle VM 2.2, 3.2 and 3.3.An additional 42 products use Bash in at least one of their versions and are likely to be vulnerable to Shellshock, Oracle has found. No patches are currently available for those products. Four other products are currently being investigated to determine if they're using vulnerable Bash versions."Oracle has not assessed the impact of this vulnerability against products that are no longer supported by Oracle," the company said in its advisory.Other vendors with products built on top of Linux, whether those are hardware appliances, SCADA platforms, specialized servers or embedded devices, are likely to release Shellshock patches in the near future.The overall impact of the Shellshock vulnerability and the related Bash bugs is hard to quantify given the ubiquitous nature of this basic component in the Unix and Linux world and the fact that all Bash versions going back to 1993 are likely vulnerable. The multiple attack vectors only add to the complexity of determining which systems are at risk.


September 30, 2014 3:43:44 PM CEST

Breaches in corporate network protection: access control – In almost any company the IT security department faces two priority tasks: ensuring that critical systems operate continuously and reducing the risk of attacks on the corporate network.


September 30, 2014 3:07:00 PM CEST

Need help? Microsoft Stores offer free tech support, PC tune-ups, malware removal – Windows users without a hefty dose of technical knowledge always have a tough time getting help. If you don't have a geeky friend handy, PC problems often mean dragging your computer down to the Geek Squad or local PC shop, where you'll be charged a crazy amount of money to have malware removed or speed up a slowing PC.No more!If you live near a Microsoft Store some of the peskiest PC problems can now be fixed in-person for free. Microsoft's retail locations recently started offering their Windows-focused answer to Apple's Genius Bar: the Answer Desk.Longtime Windows users may remember the name Answer Desk as a website that debuted in 2011, offering live 24/7 technical support. The Microsoft Store's Answer Desk is an extension of that original service.But instead of getting help online, you can now bring your virus-laden PC into the Microsoft Store and the retail outlet will fix it for free, as Lifehacker points out. It also doesn't matter if you bought your PC at the Microsoft Store, Best Buy, or Staples. If it runs Windows, Microsoft will try and fix it.Currently, Microsoft's free tier at the in-person Answer Desk includes extended diagnostics on any device, software repair or support, virus and malware removal, and PC tune-ups for improving performance.If your problem is a little more severe, Microsoft will charge $49 to help with warranty issues, hardware upgrades/installations, app installs, Windows 8.1 upgrades/installs, data backup migration, and OneDrive setup across all your devices.Okay, so maybe Microsoft is still gouging PC users a little bit--almost $50 to set up OneDrive, really?--but it's not nearly as bad as you'll find at other places. Best Buy's Geek Squad, for example, will charge $200 just to remove viruses and spyware from your PC via an in-store drop off. And some of those premium tech support areas--such as OneDrive setup--are free if you buy a new PC from the Microsoft Store.Even if you're not a Microsoft Store shopper, the next time you have a problem with your PC that no one else can help you with, consider scheduling an appointment with the Microsoft Store's Answer Desk.


September 30, 2014 2:52:00 PM CEST

Likes of Apple Pay may make smaller banks more vulnerable – Many banks with less than $50 billion in assets have a problem that payment systems like Apple Pay will make even more attractive to exploit, a team of security researchers says.By altering electronic-transfer files before they are uploaded to the national transaction clearinghouse, criminals can redirect funds to accounts they control and make off with millions of dollars at a clip, according to researchers at TrustCC, a consultancy specializing in financial institution IT security.They presented their findings at (ISC)� Security Congress 2014. Also on Network World:Home Depot, Target breaches exploited Windows XP flaw |Bot-herders can launch DDoS attacks from dryers, refrigerators, other Internet of Things devices The problem is that many banks and credit unions place these sensitive files on their corporate LANs before uploading them to the Automated Clearing House (ACH), a commercial network that processes a variety of financial transactions. That leaves them vulnerable to hackers who have successfully infiltrated the LAN.While the attack isn't common yet, it could become moreso as consumers shift from traditional magnetic-strip credit cards to more secure chip-and-pin credit cards and alternative payment systems such as Apple Pay. These more secure method will mean more work for professional hackers, say TrustCC researchers Andy Robbins and Brandon Henry.When that happens, criminals may seek to steal directly from banks because they will present easier targets with larger potential payoffs per compromise, they say. "Then banks are a pretty juicy target," he says.TrustCC researcher Brandon HenryVictims of the attack the researchers describe would be among the roughly 4,000 banks and credit unions in the U.S. that have less than $50 billion in assets considered small banks. Larger banks that actually control the vast majority of funds involved in ACH transfers use an architecture that doesn't expose the same vulnerability, Henry says.But in smaller banks, batch files in ACH format are generally created in secure core networks. At the end of the day these files are shifted to shares on the corporate LAN to be reviewed by persons on the institutions' accounting teams. Once approved, these files are sent to ACH.The flaw in the system is that ACH files are often left as shares for some period of time. If hackers can access them before the person in accounting, they can alter them, Henry says.The accountants verify what is known as the 10-digit file control record, the sum of the routing numbers in the folder. So the hacker code would alter the relevant numbers to divert the transfer to thieves' accounts and recalculate the folder's control record so it corresponds to contents of the altered folder. If automated, the process takes about a tenth of a second using 35 lines of Python code. "It's so painfully simple any competent programmer could put this together in a day," he says.These fraudulent transfers can easily go unnoticed for 24 hours, he says, but even if it's a shorter period it's certainly long enough for the criminals to shift the funds again and make them impossible to recover.Before the exposed batch folders can be altered, though, hackers first have to break into bank LANs and gain enough privileges to access the shares that contain them. Robbins says in his penetration-testing experience hackers can escalate to domain administrator in financial institutions about half the time using phishing in combination with other common hacking methods. Once they've done that they can almost always find ACH folders, he says.The researchers have come up with a proof-of-concept of this hack they say they've presented it to various financial institution associations and to NACHA which manages development and administration of ACH. After two months of responsible disclosure, they've decided to publicly reveal it. Recently they have been in touch with NACHA and they feel some progress is being made toward fixing the problem.One way to address the problem is to encrypt all transaction files before they come out of the secure core network, Henry says. If that can't be done, the ACH system and the means to electronically send funds should be replaced.All access to these files should be logged and write access to these files should be prohibited by machines outside the core network, he says.Robbins admitted that the largest of banks those that account overwhelmingly for the monetary value of total transactions upload transfers electronically directly from their core banking networks.Some smaller banks outsource their core networks to outsourcers but still expose ACH files to their business networks, he says. Sometimes the outsourcers place their core networks on the bank's corporate LAN.


September 30, 2014 2:08:00 PM CEST

Welcome to the age of pervasive supercomputing – Human beings tend to take incremental change in stride. For example, the loaf of bread that was 50 cents a few decades ago that now costs $3 isn't a big deal to us because the price rose gradually and steadily year by year. What we aren't adapted for is exponential change. Which explains why we tend to be taken by surprise by developments that involve digital technologies, where order-of-magnitude improvements, driven by Moore's Law, occur continuously.�I thought about this reality earlier this summer when I visited the National Center for Atmospheric Research (NCAR), which is located on top of a hill overlooking Boulder, Colo., and is one of the world's leading sites for the study of weather prediction and climate modeling. To support its work, which is often based on complex mathematical models, the NCAR has long been a pioneer in the use of advanced computer systems. In fact, a plaque on a wall at the center indicates that in 1976, it had purchased the world's first production Cray-1A supercomputer (for $8.9 million, the equivalent of $38 million today). Over the next 25 years, the NCAR continued to perform scientific research on later generations of Crays.As I toured the NCAR, I thought about how a mid-'70s Cray supercomputer compared to the iPhone in my pocket. Sure enough, the raw computing power of my phone dwarfed that of the Cray-1A. The Cray operated at a rate of 80MHz and was capable of performing 80 million floating-point operations per second (FLOPS). By comparison, the graphics-processing unit in my iPhone 5S is capable of 76.8 GFLOPS, making it nearly 1,000 times more powerful.�The supercomputer in my pocketToday's garden-variety smartphone is, in fact, capable of performing functions like pattern recognition and complex visual rendering that have traditionally been the exclusive domain of supercomputers that were housed in special facilities and required the care of a cadre of specialists. Today, many mobile apps provide what are essentially supercomputer-like abilities.A nice example of visual pattern recognition is Leafsnap, a free mobile app created by Columbia University, the University of Maryland and the Smithsonian Institution that enables users to identify different tree species by simply taking a photo of a leaf. Verbal pattern recognition is the basis for applications like Siri, Google Now and Microsoft's Cortana that have the ability to understand spoken input and (most of the time) respond appropriately.An example of the advanced visual rendering capabilities of mobile devices can be seen in Samsung's new Gear virtual reality headset, which delivers a digitally immersive experience using a Galaxy Note smartphone. Or Epic Zen Garden, a free game for iPhones and iPads that features richly detailed visual environments that users can explore.The power of phone cloudAs impressive as the ability of the modern generation of microprocessors is, their power is magnified many times over by the ability to combine them with access to virtually unlimited amounts of computing power in the cloud through a broadband wired or wireless network. Every time a user performs a Google search, he or she makes use of the massive computer resources that Google has assembled to keep track of and index the vast reaches of the Internet. In fact, Google runs on what could be the world's most powerful supercomputer: In 2012, it was estimated that Google ran on some 13.6 million cores -- over 20 times as many as in the largest operating supercomputer at the time -- and had demonstrated its ability to link 600,000 of them together to work on a single specific task.In addition to basic search, Google employs this capacity to provide applications that would have seemed like science fiction just a few years ago, such as the ability to search for images as well as words; the ability to find the fastest driving route from one point to another, taking current traffic conditions into account; or the ability to instantly translate text from one language to another. And still in development, but clearly on their way, are such things as the self-driving car and autonomous robots that depend on access to massive computing power.Computers that (almost) thinkYet another remarkable manifestation of the exponential growth in processing power is so-called cognitive computing. By leveraging techniques of artificial intelligence, including natural language processing and machine learning, cognitive computing provides the capability to approach and, in some instances, even to exceed human thought. An early example of the emerging human-like capabilities of computers came in 1997, when IBM's Deep Blue defeated world champion chess player Gary Kasparov, disproving the belief that only humans could play chess at the highest level. More recently, the triumph of IBM's Watson at Jeopardy in 2011 demonstrated that a computer could compete successfully against the best human players in a challenging test of general knowledge.In addition to playing games, cognitive computing is being put to work on a range of practical tasks that computers were previously unable to perform. Rather than simply crunching numbers or processing data in structured ways, it is now possible for computers to absorb large quantities of information and identify associations or generate context-based hypotheses about that information to improve human decision-making. IBM is actively engaged in developing specialized versions of Watson for applications ranging from healthcare (diagnosing disease) to financial services (personalizing investment advice) to customer service (improving call center support).A supercomputer of one's ownAs cool as these applications are, perhaps the most significant aspect of this trend is the ability of anyone with an Internet connection to make direct use of supercomputing capabilities for his or her own purposes. The availability of these resources makes it possible for users to rapidly develop and deploy powerful new applications or carry out sophisticated data analyses without the need to invest in hardwareServices like Google's Compute Engine, Amazon's Web Services and Microsoft's Azure are competing fiercely to provide access to computing power in the cloud by lowering prices and providing tools to simplify use. In fact, these services typically offer free trials and minute-by-minute billing for usage that make these capabilities readily available to everyone from large corporations and government agencies to tiny startups and even individuals. For instance, this summer, a pair of researchers in England disclosed that they had built a digital currency-mining program at no cost by taking advantage of free cloud-based supercomputing trial offers. Using publicly available tools and the free supercomputer time, the team was able to earn $1,750 per week in Litecoin -- an alternative to Bitcoin -- through its operations.�What the world needs nowTo fully realize the potential of the newly pervasive supercomputing environment, two things are needed: a new type of literacy that will enable us to use the technology properly, and the appropriate network infrastructure to provide full access to its capabilities.Just as the spread of computers and the Internet created a need for digital literacy skills, so the emergence of supercomputing will require a new kind of literacy that will allow us to appreciate what the technology can -- and can't -- do. According to my colleague at the Institute for the Future Mike Liebhold, these new skills include an understanding of the basic principles of logic and statistics (for example, the difference between correlation and causation), the ability to factor problems in ways that can be addressed by the parallel processing abilities of supercomputers, and familiarity with the use of data visualization techniques to simplify complex problems. We also need to remember that as powerful as these tools are, they are intended to support and enhance human capabilities, not replace them.Second, we need networks that have the technical characteristics needed to deliver the power of supercomputing in close to real time. Getting full access to high-performance computers that send and receive high volumes of data currently requires a dedicated connection with customized capabilities (such as those available through the National LambdaRail fiber optic network that serves universities and advanced research labs across the country).Bringing supercomputing into our daily lives will require the wide availability of networks that provide high bandwidth and reliably low latency times. Ensuring that network operators are able to provide users with such capabilities when they need them should be taken into account in both the current debate over "network neutrality" and longer-term legislative efforts to modernize the regulation of telecommunications. It will also require a major investment in network infrastructure. Industry is already putting tens of billions of dollars each year into network upgrades, and we need to get public policies right to support these efforts.And, given that exponential change is likely to continue, what might lie beyond the rapidly emerging world of supercomputing? In the more distant future looms the prospect that the power of computers will eventually outstrip human cognition. In his provocative new book, Superintelligence, Oxford philosophy professorNick Bostrom suggests than when machine brains surpass human brains, we may become dependent on them in ways that we do not altogether like. But for now, he concludes, we remain in control of the machines, and we still have the power to use them for our own benefit.It's our move.Richard Adleris a distinguished fellow at the Institute for the Future in Palo Alto, Calif. He has written widely about the future of broadband and its impact on fields such as education, healthcare, government and commerce.


September 30, 2014 1:58:00 PM CEST

Free is good: No-cost Panda Software tops AV-Test's rankings of antivirus software – Antivirus suites are only as good as their latest tests. And in AV-test.org's latest roundup for July and August, the usual suspects--BitDefender, Kaspersky, McAfee, and Symantec--came out on top.The same holds true for the free options. If you're a cheapskate, you can download Panda Security's free cloud antivirus and have a good chance that it will catch everything that the shadowy corners of the Web can throw at it--as it did in AV-test's own proving ground.But if you think that Microsoft's own Windows Defender (or Microsoft Security Essentials in Windows 7) antimalware solution will do the job, you're almost entirely wrong. Microsoft caught less than 80 percent of both the known malware that AV-test.org threw at it, as well as the unknown or so-called zero-day malware that it was tested against. It's like saying your roof will catch 80 percent of the rain--eventually, there's going to be a leak.Why this matters: It's a good idea to re-evaluate your antivirus solution regularly. Is it up-to-date? Getting the job done? If there are any lessons at all, it's that the big names in the antivirus industry have earned their reputations. Check to see if yours is among them.There are two major test houses that periodically evaluate major antivirus suites and Internet security services: AV-test and AV-comparatives.org. AV-comparatives.org, which recently published its own August rankings, also treats Microsoft as the baseline, claiming that it caught only 85.5 percent of the antimalware samples it was tested against.The victor? Panda again, which caught every malware sample that AV-comparatives tested against. (Note the high number of false positives, however, meaning that safe files were incorrectly flagged as malware.) The only other suite to do the same was Avira, although it's not clear whether AV-comparatives used the paid Internet Security suite, as AV-test.org did, or the free, standalone antivirus version.AV-test.org also ranked paid antivirus solutions for businesses. Each and every one--BitDefender, F-Secure, and Symantec--caught 100 percent of the tested malware. Microsoft, again, came in dead last, managing only to catch between 74 and 79 percent.There's absolutely no guarantee that any of the antivirus products that have historically performed well will continue to do so--or will snag the next piece of malware your PC encounters. However, one trend is positive: In a recent, prolonged test by AV-test.org, the traditional antivirus powerhouses continued to do well.Here are a few points to consider when designing an antimalware strategy for your PC:Microsoft alone doesn't cut it. Whether you consider a paid or free option, you're going to need something else.Historically, paid antimalware solutions like BitDefender, McAfee and Symantec continue to perform well, so the effectiveness of their antivirus protection should be seen as about equal. Other factors may help you decide among these suites, such as support for mobile devices or special security features like McAfee's LiveSafe encrypted cloud storage. You can get by with free antivirus solutions from Panda and others, but their quality could vary over time.Antimalware, while still useful, still can't block a direct attack on your machine. (A firewall can.) Nor can it prevent you from clicking on a poisoned link sent you by your "Uncle Steve"--or someone posing as him. Consider an Internet security suite for this very reason; here's our evaluation of the 2014 security suites. Otherwise, make sure you have some additional protection besides a simple antivirus solution.


September 30, 2014 1:37:00 PM CEST

Six key defenses against Shellshock attacks – The number of attempts by hackers to compromise computers through the Shellshock vulnerability is rising, but companies have options for defending against attackers.Shellshock is the name given to a set of at least six vulnerabilities in GNU Bash, the default command shell found in Linux, Unix and Mac OS X. The flaws in Bash, which stand for Bourne Again SHell, include CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278.Security vendor Cloudflare reported Monday that it has counted more 1.5 million distributed-denial-of-service attacks against the Shellshock flaw daily on its network.Web application firewall vendor Incapsula reported Monday that over the four days since Shellshock was made public Sept. 25, it has deflected more than 217,000 exploit attempts on over 4,115 domains. Incapsula has documented attacks originating from more than 890 IP addresses worldwide.So, what should companies do to defend against attackers? Experts from the SANS Institute, which provides data, network and cyber security training, offer the following advice:--Use multiple scripts. Paul Henry, a senior instructor at SANS, found he needed multiple scripts in order to test for the half-dozen flaws. He found that the scripts released by vendors for their products were not enough."They (the scripts) are simply not tight enough. You're missing machines," Henry said. "People need to be really careful and thorough in their scanning. Think it through."Fortunately, vulnerability-scanning tools include scripts to test for the various flavors of the Bash vulnerability, so companies should make sure they have all available scripts before testing.--Test using DHCP. One way to exploit the flaw is through a dynamic host configuration protocol (DHCP) message carrying an exploit string."You can essentially exploit your own systems by sending an exploit string, like for example a ping, from a DHCP server," Johannes Ullrich, director of the SANS Internet Storm Center, said. "If a system in your network is vulnerable, it will ping the DHCP server that you've set up."--Apply vendor-supplied rules. Firewalls and intrusion detection and prevention systems need to be updated with the latest rules to block attacks targeted at Bash flaws. Cisco-owned Sourcefire, Juniper Networks, IBM and F5 Networks are among the vendors who have released updates.Companies that use the popular open-source Bro or Snort intrusion prevention systems (IPS) should install the latest rule set available from the respective community sites."The rules out there are pretty good in the sense that they're unlikely to miss a lot of exploit attempts," Ullrich said. "The only problem will be false positives."--Install the latest patches. Many patches sent by vendors are functional, but incomplete. Nevertheless, companies have been advised to apply what is available. Patching once and then forgetting about the problem won't solve this bug. Instead, system administrators will need to stay on top of vendor-provided patches to update the fixes already in place.Because of the many variations of Linux, SANS recommends recompiling the patch source code on a test system configured identically with the target machine to avoid causing a problem with software running on the latter computer."If you misapply a patch on the wrong (operating system) kernel, you could break something," Henry said. "My personal preference is to compile on the machine that I'm going to be trying to patch Bash."--Monitor system logs. Companies need to step up monitoring of server logs to catch anomalies pointing to exploitation attempts or successes. In particular, companies should monitor for outbound pings and outbound Internet relay chat (IRC) and HTTP connections."Those are the big ones right now," Ullrich said.Companies should be "very cautious" with outbound traffic from an internal server, Henry said. "Normally, a server is going to respond to a query, but the server should not be initiating a new connection by itself to the Internet."--Check IoTs devices. Companies that use Internet of Things (IoTs) devices, which include DVRs, VoIP phones and consumer-off-the-shelf (COT) hardware, such as modems, routers and video cameras, should ask the respective vendors whether their products are vulnerable. Affected hardware that won't get patched should be replaced.Fortunately, very few IoTs devices use Bash. The majority runs instead a set of tools called BusyBox."There's a huge population of vulnerable devices, but only a few of them are exposed and exploitable," Ullrich said.


September 30, 2014 6:09:00 AM CEST

EPIC seeks enforcement action over Arizona data breaches – A privacy watchdog filed a complaint with the Federal Trade Commission against a community college district in Arizona that lost the personal data of 2.5 million students and employees in two data breaches.The Electronic Privacy Information Center (EPIC) asked the FTC in its complaint Monday to bring an enforcement action in federal district court against the Maricopa County Community College District (MCCCD) for violating the "Safeguards Rule," which requires customer data to be secured.EPIC, a nonprofit organization based in Washington, is also seeking that the MCCCD obtain an independent assessment to ensure that it is complying with the Safeguards Rule.MCCCD's troubles are notable as the organization was warned after a small data breach affecting 400 people in January 2011 that it needed to shore up its systems. The FBI informed it at the time that information from its databases had turned up for sale on the Internet.Arizona's Auditor General advised in November 2011 that the organization needed to strengthen access controls after finding terminated employees still had active user accounts on its network.A subsequent audit in November 2012 found the organization still had not adequately limited access to its systems, according to EPIC's complaint.In April 2013, the FBI found 14 of MCCCD's database for sale on a website, with data including names, addresses, Social Security Numbers, birth dates and financial aid information. The breach affected 2.49 million current and former students, employees and vendors.A class action suit was filed in April against MCCCD in Arizona's Superior Court, which sought US$2,500 for each plaintiff. That case's docket suggests the lawsuit has been moved to a federal court.More than 265,000 students attend a network of 10 colleges, two skill centers and other education centers within MCCCD's purview in Maricopa County in Arizona. The organization is responsible for coordinating and dispersing financial aid.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


September 30, 2014 5:55:00 AM CEST

China clears iPhone 6 for sale only after security tweaks – China has effectively cleared the iPhone 6 for sale in the country, granting the product a license, but not before a government regulator demanded Apple make some security changes in the iOS operating system to fix suspected flaws in the software.China's Ministry of Industry and Information Technology (MIIT) recently granted the iPhone 6 a network access license, the government regulator said in an online posting on Tuesday, following weeks of speculation about the delay in the approval.The government's online database referred to network access licenses being granted to four Apple phones on Tuesday, which may also probably include the company's large screen smartphone, the iPhone 6 Plus.While inspecting the phones, the Chinese regulator also looked for suspected security flaws in iOS software that media outlets have reported on. These suspected flaws involved "three background services" that can be exploited to retrieve users' private information, MIIT said in its posting.The Chinese regulator's own checks found that the three background services could be exploited in two ways. Hackers can steal users' private information by gaining access through approved devices linked to the iPhone, or when the phone is in repair, MIIT said without elaborating.The regulator demanded changes be made, and Apple responded stating that the three background services were diagnostic tools, and that the company will never interfere with users' information without their permission.In addition, Apple took measures with its new iOS 8 software to address the concerns, and make it harder to exploit the background services, MIIT said. The company also promised it would never work with government groups to create backdoors in its software.Apple did not immediately comment. The company has been facing allegations in recent months over suspected security flaws in its software, with some of the criticism coming from China.In July, Apple's iPhone came under fire from the country's state-controlled CCTV in a segment that alleged the iOS 7's "Frequent Locations" feature could be used to secretly track user's locations. Apple later dismissed the claims, and said that the company has no access to phones using the Frequent Locations feature.China's scrutiny of the iPhone 6, however, signals that the government is still concerned about the device's software. Tuesday's posting from MIIT is probably the first time the regulator has issued a statement on a phone receiving a network access license. Typically, smartphones receive no such mention, save for the online government database that tracks network access licenses.In its posting, MIIT said it was paying "great attention" to protecting user's privacy on smartphones. "If it's discovered that any related businesses are involved in violating user's privacy, they will be investigated and dealt with according to the law," the regulator said.In May, China threatened to block companies from selling IT products in the country, if they failed to pass a new "cybersecurity vetting system" to check for secret surveillance activities.


September 30, 2014 3:07:09 AM CEST

Perl.Pircbot – Risk Level: Very Low. Type: Trojan.


September 30, 2014 3:07:09 AM CEST

Linux.Powbot – Risk Level: Very Low. Type: Trojan.


September 30, 2014 2:37:00 AM CEST

Viper 'Missed Call' Malware Email – Notification email purporting to be from messaging service Viper claims that you have a missed call waiting and invites you to click a link to listen to the message.


Navigate through library of processes alphabeticaly by first letter: