Press Room

• Catbird in the News
• Press Releases
• Events
• Catbird Blog
• Security News
• It Could’ve Been Stopped
• 
  Please send me
  more information!
  

It Could've Been Stopped with Catbird

VM researchers post rude awakening about virtualization security

Catbird TrustZones,deployed according to best practices, would have prevented this type of attack.

A virtual machine stealing information from another virtual machine running on the same piece of hardware? That's not supposed to happen. Virtual machines run various tasks on a single computer rather than relying on a separate machine to run each one. The assumption is that one can’t eavesdrop or tamper with the other. But now a technique reported in a paper, “Cross-VM Side Channels and Their Use to Extract Private Keys,” by Yinqian Zhang of the University of North Carolina, Chapel Hill, and computer scientist colleagues from the University of North Carolina, University of Wisconsin, and RSA Laboratories, suggests a different story.(phys.org)

Tridium’s Niagara Framework: Marvel of connectivity illustrates new cyber risks

Catbird TrustZones,deployed according to best practices, would have prevented this type of attack.

Government and business leaders in the United States and around the world are rushing to build better defenses —and to prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace. (Whitney Shefte, Sohail Al-Jamea and Robert O’Harrow Jr./The Washington Post)

Warp Trojan from China said to fool routers into spreading Windows malware

Catbird TrustZones,deployed according to best practices, would have prevented this type of attack.

Security firm says Chinese malware spreads infections through trick involving unsolicited ARP requests to routers

Oracle won’t patch four-year-old zero-day in TNS listener

Catbird vSecurity TrustZones, when deployed in a best practice configuration, will detect and prevent a MITM attack aimed at the Oracle TNS vulnerability.

Oracle has issued a security bulletin this week, recommending customers consider workarounds to address a long-standing zero-day vulnerability in nearly all versions of its database management system.

Rothacker suggests the real problem has nothing to do with the miscommunication that led to the attack code being released. The problem, he said, is that Oracle has known about this very serious vulnerability for four years and done nothing to fix it. "How many other problems do they know about that they haven't fixed?" he asked.

Symantec declares pcAnywhere safe to use

Symantec has said that its pcAnywhere software is now safe to use, with free upgrades offered to users.

According to Reuters, the company has now determined that the current version of pcAnywhere is safe, provided it has been updated with a security patch released on 23 January.

Company spokesman Brian Modena said it is offering free upgrades to pcAnywhere 12.5 at no charge to all customers, even those using old editions that would not typically qualify for support. He also said that while Symantec is advising all users to upgrade, they can safely continue using versions 12.0 and 12.1 if they download a second software patch released on 27 January.

SCADA vulnerability imperils critical infrastructure, feds warn: Secret accounts open control systems to attack

An electronic device used to control machinery in water plants and other industrial facilities contains serious weaknesses that allow attackers to take it over remotely, the US agency that safeguards the nation’s critical infrastructure has warned.

Catbird zones and network access control could have helped protect against this attack

Computer Virus Shuts Down Georgia Hospital

Malware in a Georgia hospital’s computer system forced it to turn away patients, highlighting the problems and vulnerabilities of computerized systems...The problem likely was caused by a worm infection, which would have spread rapidly across the hospital's network. Foul play isn't suspected, and the problem may be caused by something as simple as a USB drive brought into the facility by an employee.

Catbird TrustZones stop the spread of a network infections.

Hackers Likely Have Japanese Warplane, Nuclear Data

InformationWeek, October 25, 2011

Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.

Catbird could have helped stop this blended/persistent threat attack by:

• Catbird TrustZones and ZACL would have detected and blocked the egress of data from the compromised systems to the outside server (in China).
• Catbird PharmingShield would have detected the breach of the websites and their subsequent use to Pharm out the attack to the web site users.

ICS-ALERT-11-343-01—CONTROL SYSTEM INTERNET ACCESSIBILITY

December 09, 2011

SUMMARY

On October 28, 2010, ICS-CERT published an alert titled "ICS-ALERT-10-301-01—Control System Internet Accessibility" on the ICS-CERT web page. The alert warned control system owners and operators that a search engine called SHODANa ICS-CERT is tracking and has responded to multiple reports of researchers using SHODAN, Every Routable IP Project was being used to locate Internet facing control systems. ICS-CERT is issuing this new alert to warn of an uptick in related activity and urge asset owners and operators to audit their control systems configurations and verify whether or not they are susceptible to an attack via this vector.

Catbird can detect and prevent type of attack

• Using Catbird, our customers can use external network discovery and vulnerability scanning to detect internet facing systems.
• Using Catbird's XCCDF capabilities the secure configuration, default password reset, and continuous monitoring may be performed.