Dobra Family Blog

Microsoft confirms 'nasty' Windows zero-day bug and Other CyberWar Updates!

"Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.

Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware - which has been detected in the wild - executes automatically if an infected USB stick is accessed in Windows Explorer. . .

The same vulnerability might also lend itself to exploitation via Windows file shares and WebDav as well as infected USB sticks, net security firm F-Secure adds. Disabling the displaying of icons for shortcuts and turning off WebClient service are offered by Microsoft as workarounds against possible attacks, ahead of the completion of Microsoft's investigation and the possible publication of a more comprehensive security fix. These workarounds would also work on end of life Win XP SP2 systems."
More Info:
- MS confirms Windows shortcut zero-day flaw
- Microsoft confirms 'nasty' Windows zero-day bug

Cyber War

China's Cyberwarriors: "China is directing 'the single largest, most intensive foreign intelligence gathering effort since the Cold War' against the United States, according to a report released yesterday by Medius Research."

America's Cyberwarrior shortage:"There may be no country on the planet more vulnerable to a massive cyberattack than the United States, where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking.