The start of the week was awash with the news that Internet Explorer was suffering from a zero-day security flaw, and users are now being advised to stop running the web browser altogether until Microsoft patches the problem.
On Monday, the Washington firm urged customers to download the free Enhanced Mitigation Experience Toolkit (EMET) as a temporary measure while investigations continue, but some experts recommend abandoning IE fully for the time being.
Notably, Germany’s Federal Office for Information Security has stated its concern, saying the unpatched vulnerability is already being exploited by hackers as "the attack code freely available on the Internet," reports Computer World. "The BSI [Bundesamt fuer Sicherheit in der Informationstechnik] recommends all users of Internet Explorer use an alternative browser ... until [Microsoft] has released a security update," it said, with Mozilla, Google et al no doubt rubbing their hands with glee at the prospect of taking in defectors.
But offering some reassurance on the issue is Andrew Storms, director of security operations at nCircle Security. "I think it's a bit too early to panic," he said, when asked to comment on BSI's advice. "Granted, if the attacks escalate and the patch takes too long for comfort, then making the switch to another browser, at least temporarily, is a simple way to mitigate the threat," he admitted.
In separate studies, security firms Symantec and Kaspersky have uncovered three viruses that appear to be from the same operators of the infamous Flame malware.
Neither of these firms have commented officially on the source of Flame, but it has been widely attributed to the work of the US and Israel, with the Washington Post and Reuters having cited inside sources as confirming the perpetrators. Thus, Reuters says the new findings’ similarities with Flame “are likely to bolster a growing view that the US government is using cyber technology more widely than previously believed to further its interests in the Middle East.”
With the discovery of the three viruses still in the early stages, few details have been established - but the malware is thought to work as an espionage or sabotage tool. "We know that it is definitely out there. We just can't figure out a way to actually get our hands on it. We are trying," Symantec researcher Vikram Thakur said in an interview. Keep checking ITProPortal’s news section and the security roundup for any further news on the discovery.
While this evidence suggests America’s cyber-attacks may be in full flow, the nation’s cyber-defence has again come under fire. Federal News Radio has been analysing the IT policy of the Obama administration and points to reports criticising the government’s failure to pass comprehensive legislation to secure the nation’s critical cyber infrastructure.
The Homeland Security Department’s slow adoption of policies like continuous monitoring was also noted among numerous factors that led to a poor IT rating for the administration. Industry leaders told Federal News Radio that the government’s efforts to share information with the private sector “fell short of expectations.”
Criticism of the White House’s cyber-security policy has been vocal of late, with Senator Dianne Feinstein urging the President to use his “full authority to protect the US economy and the networks we depend on from future cyber attack[s]." The Mitt Romney gaffe parade looks set to grant Obama a second opportunity to enact more stringent policies, and security issues will no doubt be in the spotlight more than ever over the next four years and beyond, as cyberwarfare's prominence continues to grow in international diplomacy.
Stories aggregated by Team Cymru, which runs a private Security News mailing list called 'Dragon News Bytes', covering the most important and interesting news items of the day.