Vitaly Kamluk, Kaspersky’s chief malware analyst, has some interesting findings on the Duqu threat.A Kasperski spokesperson sent me a write-up from Kamluk that says, among other things:•Overall, there have been more than a dozen Duqu command and control servers active during the past three years. •The Duqu C&C servers operated as early as November 2009. •Many different servers were hacked all around the world, in Vietnam, India, Germany, Singapore, Switzerland, the UK, the Netherlands, Belgium, and South Korea to name but a few locations. Most of the hacked machines were running CentOS Linux. Both 32-bit and 64-bit machines were hacked.•The servers appear to have been hacked by bruteforcing the root password. •The attackers have a burning desire to update OpenSSH 4.3 to version 5 as soon as they get control of a hacked server.•A global cleanup operation took place Oct. 20. The attackers wiped every single server which was used even in the distant past, e.g. 2009. Unfortunately, the most interesting server, the C&C proxy in India, was cleaned only hours before the hosting company agreed to make an image. If the image had been made earlier, it’s possible that we’d know a lot more about the inner workings of the network.•The “real” Duqu mothership C&C server remains a mystery just like the attackers’ identities. You can read the full details here. –Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it! CSO’s Daily Dashboard gives you a Get your morning news fix with the daily Salted Hash e-newsletter! Related content news Researcher discovers exposed ServiceBridge database Over 31 million documents from the field service management provider were left open to the internet. By Howard Solomon 26 Aug 2024 4 mins Data and Information Security feature Is the vulnerability disclosure process glitched? How CISOs are being left in the dark Better communication and collaboration between researchers and vendors and improved bug reporting mechanisms could help address confusing and sometimes wholly suppressed bug reports. By Cynthia Brumfield 26 Aug 2024 10 mins CSO and CISO Threat and Vulnerability Management Data and Information Security news AWS environments compromised through exposed .env files Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications. By Lucian Constantin 22 Aug 2024 7 mins Data Breach AWS Lambda Data and Information Security how-to 3 key strategies for mitigating non-human identity risks For every 1,000 human users, most networks have around 10,000 NHIs, and that can be a huge task to manage. Here are 3 fundamental areas to focus on when securing NHIs. By Chris Hughes 22 Aug 2024 6 mins Data and Information Security Identity and Access Management Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe