From Healthcare Info Security:
Secure Domains: The DNS Security Debate
The importance of improving the Internet infrastructure was a dominant theme throughout President Obama's White House Summit on cybersecurity and consumer protection last week.
Saturday, February 21, 2015
How to get rid of the Lenovo "Superfish" adware
From Sophos Naked Security:
How to get rid of the Lenovo "Superfish" adware
The Lenovo "Superfish" controversy was caused by the revelation that Lenovo, for the last three months of 2014, had shipped adware known as "Superfish" on some of its notebook computers.
How to get rid of the Lenovo "Superfish" adware
The Lenovo "Superfish" controversy was caused by the revelation that Lenovo, for the last three months of 2014, had shipped adware known as "Superfish" on some of its notebook computers.
Google warning: FBI wants to hack any computer in world
From RT:
Google warning: FBI wants to hack any computer in world
US search engine giant Google has warned against increasing the government's powers for infiltrating computer systems around the world, saying it would open a number of "monumental" constitutional issues.
Google warning: FBI wants to hack any computer in world
US search engine giant Google has warned against increasing the government's powers for infiltrating computer systems around the world, saying it would open a number of "monumental" constitutional issues.
What will happen to the Lizard Squad hackers?
From The Guardian:
What will happen to the Lizard Squad hackers?
From Kevin Mitnick to LulzSec and Anonymous, the destiny of a hacker group tends to follow the same arc – hack something, hack something bigger, until someone makes a mistake that leads to one or more members being arrested
What will happen to the Lizard Squad hackers?
From Kevin Mitnick to LulzSec and Anonymous, the destiny of a hacker group tends to follow the same arc – hack something, hack something bigger, until someone makes a mistake that leads to one or more members being arrested
Accused British hacker, wanted for crimes in US, won’t give up crypto keys
From ars tehnica:
Accused British hacker, wanted for crimes in US, won’t give up crypto keys
An alleged British hacker who has criminal charges pending in three American federal districts is preparing to petition a Suffolk, United Kingdom court to compel the National Crime Agency (NCA) to return his encrypted seized computers and storage devices.
Accused British hacker, wanted for crimes in US, won’t give up crypto keys
An alleged British hacker who has criminal charges pending in three American federal districts is preparing to petition a Suffolk, United Kingdom court to compel the National Crime Agency (NCA) to return his encrypted seized computers and storage devices.
Creating cybersecurity that thinks
From ComputerWorld:
Creating cybersecurity that thinks
Until recently, using the terms “data science” and ”cybersecurity” in the same sentence would have seemed odd. Cybersecurity solutions have traditionally been based on signatures – relying on matches to patterns identified with previously identified malware to capture attacks in real time. In this context, the use of advanced analytical techniques, big data and all the traditional components that have become representative of “data science” have not been at the center of cybersecurity solutions focused on identification and prevention of cyber attacks.
Creating cybersecurity that thinks
Until recently, using the terms “data science” and ”cybersecurity” in the same sentence would have seemed odd. Cybersecurity solutions have traditionally been based on signatures – relying on matches to patterns identified with previously identified malware to capture attacks in real time. In this context, the use of advanced analytical techniques, big data and all the traditional components that have become representative of “data science” have not been at the center of cybersecurity solutions focused on identification and prevention of cyber attacks.
Lenovo Releases Tool To Remove The Sketchy Exploitable “SuperFish” Garbage It Pre-Loaded On Laptops
All this aside. I've used a number of Lenovo laptops &, quite frankly, they are the biggest pieces of crap I've ever used. Stick to Dell, Toshiba & HP.
From TechCrunch:
Lenovo Releases Tool To Remove The Sketchy Exploitable “SuperFish” Garbage It Pre-Loaded On Laptops
Earlier this week, word started spreading that Lenovo had been pre-installing a sketchy adware program called “SuperFish” onto many of its Windows PCs for months.
Then researchers started finding nasty vulnerabilities — namely, that SuperFish was using some pretty ugly hacks to tinker with your computer’s encryption certificates, and doing so in a way that seemingly leaves your otherwise “encrypted” communications (everything that goes over HTTPS) unsecure whenever you’re on a shared WiFi connection (like at a coffee shop)
From TechCrunch:
Lenovo Releases Tool To Remove The Sketchy Exploitable “SuperFish” Garbage It Pre-Loaded On Laptops
Earlier this week, word started spreading that Lenovo had been pre-installing a sketchy adware program called “SuperFish” onto many of its Windows PCs for months.
Then researchers started finding nasty vulnerabilities — namely, that SuperFish was using some pretty ugly hacks to tinker with your computer’s encryption certificates, and doing so in a way that seemingly leaves your otherwise “encrypted” communications (everything that goes over HTTPS) unsecure whenever you’re on a shared WiFi connection (like at a coffee shop)
Hackers May Have Taken Customer Data From Morgan Stanley Broker
From the NY Times:
Hackers May Have Taken Customer Data From Morgan Stanley Broker
There’s been little dispute that a former Morgan Stanley broker, Galen Marsh, violated the firm’s rules when he downloaded information about 350,000 customers onto his personal computer. But Mr. Marsh may not be responsible for posting that information online late last year and trying to sell it, people familiar with the investigation said on Thursday.
Hackers May Have Taken Customer Data From Morgan Stanley Broker
There’s been little dispute that a former Morgan Stanley broker, Galen Marsh, violated the firm’s rules when he downloaded information about 350,000 customers onto his personal computer. But Mr. Marsh may not be responsible for posting that information online late last year and trying to sell it, people familiar with the investigation said on Thursday.
How Social Media Is The Newest Military Battleground
From Make Use Of (another one I never heard of until just now):
How Social Media Is The Newest Military Battleground
During the Second World War the British 77th Brigade went behind enemy lines and used unorthodox tactics against the Japanese in Burma. There hasn’t been a 77th since 1945, but it will be making its return this year with a new sort of tactic: psychological operations (PsyOps) via social media.
How Social Media Is The Newest Military Battleground
During the Second World War the British 77th Brigade went behind enemy lines and used unorthodox tactics against the Japanese in Burma. There hasn’t been a 77th since 1945, but it will be making its return this year with a new sort of tactic: psychological operations (PsyOps) via social media.
Lenovo Installed Malicious Adware on Customers’ Computers – Here’s How to Remove it
From The Digital Reader:
Lenovo Installed Malicious Adware on Customers’ Computers – Here’s How to Remove it
When Sony was caught in 2005 using audio CDs to install rootkits on their customers' computers, they set a new standard for boneheaded attacks on the people who give you money.
Lenovo Installed Malicious Adware on Customers’ Computers – Here’s How to Remove it
When Sony was caught in 2005 using audio CDs to install rootkits on their customers' computers, they set a new standard for boneheaded attacks on the people who give you money.
Spies Can Track You Just by Watching Your Phone’s Power Use
From Wired:
Spies Can Track You Just by Watching Your Phone’s Power Use
Smartphone users might balk at letting a random app like Candy Crush or Shazam track their every move via GPS. But researchers have found that Android phones reveal information about your location to every app on your device through a different, unlikely data leak: the phone’s power consumption.
Spies Can Track You Just by Watching Your Phone’s Power Use
Smartphone users might balk at letting a random app like Candy Crush or Shazam track their every move via GPS. But researchers have found that Android phones reveal information about your location to every app on your device through a different, unlikely data leak: the phone’s power consumption.
Internet of Things security check: How 3 smart devices can be dumb about the risks
From PCWorld:
Internet of Things security check: How 3 smart devices can be dumb about the risks
Internet of Things security is no longer a foggy future issue, as more and more such devices enter the market—and our lives. From self-parking cars to home automation systems to wearable smart devices, analysts currently estimate that some 50 billion to 200 billion devices could be connected to the Internet in 2020. Google CEO Eric Schmidt told world leaders at the World Economic Forum in Davos, Switzerland, in January, "there will be so many sensors, so many devices, that you won't even sense it, it will be all around you," he said. "It will be part of your presence all the time."
Internet of Things security check: How 3 smart devices can be dumb about the risks
Internet of Things security is no longer a foggy future issue, as more and more such devices enter the market—and our lives. From self-parking cars to home automation systems to wearable smart devices, analysts currently estimate that some 50 billion to 200 billion devices could be connected to the Internet in 2020. Google CEO Eric Schmidt told world leaders at the World Economic Forum in Davos, Switzerland, in January, "there will be so many sensors, so many devices, that you won't even sense it, it will be all around you," he said. "It will be part of your presence all the time."
Android malware fakes phone shutdown to steal your data
From PCWorld:
Android malware fakes phone shutdown to steal your data
Next time you turn off your Android phone, you might want take the battery out just to be certain.
Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.
Android malware fakes phone shutdown to steal your data
Next time you turn off your Android phone, you might want take the battery out just to be certain.
Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.
The NSA Reportedly Stole Millions Of SIM Encryption Keys To Gather Private Data
From TechCrunch:
The NSA Reportedly Stole Millions Of SIM Encryption Keys To Gather Private Data
The American National Security Agency (NSA), and the British Government Communications Headquarters (GCHQ), similar clandestine intelligence agencies, stole SIM card encryption keys from a manufacturer, allowing the groups to decrypt global cellular communications data.
The NSA Reportedly Stole Millions Of SIM Encryption Keys To Gather Private Data
The American National Security Agency (NSA), and the British Government Communications Headquarters (GCHQ), similar clandestine intelligence agencies, stole SIM card encryption keys from a manufacturer, allowing the groups to decrypt global cellular communications data.
Cyber-attacks become top business continuity threat
From Computer Business Review:
Cyber-attacks become top business continuity threat
Hackers are worrying continuity managers more than other dangers.
Cyber-attacks are now regarded as the top threat to business continuity, according to a study by the Business Continuity Institute (BCI).
Cyber-attacks become top business continuity threat
Hackers are worrying continuity managers more than other dangers.
Cyber-attacks are now regarded as the top threat to business continuity, according to a study by the Business Continuity Institute (BCI).
The Dark Web: anarchy, law, freedom and anonymity
From Sophos Naked Security:
The Dark Web: anarchy, law, freedom and anonymity
The Deep Web, the bit of the World Wide Web that's not indexed by search engines like Google and Bing, is of intense interest to people who want to avoid government spies and law enforcement.
The Dark Web: anarchy, law, freedom and anonymity
The Deep Web, the bit of the World Wide Web that's not indexed by search engines like Google and Bing, is of intense interest to people who want to avoid government spies and law enforcement.
TrueCrypt Audit Stirs Back To Life
From ThreatPost:
TrueCrypt Audit Stirs Back To Life
The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly.
TrueCrypt Audit Stirs Back To Life
The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly.
BadUSB Vulnerabilities Live in ICS Gear Too
From ThreatPost:
BadUSB Vulnerabilities Live in ICS Gear Too
CANCUN – BadUSB was the hot hack of the summer of 2014. Noted researcher Karsten Nohl delivered a talk at Black Hat during which he explained how USB controller chips in peripheral devices that connect over USB can be reprogrammed. The result is a completely compromised device hosting undetectable code that could be used for a number of malicious purposes, including remote code execution or traffic redirection.
BadUSB Vulnerabilities Live in ICS Gear Too
CANCUN – BadUSB was the hot hack of the summer of 2014. Noted researcher Karsten Nohl delivered a talk at Black Hat during which he explained how USB controller chips in peripheral devices that connect over USB can be reprogrammed. The result is a completely compromised device hosting undetectable code that could be used for a number of malicious purposes, including remote code execution or traffic redirection.
Friday, February 20, 2015
US-CERT: IRS Issues Warning for a Scam Targeting Tax Preparers
From US-CERT:
IRS Issues Warning for a Scam Targeting Tax Preparers
The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.
US-CERT encourages users and administrators to review the IRS press release for details and refer to US-CERT Security Tip ST15-001 for information on "tax" themed phishing attacks.
IRS Issues Warning for a Scam Targeting Tax Preparers
The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.
US-CERT encourages users and administrators to review the IRS press release for details and refer to US-CERT Security Tip ST15-001 for information on "tax" themed phishing attacks.
US-CERT: ISC Releases Security Updates for BIND
From US-CERT:
ISC Releases Security Updates for BIND
The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.
Updates available include:
ISC Releases Security Updates for BIND
The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.
Updates available include:
- BIND 9.9.6-P2
- BIND 9.10.1-P2
Thursday, February 19, 2015
Android malware spies on you even after phone is shut down
From Mashable:
Android malware spies on you even after phone is shut down
A particularly devious new Android malware can make calls or take photos even if you shut the device down, according to security research firm AVG.
Android malware spies on you even after phone is shut down
A particularly devious new Android malware can make calls or take photos even if you shut the device down, according to security research firm AVG.
Desert Falcon Group Swooped on One Million Files
From Forensic Magazine:
Desert Falcon Group Swooped on One Million Files
Kaspersky Lab has unearthed what it claims to be the first major group of sophisticated Arab cyber criminals operating a full attack campaign — hitting thousands of tactical targets in the Middle East.
Desert Falcon Group Swooped on One Million Files
Kaspersky Lab has unearthed what it claims to be the first major group of sophisticated Arab cyber criminals operating a full attack campaign — hitting thousands of tactical targets in the Middle East.
The Possible Put Into Digital Forensic Practice With Grier Technology
From Forensic Magazine:
The Possible Put Into Digital Forensic Practice With Grier Technology
After listening to colleagues for years and exploring it further, Jonathan Grier saw how pressing the need was for technology like his. As explained in the previous discussion with Grier, his technology decreases the time to image a hard drive by 3 to 13 times, speeding digital investigation and reducing the use of resources.
The Possible Put Into Digital Forensic Practice With Grier Technology
After listening to colleagues for years and exploring it further, Jonathan Grier saw how pressing the need was for technology like his. As explained in the previous discussion with Grier, his technology decreases the time to image a hard drive by 3 to 13 times, speeding digital investigation and reducing the use of resources.
MegaNet - New Decentralized, Non-IP Based and Encrytpted Network
From The Hacker News Network:
MegaNet - New Decentralized, Non-IP Based and Encrytpted Network
The Famous Internet entrepreneur and former hacker Kim Dotcom, who introduced legendary Megaupload and MEGA file sharing services to the World, has came up with another crazy idea — To start his very own Internet that uses the "blockchain".
MegaNet - New Decentralized, Non-IP Based and Encrytpted Network
The Famous Internet entrepreneur and former hacker Kim Dotcom, who introduced legendary Megaupload and MEGA file sharing services to the World, has came up with another crazy idea — To start his very own Internet that uses the "blockchain".
See How This Android App Clones Contactless Credit Cards In Seconds
From Forbes:
See How This Android App Clones Contactless Credit Cards In Seconds
Australian security researcher Peter Fillmore has a history of card cloning. In October last year, Fillmore showed how he could clone Visa V -0.01% and MasterCard MA +1.68% payment cards with an Android app running on a Google GOOGL +0.71% Nexus 4. He successfully shopped with it, buying some beers in a Sydney pub and a Snickers bar from a supermarket.
See How This Android App Clones Contactless Credit Cards In Seconds
Australian security researcher Peter Fillmore has a history of card cloning. In October last year, Fillmore showed how he could clone Visa V -0.01% and MasterCard MA +1.68% payment cards with an Android app running on a Google GOOGL +0.71% Nexus 4. He successfully shopped with it, buying some beers in a Sydney pub and a Snickers bar from a supermarket.
Password Cracking Experts Decipher Equation Group Crypto Hash
From Forensic Magazine:
Password Cracking Experts Decipher Equation Group Crypto Hash
Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about recently, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistered."
Password Cracking Experts Decipher Equation Group Crypto Hash
Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about recently, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistered."
Army Reserve Partnership Aims to Grow Cyber Warriors
From Forensic Magazine:
Army Reserve Partnership Aims to Grow Cyber Warriors
The Army Reserve has partnered with universities and private companies across the country to recruit and grow cybersecurity professionals.
Army Reserve Partnership Aims to Grow Cyber Warriors
The Army Reserve has partnered with universities and private companies across the country to recruit and grow cybersecurity professionals.
Bank Hackers Steal Millions With Malware
From Forensic Magazine:
Bank Hackers Steal Millions With Malware
In late 2013, an ATM in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
Bank Hackers Steal Millions With Malware
In late 2013, an ATM in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
Encryption and Silence Can be Targets’ Best Assets
From ThreatPost:
Encryption and Silence Can be Targets’ Best Assets
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security.
Encryption and Silence Can be Targets’ Best Assets
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security.
APT Groups Emerging in Middle East
From ThreatPost:
APT Groups Emerging in Middle East
CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well.
APT Groups Emerging in Middle East
CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well.
Cybercrime Gang: Fraud Estimates Hit $1B
From GovInfoSecurity:
Cybercrime Gang: Fraud Estimates Hit $1B
A notorious cybercrime gang continues to target financial services firms and retailers. A new report estimates that the Anunak - a.k.a. Carbanak - gang has now stolen up to $1 billion from banks in Russia, the United States and beyond, in part by using "jackpotting" malware that infects ATMs and which attackers can use to issue cash from ATMs, on demand.
Cybercrime Gang: Fraud Estimates Hit $1B
A notorious cybercrime gang continues to target financial services firms and retailers. A new report estimates that the Anunak - a.k.a. Carbanak - gang has now stolen up to $1 billion from banks in Russia, the United States and beyond, in part by using "jackpotting" malware that infects ATMs and which attackers can use to issue cash from ATMs, on demand.
Code typo helps tie North Korea to the Sony hack
From ComputerWorld:
Code typo helps tie North Korea to the Sony hack
A security company in the U.S. has provided further evidence that last year's devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.
Code typo helps tie North Korea to the Sony hack
A security company in the U.S. has provided further evidence that last year's devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.
Vladimir Drinkman Pleads Not Guilty In 160 Million Credit Card Hacking Case
From Forbes:
Vladimir Drinkman Pleads Not Guilty In 160 Million Credit Card Hacking Case
A Russian man pleaded not guilty to 11 charges in a New Jersey federal court on Tuesday, as part of the largest international hacking and data breach case ever prosecuted in the United States.
Vladimir Drinkman Pleads Not Guilty In 160 Million Credit Card Hacking Case
A Russian man pleaded not guilty to 11 charges in a New Jersey federal court on Tuesday, as part of the largest international hacking and data breach case ever prosecuted in the United States.
This $150,000 Kickstarter Campaign Wants To Turn Kids Into Crime Scene Investigators
From Forbes:
This $150,000 Kickstarter Campaign Wants To Turn Kids Into Crime Scene Investigators
London-based startup Forensic Outreach is hoping to raise at least $150,000 via Kickstarter to create a “virtual faculty” that would get kids into the science behind crime scene investigation. The CASE Academy already has an impressive line-up of teachers and backers, including Kimberlee Sue Moran, current FBI forensic examiner and cryptanalyst, and Thomas Mauriello, former special agent with the US Department of Defense.
This $150,000 Kickstarter Campaign Wants To Turn Kids Into Crime Scene Investigators
London-based startup Forensic Outreach is hoping to raise at least $150,000 via Kickstarter to create a “virtual faculty” that would get kids into the science behind crime scene investigation. The CASE Academy already has an impressive line-up of teachers and backers, including Kimberlee Sue Moran, current FBI forensic examiner and cryptanalyst, and Thomas Mauriello, former special agent with the US Department of Defense.
Legislation and the future of federal cybersecurity
From FCW:
Legislation and the future of federal cybersecurity
Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the president’s signing of three cybersecurity-related bills last December.
Legislation and the future of federal cybersecurity
Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the president’s signing of three cybersecurity-related bills last December.
Destroying your hard drive is the only way to stop this super-advanced malware
From PCWorld:
Destroying your hard drive is the only way to stop this super-advanced malware
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia, utilizing a startlingly advanced form of malware that is impossible to remove once it's infected your PC.
Destroying your hard drive is the only way to stop this super-advanced malware
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia, utilizing a startlingly advanced form of malware that is impossible to remove once it's infected your PC.
Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company
From DarkReading:
Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company
By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.
Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company
By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.
In the Age of Data Breaches
From Symantec's Official Blog:
In the Age of Data Breaches
When I think of the cyber security realm, three characteristics come top of mind- Velocity, Volume and Variety. These three facets of the attack landscape make security a consistently moving target. It’s one of the only verticals where an active attack actor can change the state of an industry with a touch of keyboard.
In the Age of Data Breaches
When I think of the cyber security realm, three characteristics come top of mind- Velocity, Volume and Variety. These three facets of the attack landscape make security a consistently moving target. It’s one of the only verticals where an active attack actor can change the state of an industry with a touch of keyboard.
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy
From Wired:
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy
A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him.
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy
A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him.
25 billion Cyberattacks hit systems in Japan during 2014
From Security Affairs:
25 billion Cyberattacks hit systems in Japan during 2014
The National Institute of Information and Communications Technology revealed that more than 25 billion cyberattacks hit systems in Japan during 2014.
25 billion Cyberattacks hit systems in Japan during 2014
The National Institute of Information and Communications Technology revealed that more than 25 billion cyberattacks hit systems in Japan during 2014.
Arid Viper – Israel entities targeted by malware packaged with sex video
From Security Affairs:
Arid Viper – Israel entities targeted by malware packaged with sex video
Attackers behind the Arid Viper and the Yanbian Gang exploited sex content for their campaigns against victims in Israel and Kuwait, and South Korea.
Arid Viper – Israel entities targeted by malware packaged with sex video
Attackers behind the Arid Viper and the Yanbian Gang exploited sex content for their campaigns against victims in Israel and Kuwait, and South Korea.
Visual hacking exposed
Back in the day we called this "shoulder surfing" If someone is standing next to you and you have to enter a password, PIN ... it's NOT rude to politely ask them to turn around or take a few steps back so they cannot see what you're entering.
From Help Net Security:
Visual hacking exposed
While most security professionals focus on thwarting data breaches from cyber attacks, a new study exposes visual hacking, a low-tech method used to capture sensitive, confidential and private information for unauthorized use, as an under-addressed corporate risk.
From Help Net Security:
Visual hacking exposed
While most security professionals focus on thwarting data breaches from cyber attacks, a new study exposes visual hacking, a low-tech method used to capture sensitive, confidential and private information for unauthorized use, as an under-addressed corporate risk.
Cybercrime fighters target human error
From Nature.com (?!?!?!):
Cybercrime fighters target human error
It would be easy to blame the poor soul at Sony Pictures Entertainment who opened the door to one of the most disastrous hacks in history just by clicking an e-mail link. As US President Barack Obama pointed out during a visit to Stanford University in California on 13 February, user negligence is often the key to a successful cyberattack.
Cybercrime fighters target human error
It would be easy to blame the poor soul at Sony Pictures Entertainment who opened the door to one of the most disastrous hacks in history just by clicking an e-mail link. As US President Barack Obama pointed out during a visit to Stanford University in California on 13 February, user negligence is often the key to a successful cyberattack.
Yes, You Can Afford a Hacker
From The Daily Beast:
Yes, You Can Afford a Hacker
Want to break into your partner’s email? Got a few hundred bucks lying around? You can afford your very own hacker.
Yes, You Can Afford a Hacker
Want to break into your partner’s email? Got a few hundred bucks lying around? You can afford your very own hacker.
Darkleaks: An online black market for selling secrets
From Help Net Security:
Darkleaks: An online black market for selling secrets
Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet.
Darkleaks: An online black market for selling secrets
Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet.
Hackers force closure of Canadian Bitcoin exchange Cavirtex
From Sophos Naked Security:
Hackers force closure of Canadian Bitcoin exchange Cavirtex
Canadian Bitcoin exchange Cavirtex has announced its imminent closure following an apparent security breach.
Hackers force closure of Canadian Bitcoin exchange Cavirtex
Canadian Bitcoin exchange Cavirtex has announced its imminent closure following an apparent security breach.
Massive, Decades-Long Cyberespionage Framework Uncovered
From ThreatPost:
Massive, Decades-Long Cyberespionage Framework Uncovered
CANCUN–Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods, including interdicting physical media such as CDs and inserting their custom malware implants onto the discs.
Massive, Decades-Long Cyberespionage Framework Uncovered
CANCUN–Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods, including interdicting physical media such as CDs and inserting their custom malware implants onto the discs.
Kaspersky outs hard drive infecting malware
From Bit-Tech:
Kaspersky outs hard drive infecting malware
Anti-virus researchers at Kaspersky Labs have uncovered evidence of what they claim is the most sophisticated malware operation in history, carried out by the Equation Group, including modules which have the ability to reprogram and infect the firmware of storage devices.
Kaspersky outs hard drive infecting malware
Anti-virus researchers at Kaspersky Labs have uncovered evidence of what they claim is the most sophisticated malware operation in history, carried out by the Equation Group, including modules which have the ability to reprogram and infect the firmware of storage devices.
Malware infected about 16 million mobile devices last year
From Android Community:
Malware infected about 16 million mobile devices last year
Not that we don't know this one yet but millions of mobile devices have been infected by malware last year. According Alcatel-Lucent, a French telecommunications equipment company, malware affected about 16 million gadgets in 2014. The figure saw a 25 percent increase compared to the previous year. Mobile devices' malware infection rate is still at 0.68 perfect but mobile spyware is on the rise.
Malware infected about 16 million mobile devices last year
Not that we don't know this one yet but millions of mobile devices have been infected by malware last year. According Alcatel-Lucent, a French telecommunications equipment company, malware affected about 16 million gadgets in 2014. The figure saw a 25 percent increase compared to the previous year. Mobile devices' malware infection rate is still at 0.68 perfect but mobile spyware is on the rise.
Hackers’ Op-Sec Failures Important Clues to Uncover APT Gangs
From ThreatPost:
Hackers’ Op-Sec Failures Important Clues to Uncover APT Gangs
CANCUN – Sophistication, resourcefulness and ingenuity are characteristics usually associated with state-sponsored espionage hacker groups. But they’re certainly not infallible.
Like most detective work, security analysts generally are able to toss back the covers on APT campaigns and major financial hacks because the bad guy makes a bad mistake – or two. Or three.
Hackers’ Op-Sec Failures Important Clues to Uncover APT Gangs
CANCUN – Sophistication, resourcefulness and ingenuity are characteristics usually associated with state-sponsored espionage hacker groups. But they’re certainly not infallible.
Like most detective work, security analysts generally are able to toss back the covers on APT campaigns and major financial hacks because the bad guy makes a bad mistake – or two. Or three.
UK Computer Emergency Response Team (CERT) Introduction to Social Engineering
From PublicIntelligence.net:
UK Computer Emergency Response Team (CERT) Introduction to Social Engineering
The following guide to social engineering was released by the UK Computer Emergency Response Team (CERT) on January 21, 2015.
UK Computer Emergency Response Team (CERT) Introduction to Social Engineering
The following guide to social engineering was released by the UK Computer Emergency Response Team (CERT) on January 21, 2015.
Skeleton Key Malware Analysis
From Dell SecureWorks:
Skeleton Key Malware Analysis
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the name "Skeleton Key."
Skeleton Key Malware Analysis
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the name "Skeleton Key."
Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence
From ThreatPost:
Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence
CANCUN – “2015 got weird… really weird.” Those were some of the first words spoken by Dan Kaminsky in his talk today at the Kaspersky Security Analyst Summit Monday.
He was referring to a few key events from the last several weeks: the Sony hack debacle, or what he called “North Korean or Teenager?”; and President Obama’s stop at Stanford last week to stress further government/technology information sharing, to name a few. However Kaminsky, the co-founder and chief scientist at the security firm White Ops, confessed that it’s going to take more than just a proficient coder to solve today’s cybersecurity woes.
Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence
CANCUN – “2015 got weird… really weird.” Those were some of the first words spoken by Dan Kaminsky in his talk today at the Kaspersky Security Analyst Summit Monday.
He was referring to a few key events from the last several weeks: the Sony hack debacle, or what he called “North Korean or Teenager?”; and President Obama’s stop at Stanford last week to stress further government/technology information sharing, to name a few. However Kaminsky, the co-founder and chief scientist at the security firm White Ops, confessed that it’s going to take more than just a proficient coder to solve today’s cybersecurity woes.
Data breaches up by 49% in 2014, exposing more than a billion records
From ComputerWeekly:
Data breaches up by 49% in 2014, exposing more than a billion records
Cyber criminals compromised more than a billion data records in 2014 in more than 1,500 breaches, according to the latest breach report from Gemalto.
This represents a 49% increase in data breaches and a 78% increase in the number of data records stolen or lost compared with 2013, which works out at 32 records lost or stolen every second.
Data breaches up by 49% in 2014, exposing more than a billion records
Cyber criminals compromised more than a billion data records in 2014 in more than 1,500 breaches, according to the latest breach report from Gemalto.
This represents a 49% increase in data breaches and a 78% increase in the number of data records stolen or lost compared with 2013, which works out at 32 records lost or stolen every second.
Every internet-connected device is a potential privacy risk
From The Age:
Every internet-connected device is a potential privacy risk
Samsung's warning that its Smart TV may collect and send sensitive data online might seem alarming, but it's certainly not the only device in your house snooping on you.
Every internet-connected device is a potential privacy risk
Samsung's warning that its Smart TV may collect and send sensitive data online might seem alarming, but it's certainly not the only device in your house snooping on you.
US-China tensions build on cybersecurity
From The Hill:
US-China tensions build on cybersecurity
Tensions over cybersecurity are building between the U.S. and Beijing after the latest string of hacking attacks in the United States, some of which have been traced back to China.
The two countries have dug in their heels on differing approaches to cybersecurity and don’t appear ready to budge, experts say.
US-China tensions build on cybersecurity
Tensions over cybersecurity are building between the U.S. and Beijing after the latest string of hacking attacks in the United States, some of which have been traced back to China.
The two countries have dug in their heels on differing approaches to cybersecurity and don’t appear ready to budge, experts say.
Defeating TrueCrypt: Practical Attacks against TrueCrypt Security
From the InfoSec Institute:
Defeating TrueCrypt: Practical Attacks against TrueCrypt Security
The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a daily basis. This is facilitated by easy-to-use GUI tools like TrueCrypt that offer advanced encryption without hassles. TrueCrypt offers ‘on-the-fly’ encryption, which means we do not have to wait for large files to decrypt after entering the correct passphrase; files are immediately accessible. Many of us have come to trust TrueCrypt to defend extremely sensitive personal and business secrets. However, there is no such thing as absolute security. Vulnerabilities always exist, and in this paper we look at some of the ways in which TrueCrypt security can be “beaten”. Please note that these attacks may not target a flaw in TrueCrypt itself, but rely on ‘bypassing’ TrueCrypt security or taking advantage of user negligence.
Defeating TrueCrypt: Practical Attacks against TrueCrypt Security
The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a daily basis. This is facilitated by easy-to-use GUI tools like TrueCrypt that offer advanced encryption without hassles. TrueCrypt offers ‘on-the-fly’ encryption, which means we do not have to wait for large files to decrypt after entering the correct passphrase; files are immediately accessible. Many of us have come to trust TrueCrypt to defend extremely sensitive personal and business secrets. However, there is no such thing as absolute security. Vulnerabilities always exist, and in this paper we look at some of the ways in which TrueCrypt security can be “beaten”. Please note that these attacks may not target a flaw in TrueCrypt itself, but rely on ‘bypassing’ TrueCrypt security or taking advantage of user negligence.
Banking trojan Dyreza generating 'tens of thousands' of malicious emails a day
From The Guardian:
Banking trojan Dyreza generating 'tens of thousands' of malicious emails a day
British customers of banks including NatWest, Barclays and HSBC are being targeted by a wave of malicious emails attempting to install the Dyreza malware on their computers.
Banking trojan Dyreza generating 'tens of thousands' of malicious emails a day
British customers of banks including NatWest, Barclays and HSBC are being targeted by a wave of malicious emails attempting to install the Dyreza malware on their computers.
What is the Deep Web? A First Trip Into the Abyss
From The Hacker News Network:
What is the Deep Web? A First Trip Into the Abyss
According several researches the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web users.
What is the Deep Web? A First Trip Into the Abyss
According several researches the principal search engines index only a small portion of the overall web content, the remaining part is unknown to the majority of web users.
What do you think if you were told that under our feet, there is a world larger than ours and much more crowded? We will literally be shocked, and this is the reaction of those individual who can understand the existence of the Deep Web, a network of interconnected systems, are not indexed, having a size hundreds of times higher than the current web, around 500 times.
Canada's next-generation military smart gun unveiled
This has absolutely nothing to do with cybersecurity. This is just one hi-tech badass weapon.
Canada's next-generation military smart gun unveiled
Looking every bit like a weapon from a science fiction movie, the latest integrated assault rifle prototype being developed for the Canadian Armed Forces (CAF) is packed with some very smart weapons technology. Along with the ability to fire new lightweight telescoped ammunition, and a secondary effects module that adds either a three-round 40 mm grenade launcher or a 12-gauge shotgun, there is also a NATO-standard power and data bus to allow the attachment of smart accessories, such as electro-optical sights and position sensors that connect to command and control networks.
Canada's next-generation military smart gun unveiled
Looking every bit like a weapon from a science fiction movie, the latest integrated assault rifle prototype being developed for the Canadian Armed Forces (CAF) is packed with some very smart weapons technology. Along with the ability to fire new lightweight telescoped ammunition, and a secondary effects module that adds either a three-round 40 mm grenade launcher or a 12-gauge shotgun, there is also a NATO-standard power and data bus to allow the attachment of smart accessories, such as electro-optical sights and position sensors that connect to command and control networks.
Chinese Bitcoin exchange Bter hacked, $1.75 million worth of cryptocurrency stolen
From The Next Web:
Chinese Bitcoin exchange Bter hacked, $1.75 million worth of cryptocurrency stolen
Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75 million worth of Bitcoin was stolen.
Chinese Bitcoin exchange Bter hacked, $1.75 million worth of cryptocurrency stolen
Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75 million worth of Bitcoin was stolen.
Smart phones help cyber crime: Top cop
From The Times of India:
Smart phones help cyber crime: Top cop
AURANGABAD: City police commissioner Rajender Singh on Saturday emphasized on creating awareness among internet users to prevent cybercrime. He said the widespread use of internet and smart phones has paved way for unconventional channel of crimes that are difficult to investigate.Employees vulnerable to cyber crime
From The Scotsman:
Employees vulnerable to cyber crime
EMPLOYEES are the chief source of cyber crime against companies, and healthcare data is a key target, writes Gareth Mackie
Employees vulnerable to cyber crime
EMPLOYEES are the chief source of cyber crime against companies, and healthcare data is a key target, writes Gareth Mackie
Mobile Malware Mostly Infecting Android Devices Rises Steadily
From eWeek:
Mobile Malware Mostly Infecting Android Devices Rises Steadily
Data gathered from cellular networks show that 0.68 percent of mobile devices are infected with malware, with 99 percent of the infected devices running Android.
Mobile Malware Mostly Infecting Android Devices Rises Steadily
Data gathered from cellular networks show that 0.68 percent of mobile devices are infected with malware, with 99 percent of the infected devices running Android.
Bank Hackers Steal Millions via Malware
From the NY Times:
Bank Hackers Steal Millions via Malware
PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
Bank Hackers Steal Millions via Malware
PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
The Anonymity Network At Risk
From TechCrunch:
The Anonymity Network At Risk
You don’t have to watch NCIS to know that almost everything we do leaves some kind of trail or trace. Every click of the Internet and every post we make, email we send and file we download are all being tracked by someone somewhere. Unless, of course, it isn’t.
The Anonymity Network At Risk
You don’t have to watch NCIS to know that almost everything we do leaves some kind of trail or trace. Every click of the Internet and every post we make, email we send and file we download are all being tracked by someone somewhere. Unless, of course, it isn’t.
Phishing attacks increasingly target financial data
From Help Net Security:
Phishing attacks increasingly target financial data
28.8 percent of phishing attacks last year aimed to steal financial data from consumers, according to a new report by Kaspersky Lab. The results show how cybercriminals have shifted their focus from banks to payment systems and online shopping websites.
Phishing attacks increasingly target financial data
28.8 percent of phishing attacks last year aimed to steal financial data from consumers, according to a new report by Kaspersky Lab. The results show how cybercriminals have shifted their focus from banks to payment systems and online shopping websites.
The limits of prevention-centric security programs
From Help Net Security:
The limits of prevention-centric security programs
In an analysis of tens of thousands of malicious files, Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files. With 'time to breach' a critical component in damage control in today's threat environment, the analysis further underlines the importance of adopting a proactive stance to threat detection.
The limits of prevention-centric security programs
In an analysis of tens of thousands of malicious files, Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files. With 'time to breach' a critical component in damage control in today's threat environment, the analysis further underlines the importance of adopting a proactive stance to threat detection.
Don’t dig a well when your house is on fire
Whether your SMB/SOHO relies on a hosting provider or is looking to use the services of one inquire as to whether or not they use DDoS protection. If they do, ask them about it. If they don't, keep looking.
From SecurityBistro:
Don’t dig a well when your house is on fire
Relying on human intervention to mitigate DDoS attacks is like digging a well when your house is on fire. When it comes to ensuring service availability and maintaining uptime and SLAs, hosting providers should use minimal (if any) manual intervention when defending against a DDoS attack. Instead, real-time DDoS mitigation will allow providers to eliminate data center outages and collateral damage within the hosted environment. The following is a real-world example of real-time DDoS protection, utilizing purpose built DDoS protection technology, coupled with sophisticated visibility, reporting and analytics capabilities.
From SecurityBistro:
Don’t dig a well when your house is on fire
Relying on human intervention to mitigate DDoS attacks is like digging a well when your house is on fire. When it comes to ensuring service availability and maintaining uptime and SLAs, hosting providers should use minimal (if any) manual intervention when defending against a DDoS attack. Instead, real-time DDoS mitigation will allow providers to eliminate data center outages and collateral damage within the hosted environment. The following is a real-world example of real-time DDoS protection, utilizing purpose built DDoS protection technology, coupled with sophisticated visibility, reporting and analytics capabilities.
Report: Mobile commerce fraud increased in 2014
From Mobile Payments Today:
Report: Mobile commerce fraud increased in 2014
Revenue that mobile commerce merchants lost to fraud spiked 70 percent in 2014 to 1.36 percent compared with 0.80 percent in 2013, according to a new report from LexisNexis Risk Solutions Inc. For comparison, all merchants lost 0.68 percent of revenue to fraud in 2014 in comparison to 0.51 percent in 2013.
Report: Mobile commerce fraud increased in 2014
Revenue that mobile commerce merchants lost to fraud spiked 70 percent in 2014 to 1.36 percent compared with 0.80 percent in 2013, according to a new report from LexisNexis Risk Solutions Inc. For comparison, all merchants lost 0.68 percent of revenue to fraud in 2014 in comparison to 0.51 percent in 2013.
How to remotely install malicious apps on Android devices
From Security Affairs:
How to remotely install malicious apps on Android devices
Security researchers discovered how to install and launch malicious applications remotely on Android devices exploiting two flaws.
How to remotely install malicious apps on Android devices
Security researchers discovered how to install and launch malicious applications remotely on Android devices exploiting two flaws.
Discovered 40000 vulnerable MongoDB databases on the Internet
From Security Affairs:
Discovered 40000 vulnerable MongoDB databases on the Internet
Three German students have discovered that tens of thousands of MongoDB databases running as a service or website backend were exposed on the Internet.
Discovered 40000 vulnerable MongoDB databases on the Internet
Three German students have discovered that tens of thousands of MongoDB databases running as a service or website backend were exposed on the Internet.
How cyber-cops are taking the fight to online fraudsters
From the BBC:
How cyber-cops are taking the fight to online fraudsters
Lack of resources, conflicting international jurisdictions, and the borderless nature of the internet, all make catching coder criminals particularly difficult.
How cyber-cops are taking the fight to online fraudsters
When it comes to fighting cybercrime,
law enforcement agencies are facing an uphill struggle.
Lack of resources, conflicting international jurisdictions, and the borderless nature of the internet, all make catching coder criminals particularly difficult.
Visa to track travelers’ smartphones to cut fraud
From The Columbus Dispatch:
Visa to track travelers’ smartphones to cut fraud
NEW YORK — Those days of calling your bank to let them know that, yes, you really are in Thailand, and yes, you really did use your credit card to buy $200 in sarongs, could be coming to an end.
Visa to track travelers’ smartphones to cut fraud
NEW YORK — Those days of calling your bank to let them know that, yes, you really are in Thailand, and yes, you really did use your credit card to buy $200 in sarongs, could be coming to an end.
This is a crucial year to combat cybercrime
From The Sacremento Bee:
This is a crucial year to combat cybercrime
On Friday, the White House is hosting a cybersecurity summit at Stanford University on how to keep us all safe from cybercriminals throughout the world who work tirelessly to wreak havoc on our economy. This summit is bringing together experts from across many fields to brainstorm on how to prevent cyberattacks in the future and stay one step ahead of the bad guys.
This is a crucial year to combat cybercrime
On Friday, the White House is hosting a cybersecurity summit at Stanford University on how to keep us all safe from cybercriminals throughout the world who work tirelessly to wreak havoc on our economy. This summit is bringing together experts from across many fields to brainstorm on how to prevent cyberattacks in the future and stay one step ahead of the bad guys.
Private Eye Is Said to Face Prosecution in a Hacking
From the NY Times:
Private Eye Is Said to Face Prosecution in a Hacking
Private investigators may be the newest front for federal prosecutors in cracking down on the hacker-for-hire business.
Private Eye Is Said to Face Prosecution in a Hacking
Private investigators may be the newest front for federal prosecutors in cracking down on the hacker-for-hire business.
Exclusive: Obama set to announce executive order on cybersecurity threat data
From Reuters:
Exclusive: Obama set to announce executive order on cybersecurity threat data
(Reuters) - President Barack Obama is expected to announce an executive order directing the government and companies to share more information about cybersecurity threats in response to attacks like that on Sony Entertainment.
Exclusive: Obama set to announce executive order on cybersecurity threat data
(Reuters) - President Barack Obama is expected to announce an executive order directing the government and companies to share more information about cybersecurity threats in response to attacks like that on Sony Entertainment.
Cyber warfare – Cyber Space and the status quo balance of power; dichotomy or symphony? How Technology backfires
From Security Affairs:
Cyber warfare – Cyber Space and the status quo balance of power; dichotomy or symphony? How Technology backfires
Cyber warfare is becoming the most progressive warfare domain after the Second World War. Which global actors benefit the most from this capability.
Cyber warfare – Cyber Space and the status quo balance of power; dichotomy or symphony? How Technology backfires
Cyber warfare is becoming the most progressive warfare domain after the Second World War. Which global actors benefit the most from this capability.
The value of personal data in the criminal underground
From Security Affairs:
The value of personal data in the criminal underground
Which is the cost of personal data in the criminal underground? How cyber criminals steal personal data? Which is the cashout process?
The value of personal data in the criminal underground
Which is the cost of personal data in the criminal underground? How cyber criminals steal personal data? Which is the cashout process?
CTB-Locker Ransomware Spoofs Chrome and Facebook Emails as Lures, Linked to Phishing
From TrendLabs Security Intelligence Blog:
CTB-Locker Ransomware Spoofs Chrome and Facebook Emails as Lures, Linked to Phishing
We recently talked about recent improvements to the CTB-Locker ransomware. To recap, the malware now offers a “free decryption” service, extended deadline to decrypt the files, and an option to change the language of the ransom message.
CTB-Locker Ransomware Spoofs Chrome and Facebook Emails as Lures, Linked to Phishing
We recently talked about recent improvements to the CTB-Locker ransomware. To recap, the malware now offers a “free decryption” service, extended deadline to decrypt the files, and an option to change the language of the ransom message.
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
From ThreatPost:
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems.
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems.
Security professionals warn against relying on cyber insurance
Organizations small and large should have cyber insurance. Take the time to sit down with your agent and do a comprehensive review of the policies available to you.
From ComputerWeekly:
Security professionals warn against relying on cyber insurance
Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.
The warning comes after the head of the largest Lloyd’s of London insurer, Stephen Catlin, said cyber attacks are now so dangerous to global businesses that governments should step in to cover the risks.
From ComputerWeekly:
Security professionals warn against relying on cyber insurance
Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks.
The warning comes after the head of the largest Lloyd’s of London insurer, Stephen Catlin, said cyber attacks are now so dangerous to global businesses that governments should step in to cover the risks.
Infosec and the Blame Game
From Infosecurity Magazine:
Infosec and the Blame Game
In a previous article I used the phrase: “In security, it can be your job to put your job on the line.” A good friend and colleague responded to me via Twitter with two words: “That’s dysfunctional!” Insofar as this can be read as career self-sacrifice, I concur.
Infosec and the Blame Game
In a previous article I used the phrase: “In security, it can be your job to put your job on the line.” A good friend and colleague responded to me via Twitter with two words: “That’s dysfunctional!” Insofar as this can be read as career self-sacrifice, I concur.
Exploiting DNS Poisoning in Brazilian Boleto Fraud Scheme
From Security Affairs:
Exploiting DNS Poisoning in Brazilian Boleto Fraud Scheme
In recent months Brazilian criminal crews have started using DNS poisoning technique to target Brazilian Boletos.
Exploiting DNS Poisoning in Brazilian Boleto Fraud Scheme
In recent months Brazilian criminal crews have started using DNS poisoning technique to target Brazilian Boletos.
Cybersecurity prep seen as mounting task for small U.S. advisers
From Reuters:
Cybersecurity prep seen as mounting task for small U.S. advisers
(Reuters) - Financial regulators are increasingly zoning in on brokerages' vulnerability to computer hackers, a focus likely to hit smaller financial services firms especially hard as they try to convince examiners that their safeguards are up to snuff.
Cybersecurity prep seen as mounting task for small U.S. advisers
(Reuters) - Financial regulators are increasingly zoning in on brokerages' vulnerability to computer hackers, a focus likely to hit smaller financial services firms especially hard as they try to convince examiners that their safeguards are up to snuff.
Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
From Trend Labs Security Intelligence Blog:
Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
Recently, both HP’s Zero Day Initiative (ZDI) and Google’s Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported.
Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
Recently, both HP’s Zero Day Initiative (ZDI) and Google’s Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported.
ISIS-Aligned ‘CyberCaliphate’ Hackers Go After Military Spouses of Strength
BASTARDS!!!
From Breitbart:
ISIS-Aligned ‘CyberCaliphate’ Hackers Go After Military Spouses of Strength
The CyberCaliphate, an ISIS-affiliated hacker group, is sure to make a great deal of American blood boil with their latest stunt: they hijacked the Twitter account of a support group for called Military Spouses of Strength, which “aims to improve mental health awareness by providing resources and knowledge through tangible programming” in the words of their mission statement.
From Breitbart:
ISIS-Aligned ‘CyberCaliphate’ Hackers Go After Military Spouses of Strength
The CyberCaliphate, an ISIS-affiliated hacker group, is sure to make a great deal of American blood boil with their latest stunt: they hijacked the Twitter account of a support group for called Military Spouses of Strength, which “aims to improve mental health awareness by providing resources and knowledge through tangible programming” in the words of their mission statement.
How do you solve a problem like cybercrime?
From Information Age:
How do you solve a problem like cybercrime?
Despite cyber security being on business agendas for several years now, 2014 was, if anything, more prolific than ever for breaches. Is it time organisations got real about security?
How do you solve a problem like cybercrime?
Despite cyber security being on business agendas for several years now, 2014 was, if anything, more prolific than ever for breaches. Is it time organisations got real about security?
Cyber Security Surprise: Dating Apps Are a Risk to Employers
From The Fiscal Times:
Cyber Security Surprise: Dating Apps Are a Risk to Employers
The millions of people using dating apps on company smartphones could be exposing themselves and their employers to hacking, spying and theft, according to a study by International Business Machines Corp.
Cyber Security Surprise: Dating Apps Are a Risk to Employers
The millions of people using dating apps on company smartphones could be exposing themselves and their employers to hacking, spying and theft, according to a study by International Business Machines Corp.
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer
From Wired:
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder.
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder.
How one man could have deleted any photo album he could see on Facebook
From Sophos Naked Security:
How one man could have deleted any photo album he could see on Facebook
Facebook is probably the biggest database of photographs ever compiled.
We upload around 350 million photos to the world's most popular social network every day. Facebook users aren't quite as busy sharing photos as the kids who use Snapchat or WhatsApp but they're not far off, and they've been doing it a lot longer.
How one man could have deleted any photo album he could see on Facebook
Facebook is probably the biggest database of photographs ever compiled.
We upload around 350 million photos to the world's most popular social network every day. Facebook users aren't quite as busy sharing photos as the kids who use Snapchat or WhatsApp but they're not far off, and they've been doing it a lot longer.
Financial cyber threats in 2014: things changed
From SecureList:
Financial cyber threats in 2014: things changed
In 2013 we conducted our first in-depth research into the financial cyber-threat landscape. At that time we registered a sudden surge in the number of attacks targeting users' financial information and money. The financial cyber threats landscape was discussed in detail in Kaspersky Lab's "Financial Cyber-threats in 2013" report.
Financial cyber threats in 2014: things changed
In 2013 we conducted our first in-depth research into the financial cyber-threat landscape. At that time we registered a sudden surge in the number of attacks targeting users' financial information and money. The financial cyber threats landscape was discussed in detail in Kaspersky Lab's "Financial Cyber-threats in 2013" report.
Subscribe to:
Posts (Atom)