Wednesday, December 31, 2014

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

From ars technica:

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

Challenges at the Intersection of Cyber Security and Space Security: Country and International Institution Perspectives

From Chatham House:

Challenges at the Intersection of Cyber Security and Space Security: Country and International Institution Perspectives

Tougher to Use Bitcoin for Crime?

From BankInfoSecurity:

Tougher to Use Bitcoin for Crime?

Researchers Find 64-bit Version of Havex RAT

From SecurityWeek:

Researchers Find 64-bit Version of Havex RAT

The Great Firewall keeps growing, as China blocks all Gmail access

From ars technica:

The Great Firewall keeps growing, as China blocks all Gmail access

NSA Documents: Attacks on VPN, SSL, TLS, SSH, Tor

From Spiegel Online:

NSA Documents: Attacks on VPN, SSL, TLS, SSH, Tor

Over 80 Percent of Dark-Web Visits Relate to Pedophilia, Study Finds

From Malaysian Digest:

Over 80 Percent of Dark-Web Visits Relate to Pedophilia, Study Finds

The iPhone mafia: What happens to your stolen smartphone

From Yahoo! Finance:

The iPhone mafia: What happens to your stolen smartphone

KPMG on cyber crime in 2015: ‘This time it’s personal’

From the Security Lion blog:

KPMG on cyber crime in 2015: ‘This time it’s personal’

Stealing certificates to sign malware will be the next big market for hackers

From the Information Security Strategy blog:

Stealing certificates to sign malware will be the next big market for hackers

Evolution of Banking Malwares, Part 1

From The InfoSec Institute:

Evolution of Banking Malwares, Part 1

15 AppSec Tips From the Top Ethical Hackers of 2014

From CheckMarx:

15 AppSec Tips From the Top Ethical Hackers of 2014

Survey Indicates Directors Concerned with Lack of Proper Cyber and IT Risk Information

From The State of Security:

Survey Indicates Directors Concerned with Lack of Proper Cyber and IT Risk Information

Top Cybersecurity Headlines of 2014

From SecurityWeek:

Top Cybersecurity Headlines of 2014

Android Malware Increasingly Packaged With HTML5 Apps: Trend Micro

From SecurityWeek:

Android Malware Increasingly Packaged With HTML5 Apps: Trend Micro

Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015

From DarkReading:

Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015


You very cunningly attacked the $3 trillion US healthcare industry, including swiping 4 million electronic health records from Community Health Systems, each EHR worth 50 times more on the black market than a credit card number. The FBI Cybercrime Division even issued a warning to the healthcare community that its security measures were inadequate and couldn’t defend against a basic attack, let alone an advanced threat.

EHRs sell for about $50 a pop and can generate profit in many ways. The medical identity may be sold, so someone can get an operation they otherwise couldn’t afford. Details, like a mother’s maiden name, are most likely included as well -- extremely useful for identity theft. And then there’s that other sensitive information. EHRs contain personal info ranging from drug rehab to STDs and details you wouldn’t want anyone knowing. This information can be posted on the Internet, adversely affecting a person’s life, ruining career potential, and even opening one up to blackmail. The FBI acknowledged the value of this opportunity, calling healthcare “a rich new environment for cyber criminals to exploit.” Kudos for your accomplishments in this area.

The Coolest Hacks Of 2014

From DarkReading:

The Coolest Hacks Of 2014

Tech-Challenged Jihadist Tweets His Secret Locations

From NewsMax:

Tech-Challenged Jihadist Tweets His Secret Locations

Sony Hackers Threaten U.S. News Media Organization

From The Intercept:

Sony Hackers Threaten U.S. News Media Organization

Seven Things to Watch for in 2015

From ThreatPost:

Seven Things to Watch for in 2015


Healthcare Data is the New Credit Card Number

If you believe the data coming out of underground sites, credit card numbers have flooded the market driving the price of a stolen card down. What’s in is identity data and credentials. And the most vulnerable subset of personal information is health care information. As with any rush-to-market, the conversion of paper records to electronic is likely to leave gaping holes ripe for a hungry community of hackers who can turn a quick profit with information that can be used for fraud, insurance scams and illicit drug purchases.

XXE Bug Patched in Facebook Careers Third-Party Service

From ThreatPost:

XXE Bug Patched in Facebook Careers Third-Party Service

Payment Cards Exposed in Possible Chik-fil-A Data Breach

From ThreatPost:

Payment Cards Exposed in Possible Chik-fil-A Data Breach

Majority of 4G USB Modems, SIM Cards Exploitable

From ThreatPost:

Majority of 4G USB Modems, SIM Cards Exploitable

FTC Alert: FTC Approves Final Order Settling Charges Against Snapchat

From the Federal Trade Commission:

FTC Approves Final Order Settling Charges Against Snapchat

This is what you told us about computer security in 2014

From Sophos Naked Security:

This is what you told us about computer security in 2014

Android Lollipop 5.0.2 is out, but some Nexus users are still stuck on KitKat

From Sophos Naked Security:

Android Lollipop 5.0.2 is out, but some Nexus users are still stuck on KitKat

FTC Alert: Top Blog Posts of 2014

From the Federal Trade Commission:

Top Blog Posts of 2014

2014-12-31 Link of the Day: Free Info From Infosec Institute

From the InfoSec Institute:

Log Analysis for Web Attacks: A Beginner’s Guide

Mini Courses -

     iOS Application Pen-Testing for Beginners
     Introduction to IT Security & Computer Forensics
     Cryptography Short Course (CISSP Domain #5)
     Pass the Security+ Performance-Based Questions




Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, December 30, 2014

20 Startups To Watch In 2015

From DarkReading:

20 Startups To Watch In 2015

4 Infosec Resolutions For The New Year

From DarkReading:

4 Infosec Resolutions For The New Year

Complementing a Security Management Model with the 20 Critical Security Controls

From SecurityOrb:

Complementing a Security Management Model with the 20 Critical Security Controls

10 best privacy tools for staying secure online

From ZDNet:

10 best privacy tools for staying secure online

Machine Intelligence Cracks Genetic Controls

From Wired:

Machine Intelligence Cracks Genetic Controls

Malware infected copies of The Interview have been loaded on Android devices

From PhoneArena.com:

Malware infected copies of The Interview have been loaded on Android devices

Hacker group claims to have released 13,000 passwords, credit numbers from websites including Walmart and Amazon

From The NY Daily News:

Hacker group claims to have released 13,000 passwords, credit numbers from websites including Walmart and Amazon

Hacking Facebook Accounts Using Android "Same Origin Policy" Vulnerability

From The Hacker News:

Hacking Facebook Accounts Using Android "Same Origin Policy" Vulnerability

Attributing Cyber Attacks

From The Journal of Strategic Studies:

Attributing Cyber Attacks

Botched cyberattack raises fears that Islamic State may be hacking

From Stripes:

Botched cyberattack raises fears that Islamic State may be hacking

Top Data Breaches of 2014

From BankInfoSecurity:

Top Data Breaches of 2014

What Social Enterprises Should Know About Cyber Security

From Forbes:

What Social Enterprises Should Know About Cyber Security

The Cost Of Healthcare Data Access

From Information Week HealthCare:

The Cost Of Healthcare Data Access

Expert’s warning: Likelihood of future cyberattacks on U.S. emanating from Cuba is ‘100 percent’

From the Washington Times:

Expert’s warning: Likelihood of future cyberattacks on U.S. emanating from Cuba is ‘100 percent’

Director of Europol: ‘Top computer graduates are being lured into cybercrime’

From The Independent:

Director of Europol: ‘Top computer graduates are being lured into cybercrime’

Deschutes’ digital forensics lab stretched

From The Bulletin:

Deschutes’ digital forensics lab stretched

FBI Seeking Tech Experts to Become Cyber Special Agents

From the FBI web site:

FBI Seeking Tech Experts to Become Cyber Special Agents

Blackberry releases first security fixes for new Z10 smartphone

From SecurityOrb.com:

Blackberry releases first security fixes for new Z10 smartphone

Why is this company still in business???  This phone was released 2 years ago and it's just getting its first security fix?  Way to go Blackberry, way to go.

Can malware and hackers really cause giant physical disasters?

From Sophos Naked Security:

Can malware and hackers really cause giant physical disasters?

From Facebook, through iPhones and Androids, to Macs - make the safest start to 2015!

From Sophos Naked security:

From Facebook, through iPhones and Androids, to Macs - make the safest start to 2015!

Will 2015 be the year we finally do something about DDoS?

Awesome piece by John Bambeneck from SANS ISC:

Will 2015 be the year we finally do something about DDoS?

2014-12-30 Link of the Day: Metasploit Unleashed

This is a free course from HFC (Hackers For Charity).  Please be kind & make a donation if you take the course:

Metasploit Unleashed




Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Monday, December 29, 2014

Prying Eyes: Inside the NSA's War on Internet Security

From Spiegel Online:

Prying Eyes: Inside the NSA's War on Internet Security

Nine of the Most Deceiving Malware Threats of 2014

From HotForSecurity:

Nine of the Most Deceiving Malware Threats of 2014

Cybersecurity Hindsight And A Look Ahead At 2015

From TechCrunch:

Cybersecurity Hindsight And A Look Ahead At 2015

Who’s in the Lizard Squad?

From Brian Krebs:

Who’s in the Lizard Squad?

Cyber hackers take control of cars using dashboard technology

From International Business Times:

Cyber hackers take control of cars using dashboard technology

The spies in the cellar are now sidling up to your desk

From the Financial Times:

The spies in the cellar are now sidling up to your desk

FTC Alert: For 2015 — resolve to back up your digital life

From the Federal Trade Commission:

For 2015 — resolve to back up your digital life

Top Facebook scams and malware attacks

From Help Net security:

Top Facebook scams and malware attacks

Yes, I got an iTunes gift card for Christmas - but HOW DID THE CROOKS KNOW THAT?

From Sophos Naked Security:

Yes, I got an iTunes gift card for Christmas - but HOW DID THE CROOKS KNOW THAT?

Fighting The Cybersecurity War: 4 Ways To Combat Hackers And Cyber Criminals

From Forbes:

Fighting The Cybersecurity War: 4 Ways To Combat Hackers And Cyber Criminals

Why It's Time For A Board-Level Cybersecurity Committee

From Forbes:

Why It's Time For A Board-Level Cybersecurity Committee

Secret Service Withheld Monitoring Data from DHS

From GovInfoSecurity:

Secret Service Withheld Monitoring Data from DHS

Cyber attack on Angela Merkel aide: Report

From DW (Deutsche Welle):

Cyber attack on Angela Merkel aide: Report

The 5 Most Dangerous Software Bugs of 2014

From Wired:

The 5 Most Dangerous Software Bugs of 2014

Re-Gifting Digital Gadgets Can Lead to Identity Theft Woes

From PCMag:

Re-Gifting Digital Gadgets Can Lead to Identity Theft Woes

Degree profile: Criminal justice & cyber crime

From Military Times:

Degree profile: Criminal justice & cyber crime

European Hackers Found New Method to Bypass Fingerprint Authentication

From the Utah People's Post:

European Hackers Found New Method to Bypass Fingerprint Authentication

DoJ's new cybersecurity office to aid in worldwide investigations

From Federal News radio:

DoJ's new cybersecurity office to aid in worldwide investigations

Crimeware-as-a-Service Offers Custom Targeting

From CIO:

Crimeware-as-a-Service Offers Custom Targeting

How you could become a victim of cybercrime in 2015

From The Guardian:

How you could become a victim of cybercrime in 2015

Banking and healthcare companies at risk

A parallel trend cited by several of the companies is the prospect of attacks on bigger companies in the private and public sector, with cybercriminals having specific goals in mind.

“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.

“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”

Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute.

“Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”

WebSense’s Carl Leonard agrees. “The healthcare industry is a prime target for cybercriminals. With millions of patient records now in digital form, healthcare’s biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers.”

India logs 40% annual increase in cyber crime cases

From India.com:

India logs 40% annual increase in cyber crime cases

Bitcoin 2.0 And Tokenizing The User Experience

From TechCrunch:

Bitcoin 2.0 And Tokenizing The User Experience

Digital privacy in spotlight at Hamburg hacker event

From Euronews:

Digital privacy in spotlight at Hamburg hacker event

Saturday, December 27, 2014

Sony Hack Highlights The Global Underground Market For Malware

From NPR:

Sony Hack Highlights The Global Underground Market For Malware

Secure your new tech toys against hacking

From CBS News:

Secure your new tech toys against hacking

ISC.org website hacked: Scan your PC for malware if you stopped by

From The Register:

ISC.org website hacked: Scan your PC for malware if you stopped by

NSA's Christmas Eve confession: We unlawfully spied on you for 12 years

From The Register:

NSA's Christmas Eve confession: We unlawfully spied on you for 12 years

The hackers who say they took down gaming networks are now going after Tor

From The Washington Post:

The hackers who say they took down gaming networks are now going after Tor

Why passwords won't die next year (or the years after that)

From ZDNet:

Why passwords won't die next year (or the years after that)

Iran to expand policy of ‘smart filtering’ of the internet

From The Guardian:

Iran to expand policy of ‘smart filtering’ of the internet

North Korea was NOT behind the Sony hack according to multiple security experts

From the Daily Mail:

North Korea was NOT behind the Sony hack according to multiple security experts who discredit FBI findings and reveal that a studio insider named 'Lena' may be responsible

Terrorist material reappears online 'as quickly as it is banished', warns thinktank

From The Telegraph:

Terrorist material reappears online 'as quickly as it is banished', warns thinktank

POS malware crooks hack IP cams to validate targets

From The Register:

POS malware crooks hack IP cams to validate targets

Afghanistan CDN network compromised by Chinese hackers

From Security Affairs:

Afghanistan CDN network compromised by Chinese hackers

This is Lizard Squad, the nebulous hacker group now tied to the Sony hack

From The Christian Science Monitor:

This is Lizard Squad, the nebulous hacker group now tied to the Sony hack

Friday, December 26, 2014

Vendor Breach Exposes PII of More than 7,000 Vets

From DataBreachToday:

Vendor Breach Exposes PII of More than 7,000 Vets

6 Sony Breach Lessons We Must Learn

From DataBreachToday:

6 Sony Breach Lessons We Must Learn

I would argue that #4 should top the list.  There are no bullet proof cybersecurity solutions making everyone vulnerable.

Russian Ring Blamed for Retail Breaches

From DataBreachToday:

Russian Ring Blamed for Retail Breaches

2014-12-26 Link of the Day: FREE - Introduction to Cyber Security Course

This is geared more towards the UK & European cybersecurity enthusiast.  My fellow Americans can learn from it as well.

Introduction to Cyber Security

Next class - 2015-01-26





Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

RSA Report Dives Deep into Backoff PoS Malware

From Security Week:

RSA Report Dives Deep into Backoff PoS Malware

Nearly 50 Percent of Organizations Hit With DNS Attack in Last 12 Months: Survey

From Security Week:

Nearly 50 Percent of Organizations Hit With DNS Attack in Last 12 Months: Survey

Sony's PlayStation, Microsoft's Xbox Offline in 'Hacker Attack'

From Security Week:

Sony's PlayStation, Microsoft's Xbox Offline in 'Hacker Attack'

China a Likely Factor in North Korea Cyber Prowess: Experts

From Security Week:

China a Likely Factor in North Korea Cyber Prowess: Experts

Why Digital Forensics In Incident Response Matter More Now

From DarkReading:

Why Digital Forensics In Incident Response Matter More Now

Attackers Leverage IT Tools As Cover

From DarkReading:

Attackers Leverage IT Tools As Cover

Wednesday, December 24, 2014

Looking at North Korea’s IP Space with Shodan

From Cyberarms Blog:

Looking at North Korea’s IP Space with Shodan

Analyzing Shellcode Extracted from Malicious RTF Documents

From SANS DFIR:

Analyzing Shellcode Extracted from Malicious RTF Documents

Give Your Cyber Intelligence Dashboards a Facelift With These Advanced Chart Types

From RecordedFuture:

Give Your Cyber Intelligence Dashboards a Facelift With These Advanced Chart Types

Sony hack: British university trained North Korean elite in computer security

From The Telegraph:

Sony hack: British university trained North Korean elite in computer security

Digital Attack Map - Top daily DDoS attacks worldwide

From DigitalAttackMap.com:

The Webcam Hacking Epidemic

From NextGov:

The Webcam Hacking Epidemic

China condemns cyberattacks, but says no proof North Korea hacked Sony

From Reuters:

China condemns cyberattacks, but says no proof North Korea hacked Sony

Obama Signs 5 Cybersecurity Bills

From InfoRiskToday:

Obama Signs 5 Cybersecurity Bills

Dozens of Chinese Held in Kenya ‘Cyber Bust’ Dozens

From SecurityOrb:

Dozens of Chinese Held in Kenya ‘Cyber Bust’ Dozens

Feds Enhancing Cloud Security Vetting Process

From GovInfoSecurity:

Feds Enhancing Cloud Security Vetting Process

Cybercrime will continue to evolve

From Help Net Security:

Cybercrime will continue to evolve

Nuclear plant hack resembles past North Korea attacks

From The Hill:

Nuclear plant hack resembles past North Korea attacks

When Does Cyber Crime Become an Act of Cyberwar?

From TownHall:

When Does Cyber Crime Become an Act of Cyberwar?

US CERT: Apple Releases Security Updates for OS X

From US-CERT:

Apple Releases Security Updates for OS X

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found

From Network World:

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found

Strongly consider a 2FA solution for any Internet facing or sensitive systems in your organization.

FTC Alert: These anti-aging claims could leave you light-headed

From the Federal Trade Commission:

These anti-aging claims could leave you light-headed

FTC Alert: FTC thwarts company’s mole, skin tag, and wart-removal claims

From the Federal Trade Commission:

FTC thwarts company’s mole, skin tag, and wart-removal claims

Sony Pictures Cyber-Attack Timeline

Very nice infographic from DataBreachToday:

Sony Pictures Cyber-Attack Timeline

Breach Notification: Tackling the Timing

From DataBreachToday:

Breach Notification: Tackling the Timing

Old-school tricks to protect your passwords

From Network World:

Old-school tricks to protect your passwords

2014-12-24 Link of the Day: Wifi Protector

I just came across this in the Google store.  After doing some research I found there is also a Windows application named Wifi Protector.  It does not appear to be available for Apple products or Linux distros.  These two products look interesting.  The Android app protects your device from ARP & MitM attacks while the Windows version creates a VPN to encrypt your data when using an untrusted wifi network.

If anyone has used either of these please leave comments on your experience with them.

Android Wifi Protector
Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle).

Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning. 
Don't allow such tools to break your privacy and steal your data. You can defend yourself with a single app. 
Allows secure usage of Facebook, Twitter, LinkedIn, Live.com, eBay ...
WifiKill can't take you offline with this app installed.
The "Immunity" feature is the only one that requires root, all other features work without root access.

Windows Wifi Protector -
Is your WIFI network secure?

Scan and protect your system. 100% FREE!

Most Wi-Fi networks use poor security which leaves you exposed to privacy breaches and identity theft. Wifi Protector scans all the wi-fi networks you use on regular basis for any security problems and helps to protect you online.

Article on Windows version - WiFi Protector: Secure Your WiFi Connection With 256 Bit Encryption & Change IP Address



Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, December 23, 2014

Top bankers urged to take cybercrime threat more seriously

From The Guardian:

Top bankers urged to take cybercrime threat more seriously

The Business of Security Is Business

From Wired:

The Business of Security Is Business

What’s Needed for a Successful Information Security Policy?

From SecurityOrb:

What’s Needed for a Successful Information Security Policy?

Possible upcoming attempts to disable the Tor network

Announcement from the Tor Project:

Possible upcoming attempts to disable the Tor network

Staples confirms data breach affected 1.16m credit cards

From The Drum:

Staples confirms data breach affected 1.16m credit cards

11 sites that can feel Sony’s pain

From CSO:

11 sites that can feel Sony’s pain

GCHQ warns serious criminals have been lost in wake of Edward Snowden leaks

From The Telegraph:

GCHQ warns serious criminals have been lost in wake of Edward Snowden leaks

FTC Alert: FTC Halts Texas Auto Dealer’s Deceptive Ads

From the Federal Trade Commission:

FTC Halts Texas Auto Dealer’s Deceptive Ads

FTC Alert: FTC Charges Data Broker with Facilitating the Theft of Millions of Dollars from Consumers' Accounts

From the Federal Trade Commission:

FTC Charges Data Broker with Facilitating the Theft of Millions of Dollars from Consumers' Accounts

Chinese Hackers Suspected of Attacking Government Sites in Afghanistan

From Security Week:

Chinese Hackers Suspected of Attacking Government Sites in Afghanistan

1-15 December 2014 Cyber Attacks Timeline

From Hackmageddon:

1-15 December 2014 Cyber Attacks Timeline

Digital crime landscape in 2015

From Help Net Security:

Digital crime landscape in 2015

5 working days left until the deadline for compliance with PCI DSS 3.0 kicks in

From Help Net Security:

5 working days left until the deadline for compliance with PCI DSS 3.0 kicks in

Infosec: More than reindeer games

From Help Net Security:

Infosec: More than reindeer games

EU to demand 2-factor for online payments by August 2015?

From Sophos Naked Security:

EU to demand 2-factor for online payments by August 2015?

US CERT: Vulnerabilities Identified in Network Time Protocol Daemon

From US-CERT:

Vulnerabilities Identified in Network Time Protocol Daemon

US CERT: "Misfortune Cookie" Broadband Router Vulnerability

From US-CERT:

"Misfortune Cookie" Broadband Router Vulnerability

Cybersecurity Center Invites Feedback on Securing Medical Devices

From NIST:

Cybersecurity Center Invites Feedback on Securing Medical Devices

NIST SP 800-88 Rev 1 Guidelines For Media Sanitization

From NIST:

NIST SP 800-88 Rev. 1 Guidelines For Media Sanitization

NIST Announces Initial Members of Forensic Science Digital Evidence Subcommittee

NIST Announcement:

NIST Announces Initial Members of Forensic Science Digital Evidence Subcommittee

Watchdog: Secret Service Refused to Hand Over Cybersecurity Data

From The Hill:

Watchdog: Secret Service Refused to Hand Over Cybersecurity Data

Cyber Command investment ensures hackers targeting U.S. face retribution

From The Washington Post:

Cyber Command investment ensures hackers targeting U.S. face retribution

What Is Wrong With 'Legal Malware'?

Excellent piece authored by Eugene Kaspersky from Forbes:

What Is Wrong With 'Legal Malware'?

Gang Hacked ATMs from Inside Banks

From Brian Krebs:

Gang Hacked ATMs from Inside Banks

North Korea and cyberterrorists won big in Sony hack, researcher says

From ars technical:

North Korea and cyberterrorists won big in Sony hack, researcher says

DHS Releases Destover Wiper Malware Indicators of Compromise

From ThreatPost:

DHS Releases Destover Wiper Malware Indicators of Compromise

7 Things Microsoft Killed in 2014, and 1 That Got Off the Hook

From Network World:

7 Things Microsoft Killed in 2014, and 1 That Got Off the Hook

2014-12-23 Link of the Day: Endian Firewall Community

Here is a free, full featured firewall for home/SOHO/SMB use:

Endian Firewall Community



Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Monday, December 22, 2014

FTC Alert: Business Directory Scams: Information? Puh-leez.

From the Federal Trade Commission:

Business Directory Scams: Information? Puh-leez.

FTC Alert: Does that ABC app track your child?

From the Federal Trade Commission:

Does that ABC app track your child?

Actions to strengthen your defense, minimize damage

From Help Net Security:

Actions to strengthen your defense, minimize damage

Fake money forum founder charged with counterfeiting

From Sophos Naked security:

Fake money forum founder charged with counterfeiting

Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014

From PC World:

Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014

After Silk Road takedowns, Dark Web drug sites still thriving

From ars technica:

After Silk Road takedowns, Dark Web drug sites still thriving

New security flaws in the SS7 protocol allow hackers to spy on phone users

From Security Affairs:

New security flaws in the SS7 protocol allow hackers to spy on phone users

RBS contacts customers out of the blue to replace 'compromised' bank cards

From The Telegraph:

RBS contacts customers out of the blue to replace 'compromised' bank cards

Computer intrusion inflicts massive damage on German steel factory

From ars technica:

Computer intrusion inflicts massive damage on German steel factory

RSA details new Boleto malware family

From SC Magazine:

RSA details new Boleto malware family

Top 5 social media security predictions for 2015

From Help Net Security:

Top 5 social media security predictions for 2015

The Offensive Approach to Cyber Security in Government and Private Industry

From The InfoSec Institute:

The Offensive Approach to Cyber Security in Government and Private Industry

EU banks counter rising cybercrime as traditional hold-ups decrease

From Euractive:

EU banks counter rising cybercrime as traditional hold-ups decrease

Contact Solutions Releases Adaptive Fraud Protection Platform

From eWeek:

Contact Solutions Releases Adaptive Fraud Protection Platform

Is there a cyber security equivalent of 'SEAL Team Six'?

From Fortune Mag:

Is there a cyber security equivalent of 'SEAL Team Six'?

This ETF Hacks Into Cyber-Security Spending

From Bloomberg:

This ETF Hacks Into Cyber-Security Spending

The scientist planning to upload his brain to a COMPUTER: Research could allow us to inhabit virtual worlds and 'live forever'

From The Daily Mail:

The scientist planning to upload his brain to a COMPUTER: Research could allow us to inhabit virtual worlds and 'live forever'

NY bank regulator's cybersecurity plan has strong authentication, identity

From ZDNet:

NY bank regulator's cybersecurity plan has strong authentication, identity

Iranian hackers used Visual Basic malware to wipe Vegas casino’s network

From ars technical:

Iranian hackers used Visual Basic malware to wipe Vegas casino’s network

Founding of state cyber-security body worries digital rights activists

From Ahram Online:

Founding of state cyber-security body worries digital rights activists

Islamic State suspected of cyber-attack on Raqqa opponents

From The Guardian:

Islamic State suspected of cyber-attack on Raqqa opponents

Chthonic malware: new strain of ZeuS trojan targeting banks

From Computer Business Review:

Chthonic malware: new strain of ZeuS trojan targeting banks

After Sony, Every Startup Should Prepare For War

From TechCrunch:

After Sony, Every Startup Should Prepare For War

Exploits Circulating for Remote Code Execution Flaws in NTP Protocol

From ThreatPost:

Exploits Circulating for Remote Code Execution Flaws in NTP Protocol

McCain to hold cybersecurity hearing after Sony attack

From CNN:

McCain to hold cybersecurity hearing after Sony attack

FBI formally blames North Korea in Sony hack

From The Washington Times:

FBI formally blames North Korea in Sony hack

Friday, December 19, 2014

Researcher publishes JavaScript DoS tool

From Help Net Security:

Researcher publishes JavaScript DoS tool

Spark Emerges as Yet Another Malware That Targets Retailers

From eWeek:

Spark Emerges as Yet Another Malware That Targets Retailers

How Surveillance and Privacy Will Overlap in 2025

From Defense One:

How Surveillance and Privacy Will Overlap in 2025

How Cybercriminals Dodge Email Authentication

From TrendLabs:

How Cybercriminals Dodge Email Authentication

Android apps exploit permissions granted, French researchers find

From CIO:

Android apps exploit permissions granted, French researchers find

Webcam-snooping spawn of ZeuS hits 150 banks worldwide

From The Register:

Webcam-snooping spawn of ZeuS hits 150 banks worldwide

FTC Scam Alert: How NOT to use a gift card

From the Federal Trade Commission:

How NOT to use a gift card

Time to Rethink Patching Strategies

From DarkReading:

Time to Rethink Patching Strategies

Refunds for customers crammed by T-Mobile

From OnGuardOnline:

Refunds for customers crammed by T-Mobile

Malware peddlers turn again to malicious links

From Help Net Security:

Malware peddlers turn again to malicious links

Your email, your data, your control

From Help Net Security:

Your email, your data, your control

Cybercriminals won’t take a vacation this holiday season

From Help Net Security:

Cybercriminals won’t take a vacation this holiday season

Information-stealing 'Vawtrak' malware evolves, becomes more evasive

From Sophos Naked Security:

Information-stealing 'Vawtrak' malware evolves, becomes more evasive

FTC Scam Alert: Package delivery scam — delivered to your inbox

From the Federal Trade Commission:

Package delivery scam — delivered to your inbox

Critical flaw on over 12M routers allows device hijacking, network compromise

From Help Net Security:

Critical flaw on over 12M routers allows device hijacking, network compromise