Malware creation breaks all records! 160,000 new samples every day

http://www.net-security.org/malware_news.php?id=2776

Excerpt:

“Malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.”

 


Dissecting April's malicious spam

 

http://www.net-security.org/malware_news.php?id=2775

Excerpt:

“Malicious attachments in April came disguised as e-greetings and notifications about faxes. In the case of the former, alleged Easter greetings turned out to be the Fareit.aonw Trojan with fairly limited functionality: it didn't try to steal any passwords, but did download and launch a far more dangerous Zbot Trojan-Spy designed to attack servers and steal personal data.”

 


Data brokers collect info on nearly every U.S. consumer

 

http://www.net-security.org/secworld.php?id=16926

Excerpt:

“In a report issued on the data broker industry, the Federal Trade Commission finds that data brokers operate with a fundamental lack of transparency. The Commission recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them collected and shared by data brokers.

 


Employee behaviors expose organizations to insider threat

 

http://www.net-security.org/secworld.php?id=16929

Excerpt:

“A third of UK professionals are likely to consider risky behaviors that endanger or undermine data protection.The research was conducted by OnePoll and based on surveying 1000 UK employees who have access to customer data at work. The results suggest a lack of awareness of basic data protection policies and worrying behaviours such as snooping on sensitive personal information and sharing work login details with colleagues.”

 


Netizen Report: Thai Military Blocks Over 100 Websites Under Martial Law

 

Netizen Report Team

https://advocacy.globalvoicesonline.org/2014/05/28/netizen-report-thai-military-blocks-over-100-websites-under-martial-law/

Excerpt:

“Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week's report begins in Thailand, where the army, now in the second week of its “coup without a coup,” has ordered Internet service providers to “monitor and stop any information dissemination that could breed disorder within the Kingdom or would negatively impact the stability of the state and the morale of the people.” In meetings with Thailand’s largest newspapers and 108 ISPs, the military generals requested their “cooperation” in culling unfavorable coverage of the coup from the Internet.”

 


The Coup and the Information War in Thailand

 

Aim Sinpeng

https://advocacy.globalvoicesonline.org/2014/05/26/the-coup-and-the-information-war-in-thailand/

Excerpt:

“There is an information war on in Thailand. Beyond the martial law and the coup d'etat that the military had declared, there is censorship. The military shut down cable, radio stations, and some TV stations and instructed those on social media to be “very careful” — all before declaring a coup.”

 


DDoS attacks: Criminals get stealthier

 

Jag Bains

http://www.net-security.org/article.php?id=2020

Excerpt:

“There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations' efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attacks.”

 


LulzSec Sabu Gets Time Served

 

Andy Greenberg

https://www.dfinews.com/news/2014/05/lulzsec-sabu-gets-time-served

Excerpt:

“Hector Monsegur spent the last three years as a model law enforcement informant, quietly drawing out his fellow hackers and directly aiding in the arrest of members of the LulzSec hacking crew and Anonymous hacker Jeremy Hammond. His hard work was rewarded Tuesday, when a judge sentenced him to time served and released him.”

 


WeChat App being used to disguise banking Trojan

 

Msizi

http://alertafrica.com/wechat-app-used-disguise-banking-trojan/

Excerpt:

“There is a new banking Trojan that is disguised as the popular messaging app WeChat. This banking Trojan is being used by cyber criminals to harvest the financial data of Android users in China.”

 


AFP arrests man over Melbourne IT hack

 

Allie Coyne

http://www.itnews.com.au/News/386200,afp-arrests-man-over-melbourne-it-hack.aspx

Excerpt:

“The Australian Federal Police has arrested two men over an alleged hacking campaign which targeted local corporate and government websites, one of whom the agency claims was involved in the 2012 attack on domain name registrar Melbourne IT.”

 


Anonymous attempts attack on US .mil domain

 

Juha Saarinen

http://www.itnews.com.au/News/386023,anonymous-attempts-attack-on-us-mil-domain.aspx

Excerpt:

“Unknown hacktivists attempted to disrupt the operation of United States armed forces webservers yesterday by launching what is thought to be a denial of service attack against hosts in the .mil top-level domain.”

 


Internet Accessible control systems At risk

 

http://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_%20Jan-April2014.pdf

Excerpt:

“Is your control system accessible directly from the Internet? Do you use remote access features to log into your control system network? Are you unsure of the security measures that protect your remote access services? If your answer was yes to any or all these questions, you are at increased risk of cyber attacks including scanning, probes, brute force attempts and unauthorized access to your control environment.“

 


10 BYOD policy guidelines for a secure work environment

 

Kenneth Hess

http://www.gfi.com/blog/10-byod-policy-guidelines-for-a-secure-work-environment/

Excerpt:

“Bring your own device (BYOD) is no longer simply a buzzword or a new trend; it’s reality. And in that reality, almost half of all employees use their own devices to access corporate assets such as network drives, documents, printers, web proxies, social media sites, and personal cloud services. Malware, viruses, theft, unsecured devices, jailbroken devices, and a lack of control put corporate data, intellectual property, and client information at risk. The answer to this problem is to create, to manage, and to enforce BYOD policy guidelines to secure your work environment.”

 


Why Banks Struggle to Fight Check Fraud

 

Tracy Kitten

http://www.bankinfosecurity.co.uk/banks-struggle-to-fight-check-fraud-a-6851

Excerpt:

“A $15 million check-kiting scheme that flew under the radar of leading banking institutions for more than three years illustrates that check fraud continues to be one of the banking industry's greatest pain points. Last week, federal authorities in California arrested 14 of the 15 individuals charged for roles they allegedly played in the check-kiting and account bust-out scheme that ran from February 2010 to October 2013.”

 


Carder sentenced to 20 years in prison

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16874

Excerpt:

“Member of Organization That Operated Online Marketplace for Stolen Personal Information Sentenced to 20 Years in Prison. A Phoenix man convicted after a jury trial last December of conspiracy and racketeering offenses for his involvement in a sophisticated cybercrime organization was sentenced today to serve 20 years in prison.”

 


Anti-gangster law invoked to score stiff sentence against two-bit cyberthief

 

Dan Goodin

http://arstechnica.com/security/2014/05/anti-gangster-law-invoked-to-score-stiff-sentence-against-two-bit-cyberthief/

Excerpt:

“Federal prosecutors have secured an unusually stiff sentence against a low-level identity thief by invoking the same law used to target bosses of the Gambino crime family and Los Angeles street gangs.”

 


Saudi Government to Recruit Ethical Hackers

 

Eduard Kovacs

http://news.softpedia.com/news/Saudi-Government-to-Recruit-Ethical-Hackers-442543.shtml

Excerpt:

“The Saudi Arabian Ministry of Interior’s National Information Center wants to recruit hackers to help protect the country’s networks. According to the Saudi Gazette, the National Information Center’s representatives say recruits will be trained to “transform their abilities into productive energy.”

 


Customers of BlackShades RAT reportedly being raided by FB

 

Sabari Selvan

http://www.ehackingnews.com/2014/05/customers-of-blackshades-rat-reportedly.html

Excerpt:

“FBI is reportedly executing international raids with the help of local law enforcement.  Several users of 'BlackShades' in HackForums have reported that their house is being raided by FBI.  The authorities have seized computer, external Hard disk and other computer equipments”

 


12 Arrested in Vishing Case

 

Jeffrey Roman

http://www.bankinfosecurity.co.uk/12-arrested-in-vishing-case-a-6839

Excerpt:

“Belgian and Dutch judicial and law enforcement authorities have disrupted a voice-phishing scheme that collected millions of euros from Belgian victims and banks.”

 


This is the children’s book that the president of Estonia made his staff read

 

Leo Mirani

http://qz.com/125673/frustrated-geek-explains-what-he-does-in-a-childrens-book/

Excerpt:

“Robert M. Lee is an expert on a topic few people have heard of and even fewer understand: supervisory control and data acquisition (SCADA).”

 


SCADA AND ME: A Children’s Book For Security Policy Makers

 

Anthony M Freed

http://www.tripwire.com/state-of-security/security-data-protection/scada-childrens-book-security-policy-makers/

Excerpt:

“The first children’s book to address SCADA/ICS security (Supervisory Control and Data Acquisition/Industrial Control Systems) has caught the attention of both industry and government, and may turn out to be one of the more influential articulations on the subject of protecting systems that govern critical infrastructure.”


NSA allegedly puts backdoors on American-made network devices

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16846

Excerpt:

“Glenn Greenwald's new book titled No Place to Hide is out today. Aside from telling the story of how he worked with NSA whistleblower Edward Snowden and journalist Laura Poitras to make public the mind-blowing extent of mass US surveillance, the book also includes a number of revelations and documents that have not been previously shared with the public.”

 


Despite hearing about Heartbleed, 47% have not changed their passwords

 

http://www.net-security.org/secworld.php?id=16850

Excerpt:

“In light of the recent Heartbleed bug, LifeLock announced survey results that reveal consumers’ behavior and attitudes surrounding the security flaw.”

 


Arrests in international voice-phishing case

 

http://www.net-security.org/secworld.php?id=16853

Excerpt:

“Belgian and Dutch judicial and law enforcement authorities, supported by the European Cybercrime Centre (EC3) at Europol and Eurojust, have concluded an operation resulting in the arrest of 12 members of an organized crime group and the seizure of EUR 15,000 in cash and important digital evidence in a voice-phishing case”

 


Phishers Cast Wider Net, Now Asking for Multiple Emails

 

Abigail Villarin

https://blog.trendmicro.com/trendlabs-security-intelligence/phishers-cast-wider-net-now-asking-for-multiple-emails/

Excerpt:

“From a security perspective, phishing attempts are pretty much old hat. In most cases, phishing attempts or attacks focus on getting one particular credential, such as those for credit cards or user accounts. We are now seeing cybercriminals attempt to get more credentials by using phishing pages that allow for multiple email logins.”

 


Proactively Hardening Systems Against Intrusion: Configuration Hardening

 

Michael Thelander

http://www.tripwire.com/state-of-security/security-data-protection/automation-action-proactively-hardening-systems-intrusion/

Excerpt:

“But what does this state of “being hardened” mean in the context of information systems? What do we mean when we talk about “hardening systems” to repel exploits and withstand intrusions? Much of this is captured in three simple concepts:

• Ensure a system’s security configurations are appropriately set, given the job it needs to do

• Ensure operating system software, firmware  and applications are updated to stay ahead of exploits that attack flaws in the underlying code

• Ensure this process runs continually, leveraging and employing as much automation as possible”

 


Alleged members of hacking Team Digi7al arrested for violating government networks

 

Paganinip

http://securityaffairs.co/wordpress/24785/cyber-crime/hacking-team-digi7al-arrested.html

Excerpt:

“Alleged members of the hacking Team Digi7al were arrested by NCIS and charged for Hacking more than 30 government and private sites.”

 


Phone 'tilt' sensors can be used to track you

 

Tim Ring

http://www.scmagazineuk.com/phone-tilt-sensors-can-be-used-to-track-you/article/345712/

Excerpt:

“A team of US researchers has revealed that attackers can use smartphone and tablet 'tilt' and 'swipe' motion sensors - which cannot be blocked - to secretly track users.”

 


What Not To Do In a Cyberattack

 

Kelly Jackson Higgins

http://www.darkreading.com/attacks-breaches/what-not-to-do-in-a-cyberattack/d/d-id/1234954

Excerpt:

“Detecting an attack can be difficult enough, but the chances of a quick cleanup and lockdown in the aftermath of an incident dramatically diminish if there's no official incident response plan and no incident response (IR) point person or team in place.”

 


The FBI’s war on Anonymous

 

Kevin Townsend

https://kevtownsend.wordpress.com/2014/05/01/the-fbis-war-on-anonymous/

Excerpt:

“The FBI announced yesterday “additional attempted computer hacking charges and 18 counts of cyberstalking” for Fidel Salinas. That now brings the total charges to 44 – each of which carries a maximum of 10 years in prison. This alleged hacker is now facing 440 years in prison.”

 


Kali Linux website hacked by The GreaT Team

 

Sabari Selvan

http://www.ehackingnews.com/2014/04/kali-linux-website-hacked-by-great-team.html

Excerpt:

“When it comes to Security, No ONE is 100% Secure.  Even the world most popular Security-related Linux provider Kali is no exception to this fact. Earlier Today, a Libyan Hackers group "The GreaT Team(TGT)" have breached the mailing list subdomain of Kali website(lists.kali.org)”