UN Cybersecurity Code of conduct

Excerpt :

The General Assembly requested that a group of governmental experts be established in 2014, on the basis of equitable geographical distribution, to continue to study, with a view to promoting common understandings, existing and potential threats in the sphere of information security and possible cooperative measures to address them including norms, rules or principles of responsible behaviour of States and confidence-building measures , the issues of the use of information and communications technologies in conflicts and how international law applies to the use of information and communications technologies by States, as well as the concepts aimed at strengthening the security of global information and telecommunications systems.

To read the complete article :

http://www.csistech.org/blog/2015/8/27/un-publishes-latest-report-of-the-group-of-government-experts 


U.S. and China Seek Arms Deal for Cyberspace

Excerpt :

The United States and China are negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other’s critical infrastructure during peacetime, according to officials involved in the talks.

To read the complete article :

http://www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html 


Wire Fraud Phisher attempts to phish PhishMe, instead gets phished by PhishMe

Aaron Higbee, PhishMe Blog

Excerpt :

"Yesterday our VP of Finance received an email that appeared to be from our CEO requesting a wire transfer ...

Forgive our total lack of surprise at this point, when the attacker clicks our Phishing link and we extract his Host and IP address

 To read the complete article :

<http://phishme.com/wire-fraud-phisher-attempts-to-phish-phishme-instead-gets-phished-by-phishme/> 


D-Link Accidentally Leaks Private Code-Signing Keys

Michael Mimoso, Threat Post (Kaspersky Blog

Excerpt :

"Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the possibility exists that they could have been used by a hacker to sign malware, making it much easier to execute attacks.

To read the complete article :

<https://threatpost.com/d-link-accidentally-leaks-private-code-signing-keys/114727/> 


 BitPay loses $1.8m in phishing attack

Source: FinExtra

Excerpt:

"BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses.

According to court documents obtained by the Atlanta Business Chronicle, last December BitPay CFO Bryan Krohn received an email from someone purporting to be from a digital currency publication.

To read the complete article :

 <http://www.finextra.com/news/fullstory.aspx?newsitemid=27865&> 


 Russian Military Targeted by Chinese Hackers Using Malicious Word Files

Source: Catalin Cimpanu, Softpedia

Excerpt:

"By closely looking at the RAT's Tactics, Techniques and Procedures (TTPs), Proofpoint researchers observed that most of the communications and code comments are in Chinese.

To read the complete article :

<http://news.softpedia.com/news/russian-military-targeted-by-chinese-hackers-using-malicious-word-files-492027.shtml> 


You are the weakest link – goodbye!

Excerpt :

As [http://%28https:/en.wikipedia.org/wiki/Stanley_Mark_Rifkin%29]reported in Wikipedia, Rifkin is a convicted criminal in the United States responsible for stealing $10.2 million through wire transfer via telephone in the autumn of 1978. At the time, it was the largest bank robbery in U.S. history.

To read the complete article :

<https://blog.team-cymru.org/2015/08/you-are-the-weakest-link-goodbye/> 


Do APIs Pose a Security Risk?

Excerpt :

APIs offer a new and powerful attack vector for hackers. Fortunately, API management products can help organizations boost their API security.

To read the complete article :

http://www.esecurityplanet.com/network-security/do-apis-pose-a-security-risk.html 


10 Tips for Secure Business Travel

Excerpt :

Business travelers are an attractive target for hackers. Here's how to protect yourself when you are on the road.

To read the complete article :

http://www.esecurityplanet.com/network-security/10-tips-for-secure-business-travel.html 


How Scammers Abuse Our Brains

Excerpt :

That said, our minds are still finite. The amount of information we can attend to at a given moment is limited. You’re reading this blog right now (thanks!) but all around you the world competes for your attention.

To read the complete article :

https://blog.team-cymru.org/2015/08/how-scammers-abuse-our-brains/ 


Digital Forensics as a Service: A game changer

R.B. van Baar, H.M.A. van Beek, E.J. van Eijk

Excerpt : 

How is it that digital investigators are always busy and still never have enough time to actually dig deep into digital evidence? In this paper we will explore the current implementation of the digital forensic process and analyze factors that impact the efficiency of this process.

To read the complete article :

http://www.dfrws.org/2014eu/proceedings/DFRWS-EU-2014-7.pdf


Identity Theft 101 – Stop It, Catch It, Kill It: Part 1

Excerpt :

What is identity theft? If a person pretends to be someone else, to obtain goods, services or cash in the victim’s name…. Simply put, it’s fraud.

To read the complete article :

https://blog.team-cymru.org/2015/08/identity-theft-101-stop-it-catch-it-kill-it-part-1/?utm_content=bufferd438c&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer


Medical devices vulnerable to hackers

Excerpt :

Thousands of critical medical systems, such as MRI machines, are available for hackers to access online, according to researchers.

To read the complete article :

http://www.bbc.com/news/technology-34390165


Chinese smartphones mount massive web attack 

Excerpt :

More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web server.

To read the complete article :

http://www.bbc.com/news/technology-34379254


Hilton investigates hack claims

Excerpt :

The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of a credit-card hack.

To read the complete article :

http://www.bbc.com/news/technology-34379624


U.S. intel officials warn hacking is getting worsee

Excerpt :

On Tuesday, top American spy officials said cyberattacks are getting worse -- and it's time to set basic international rules to prevent a future catastrophe.

To read the complete article :

http://money.cnn.com/2015/09/29/technology/nsa-china-spying/index.html


Experts Say Mobile Payment Data Breaches will Grow, Yet Use It, Study Shows

Razvan Muresan, HotForSecurity

Date Published: 29 September 2015

Excerpt:

"Some 87% of security specialists expect to see an increase in mobile payment data breaches over the next 12 months, yet 42% of respondents have used this payment method in 2015, according to the 2015 Mobile Payment Security Study from global cybersecurity association ISACA.  Only 23% believe that mobile payments are secure in keeping personal information safe, study shows. Nearly half (47%) say mobile payments are not secure and 89% consider cash the most secure payment method, yet only 9% prefer to use it.  “Mobile payments represent the latest frontier for the ongoing choice we all make to balance security and privacy risk and convenience,” said John Pironti, risk advisor with ISACA."

 To read the complete article :

 <http://www.hotforsecurity.com/blog/experts-say-mobile-payment-data-breaches-will-grow-yet-use-it-study-shows-12768.html>


GreenDispenser ATM malware found in the wild, stealing cash from banks

Graham Cluley, The State of Security (Tripwire Blog)

Date Published: 28 September 2015

Excerpt:

"Banks have another security headache on their hands, as ATM-infecting malware is becoming increasingly sophisticated in its attempt to help criminals audaciously empty out cash machines on the high street on demand, without having to have previously stolen the payment cards of legitimate customers.  Dubbed GreenDispenser by researchers at Proofpoint, the new malware targeting ATMs allows thieves to extract large amounts of money from cash machines, while using sneaky techniques to avoid detection.  Here’s how GreenDispenser works.

Firstly, the ATM needs to be infected by the GreenDispenser malware.  This would most likely require the attackers to have unrestricted physical access to the device, or assistance from bank employees."

To read the complete article :

http://www.tripwire.com/state-of-security/security-data-protection/greendispenser-atm-malware/>


Russian government investigates cyber-attacks on Kremlin websites

Eugene Gerden, SC Magazine

Date Published: 29 September 2015

Excerpt:

"The Russian government is continuing to investigate recent attacks on the websites of the Kremlin, the Central Election Commission of Russia and some other state bodies. Multiple, coordinated attacks were timed to coincide with the single voting day for Russia's regional parliaments on 13 September.  The investigation is currently under the personal control of Russia's President Vladimir Putin. Putin claims that the number and intensity of hacker attacks on websites and information resources of the national government and state bodies in recent months has increased several times over."

To read the complete article :

<http://www.scmagazineuk.com/russian-government-investigates-cyber-attacks-on-kremlin-websites/article/441288/>


USA hits Russian with 4.5 year prison sentence in Citadel malware case

Graham Cluley, HOTforSecurity

Date Published: 30 September 2015

Excerpt:

"A US court has sentenced a Russian man to four years and six months in prison after he admitted using the notorious and sophisticated Citadel malware to commit fraud.

22-year-old Dimitry Belorossov, also known as “Rainerfox”, had pleaded guilty to committing computer fraud, gaining access to over 7000 computers. In addition to his prison sentence Belorossov has also been ordered to pay $322,409.09 in restitution according to an FBI press release.

The Citadel malware first emerged in late 2011, available for sale via criminal underground forums. The banking trojan horse made a name for itself stealing banking credentials, credit card details, and personal information with the view to making unauthorised transactions from victims’ accounts, while it simultaneous hijacked control of users’ PCs."

To read the complete article:

<http://www.hotforsecurity.com/blog/usa-hits-russian-with-4-5-year-prison-sentence-in-citadel-malware-case-12776.html>