domenica 10 febbraio 2013

Best of the Week - February 10, 2013

For me, this week started with an important question that emerged from the deep Internet:
"‏@StartupLJackson If you haven't been hacked by the Chinese you got to ask yourself, does the shit you're doing really even matter?"

Jokes apart, many important news regarding cybersecurity found a place on the newspaper, here is my selection...

hope you enjoy it!


FireEye ‏@FireEye discovers a longstanding advanced persistent threat campaign targeting U.S. aerospace & defense industry: http://ow.ly/hrGWd

Armando Leotta ‏@ArMyZ The Best Free Ways to Send Encrypted Email and Secure Messages http://zite.to/XxVF

#Bit9 Admits Systems #Breach, Stolen Code-Signing Certificates http://www.crn.com/news/security/240148192/bit9-admits-systems-breach-stolen-code-signing-certificates.htm #Infosec

Nicolas Brulez ‏@nicolasbrulez MT @DarkReading: Researcher shows how the infamous cyberespionage families Flame & Duqu can be repurposed http://ow.ly/htAEP  #SAS2013

NIST is requesting comments on the draft of Security and Privacy Controls for Federal Information Systems SP800-53 Rev4 http://www.nist.gov/itl/csd/sp800-020613.cfm

Fed confirms but downplays #Anonymous Super Bowl banker hack http://www.theregister.co.uk/2013/02/06/fed_confirms_downplays_anon_superbowl_hack/ - #US Federal Reserve #hacked during Super Bowl

domenica 3 febbraio 2013

Best of the Week - February 3, 2013

This week I found a lot of interesting news twitted by some "security superstars". This is a selection of the most important ones.

Hope you enjoy it!

Mikko Hypponen ‏@mikko Note that the US Government is NOT denying that they wrote Stuxnet; they just want to find out who leaked the info. http://www.washingtonpost.com/world/national-security/...

Bruce Schneier RSS ‏@Bruce_Schneier Pentagon Staffs Up U.S. Cyber Command http://is.gd/OKctQv

Roger Halbheer ‏@rhalbheer Where will this lead us at the end? How will we deal with hardware vulnerabilities? http://ow.ly/hk0wO

Marco Thorbruegge ‏@mthorbruegge Multi-vector DDoS Attacks Grow in Sophistication http://www.securityweek.com/multi-vector-ddos-attacks-grow

Team Cymru ‏@teamcymru Router Access and Default Passwords http://tinyurl.com/agojgca

William Beer ‏@wmbeer What the U.S. Government Gets Wrong About Real Cybersecurity Threats  http://www.slate.com/articles/technology/future_tense/... via @slate


N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ  #cyberwar #infosec

CcureIT ‏@CcureIT 5 Security Holes Almost Everyones Vulnerable To http://dlvr.it/2sqpZ3


domenica 27 gennaio 2013

Best of the Week - January 27, 2013

This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.

Hope you enjoy it!


A couple of articles on Shamoon...
Team Cymru ‏@teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia http://tinyurl.com/aofuxfd

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ  #cyberwar #infosec

Oracle woes for Java...
Trusteer ‏@Trusteer Oracle's Java Headache Worsens: http://bit.ly/10Nw7oU  via @jpmello < great article about #Java's vulnerabilities and fake patch updates

Attacks and traffic maps...
Alan Woodward ‏@ProfWoodward Nice map showing real-time web attacks fro Akamai http://www.akamai.com/html/technology/dataviz1.html?WT.ac=security_l Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.

Sony woes for playstation network data breach never end...
BrianHonan ‏@BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough" http://www.ico.gov.uk/news/latest_news/2013/ico-news-release-2013.aspx

An interesting position about Diginotar case...
scl feed ‏@computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter http://tinyurl.com/abun9qu

Assessing the risk is an evergreeen topic...
DarkReading ‏@DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it http://twb.io/Xv2pON

domenica 20 gennaio 2013

Best of the Week - January 20, 2013

This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!

Hope you enjoy my list.

@hdmoore: @kaspersky 's Red October report is amazing: http://www.securelist.com/en/blog/...  I confirmed C&C IPs via Critical.IO: http://pastie.org/private/5e8h394xvpdxmpsk5nmnpa

Ryan Naraine ‏@ryanaraine Red October Part 2: The modules https://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules … (cc @4Dgifts

Alan Woodward ‏@ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf & http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophosinsideablackholepart2tpna.pdf?dl=true

Damballa ‏@DamballaInc Updated Shylock #malware hooks into #Skype http://bit.ly/10BSSgu

Neira Jones ‏@neirajones [INFOGRAPHIC] Knowing Your Risks http://www.risknewstand.com/knowing-your-risks-an-infographic-guide/ risk #infographic

CcureIT ‏@CcureIT Cybercrime and the Underground Market http://dlvr.it/2p0Ckp  #ccureit

Doug Munro ‏@DoDRecruiterDC Many Fed smartphones have zero password protection http://dfi.io/2pT6xh  #infosec #cybersecurity via @ID201107




domenica 13 gennaio 2013

Best of the Week - January 13, 2013

Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.

Hope you enjoy it!

John Walker ‏@SBLTD #ENISA Threat Landscape Report: http://lnkd.in/BSSTWk

Gareth Niblett ‏@infosecmaven Cyber Attack Threat: UK Armed Forces Warned http://news.sky.com/story/1035284/cyber-attack-threat-uk-armed-forces-warned

Team Cymru ‏@teamcymru Crisis and Escalation in Cyberspace http://tinyurl.com/be3bzus

Some articles on the so called "Operation Ababil"...
Dancho Danchev ‏@danchodanchev Operation Ababil - they must have read this paper http://is.gd/8w1IAW  before launching the attacks. Where's the rocket science in that?

The Washington Post ‏@washingtonpost Major banks turn to NSA for help http://wapo.st/WJdF9n

Bank DDoS Attacks Employ Web Servers As Weapons http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240145920/bank-ddos-attacks-employ-web-servers-as-weapons.html by @darkreading

And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks: http://j.mp/Vf6ud5

 A look inside the EU's new cybercrime unit http://www.bbc.co.uk/news/business-20983013 - A brief BBC video on #EC3

Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money' http://tinyurl.com/abkdrbn  #EC3
http://www.wikio.it