domenica 10 febbraio 2013

Best of the Week - February 10, 2013

For me, this week started with an important question that emerged from the deep Internet:
"‏@StartupLJackson If you haven't been hacked by the Chinese you got to ask yourself, does the shit you're doing really even matter?"

Jokes apart, many important news regarding cybersecurity found a place on the newspaper, here is my selection...

hope you enjoy it!

FireEye ‏@FireEye discovers a longstanding advanced persistent threat campaign targeting U.S. aerospace & defense industry:

Armando Leotta ‏@ArMyZ The Best Free Ways to Send Encrypted Email and Secure Messages

#Bit9 Admits Systems #Breach, Stolen Code-Signing Certificates #Infosec

Nicolas Brulez ‏@nicolasbrulez MT @DarkReading: Researcher shows how the infamous cyberespionage families Flame & Duqu can be repurposed  #SAS2013

NIST is requesting comments on the draft of Security and Privacy Controls for Federal Information Systems SP800-53 Rev4

Fed confirms but downplays #Anonymous Super Bowl banker hack - #US Federal Reserve #hacked during Super Bowl

domenica 3 febbraio 2013

Best of the Week - February 3, 2013

This week I found a lot of interesting news twitted by some "security superstars". This is a selection of the most important ones.

Hope you enjoy it!

Mikko Hypponen ‏@mikko Note that the US Government is NOT denying that they wrote Stuxnet; they just want to find out who leaked the info.

Bruce Schneier RSS ‏@Bruce_Schneier Pentagon Staffs Up U.S. Cyber Command

Roger Halbheer ‏@rhalbheer Where will this lead us at the end? How will we deal with hardware vulnerabilities?

Marco Thorbruegge ‏@mthorbruegge Multi-vector DDoS Attacks Grow in Sophistication

Team Cymru ‏@teamcymru Router Access and Default Passwords

William Beer ‏@wmbeer What the U.S. Government Gets Wrong About Real Cybersecurity Threats via @slate

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice  #cyberwar #infosec

CcureIT ‏@CcureIT 5 Security Holes Almost Everyones Vulnerable To

domenica 27 gennaio 2013

Best of the Week - January 27, 2013

This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.

Hope you enjoy it!

A couple of articles on Shamoon...
Team Cymru ‏@teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice  #cyberwar #infosec

Oracle woes for Java...
Trusteer ‏@Trusteer Oracle's Java Headache Worsens:  via @jpmello < great article about #Java's vulnerabilities and fake patch updates

Attacks and traffic maps...
Alan Woodward ‏@ProfWoodward Nice map showing real-time web attacks fro Akamai Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.

Sony woes for playstation network data breach never end...
BrianHonan ‏@BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough"

An interesting position about Diginotar case...
scl feed ‏@computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter

Assessing the risk is an evergreeen topic...
DarkReading ‏@DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it

domenica 20 gennaio 2013

Best of the Week - January 20, 2013

This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!

Hope you enjoy my list.

@hdmoore: @kaspersky 's Red October report is amazing:  I confirmed C&C IPs via Critical.IO:

Ryan Naraine ‏@ryanaraine Red October Part 2: The modules … (cc @4Dgifts

Alan Woodward ‏@ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs &

Damballa ‏@DamballaInc Updated Shylock #malware hooks into #Skype

Neira Jones ‏@neirajones [INFOGRAPHIC] Knowing Your Risks risk #infographic

CcureIT ‏@CcureIT Cybercrime and the Underground Market  #ccureit

Doug Munro ‏@DoDRecruiterDC Many Fed smartphones have zero password protection  #infosec #cybersecurity via @ID201107

domenica 13 gennaio 2013

Best of the Week - January 13, 2013

Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.

Hope you enjoy it!

John Walker ‏@SBLTD #ENISA Threat Landscape Report:

Gareth Niblett ‏@infosecmaven Cyber Attack Threat: UK Armed Forces Warned

Team Cymru ‏@teamcymru Crisis and Escalation in Cyberspace

Some articles on the so called "Operation Ababil"...
Dancho Danchev ‏@danchodanchev Operation Ababil - they must have read this paper  before launching the attacks. Where's the rocket science in that?

The Washington Post ‏@washingtonpost Major banks turn to NSA for help

Bank DDoS Attacks Employ Web Servers As Weapons by @darkreading

And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks:

 A look inside the EU's new cybercrime unit - A brief BBC video on #EC3

Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money'  #EC3