domenica 30 dicembre 2012

Best of the Week - 30 dicembre 2012

My best wishes for a happy new year!!

Hope you enjoy my new selection of security news and resources.

shreeraj ‏@shreeraj Researchers find malware targeting Java HTTP servers http://flip.it/pf72h

Limor S Kessem ‏@iCyberFighter RT @ECCOUNCIL: World of Botnet-facilitated #cybercrime... paying pretty well these days: http://ow.ly/glXDm

Infosec Reactions ‏@sec_reactions Demonstrating Spear Phishing to people who said they won't fall for that - by gallypete http://tmblr.co/ZJ5JTua810XT

CcureIT ‏@CcureIT In 2013 We Will See the Decline of Anonymous, Experts Say http://dlvr.it/2jBpYj

Dušan Caf ‏@dusancaf Ten Steps to Smartphone Security by @FCC: http://www.fcc.gov/sites/default/files/smartphone_master_document.pdf #Privacy #CyberSecurity

The Next Web ‏@TheNextWeb EU Commission unwraps public beta of open data portal with 5800+ datasets, ahead of Jan 2013 launch http://tnw.to/a0TUf  by @robinwauters (Well, strictly speaking this is not a security news but, digging into this big mass of data, I'm sure it can be possible to find a lot of pieces of security information)

ENISA ‏@enisa_eu #ENISA has published an implementation guide for National #cybersecurity Strategies http://ow.ly/goLyi

domenica 23 dicembre 2012

Best of the Week - 23 dicembre 2012

The end of the year is approaching and many security researchers are publishing papers, reports and predictions. A lot of things to read during holydays... here you can find my favorites.

Hope you enjoy it!

ENISA ‏@enisa_eu Status report 2012 on #CERTs baseline capabilities and recommendations launched today by #ENISA http://bit.ly/U47f7u

CcureIT ‏@CcureIT Mobile malware, botnets and attacks on the cloud to rise http://dlvr.it/2ggfjn

Neira Jones ‏@neirajones Verizon's 2013 Breach Predictions: Authentication Attacks, Web Application Exploits & Social Engineering http://biztech2.in.com/news/security/verizons-data-breach-predictions-for-2013/150402/ @wadebaker

Imperva ‏@Imperva Security Trends 2013:
Trend #1 Government Malware Goes Commercial http://bit.ly/UTYxHh
Trend #2 Black Clouds on the Horizon http://bit.ly/UTYzyS
Trend #3 Strength in Numbers http://bit.ly/UJDOpr
Trend #4 APT Targets the Little Guy http://bit.ly/YqdlCE
Trend #5 Hacktivism Gets Process Driven http://bit.ly/12CENg2

RSA Conference ‏@RSAConference #Exploits, security threats and #hacks will mutate in 2013 | via @helpnetsecurity | http://bit.ly/T697Pj

DCITA ‏@DCITA It's time to start patching the Human OS http://is.gd/Ily5fl

  

domenica 16 dicembre 2012

Best of the Week - 16 Dicembre 2012

This week Internet was full of interesting security resources and I did my best to collect the most important ones!

Hope you enjoy it!

CcureIT ‏@CcureIT Google Hacking with GGGoogleScan http://dlvr.it/2dj0Ph  - #cyberwar

iDialoghi ‏@idialoghi "Military Clouds: protecting and exploiting data services". Former director of operations for US EUCOM speaks. http://lnkd.in/UwEm6F

Microsoft Security ‏@msftsecurity Protect against advanced attacks on your login credentials w/ these field tested mitigation strategies from #Microsoft http://bit.ly/RnJLvH

Kimberly ‏@StopMalvertisin Fortinet | Fortinet 2013 Cyber-Crime Report http://stpmvt.com/UdWZau

Ed Covert ‏@ebcovert3 NIST Revising Glossary of #Infosec Terms http://bit.ly/UUoUz3

Apura ‏@Apura_Oficial Check out the @DFIROnline Youtube channel for ~20 great digital forensic and incident response presentations http://www.youtube.com/user/dfironline

Mikko Hypponen ‏@mikko Video of my talk in HITB'12 http://youtu.be/0TMFRO66Wv4  Slides http://conference.hitb.org/hitbsecconf2012kul/materials/D2T3%20-%20Mikko%20Hypponen%20-%20Behind%20Enemy%20Lines.pdf … Lost my ponytail 4 hours after this talk… pic.twitter.com/JjFUyVG7

domenica 9 dicembre 2012

Best of the Week - 9 dicembre 2012

Here is my collection of the best security resources of this week.

Hope you enjoy it!

New attack makes some password cracking faster, easier than ever | @ArsTechnica: A researcher has devi... http://bit.ly/124nRP1

Stonesoft ‏@Hack_the_Lab Cyber-warfare: Hype and fear | The Economist http://econ.st/SNZpNx

SophosLabs ‏@SophosLabs Sophos Security Threat Report 2013 - the safest and riskiest countries revealed http://wp.me/p120rT-RTT

F-Secure ‏@FSecure Check out this BBC Radio 4 report called The Hackers — featuring our Mikko Hypponen. http://fb.me/1KhJwMT5j

PhysicalDrive0 ‏@PhysicalDrive0 #HITB2012KUL D1T1 - Petko D. Petkov - A Short History of the JavaScript Security Arsenal http://www.youtube.com/watch?v=kHKE90mRSwc&sns=tw

Mikko Hypponen ‏@mikko Arbor's graph shows nicely how Syria got back online: http://ddos.arbornetworks.com/2012/11/syria-goes-dark/

Eric Byres ‏@tofinosecurity "harm of disclosure to the un-patched masses greatly outweighs any benefit that comes from shaming vendors" http://t.co/c8ZmXGX1

domenica 2 dicembre 2012

Best of the Week - 2 dicembre 2012

This is my "Best of the Week" post and here you can find the most intriguing security articles I found on the net this week.

Hope you enjoy it!

DarkReading ‏@DarkReading Anti-Botnet Efforts Still Nascent, But Groups Hopeful http://twb.io/SAPHOr

Richard Bejtlich ‏@taosecurity Thanks @appsecusa for recording and publishing my talk at your con last month. It's about 42 mins and covers IR stuff. http://videos.2012.appsecusa.org/video/54276245

uKnowKids ‏@uKnowKids Have you heard of SWAT-ting? Check out this new @uKnowKids infographic… SWAT-ting: Inside a New Trend in Cyber Crime http://uknow.co/O32446

Rafal Los ‏@Wh1t3Rabbit Bug Bounty Programs - As a Service? - http://ow.ly/frADM  - Can a 3rd party bug-bounty program be the answer for SMEs? Ask @caseyjohnellis

DCITA ‏@DCITA ICANN's Rolling Controversy: Verification of WHOIS Registration Data http://is.gd/L1lYO6

Shawn Henry ‏@Shawn365Henry Many questions recently about how private sector can protect itself from attack; nice to see @ABAesq exploring legality http://bit.ly/VcS20M

domenica 25 novembre 2012

Best of the Week - 25 novembre 2012

Hello everybody, this week the themes for my post are: privacy and cybercrime. In the following lines you will find the best resources of the week on these subjects.

Hope you enojoy it!

Tails 0.7: The Amnesic Incognito Live System http://lwn.net/Articles/439371/

DCITA ‏@DCITA PGP Zimmermann teams with Navy SEALs, SAS techies in London http://is.gd/Zhor8O

scmagazineUK ‏@SCmagazineUK At #Irisscon @neirajones looks at preparations for a proper response to a crisis - http://www.scmagazineuk.com/irisscon-preparations-can-be-made-for-a-proper-response-to-a-crisis/article/269533/

Hacking Update ‏@HackingUpdate Ukraine: Hacker Haven http://sns.mx/zMkoy4

RSA Security ‏@rsasecurity Don't get hooked to a scam this #cybermonday | more tips: http://rsa.im/TcmZCF  pic.twitter.com/hHjafeOW

Websense, Inc. ‏@websense Phish or no phish? That is the question. Test your skills by taking the #OperationSpearPhish challenge http://wb-sn.com/TKTTJc

Limor S Kessem ‏@iCyberFighter Is #Bitcoin really the new paradise for money laundering? http://lnkd.in/UbZWWm

domenica 18 novembre 2012

Best of the Week - 18 novembre 2012

Last Sunday I was at the Global Forum 2012 in Stockholm to present the importance of cyber-security for the economic growth (here is my presentation), so I haven't been able to publish my usual selection of the best security resources of the week. Since last week I had found some interesting materials, this week you will find items also from the previous list.

Hope you enjoy it!

Joseph Menn ‏@josephmenn Good points by Gary McGraw on why nifty cyber-offense can't sub for a strong (if elusive) defense. http://j.mp/Q9Fv2a

Lee ‏@Security_FAQs DUMPING A COMPLETE DATABASE USING SQL INJECTION http://bit.ly/YIr468

Damballa ‏@DamballaInc Persistent Threat Detection on a Budget - 8 ways to find #APT activity in your network http://bit.ly/RWq1cQ  #malware #infosec

DarkReading ‏@DarkReading Hunting botnets in the cloud: http://ow.ly/f7yo6

Andre M. DiMino ‏@sempersecurus Internet Fraud Alert(IFA) - A trusted mechanism for participating researchers to report stolen account credentials - https://www.ifraudalert.org/

Microsoft Security ‏@msftsecurity Check out these in-depth botnet intelligence reports on Rustock, Zbot & Qakbot from MSFT here: http://bit.ly/SIJA9D  #InfoSecg/

ENISA ‏@enisa_eu New report on Supply Chain Integrity is published today by #ENISA http://bit.ly/T6paL4

Dancho Danchev ‏@danchodanchev In retrospective - 2 yrs ago I exposed the DNS infrast. of the money mule recruit. ecosystem http://is.gd/YJOHen  it's still a mul-nat. prob

domenica 4 novembre 2012

Best of the Week - 4 Novembre 2012

To me, Sunday is not Sunday without my "Best of the Week" post in which I publish the most valuable security resources I found during the week.

This week I selected for you: papers, articles and security news.

Hope you enjoy it!

Digital Fortitude ‏@securitybeacon Security Report details emerging cyber threats http://bit.ly/dGavOU

TrendMicro ‏@TrendMicro Cybercrime tools and trade in the Russian underground: http://trendmic.ro/WfNsWj

CcureIT ‏@CcureIT Hacker forums used to induct new criminals, report finds http://dlvr.it/2Q6nXJ

Gianluca Stringhini ‏@gianlucaSB Report claims ZeroAccess is the largest active botnet http://ow.ly/eTgWe

Dale Pearson ‏@subliminalhack Social Engineering: An Expanding Frontier in Online Attacks - http://www.accuvant.com/blog/2012/11/01/social-engineering-expanding-frontier-online-attacks

ericdknapp ‏@ericdknapp @BBCWorld the darker side of social media from @Raj_Samani http://www.bbc.co.uk/news/business-20155192

BrianHonan ‏@BrianHonan Video from @enisa_eu http://www.youtube.com/watch?v=b2Bi1yDKZsk&feature=share&list=PLDTjYuBlUzsgHilsFx0lr2GC1svK7zVZO … about their CERT exercises available for free from their site. @mthorbruegge looking good :)

domenica 28 ottobre 2012

Best of the Week - 28 Ottobre 2012

Here we are for another post of the "Best of the Week" series in which you will find the most interesting security news and security resources of the week.

Hope you enjoy it!

SCMagazine ‏@SCMagazine Never too late to learn a little about clickjacking w/ @jeremiahg of @whitehatsec. | http://ow.ly/eNzNO

CoreSecurity ‏@CoreSecurity Ready for a data #breach? How to develop a response plan. Incl. link with top breaches in '12 via @networkworld http://ht.ly/eNI1z

Doug Munro ‏@DoDRecruiterDC The Challenge of Protecting Critical Infrastructure against Cyber-Attacks http://ow.ly/eN1ur  #cybersecurity via @SmartGridCurato

CcureIT ‏@CcureIT The anatomy of cyber security exercises http://dlvr.it/2NjJsl

Sandro Süffert ‏@suffert Microsoft: Cyber-Threats in the European Union: First Half 2012 http://flpbd.it/Gw0vi
... and
Trend Micro’s Q3 threat report: Mobile malware surged from 30K to 175K http://flpbd.it/Ohvzi

Tuomo Makkonen ‏@tmakkonen An Analysis of Android SSL (In)Security (pdf): http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf

sabato 20 ottobre 2012

Best of the Week - 21 Ottobre 2012

This week, for some "logistical" reasons, I had to publish my "Best of the Week" a day in advance. Luckily, I had already gathered a lot of interesting security materials that you can read below.

Hope you enojoy it!

So, this week we serve... 5 security papers

Microsoft Security ‏@msftsecurity Everything you ever wanted to know about rootkits… Download the paper now. http://bit.ly/R9CN8X  (cc: @MSFTmmpc) #InfoSec

APWG ‏@APWG Our latest trends report shows cybercrime gangs continue to target more and more companies. http://fb.me/262G3EO47

Marco Thorbruegge ‏@mthorbruegge RT @teamcymru: Communication Among Incident Responders - A study http://www.sei.cmu.edu/library/abstracts/reports/12tn028.cfm

The Honeynet Project ‏@ProjectHoneynet HP Annual Report 2012 released: Each year, the Honeynet Project summarizes its activities and activities of its ... http://bit.ly/WisZyG

Alan Woodward ‏@ProfWoodward Zero day attacks last hundreds of days before detection. Empirical data from Symantec written up in a nice paper here  http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

... and 2 secure Operating Systems
SCADAhacker ‏@SCADAhacker Eugene Kaspersky Unveils Plans for New Secure SCADA OS - ThreatPost - http://h4ckr.us/Wly4X9  #SHnews good interview with Eugene on the project

Janne Ahlberg ‏@JanneFI RT @JussiPeralampi: Whonix : Virtual anonymous operating system http://www.pentestit.com/whonix-virtual-anonymous-operating-system/

domenica 14 ottobre 2012

Best of the Week - 14 Ottobre 2012

Preparing the presentation for my speech at the RSA-Day, I collected these security articles and resources.

Hope you enjoy it!

ENISA ‏@enisa_eu ENISA's first annual report of #cyber incidents in the EU: 51 severe outages reported over 2011 http://bit.ly/Rbdan6

Denis Maslennikov ‏@hEx63 FBI: Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise http://www.fbi.gov/scams-safety/e-scams?utm_campaign=email-Immediate&utm_content=145512

Limor S Kessem ‏@iCyberFighter Hacking Google: The three Israeli white hats rooting out the web's security holes http://sns.mx/SSkqy5  << Good read!

scl feed ‏@computersandlaw Crime: Digital Working Guidance from the MoJ http://tinyurl.com/98bvjzl

SCMagazine ‏@SCMagazine VIDEO: Cyber Crime Statistics | http://ow.ly/emHqp

Elie Bursztein ‏@elie Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds - http://ow.ly/1OOIQ5  #security

domenica 7 ottobre 2012

Best of the Week - 7 ottobre 2012

If you missed some security resoures this week, this is the right place for you.

Hope you enjoy it.

ENISA ‏@enisa_eu Bigger is different! #cybereurope 2012 exercise shows large-scale crises need cross-sector cooperation. http://bit.ly/Ta3xdC

DCITA ‏@DCITA Companies seeking to train employees on cybersecurity http://is.gd/1b0hv3

CcureIT ‏@CcureIT Anonymous collective the new face of online hacktivism: CSIS report http://dlvr.it/2GzS7C

Trusteer ‏@Trusteer New Trusteer blog post: One Size Fits All – Universal Man in the Browser Attack Targets All Websites http://ow.ly/ebSd6

Kimberly ‏@StopMalvertisin Sans CF | "Digital Forensics Case Leads: Open Source Forensics Edition" http://stpmvt.com/QTxb1l

Cabinet Office ‏@cabinetofficeuk UK will establish centre of excellence on #cyber security to offer countries advice on how to build secure cyberspace. http://bit.ly/Ug6vi9 via @dusancaf

domenica 30 settembre 2012

Best of the Week - 30 settembre 2012

Hi all, this is my list of the best security resources of the week. This time, as you can see further, my selection is aimed to useful tools and resources to raise the awareness of the users.

Hope you enjoy it!

Mikko Hypponen ‏@mikko Amazing mind reader in Belgium: http://www.youtube.com/watch?v=F7pYHN9iC9I&sns=tw … [2'29"]

RT @bmeyer41: Which Password Manager Is The Most Secure? http://ow.ly/e5cS6

FireEye ‏@FireEye What are the top 20 words that appear in spear phishing emails? Read the FireEye report here: http://ow.ly/e0KPW

Security Watch ‏@securitywatch My Android Device Is Vulnerable to a 'Dirty USSD' Hack, Now What? http://securitywatch.pcmag.com/none/303186-my-android-device-is-vulnerable-to-a-dirty-ussd-hack-now-what … #infosec

BrianHonan ‏@BrianHonan Canadian government launches their "Stop, Think, Connect" computer security awareness campaign http://uspolitics.einnews.com/pr_news/116564853/government-of-canada-launches-cyber-security-awareness-month-with-new-public-awareness-campaign-partnership …

Brian Meyer ‏@bmeyer41 urlQuery: a free service for detecting and analyzing web-based malware http://urlquery.net/

How Do You Persuade Others? http://www.forbes.com/sites/nickmorgan/2012/09/27/how-do-you-persuade-others/

domenica 23 settembre 2012

Best of the Week - 23 settembre 2012

Here we are with my selection of the best security resources of the week.

Hope you enjoy it!

Team Cymru ‏@teamcymru Can offensive cyber be used by modern military forces within the existing international legal framework http://bit.ly/QtRZgl (this other document was posted a couple of weeks ago by my friend Alessandro but it's the natural complement of this work "Alessandro Berni ‏@alessandroberni Currently reading http://issuu.com/NATO_CCD_COE/docs/tallinn_manual_draft/1 …")

Dan Goodin ‏@dangoodin001 New in-the-wild malware linked to state-sponsored Flame targeting Iran: http://arstechnica.com/security/2012/09/new-malware-linked-to-state-sponsored-flame/ …

FBI PressOffice ‏@FBIPressOffice Fraud Alert Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud: http://1.usa.gov/RhxiZy

Neira Jones ‏@neirajones A Consumer Alert System for Security Breaches http://lnkd.in/WnH3RW  #databreach #online

CISecurity ‏@CISecurity Want a quick view of cyber activity around the globe? Visit our Cyber Operations Center Dashboard http://msisac.cisecurity.org/apps/dashboard/  pic.twitter.com/JE2l2vkm

Giuseppe ‏@(this friend of mine has decided to block his twitter account so, no links here!) NIST Publishes Revised Risk Assessment Guide http://j.mp/OYkCC2


domenica 16 settembre 2012

Best of the Week - 16 Settembre 2012

Hello everybody, this was an important week from a security point of view. Many interesting pieces of news have find their way in the online world.

I chose the best ones to present them in this post.

Hope you enjoy it!

CERT-EU Becomes Permanent http://flpbd.it/vJjun

Digital Crimes Unit ‏@MicrosoftDCU Microsoft disrupts #Nitol botnet and more than 500 additional strains of malware in latest operation http://bit.ly/Or7GIN

CcureIT ‏@CcureIT Botnet operators hide C&Cs in the Tor network http://dlvr.it/28DhV6

Sandro Süffert ‏@suffert Malicious Apache Module Injects Iframes http://flpbd.it/YWV4v

Tuomo Makkonen ‏@tmakkonen 3 years later, hackers who hit Google continue string of lethal attacks http://zite.to/U2d6H2

SCADAhacker ‏@SCADAhacker Good look at a variety of assessment tool. I spend considerable time on this in my adv class "Windows Vuln Assessment" http://h4ckr.us/UclAeN

marco morana ‏@marcomorana@threatmodeling: Comparison of Threat Modeling Methodologies http://www.myappsecurity.com/threat-modeling/comparison-threat-modeling-methodologies/#.UFTbkJs3NI4


domenica 9 settembre 2012

Best of the Week - 9 Settembre 2012

Here we are again with my "Best of the Week" post, so let's see what are the most interesting security resources of this week.

Hope you enjoy it!

Alessandro Berni ‏@alessandroberni Currently reading http://t.co/inFmu6k4 - Tallin Manual on the international law applicable to cyber warfare

DCITA ‏@DCITA Huawei calls for cybersecurity cooperation http://is.gd/IWWE7V

Sandro Süffert ‏@suffert Web Application Honeypots http://flpbd.it/VkvVR

Mikko Hypponen ‏@mikko The Symantec report on the Elderwood Crew is worth reading. http://www.threatpost.com/en_us/blogs/elderwood-crew-tied-google-aurora-attack-targeting-defense-energy-finance-companies-090712 

Alessandro Berni ‏@alessandroberni Greater Autonomy for Unmanned Military Systems Urged http://lnkd.in/hEJZnF

SCMagazine ‏@SCMagazine VIEWPOINT: Hey CISOs, ask yourself these questions -- or find another job | http://ow.ly/dwA7j

domenica 2 settembre 2012

Best of the Week - 2 Settembre 2012

Last week I'm travelling back to my home and I wasn't able to publish my usual post so this week I'll post some of the articles of the last week in addition to the new ones.

Hope you enjoy it.

MikkoHypponen.exe ‏@mikko "Our trojan does not work on Russian systems, if found Russian or Ukrainian keyboard, the software will fail" http://pastebin.com/gRqQ2693  #Citadel

FireEye ‏@FireEye Download the FireEye Advanced Threat Report for a complete picture of today’s advanced threat landscape. http://ow.ly/diQ9x

/r/netsec ‏@r_netsec Cracking Over 122 Million SHA1 and MD5 Hashed Passwords - http://bit.ly/OrAQm3

Sucuri ‏@sucuri_security The Password Dilemma – Unique and Complex Is The Key http://ow.ly/dgVkP

Marco Thorbruegge ‏@mthorbruegge ENISA General Report 2011 http://j.mp/PieSmb

CcureIT ‏@CcureIT NIST Offers Guidelines for Securing BIOS http://dlvr.it/233Jpy   
 

domenica 19 agosto 2012

Best of the Week - 19 Agosto 2012


Summer holidays are still going on but many things happened in the security field this week... this is my selection.

Hope you enjoy it!

RT @securityshell: CVE-2012-1535: Adobe Flash being exploited in the wild - Alienvault Labs labs.alienvault.com/labs/index.php…

BeyondTrust @BeyondTrust: 500K Credit Cards Stolen in Australian Point-of-Sale Hack bit.ly/PjSVGa

 DCITA @DCITA NIST seeks vulnerability analysis for military Android apps is.gd/UACEX3

 Neira Jones @neirajones The Web Developer Guide To Buidling Secure Web Applications #Infographic lnkd.in/uZ8sGf #webdevelopment #security

 Gianluca Srtinghini @gianlucasb What are the tracking capabilities of social networks? #WOSN conferences.sigcomm.org/sigcomm/2012/p… 

 Cyberarms @Cyberarms: File Forensics comparison between Windows 7 and Windows 8 http://t.co/wKZxCFJK

domenica 12 agosto 2012

Best of the Week - 12 Agosto 2012

Here we are again with the best security resources of the week. This time we cover the following subjects: Gauss, guidelines, report and mobile malware.

Mikko Hypponen @mikko If the Palida Narrow font is installed on your PC you probably have a problem. Site by @CrySySLab tells you if you do: gauss.crysys.hu

Dan Philpott @danphilpott NIST released final SP 800-61 Revision 2 Computer Security Incident Handling Guide fis.ma/O4GpbA

Hacking Update @hackingupdate Top hacker details how to avoid cybercrime sns.mx/zwjby5

Securityweek @securityweek Report from Asia/Pacific Biggest Source of Attack Traffic in Q1 2012 bit.ly/O6BcD3

The Hacker News @thehackernews Zeus malware targeting BlackBerry  and Android devices devicesfeeds.feedburner.com/~r/TheHackersN… #Security #Infosec #vulnerability

domenica 5 agosto 2012

Best of the Week - 5 Agosto 2012

In these sunny days, a bunch of refreshing news is necessary!

The cool topics of this week are: dangerous hacking, fraud, phishing, social media and social engineering.

Hope you enjoy it!

Hacking Update @hackinupdate Curious hackers inject ghost airplanes into radar, track celebrities' flights sns.mx/zyjWy4

Neira Jones @neirajones Tax Fraud via Identity Theft may cost US economy $21bn over next 5 years lnkd.in/axBpVp

Paul Ducklin @duckblog How to explain phishing to your Grandma [VIDEO] - bit.ly/OKQ4oE

Team Cymru @teamcymru Social media plays a growing role in open source intelligence, experts say bit.ly/QYbZH7

Humans are the weakest link: social engineering training by @kevinmitnick is learning from the master: infoworld.com/d/microsoft-wi…

domenica 29 luglio 2012

Best of the Week - Security tools edition

This week I chose to focus my post on security tools so, here you can find a selection of interesting and useful tools regarding: AET, incident response, botnet, app scanners, nmap, pwd cracking, and three different security scanners.

Hope you enjoy it.

Antievasion ‏@Anti_Evasion Stonesoft Releases Evader – World's First Advanced Evasion Technique Testing Software For Free: http://ow.ly/cqCru #cybersec #infosec

Stonesoft ‏@Hack_the_Lab VIDEO: How to use Evader-The World's 1st #AET Test-tool: http://ow.ly/cu3rT #Stonesoft #Security #Infosec #BlackHat #CyberCrime

mls ‏@CaptnPain Kick Ass: RT @_saadk: The word is out. #Google Rapid Response (GRR) https://code.google.com/p/grr/ #DFIRSummit work-in-progress #DFIR project

Limor S Kessem ‏@iCyberFighter Want to see what happens to your infrastructure under a DDoS attack? Check out BoNeSi--The DDoS Botnet Simulator http://bit.ly/MDXBqA

Stefano Fratepietro ‏@stevedeft Top 10: The Web Application Vulnerability Scanners Benchmark, 2012 Commercial & Open Source Scanners http://sectooladdict.blogspot.co.il/2012/07/2012-web-application-scanner-benchmark.html

Fabio Pietrosanti ‏@fpietrosanti Scan for FinFisher Government Trojan C&C Servers with Nmap http://pastebin.com/6cGN2VAK

☛ The Hacker News™ ‏@TheHackersNews




d3v1l ‏@securityshell @Owasp Xelenium - XSS Scanner http://security-sh3ll.blogspot.it/2012/07/owasp-xelenium-xss-scanner.html


domenica 22 luglio 2012

Best of the Week - 22 luglio 2012

In this post of the "Best of the Week" series I report some pieces of information regarding: incident response, cloud security, OpenDNS and ISO27001.

Hope you enjoy it!

Team Cymru ‏@teamcymru Have you heard about the Team Cymru CSIRT Assistance Program. If not see http://sl.monkey.org/e2956aa9

Stefano Fratepietro ‏@stevedeft The DDoS attack survival guide http://www.csoonline.com/article/592776/the-ddos-attack-survival-guide-

d3v1l ‏@securityshell Are You Prepared for Certificate Authority Breaches? http://wp.me/pb79C-ou

Rafal Los ‏@Wh1t3Rabbit The *full* (and lengthy, sorry) analysis of the recently released FFIEC guidance on #cloud computing - http://ow.ly/ckHQm is posted.

Sam Bowne ‏@sambowne OpenDNS Calling all elite security experts: Apply to be among the first malware domain taggers http://blog.opendns.com/2012/07/19/calling-all-elite-security-experts-apply-to-be-among-the-first-malware-domain-taggers/ via @OpenDNS

N. Groeneveld ‏@nigroeneveld ISO 27001/27002 Information Security Certification Materials http://bit.ly/Kq6MFf #cybersecurity #infosec

domenica 15 luglio 2012

Best of the Week - 15 luglio 2012

This week, my "Best of the Week" post covers the following subjects: evolution in crimeware, Dark Web, consequences of databreaches, financial malware and frauds.

Hope you enjoy it!

@HPSecure Crimeware Developers Shift To More Obfuscation, Jave Exploits http://bit.ly/M7gell  ‪#blackhat‬

Janne Ahlberg ‏@JanneFI Weapons, drugs and hitmen a click away on the Dark Web http://bit.ly/NyiZYU

Neira Jones ‏@neirajones#ICO fines St George’s Healthcare NHS Trust £60K for sending patient’s medical details to the wrong person http://lnkd.in/JkipmG #databreach
Nicolas Krassas ‏@Dinosn Oil Giants Shell, BP and others hacked and data leaked by @le4ky http://www.cyberwarnews.info/2012/07/14/oil-giants-shell-bp-and-others-hacked-and-data-leaked-by-le4ky/

briankrebs ‏@briankrebs At last, sensible, timely advice. EU to Banks: Assume All PCs Are Infected http://bit.ly/NN8DGw

Tuomo Makkonen ‏@tmakkonen Measuring the cost of cybercrime (pdf): http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf

CcureIT ‏@CcureIT Australian consumer data sold to financial fraudsters: ACC report http://dlvr.it/1qWMDs


domenica 8 luglio 2012

Best of the Week - 8 luglio 2012

Here we are with the new "Best of the Week" post; in this issue you can find: infosec slides, stories of young hackers, botnet and DDOS and Russian censorship.

Hope you enojoy it.


CcureIT ‏@CcureIT Monkif Botnet Hides Commands in JPEGs http://dlvr.it/1qMGtk

Rafal Los ‏@Wh1t3Rabbit How true is this? http://www.itbusinessedge.com/slideshows/show.aspx?c=96308

SCMagazine ‏@SCMagazine SLIDESHOW: July 2012 Global Threat Report http://ow.ly/c59l9 #CyberCrime

SophosLabs ‏@SophosLabs Shocking 17-year-old public high school antics clickjack unwary Facebook users into scam http://bit.ly/KY9S39

Xylitol ‏@Xylit0l 13-Year-Old Arrested by Japanese Police for Creating Virus http://goo.gl/166EK #wtf #japan

Joseph Menn ‏@josephmenn Russia's Internet blacklist looms in freedom crackdown http://cnet.co/MFBeRw via @CNET

Limor S Kessem ‏@iCyberFighter Want to see what happens to your infrastructure under a DDoS attack? Check out BoNeSi--The DDoS Botnet Simulator http://t.co/jzggKZ9n


domenica 1 luglio 2012

Best of the Week - 1 luglio 2012

Here is my list of the best security resources of this week. This week the subjects are: malware, phishing, UPnP, Facebook, incident response and... football!

Hope you enjoy it!


Contagio - malware dump: Medre.A AutoCAD worm samples http://contagiodump.blogspot.it/2012/06/medrea-autocad-worm-samples.html

Mieke Verburgh ‏@miekiemoes Phishy Phishy Phish: http://blog.malwarebytes.org/intelligence/2012/06/phishing-101-part-1/


John Matherly ‏@achillean To learn more about UPnP and how it works, check out this defcon 19 presentation on UPnP mapping: http://www.shodanhq.com/videos/media/defcon-19-upnp-mappin
EFF ‏@EFF Facebook's reporting guide, explaining what happens when a user reports content, is a step in the right direction https://eff.org/r.5aek
Stefan Frei ‏@stefan_frei Spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response, paper concludes http://bit.ly/MCK2TY

CcureIT ‏@CcureIT McAfee Names Most Dangerous Football Team in Europe http://dlvr.it/1n2WYv

and now, just before the end... a little bit of fun!!

Fabio Assolini ‏@assolini World's hardest sudoku: can you crack it? http://bit.ly/MYhXZI (via @TelegraphSci

domenica 24 giugno 2012

Best of the Week - 24 giugno 2012

This time, for my "Best of the Week" post, I have picked news about: data breach, a new proposal on DNS, anthropology and hackers, government malware, botnet and, finally, GPS jammers.

Hope you enjoy it!

RSA Conference ‏@RSAConference RT @darkreading 6 biggest database breaches so far in 2012: http://ow.ly/bI7EV

Andy Steingruebl ‏@asteingruebl Excellent analysis by Andrew Sullivan. "A Closer Look at the AIP Internet Draft Proposal" - http://bit.ly/PJDANg

Web Security News ‏@WebSecurityNews
Gabriella Coleman: Helping Hackers Infiltrate Academia - Fast Company http://ow.ly/1kLFpJ

Xylitol ‏@Xylit0l BlackShades in Syria | Malwarebytes Unpacked http://blog.malwarebytes.org/intelligence/2012/06/blackshades-in-syria/ #malwarebytes

Sean Sullivan ‏@FSLabsAdvisor The way they spread?? Wherein Bruce Schneier fails to understand basic economics. Commodity vs. specialty good/service: http://bit.ly/M8bMBa

Marco Thorbruegge ‏@mthorbruegge Botnet Metrics & Calibration http://j.mp/LBw83J

Stefan Frei ‏@stefan_frei Illegal GPS Jammers Are Widespread, Study Finds http://bit.ly/L65Z

domenica 17 giugno 2012

Best of the Week - 17 giugno 2012

Web application security, cyberwar and hackers, these are the subjects of my current best of the week post.

Hope you enjoy it!

Mikko Hypponen ‏@mikko "WAT" - a 3-minute lightning talk by @garybernhardt. https://www.destroyallsoftware.com/talks/wat Worth watching for by any developer.

Stefano Di Paola ‏@WisecWisec@skeptic_fx: Lol ! Real fun to read :) OWASP's how to write insecure code ! https://www.owasp.org/index.php/How_to_write_insecure_code” //nice idea!

Mikko Hypponen ‏@mikko "Lessons from the Bin Laden Raid and Cyberwar" - @csoghoian's talk at #PDF12: http://www.youtube.com/watch?v=pJu0qEha2I0 [video, 10'19"]

Eugene Kaspersky ‏@e_kaspersky Cyber attacks can seem like a way to conduct bloodless wars. Some arguments why not true: http://bit.ly/LgRenQ by @jtemple #cyberwar

F-Secure ‏@FSecure "The Cyberpolitics Of Cyberbellicosity Cyberpushing Cybersecurity To Cyberprevent Cyberwar" http://t.co/EW9dY9mf

Jayson E. Street ‏@jaysonstreet IE zero-day flaw being used to hijack Gmail accounts - Neowin http://www.neowin.net/news/ie-zero-day-flaw-being-used-to-hijack-gmail-accounts via @neowinfeed

Stonesoft ‏@Hack_the_Lab "Money was never his motivation." Power and Ego, Not Money, May have Fueled Alleged Dutch Hacker http://shar.es/s3kl3 via @CIOonline



domenica 10 giugno 2012

Best of the Week - 10 giugno 2012

Here we are again with the best security resources of the week. This week I've chosen some articles on: cryptography issues related to Flame, DDOS, DNSSEC and Cyber conflicts.

Hope you enjoy my selection!

Mikko Hypponen ‏@mikko "We now have an example where the government has undermined a crucial part of computer security": http://blog.agilebits.com/2012/06/07/flames-and-collisions/ #flame #1password

MD5 collision attacks are truly novel, this tells us a lot about who worked on Flame and how important it is http://www.cwi.nl/news/2012/cwi-cryptanalist-discovers-new-cryptographic-attack-variant-in-flame-spy-malware

Mikko Hypponen ‏@mikko Tons of good info on the PKI problems that lead to Flame's 'Holy Grail' hack in: http://rmhrisk.wpengine.com By @rmhrisk, who used to work at MSFT.

Prof Alan Woodward ‏@ProfWoodward Nice explanation of the DoS tool that runs on a *single* PC but can bring an Apache web server to its knees http://ddos.arbornetworks.com/2012/06/mp-ddoser-a-rapidly-improving-ddos-threat/

CyLab ‏@cylab Latest CyLab Tech Report: Sanctuary Trail - Refuge from Internet DDoS Entrapment Available Now! http://shar.es/qVKPx #cybersecurity

NLnet Labs ‏@NLnetLabs Our Annual Report 2011 is available: http://nlnetlabs.nl/downloads/publications/annualreports/annualreport

CCD COE ‏@ccdcoe Day 3 summary of #cycon is now up http://www.ccdcoe.org/cycon/521.html - and also a summary of the event http://ccdcoe.org/cycon/522.html


domenica 3 giugno 2012

Best of the Week - 3 giugno 2012

This week I selected four papers and four videos for my best of the week post. The subjects are: application security, APT, hackers, mobile security and forensics.
Hope you enjoy it.

Project Honeynet ‏@ProjectHoneynet Know Your Enemy: Social Dynamics of Hacking: I am very pleased to announce the publication of another paper in o... http://bit.ly/L1Q3sH

Jeremiah Grossman ‏@jeremiahg RT @troyhunt: paper from @whitehatsec, "Website Security 101" is a great intro resource to basic webappsec: https://www.whitehatsec.com/assets/WPweb1010607.pdf  < thanks!

Team Cymru ‏@teamcymru Trend's pdf paper on #APT #malware attackers IXESHE (pronounced i-sushi) http://bit.ly/Lg2fGe

xanda ‏@xanda RT @joncallas: iOS Security Guide out from Apple: http://goo.gl/nz9Fw Contains high level description of many iOS things. thanks!

Javvad Malik ‏@J4vv4D By popular demand #BsidesLondon proudly presents @securityninja 's talk on Win phone 7 security http://www.youtube.com/watch?v=XQFkhZ0Y3dw

Security Tube ‏@SecurityTube
[Video] Backtrack Digital Forensics Foremost http://securitytube.net/video/4291 by jibesh_st
[Video] Backtrack Digital Forensics Magicrescue http://securitytube.net/video/4290 by jibesh_st
[Video] Forensic recoverjpeg tool on BackTrack 5 R2 http://securitytube.net/video/4289 by jibesh_st

domenica 27 maggio 2012

Best of the Week - 27 maggio 2012

Cyberwar, destroying Internet, cyber-theft, botnet and monitoring of open sources, these are the subjects I chose for my "Best of the week" post.

So, no more words, here is my selection of the best security resources of the week.

Hope you enjoy it!


@radware Scary indeed. RT @andrewhheller: How to Destroy the Internet (Scary) #infosec #cybersecurity http://bit.ly/KXkJv3

@TheRealSpaf Also consider sharing it: http://www.cerias.purdue.edu/site/blog/... - Cerias "U.S. Memorial Day Thoughts on Cyber War

@IdentityG We love our ATM's, and so do criminals. Tips from the FBI on how to avoid #skimming scams. http://ow.ly/b7nST

@identidadrobada Buyer Beware: Why You Should Be Wary of Mobile Banking http://zite.to/LxCO1o

@raistolo Oh, dear: https://code.google.com/p/malware-lu/wiki/en_analyse_herpnet #botnet #fail. To the authors: don't worry, it's not a honeypot. Italian police doesn't have a clue.



domenica 20 maggio 2012

Best of the Week -20 maggio 2012

As always, during this week I gathered on Twitter the security news items that I considered interesting, then this morning I evaluated them and picked the best (for me). So, here's my new list of the best security resources of the week.

Hope you enjoy it!

‏‏@mthorbruegge ICS-CERT: Risk Management for the Electricity Sector http://j.mp/J69VOf

@markrussinovich DOD report to Congress on China: cyberops "disruptive not only in a conflict, could be very disruptive to the US" http://t.co/CUa53U5R

@GarWarner Lessons from the First Cyber Cops - Shawn Henry, Steve Chabinsky, and Chris Painter -- http://garwarner.blogspot.com/2012/05/lessons-from-first-cyber-cops.html

@gianlucaSB Surprise, spam amount is rising again http://ow.ly/b0AfV (via @hfuhs)

@whitehatsec Great article from @jodywestby on how Boards view (or in this case don't view) their cybersecurity. Check it out here: http://onforb.es/KwFelz

‏@marcomorana Failing cookie tracking user consent for non essential cookies might cost companies up to £ 500,000 fine under UK law http://www.bluefinprofessions.co.uk/news/take-on-the-cookie-monster-dont-be-caught-out-by-26-may-website-compliance-deadline


domenica 13 maggio 2012

Best of the week - 13 maggio 2012

Here is my new list of the best security resources of this week.

Hope you enjoy it!

@InfosecIsland FedRAMP Releases Updated Security Assessment Templates - FedRAMP is a government-wide program that provides a standard... http://ow.ly/1jF4U8

@scottsimkin 74% of Americans believe #Cybersecurity should be a top concern for Presidential candidates: http://ow.ly/aQ213

@europeanprivacy Big unanswered questions over government's 'snooper's charter' #snooperscharter @privacyint @guardian @Data_Privacy_EU http://www.guardian.co.uk/technology/2012/may/09/questions-unanswered-snoopers-charter

@OnlineSecurity7 Financial Malware Tricks Users With Claims of Free Credit Card Fraud Insurance - PCWorld http://bit.ly/IZUPI8

@CiscoSecurity (Whitepaper) IPv6 first-hop security concerns: http://ow.ly/aLmwE

@yvetteagostini #smartgrid history infographic http://raynor-design.com/wp-content/uploads/2011/08/smartgrid.jpg

domenica 6 maggio 2012

Best of the week - 6 maggio 2012

As always, many security news were published this week, here you can find my selection of the best ones.

Hope you enjoy it!

@packet_storm iOS Application (In)Security http://packetstormsecurity.org/files/112482 #whitepaper 

@ericfreyss A Wild Exploit Kit Appears... Meet RedKit - SpiderLabs Anterior http://t.co/QCogaZFN

@DarkOperator Lockheed bags $454m to tool up Pentagon's Cyber Crime Center http://t.co/2f7queZY

@CcureIT The difficulties in sizing up botnets http://dlvr.it/1WTgjX #ccureit

@eEye A CISO's Guide To Application Security - Part 3: Toward an AppSec Center of Excellence http://bit.ly/JX1z9V #ciso #cso #appsec #netsec

I would like also to bring to your attention the publication of the slides of my presentation at CeCOS VI, the annual meeting organized by the Anti-Phishing Working Group (APWG). In that so interesting event (sadly), there were only two people to represent Italy, Raoul Chiesa, the CyberDefcon principal, and me. Raoul gave a presentation titled "The soul of cybercriminals" based on his work on Hackers Profiling Project and I presented the current situation of cybercrime in Italy. CeCOS IV was a real success that gave the possibility to all the participants to establish new contacts with experts and professionals coming from many different countries and to have new information regarding the important trends in the cybercrime scenario.




domenica 29 aprile 2012

Best of the Week - 29 Aprile 2012

After my participation in CeCOS VI in Prague I have a lot of interesting pieces of information to share so in the next week I'll write something about those that have struck me more. For now, I'm sharing with you my usual selection of the best Internet security resources.

Hope you enjoy it.

@CcureIT The Future of Cyber Security 2012 - Seminars http://dlvr.it/1SrDDw

@CERTGIB Live Russian Cybercriminal cartography. Where do the hackers come from. Full hackers' profiles in http://group-ib.com/images/media/Group-IB_Report_2011_ENG.pdf http://pic.twitter.com/Rpc9utWj

@GarWarner Interesting look back at Trident Breach by Omaha's FBI Special Agent in Charge - http://t.co/Z1etGNN0

@CERT_Polska_en British hosting company suffered from attack of 10-milion-strong botnet: http://t.co/CRab13x5

@Anti_Evasion "Vendors have largely ignored the warnings." Equipment Maker Caught Installing Backdoor Account in Control System Code http://t.co/3JIws16F

@candolin2 U.S. seen as Iran 'cyberarmy' target - Washington Times: http://wtim.es/IuHhHE via @washtimes #cyber

domenica 22 aprile 2012

Best of the Week - CeCOS VI Edition


As every sunday morning, I'm publishing my list of the best security resources of the week.

Hope you enjoy it.

@StaySafeOnline An interesting look at how attacks are becoming more mobile in 2012 from Trend Micro (an NCSA Board Member Company): http://t.co/mfdOXbn8

@paulsparrows RT @suffert The threats of the Age of cyber-warfare: Eugene Kaspersky on cybercrime http://t.co/LN9mVRuO

@George_Kurtz Cnet:Shawn Henry talks to CNET about why he left public service and joined CrowdStrike. http://cnet.co/HIrwYx <- great Q&A with Shawn

@cylab CyLab's Richard Power interviews @BurgessCT 4 CSO - How 2 meet challenges of 21st century #cybersecurity & #privacy http://shar.es/ryhIS

Finally, I want also to remember to my readers that next week there will be CeCOS VI, an interesting conference organized by APWG in Prague. I will give a presentation titled "A vision on cybercrime in Italy" so here, next week you 'll be able to find my slides. 

This is the official press release of the event

Containing the Global Cybercrime Threat is Focus of Counter eCrime Operations Summit (CeCOS VI) in Prague, April 25-27

CeCOS VI, in Prague, Czech Republic, to focus on harmonizing operational issues, cybercrime data exchange, and industrial policies to strengthen and unify the global counter-ecrime effort.

The 6th annual Counter eCrime Operations Summit (CeCOS VI) will convene in Prague, Czech Republic, April 25-27, 2012, as the APWG gathers global leaders from the financial services, technology, government, law enforcement, communications sectors, and research centers to define common goals and harmonize resources to strengthen the global counter-cybercrime effort.

CeCOS VI Prague will review the development of response systems and resources available to counter-cybercrime managers and forensic professionals from around the world.

Specific goals of this high-level, multi-national conference are to identify common forensic needs, in terms of the data, tools, and communications protocols required to harmonize cybercrime response across borders and between private sector financial and industrial sector responders and public sector policy professionals and law enforcement.

Key presentations will include:

* Toward a Universal eCrime Taxonomy for Industry and Law Enforcement; by Iain Swaine, Ensequrity.
* Budapest Convention on Cybercrime: Transborder Law Enforcement Access to Data; by Alexander Seger, Director of the Data Protection and Cybercrime Division of the Council of Europe.
* Adventures in Cybercrime Event Data Sharing; by Pat Cain, AWPG Resident Research Fellow.

Additional presentations about industrial policy at CeCOS VI will investigate policies that complicate the work of exploited brand holders and responders including the domain name system (DNS) registration process that is abused by phishers as part of their phishing campaigns.

ABOUT the Counter eCrime Operations Summit

CeCOS VI, the second APWG conference held in Europe, is an open conference for members of the electronic-crime fighting community, hosted by the APWG and its Conference Partner AVG, Program Partners: The Council of Europe and Organization for Security and Cooperation in Europe, and sponsored by AVG, Google, Microsoft, MarkMonitor, ESET, Telefonica and ICANN. The CeCOS programs are widely considered the most vital events to investigators and managers of electronic crime from across the private and public sectors.

AGENDA

CONFERENCE REGISTRATION:

domenica 15 aprile 2012

Best of the Week - 15 aprile 2012

Here's my list of the best security resources of this week.

Hope you enjoy it.

@TrendLabs European internet users have been plagued by "Police Trojans" that lock their computer until they pay a fine http://t.co/BPSo0R7v

@sicert Ransomcrypt infecting users in .si. Uses 8-byte xor to encrypt files and demands 50 € payment. Several versions, different keys.

@InfosecIsland Megaupload Goes to Court: A Primer - Does the government have a responsibility to protect innocent third parties from... http://t.co/7amJyqfb

@securityshell Drive-by downloads: exploiting cross-site scripting vulnerabilities http://t.co/VxREtwqJ

@gianlucaSB "spam is what our users say it is" http://ow.ly/agqza ~ insights on gmail's antispam techniques

@IreneKoehler Apple issues Trojan removal tool http://zite.to/INhJzm #mac #security

@ilis Great lectures on information security by @mikko http://kcy.me/7vza and @schneierblog http://kcy.me/7vzf at @rsaconference 2012

@marcomorana Great lecture on malware threats & countermeasures http://t.co/mm5FkCae

domenica 8 aprile 2012

Best of the Week - Easter edition

Happy Easter!!

Here we are... another holiday and another special edition of the "Best of Week" series.

Below you can find my selection of the best security resources of this week.

Hope you enjoy it.

@candolin2 Offensive cyber capabilities on the rise: Dutch cabinet to expand digital warfare | Cyber Warzone http://j.mp/Hpb5CJ #cyber

@TrendLabs European internet users have been plagued by "Police Trojans" that lock their computer until they pay a fine http://t.co/BPSo0R7v

@jackie_singh When the police subpoena your #Facebook information, here's what Facebook sends the cops http://bit.ly/Hprl8u #privacy

@assolini Apple malware flourishes in a culture of denial | ZDNet UK http://t.co/VH2fmcZZ

@virusbtn BYOD might mean larger pockets needed for lab coats. It certainly affects an organisation's security policies http://t.co/URx9fVVh

@securityshell HTML5 Security http://t.co/Z2fc2Nbc

domenica 1 aprile 2012

Best of the week - 1 Aprile 2012


Even in April fools' day you can find a few real security articles, or not...

Hope you enjoy my selection of "real" security resources of this week.

See you next week.


@mikko: I never noticed before that Google has Really Advanced Search options: http://www.google.com/js/reallyadvanced.html

@robinsage Authorities Apprehend the Hacktivist Known as th3j35t3r: In a shocking turn of events, the hacktivist known as ... http://j.mp/HwGL64

@ryanaraine your april fool's joke is wack. stop it.

--------------------------------------------

@DamballaInc  Blog: Global Payments Breach - Same story, cybercriminals have better tools and more agile http://ow.ly/a01fN #VISA #Mastercard #infosec

@josephmenn "This Creepy App Isn’t Just Stalking Women, It’s A Wake-Up Call About Facebook Privacy" http://www.cultofmac.com/157641/this-creepy-app-isnt-just-stalking-women-without-their-knowledge-its-a-wake-up-call-about-facebook-privacy/ h/t @maggieshiels

@nigroeneveld Cybercriminals increasingly target financial services industry http://bit.ly/Hom6kH #infosec

@peterkruse #Fake #Bank Site, Fake Registrar, http://t.co/Nbh7UvKn

@WeldPond EU Cyber Attack law would ban tools "production/sale of devices such as computer programs designed for cyber-attacks" http://t.co/d5t025YA


http://www.wikio.it