domenica 29 aprile 2012

Best of the Week - 29 Aprile 2012

After my participation in CeCOS VI in Prague I have a lot of interesting pieces of information to share so in the next week I'll write something about those that have struck me more. For now, I'm sharing with you my usual selection of the best Internet security resources.

Hope you enjoy it.

@CcureIT The Future of Cyber Security 2012 - Seminars

@CERTGIB Live Russian Cybercriminal cartography. Where do the hackers come from. Full hackers' profiles in

@GarWarner Interesting look back at Trident Breach by Omaha's FBI Special Agent in Charge -

@CERT_Polska_en British hosting company suffered from attack of 10-milion-strong botnet:

@Anti_Evasion "Vendors have largely ignored the warnings." Equipment Maker Caught Installing Backdoor Account in Control System Code

@candolin2 U.S. seen as Iran 'cyberarmy' target - Washington Times: via @washtimes #cyber

domenica 22 aprile 2012

Best of the Week - CeCOS VI Edition

As every sunday morning, I'm publishing my list of the best security resources of the week.

Hope you enjoy it.

@StaySafeOnline An interesting look at how attacks are becoming more mobile in 2012 from Trend Micro (an NCSA Board Member Company):

@paulsparrows RT @suffert The threats of the Age of cyber-warfare: Eugene Kaspersky on cybercrime

@George_Kurtz Cnet:Shawn Henry talks to CNET about why he left public service and joined CrowdStrike. <- great Q&A with Shawn

@cylab CyLab's Richard Power interviews @BurgessCT 4 CSO - How 2 meet challenges of 21st century #cybersecurity & #privacy

Finally, I want also to remember to my readers that next week there will be CeCOS VI, an interesting conference organized by APWG in Prague. I will give a presentation titled "A vision on cybercrime in Italy" so here, next week you 'll be able to find my slides. 

This is the official press release of the event

Containing the Global Cybercrime Threat is Focus of Counter eCrime Operations Summit (CeCOS VI) in Prague, April 25-27

CeCOS VI, in Prague, Czech Republic, to focus on harmonizing operational issues, cybercrime data exchange, and industrial policies to strengthen and unify the global counter-ecrime effort.

The 6th annual Counter eCrime Operations Summit (CeCOS VI) will convene in Prague, Czech Republic, April 25-27, 2012, as the APWG gathers global leaders from the financial services, technology, government, law enforcement, communications sectors, and research centers to define common goals and harmonize resources to strengthen the global counter-cybercrime effort.

CeCOS VI Prague will review the development of response systems and resources available to counter-cybercrime managers and forensic professionals from around the world.

Specific goals of this high-level, multi-national conference are to identify common forensic needs, in terms of the data, tools, and communications protocols required to harmonize cybercrime response across borders and between private sector financial and industrial sector responders and public sector policy professionals and law enforcement.

Key presentations will include:

* Toward a Universal eCrime Taxonomy for Industry and Law Enforcement; by Iain Swaine, Ensequrity.
* Budapest Convention on Cybercrime: Transborder Law Enforcement Access to Data; by Alexander Seger, Director of the Data Protection and Cybercrime Division of the Council of Europe.
* Adventures in Cybercrime Event Data Sharing; by Pat Cain, AWPG Resident Research Fellow.

Additional presentations about industrial policy at CeCOS VI will investigate policies that complicate the work of exploited brand holders and responders including the domain name system (DNS) registration process that is abused by phishers as part of their phishing campaigns.

ABOUT the Counter eCrime Operations Summit

CeCOS VI, the second APWG conference held in Europe, is an open conference for members of the electronic-crime fighting community, hosted by the APWG and its Conference Partner AVG, Program Partners: The Council of Europe and Organization for Security and Cooperation in Europe, and sponsored by AVG, Google, Microsoft, MarkMonitor, ESET, Telefonica and ICANN. The CeCOS programs are widely considered the most vital events to investigators and managers of electronic crime from across the private and public sectors.



domenica 15 aprile 2012

Best of the Week - 15 aprile 2012

Here's my list of the best security resources of this week.

Hope you enjoy it.

@TrendLabs European internet users have been plagued by "Police Trojans" that lock their computer until they pay a fine

@sicert Ransomcrypt infecting users in .si. Uses 8-byte xor to encrypt files and demands 50 € payment. Several versions, different keys.

@InfosecIsland Megaupload Goes to Court: A Primer - Does the government have a responsibility to protect innocent third parties from...

@securityshell Drive-by downloads: exploiting cross-site scripting vulnerabilities

@gianlucaSB "spam is what our users say it is" ~ insights on gmail's antispam techniques

@IreneKoehler Apple issues Trojan removal tool #mac #security

@ilis Great lectures on information security by @mikko and @schneierblog at @rsaconference 2012

@marcomorana Great lecture on malware threats & countermeasures

domenica 8 aprile 2012

Best of the Week - Easter edition

Happy Easter!!

Here we are... another holiday and another special edition of the "Best of Week" series.

Below you can find my selection of the best security resources of this week.

Hope you enjoy it.

@candolin2 Offensive cyber capabilities on the rise: Dutch cabinet to expand digital warfare | Cyber Warzone #cyber

@TrendLabs European internet users have been plagued by "Police Trojans" that lock their computer until they pay a fine

@jackie_singh When the police subpoena your #Facebook information, here's what Facebook sends the cops #privacy

@assolini Apple malware flourishes in a culture of denial | ZDNet UK

@virusbtn BYOD might mean larger pockets needed for lab coats. It certainly affects an organisation's security policies

@securityshell HTML5 Security

domenica 1 aprile 2012

Best of the week - 1 Aprile 2012

Even in April fools' day you can find a few real security articles, or not...

Hope you enjoy my selection of "real" security resources of this week.

See you next week.

@mikko: I never noticed before that Google has Really Advanced Search options:

@robinsage Authorities Apprehend the Hacktivist Known as th3j35t3r: In a shocking turn of events, the hacktivist known as ...

@ryanaraine your april fool's joke is wack. stop it.


@DamballaInc  Blog: Global Payments Breach - Same story, cybercriminals have better tools and more agile #VISA #Mastercard #infosec

@josephmenn "This Creepy App Isn’t Just Stalking Women, It’s A Wake-Up Call About Facebook Privacy" h/t @maggieshiels

@nigroeneveld Cybercriminals increasingly target financial services industry #infosec

@peterkruse #Fake #Bank Site, Fake Registrar,

@WeldPond EU Cyber Attack law would ban tools "production/sale of devices such as computer programs designed for cyber-attacks"