domenica 10 febbraio 2013

Best of the Week - February 10, 2013

For me, this week started with an important question that emerged from the deep Internet:
"‏@StartupLJackson If you haven't been hacked by the Chinese you got to ask yourself, does the shit you're doing really even matter?"

Jokes apart, many important news regarding cybersecurity found a place on the newspaper, here is my selection...

hope you enjoy it!


FireEye ‏@FireEye discovers a longstanding advanced persistent threat campaign targeting U.S. aerospace & defense industry: http://ow.ly/hrGWd

Armando Leotta ‏@ArMyZ The Best Free Ways to Send Encrypted Email and Secure Messages http://zite.to/XxVF

#Bit9 Admits Systems #Breach, Stolen Code-Signing Certificates http://www.crn.com/news/security/240148192/bit9-admits-systems-breach-stolen-code-signing-certificates.htm #Infosec

Nicolas Brulez ‏@nicolasbrulez MT @DarkReading: Researcher shows how the infamous cyberespionage families Flame & Duqu can be repurposed http://ow.ly/htAEP  #SAS2013

NIST is requesting comments on the draft of Security and Privacy Controls for Federal Information Systems SP800-53 Rev4 http://www.nist.gov/itl/csd/sp800-020613.cfm

Fed confirms but downplays #Anonymous Super Bowl banker hack http://www.theregister.co.uk/2013/02/06/fed_confirms_downplays_anon_superbowl_hack/ - #US Federal Reserve #hacked during Super Bowl

domenica 3 febbraio 2013

Best of the Week - February 3, 2013

This week I found a lot of interesting news twitted by some "security superstars". This is a selection of the most important ones.

Hope you enjoy it!

Mikko Hypponen ‏@mikko Note that the US Government is NOT denying that they wrote Stuxnet; they just want to find out who leaked the info. http://www.washingtonpost.com/world/national-security/...

Bruce Schneier RSS ‏@Bruce_Schneier Pentagon Staffs Up U.S. Cyber Command http://is.gd/OKctQv

Roger Halbheer ‏@rhalbheer Where will this lead us at the end? How will we deal with hardware vulnerabilities? http://ow.ly/hk0wO

Marco Thorbruegge ‏@mthorbruegge Multi-vector DDoS Attacks Grow in Sophistication http://www.securityweek.com/multi-vector-ddos-attacks-grow

Team Cymru ‏@teamcymru Router Access and Default Passwords http://tinyurl.com/agojgca

William Beer ‏@wmbeer What the U.S. Government Gets Wrong About Real Cybersecurity Threats  http://www.slate.com/articles/technology/future_tense/... via @slate


N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ  #cyberwar #infosec

CcureIT ‏@CcureIT 5 Security Holes Almost Everyones Vulnerable To http://dlvr.it/2sqpZ3


domenica 27 gennaio 2013

Best of the Week - January 27, 2013

This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.

Hope you enjoy it!


A couple of articles on Shamoon...
Team Cymru ‏@teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia http://tinyurl.com/aofuxfd

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ  #cyberwar #infosec

Oracle woes for Java...
Trusteer ‏@Trusteer Oracle's Java Headache Worsens: http://bit.ly/10Nw7oU  via @jpmello < great article about #Java's vulnerabilities and fake patch updates

Attacks and traffic maps...
Alan Woodward ‏@ProfWoodward Nice map showing real-time web attacks fro Akamai http://www.akamai.com/html/technology/dataviz1.html?WT.ac=security_l Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.

Sony woes for playstation network data breach never end...
BrianHonan ‏@BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough" http://www.ico.gov.uk/news/latest_news/2013/ico-news-release-2013.aspx

An interesting position about Diginotar case...
scl feed ‏@computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter http://tinyurl.com/abun9qu

Assessing the risk is an evergreeen topic...
DarkReading ‏@DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it http://twb.io/Xv2pON

domenica 20 gennaio 2013

Best of the Week - January 20, 2013

This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!

Hope you enjoy my list.

@hdmoore: @kaspersky 's Red October report is amazing: http://www.securelist.com/en/blog/...  I confirmed C&C IPs via Critical.IO: http://pastie.org/private/5e8h394xvpdxmpsk5nmnpa

Ryan Naraine ‏@ryanaraine Red October Part 2: The modules https://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules … (cc @4Dgifts

Alan Woodward ‏@ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf & http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophosinsideablackholepart2tpna.pdf?dl=true

Damballa ‏@DamballaInc Updated Shylock #malware hooks into #Skype http://bit.ly/10BSSgu

Neira Jones ‏@neirajones [INFOGRAPHIC] Knowing Your Risks http://www.risknewstand.com/knowing-your-risks-an-infographic-guide/ risk #infographic

CcureIT ‏@CcureIT Cybercrime and the Underground Market http://dlvr.it/2p0Ckp  #ccureit

Doug Munro ‏@DoDRecruiterDC Many Fed smartphones have zero password protection http://dfi.io/2pT6xh  #infosec #cybersecurity via @ID201107




domenica 13 gennaio 2013

Best of the Week - January 13, 2013

Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.

Hope you enjoy it!

John Walker ‏@SBLTD #ENISA Threat Landscape Report: http://lnkd.in/BSSTWk

Gareth Niblett ‏@infosecmaven Cyber Attack Threat: UK Armed Forces Warned http://news.sky.com/story/1035284/cyber-attack-threat-uk-armed-forces-warned

Team Cymru ‏@teamcymru Crisis and Escalation in Cyberspace http://tinyurl.com/be3bzus

Some articles on the so called "Operation Ababil"...
Dancho Danchev ‏@danchodanchev Operation Ababil - they must have read this paper http://is.gd/8w1IAW  before launching the attacks. Where's the rocket science in that?

The Washington Post ‏@washingtonpost Major banks turn to NSA for help http://wapo.st/WJdF9n

Bank DDoS Attacks Employ Web Servers As Weapons http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240145920/bank-ddos-attacks-employ-web-servers-as-weapons.html by @darkreading

And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks: http://j.mp/Vf6ud5

 A look inside the EU's new cybercrime unit http://www.bbc.co.uk/news/business-20983013 - A brief BBC video on #EC3

Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money' http://tinyurl.com/abkdrbn  #EC3

domenica 6 gennaio 2013

Best of the Week - Epiphany edition

Today, in Italy, children received the visit of this old lady who brought to them a lot of sweeties.

Instead of the candies, my readers will find some interesting security news and resources. Hope you enjoy them!

My best wishes!!!


Fatal error leads TURKTRUST to issue dangerous SSL certificates http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html

CcureIT ‏@CcureIT Credit card fraud numbers soaring at record rate in Canada http://dlvr.it/2lbBQ4

SCMagazine ‏@SCMagazine A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks. | http://ow.ly/gynHV

Dan Philpott ‏@danphilpott Ron Ross' recent keynote at ITSAF titled, "Risk Management - Managing the Problem": http://youtu.be/C8IWxSSN5LI

CISecurity ‏@CISecurity Welcome to the World’s Largest Public Hacker Database @infosecedu http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/

Sandro Süffert ‏@suffert 2012's worst security exploits, fails and blunders http://fb.me/1PvYctsun

CERT Polska ‏@CERT_Polska_en The Month of the Honeynet Project Tools: http://honeynet.org/node/1013
http://www.wikio.it