Best of the Week - January 27, 2013

This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.

Hope you enjoy it!


A couple of articles on Shamoon...
Team Cymru ‏@teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia http://tinyurl.com/aofuxfd

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ  #cyberwar #infosec

Oracle woes for Java...
Trusteer ‏@Trusteer Oracle's Java Headache Worsens: http://bit.ly/10Nw7oU  via @jpmello < great article about #Java's vulnerabilities and fake patch updates

Attacks and traffic maps...
Alan Woodward ‏@ProfWoodward Nice map showing real-time web attacks fro Akamai http://www.akamai.com/html/technology/dataviz1.html?WT.ac=security_l Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.

Sony woes for playstation network data breach never end...
BrianHonan ‏@BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough" http://www.ico.gov.uk/news/latest_news/2013/ico-news-release-2013.aspx

An interesting position about Diginotar case...
scl feed ‏@computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter http://tinyurl.com/abun9qu

Assessing the risk is an evergreeen topic...
DarkReading ‏@DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it http://twb.io/Xv2pON

Best of the Week - January 20, 2013

This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!

Hope you enjoy my list.

@hdmoore: @kaspersky 's Red October report is amazing: http://www.securelist.com/en/blog/...  I confirmed C&C IPs via Critical.IO: http://pastie.org/private/5e8h394xvpdxmpsk5nmnpa

Ryan Naraine ‏@ryanaraine Red October Part 2: The modules https://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules … (cc @4Dgifts

Alan Woodward ‏@ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf & http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophosinsideablackholepart2tpna.pdf?dl=true

Damballa ‏@DamballaInc Updated Shylock #malware hooks into #Skype http://bit.ly/10BSSgu

Neira Jones ‏@neirajones [INFOGRAPHIC] Knowing Your Risks http://www.risknewstand.com/knowing-your-risks-an-infographic-guide/ risk #infographic

CcureIT ‏@CcureIT Cybercrime and the Underground Market http://dlvr.it/2p0Ckp  #ccureit

Doug Munro ‏@DoDRecruiterDC Many Fed smartphones have zero password protection http://dfi.io/2pT6xh  #infosec #cybersecurity via @ID201107

Best of the Week - January 13, 2013

Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.

Hope you enjoy it!

John Walker ‏@SBLTD #ENISA Threat Landscape Report: http://lnkd.in/BSSTWk

Gareth Niblett ‏@infosecmaven Cyber Attack Threat: UK Armed Forces Warned http://news.sky.com/story/1035284/cyber-attack-threat-uk-armed-forces-warned

Team Cymru ‏@teamcymru Crisis and Escalation in Cyberspace http://tinyurl.com/be3bzus

Some articles on the so called "Operation Ababil"...
Dancho Danchev ‏@danchodanchev Operation Ababil - they must have read this paper http://is.gd/8w1IAW  before launching the attacks. Where's the rocket science in that?

The Washington Post ‏@washingtonpost Major banks turn to NSA for help http://wapo.st/WJdF9n

Bank DDoS Attacks Employ Web Servers As Weapons http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240145920/bank-ddos-attacks-employ-web-servers-as-weapons.html by @darkreading

And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks: http://j.mp/Vf6ud5

 A look inside the EU's new cybercrime unit http://www.bbc.co.uk/news/business-20983013 - A brief BBC video on #EC3

Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money' http://tinyurl.com/abkdrbn  #EC3

Best of the Week - Epiphany edition

Today, in Italy, children received the visit of this old lady who brought to them a lot of sweeties.

Instead of the candies, my readers will find some interesting security news and resources. Hope you enjoy them!

My best wishes!!!


Fatal error leads TURKTRUST to issue dangerous SSL certificates http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html

CcureIT ‏@CcureIT Credit card fraud numbers soaring at record rate in Canada http://dlvr.it/2lbBQ4

SCMagazine ‏@SCMagazine A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks. | http://ow.ly/gynHV

Dan Philpott ‏@danphilpott Ron Ross' recent keynote at ITSAF titled, "Risk Management - Managing the Problem": http://youtu.be/C8IWxSSN5LI

CISecurity ‏@CISecurity Welcome to the World’s Largest Public Hacker Database @infosecedu http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/

Sandro Süffert ‏@suffert 2012's worst security exploits, fails and blunders http://fb.me/1PvYctsun

CERT Polska ‏@CERT_Polska_en The Month of the Honeynet Project Tools: http://honeynet.org/node/1013