This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.
Hope you enjoy it!
A couple of articles on Shamoon...
Team Cymru @teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia http://tinyurl.com/aofuxfd
N. Groeneveld @nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice http://bit.ly/WmRnhJ #cyberwar #infosec
Oracle woes for Java...
Trusteer @Trusteer Oracle's Java Headache Worsens: http://bit.ly/10Nw7oU via @jpmello < great article about #Java's vulnerabilities and fake patch updates
Attacks and traffic maps...
Alan Woodward @ProfWoodward Nice map showing real-time web attacks fro Akamai http://www.akamai.com/html/technology/dataviz1.html?WT.ac=security_l Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.
Sony woes for playstation network data breach never end...
BrianHonan @BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough" http://www.ico.gov.uk/news/latest_news/2013/ico-news-release-2013.aspx
An interesting position about Diginotar case...
scl feed @computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter http://tinyurl.com/abun9qu
Assessing the risk is an evergreeen topic...
DarkReading @DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it http://twb.io/Xv2pON
domenica 27 gennaio 2013
domenica 20 gennaio 2013
Best of the Week - January 20, 2013
This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!
Hope you enjoy my list.
@hdmoore: @kaspersky 's Red October report is amazing: http://www.securelist.com/en/blog/... I confirmed C&C IPs via Critical.IO: http://pastie.org/private/5e8h394xvpdxmpsk5nmnpa
Ryan Naraine @ryanaraine Red October Part 2: The modules https://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules … (cc @4Dgifts
Alan Woodward @ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf & http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophosinsideablackholepart2tpna.pdf?dl=true
Damballa @DamballaInc Updated Shylock #malware hooks into #Skype http://bit.ly/10BSSgu
Neira Jones @neirajones [INFOGRAPHIC] Knowing Your Risks http://www.risknewstand.com/knowing-your-risks-an-infographic-guide/ risk #infographic
CcureIT @CcureIT Cybercrime and the Underground Market http://dlvr.it/2p0Ckp #ccureit
Doug Munro @DoDRecruiterDC Many Fed smartphones have zero password protection http://dfi.io/2pT6xh #infosec #cybersecurity via @ID201107
Hope you enjoy my list.
@hdmoore: @kaspersky 's Red October report is amazing: http://www.securelist.com/en/blog/... I confirmed C&C IPs via Critical.IO: http://pastie.org/private/5e8h394xvpdxmpsk5nmnpa
Ryan Naraine @ryanaraine Red October Part 2: The modules https://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules … (cc @4Dgifts
Alan Woodward @ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs http://sophosnews.files.wordpress.com/2012/03/blackhole_paper_mar2012.pdf & http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophosinsideablackholepart2tpna.pdf?dl=true
Damballa @DamballaInc Updated Shylock #malware hooks into #Skype http://bit.ly/10BSSgu
Neira Jones @neirajones [INFOGRAPHIC] Knowing Your Risks http://www.risknewstand.com/knowing-your-risks-an-infographic-guide/ risk #infographic
CcureIT @CcureIT Cybercrime and the Underground Market http://dlvr.it/2p0Ckp #ccureit
Doug Munro @DoDRecruiterDC Many Fed smartphones have zero password protection http://dfi.io/2pT6xh #infosec #cybersecurity via @ID201107
domenica 13 gennaio 2013
Best of the Week - January 13, 2013
Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.
Hope you enjoy it!
John Walker @SBLTD #ENISA Threat Landscape Report: http://lnkd.in/BSSTWk
Gareth Niblett @infosecmaven Cyber Attack Threat: UK Armed Forces Warned http://news.sky.com/story/1035284/cyber-attack-threat-uk-armed-forces-warned
Team Cymru @teamcymru Crisis and Escalation in Cyberspace http://tinyurl.com/be3bzus
Some articles on the so called "Operation Ababil"...
Dancho Danchev @danchodanchev Operation Ababil - they must have read this paper http://is.gd/8w1IAW before launching the attacks. Where's the rocket science in that?
The Washington Post @washingtonpost Major banks turn to NSA for help http://wapo.st/WJdF9n
Bank DDoS Attacks Employ Web Servers As Weapons http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240145920/bank-ddos-attacks-employ-web-servers-as-weapons.html by @darkreading
And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks: http://j.mp/Vf6ud5
A look inside the EU's new cybercrime unit http://www.bbc.co.uk/news/business-20983013 - A brief BBC video on #EC3
Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money' http://tinyurl.com/abkdrbn #EC3
Hope you enjoy it!
John Walker @SBLTD #ENISA Threat Landscape Report: http://lnkd.in/BSSTWk
Gareth Niblett @infosecmaven Cyber Attack Threat: UK Armed Forces Warned http://news.sky.com/story/1035284/cyber-attack-threat-uk-armed-forces-warned
Team Cymru @teamcymru Crisis and Escalation in Cyberspace http://tinyurl.com/be3bzus
Some articles on the so called "Operation Ababil"...
Dancho Danchev @danchodanchev Operation Ababil - they must have read this paper http://is.gd/8w1IAW before launching the attacks. Where's the rocket science in that?
The Washington Post @washingtonpost Major banks turn to NSA for help http://wapo.st/WJdF9n
Bank DDoS Attacks Employ Web Servers As Weapons http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240145920/bank-ddos-attacks-employ-web-servers-as-weapons.html by @darkreading
And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks: http://j.mp/Vf6ud5
A look inside the EU's new cybercrime unit http://www.bbc.co.uk/news/business-20983013 - A brief BBC video on #EC3
Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money' http://tinyurl.com/abkdrbn #EC3
domenica 6 gennaio 2013
Best of the Week - Epiphany edition
Today, in Italy, children received the visit of this old lady who brought to them a lot of sweeties.
Instead of the candies, my readers will find some interesting security news and resources. Hope you enjoy them!
My best wishes!!!
Fatal error leads TURKTRUST to issue dangerous SSL certificates http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html
CcureIT @CcureIT Credit card fraud numbers soaring at record rate in Canada http://dlvr.it/2lbBQ4
SCMagazine @SCMagazine A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks. | http://ow.ly/gynHV
Dan Philpott @danphilpott Ron Ross' recent keynote at ITSAF titled, "Risk Management - Managing the Problem": http://youtu.be/C8IWxSSN5LI
CISecurity @CISecurity Welcome to the World’s Largest Public Hacker Database @infosecedu http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/
Sandro Süffert @suffert 2012's worst security exploits, fails and blunders http://fb.me/1PvYctsun
CERT Polska @CERT_Polska_en The Month of the Honeynet Project Tools: http://honeynet.org/node/1013
Instead of the candies, my readers will find some interesting security news and resources. Hope you enjoy them!
My best wishes!!!
Fatal error leads TURKTRUST to issue dangerous SSL certificates http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html
CcureIT @CcureIT Credit card fraud numbers soaring at record rate in Canada http://dlvr.it/2lbBQ4
SCMagazine @SCMagazine A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks. | http://ow.ly/gynHV
Dan Philpott @danphilpott Ron Ross' recent keynote at ITSAF titled, "Risk Management - Managing the Problem": http://youtu.be/C8IWxSSN5LI
CISecurity @CISecurity Welcome to the World’s Largest Public Hacker Database @infosecedu http://resources.infosecinstitute.com/worlds-largest-public-hacker-database/
Sandro Süffert @suffert 2012's worst security exploits, fails and blunders http://fb.me/1PvYctsun
CERT Polska @CERT_Polska_en The Month of the Honeynet Project Tools: http://honeynet.org/node/1013
Iscriviti a:
Post (Atom)