domenica 27 gennaio 2013

Best of the Week - January 27, 2013

This week I found some articles about updates and new analysis of some important old topics. In the following lines you will find a selection of the best articles and resources.

Hope you enjoy it!

A couple of articles on Shamoon...
Team Cymru ‏@teamcymru Shamoon Malware Possibly Developed by Extremist Islamist Group from Saudi Arabia

N. Groeneveld ‏@nigroeneveld #Shamoon: Decapitating Saudi Aramco with the Sword of Justice  #cyberwar #infosec

Oracle woes for Java...
Trusteer ‏@Trusteer Oracle's Java Headache Worsens:  via @jpmello < great article about #Java's vulnerabilities and fake patch updates

Attacks and traffic maps...
Alan Woodward ‏@ProfWoodward Nice map showing real-time web attacks fro Akamai Reports claim Q3 2012 attack traffic traced to China in 1/3 cases.

Sony woes for playstation network data breach never end...
BrianHonan ‏@BrianHonan UK ICO fines Sony £250K for the security breach in 2011 "security measures in place were simply not good enough"

An interesting position about Diginotar case...
scl feed ‏@computersandlaw The DigiNotar Case: Internet Security is No Abstract Matter

Assessing the risk is an evergreeen topic...
DarkReading ‏@DarkReading Measuring risk is a key to justifying new security spending. Here's a roadmap for doing it

domenica 20 gennaio 2013

Best of the Week - January 20, 2013

This week my post is almost completely devoted to malware, cybercrime and espionage. What a tough time this is!

Hope you enjoy my list.

@hdmoore: @kaspersky 's Red October report is amazing:  I confirmed C&C IPs via Critical.IO:

Ryan Naraine ‏@ryanaraine Red October Part 2: The modules … (cc @4Dgifts

Alan Woodward ‏@ProfWoodward Blackhole exploits explained in good technical papers from @SophosLabs &

Damballa ‏@DamballaInc Updated Shylock #malware hooks into #Skype

Neira Jones ‏@neirajones [INFOGRAPHIC] Knowing Your Risks risk #infographic

CcureIT ‏@CcureIT Cybercrime and the Underground Market  #ccureit

Doug Munro ‏@DoDRecruiterDC Many Fed smartphones have zero password protection  #infosec #cybersecurity via @ID201107

domenica 13 gennaio 2013

Best of the Week - January 13, 2013

Some important security topics emerged and catched my attention this week. Here is a brief list of the best articles and resources I found on the net.

Hope you enjoy it!

John Walker ‏@SBLTD #ENISA Threat Landscape Report:

Gareth Niblett ‏@infosecmaven Cyber Attack Threat: UK Armed Forces Warned

Team Cymru ‏@teamcymru Crisis and Escalation in Cyberspace

Some articles on the so called "Operation Ababil"...
Dancho Danchev ‏@danchodanchev Operation Ababil - they must have read this paper  before launching the attacks. Where's the rocket science in that?

The Washington Post ‏@washingtonpost Major banks turn to NSA for help

Bank DDoS Attacks Employ Web Servers As Weapons by @darkreading

And to finish this post some articles about the inauguration of the "European Cyber-Crime Centre" (EC3)
Cecilia Malmstrom @MalmstromEU Tackling online fraud in the EU - the European #Cybercrime Centre, #EC3, and its tasks:

 A look inside the EU's new cybercrime unit - A brief BBC video on #EC3

Sandro Suffert @suffert Europe´s Cybercrime centre Chief: 'We will focus on criminal groups or networks who steal your money'  #EC3

domenica 6 gennaio 2013

Best of the Week - Epiphany edition

Today, in Italy, children received the visit of this old lady who brought to them a lot of sweeties.

Instead of the candies, my readers will find some interesting security news and resources. Hope you enjoy them!

My best wishes!!!

Fatal error leads TURKTRUST to issue dangerous SSL certificates

CcureIT ‏@CcureIT Credit card fraud numbers soaring at record rate in Canada

SCMagazine ‏@SCMagazine A hacktivist group claims it already has launched the second phase of DDoS strikes against U.S. banks. |

Dan Philpott ‏@danphilpott Ron Ross' recent keynote at ITSAF titled, "Risk Management - Managing the Problem":

CISecurity ‏@CISecurity Welcome to the World’s Largest Public Hacker Database @infosecedu

Sandro Süffert ‏@suffert 2012's worst security exploits, fails and blunders

CERT Polska ‏@CERT_Polska_en The Month of the Honeynet Project Tools: