testing
"BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server."
"A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI.
Henning Klevjer, an information security student at the University of Oslo in Norway, suggests in a just-released research paper that it may be possible for attackers to dispense with phishing sites altogether, embedding their entire scam webpage in an encoded data URI that can be passed around from victim to victim."
"A shortcoming in browsers including Firefox and Opera allows crooks to easily hide an entire malicious web page in a clickable link - ideal for fooling victims into handing over passwords and other sensitive info.
Usually, so-called "phishing attacks" rely on tricking marks into visiting websites designed by criminals to masquerade as banks and online stores, thus snaffling punters' credentials and bank account details when they try to use the bogus pages. However this requires finding somewhere to host the counterfeit sites, which are often quickly taken down by hosting companies and the authorities or blocked by filters."
"FinFisher can turn on users' microphones or cameras without them knowing, take periodic screenshots and log keystrokes, she said. The FinSpy Mobile component carries a range of capabilities – including recording phone calls, tracking GPS locations, intercepting text messages and logging keystrokes."
"A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI."
"Hackers Dump Millions of Records From Banks, Politicians"
The hacker collective, TeamGhostShell claims to have hacked major U.S. bank and politician accounts and have posted the details on Pastebin.
"When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, and cyber warfare gone amok."
They employed what's known as an SQL injection, manipulating the online forms where visitors enter information. The hope was to trick the underlying database into spitting out valuable corporate data.
They were sophisticated and persistent hackers, but kept tripping over roadblocks. The site continually slowed to a crawl. Their automated tools were thwarted by CAPTCHAs, those online boxes that force users to translate squiggly letters.
Proving that most malicious hackers are more than happy to employ time-tested tactics instead of developing sophisticated new techniques and tools, Symantec has reported a huge spike in generic polymorphic malware (malware that changes shape to bypass detection) spread via good old fashioned socially engineered email messages.
For the past three years, a highly encrypted computer worm called Conficker has been spreading rapidly around the world. As many as 12 million computers have been infected with the self-updating worm, a type of malware that can get inside computers and operate without their permission.
A pair of researchers have unveiled a serious new attack on web browser security.
The biggest single data breach in the report occurred last July, when South Shore Hospital in South Weymouth said it lost 14 years’ worth of records on 800,000 patients, employees, volunteers, and vendors. The hospital blamed an outside data management company for losing a batch of records they had been ordered to destroy.
This is an interesting interview on privacy & cryptography
One in every 10 online searches for information, pictures and downloads related to Klum landed on a website that tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware, according to McAfee, an internet security company.
Internet service providers who play favorites, beware. If Dan Kaminsky has his way, your days are numbered.
N00ter, a tool that Kaminsky plans to release in coming weeks, checks for those marginal traffic cheats. N00ter functions like a VPN, routing traffic through a proxy and disguising its source and destination.
Stanford Security researcher that provides security & privacy highlights of the week. (July 11-19, 2011)
International Cyber Security Protection Alliance (ICSPA) launched.
carries information security news, free news digest/newsletters, a glossary and a comprehensive database of information security products.
testing
A professional society for individual information security practitioners. ISSA offers many membership benefits, including the chance to liaise with your peers.