20130809
20130809
20130809
l de Segurana (GNS) sobre Cibersegurana em que se optou por manter a lngua original dos artigos. A grande fonte de obteno de informao o NATO Information Assurance Technical Center (NIATC), em Mons, Blgica e muita da informao publicada tambm poder ser obtida directamente da World Wide Web atravs dos links a azul.
CYBER Newsletter
Nmero: 32/2013 09-08-2013
Snowden : Seven Private Telecom Companies giving unlimited access to British spy agency
from thehackernews.com the latest release from Edward Snowden shows that the Vodafone, BT, Verizon and some other total seven Private Telecom Companies have been secretly collaborating with the British spy agency.
I think the first time I ever heard someone talk seriously about computer viruses was in 1988. I was studying computing in the leafy home counties of England, when I played a joke on a friend. I showed him that everytime I typed the letter s on my keyboard it would come up on the screen as ssh, slurring his words, and every now and then a loud -HIC!- would be injected into the text. You must have a virus!
Ethical hackers from SpiderLabs use natural language processing to help impersonate individuals in phishing attacks
from www.information-age.com Ethical hackers from SpiderLabs use natural language processing to help impersonate individuals in phishing attacks Phishing emails are an increasingly popular attack vector for hackers targeting businesses. Happily, many of them are so unrealistic they can be spotted by a reasonably savvy employee. The more sophisticated hackers use techniques such as spoofing the email address of one of the target's colleagues or friends.
Cybercriminals are doing a better job than the companies they target
from www.net-security.org What can you learn from reading the exploits of the most successful hacking ring ever brought to justice? Recently, the US Attorneys Office in NJ unsealed their indictment against a mostly Russianone American co-conspirator was also namedgang of cybercriminals who are alleged to have snatched over 160 million credit card numbers resulting in more than $300 million in losses over seven years.
LMGs researchers have created the worlds first proofof-concept cellular intrusion detection system (CIDS),
from www.lmgsecurity.co LMGs researchers have created the worlds first proof-of-concept cellular intrusion detection system (CIDS), which will enable enterprise security professionals to detect hacked smartphones cheaply and effectively, even in BYOD environments. Click here to download the full whitepaper with details. hacked smartphones pose extreme risks to national security. Infected smartphones can record surrounding audio, intercept text messages, capture location and usage data, and send all that stolen data back to an attacker.
intelligence
platform
from
from www.net-security.org ThreatConnect launched the ThreatConnect Platform, a combination of analytical tools that assist in finding and analyzing threat indicators and community-based sharing features that enable communication and collaboration on emerging threats. Core to the platform are ThreatConnect Communities which allow organizations to participate in social networkingtype exchanges within broad customer, industry specific, and privately created communities. This core feature allows organizations to control who sees their information and the flexibility to participate in communities on topics of interest.
MeriTalks Cyber Security Exchange, the census reveals what motivates todays cyber security professionals as well as how to train and recruit the next generation.
blossoms
in
Russia,
vendor
from www.computerworld.com.sg Highly organized Russian groups have transformed mobile hacking into an industrial scale business, a kind of "malware-as-a-service," complete with marketing affiliates, distributors and customer support. Ten such criminal enterprises are responsible for more than 60% of all Russian malware, and millions of dollars in fraudulent SMS toll charges against end users' phone bills.
Phishing attacks show sudden drop as criminals use servers for DDoS
from www.computerworlduk.com Phishing attacks appear to be falling back to their pre-2012 levels after the Anti-Phishing Working Group (APWG) recorded a sudden 20 percent fall in activity for the first quarter of 2013. The APWG records phishing crime in a number of ways, primarily through the number of unique phishing websites detected by its members, which dropped around 20 percent between the Q4 2012 and Q1 2013. Significantly, these fell to just over 35,000 in February, the lowest total recorded since late 2011, the APWG said.
What's Getting Hacked Now? Your Phone, Your TV and Your Toilet
from www.dailyfinance.com Think you're immune from hackers just because you've got an updated antivirus program on your computer? Well, think again. Hackers are regularly finding new and innovative ways to break into the various connected devices in your life. And security researchers are always publishing research demonstrating strange new methods that a determined hacker could use to invade your life. Here are a few of the terrifying threats we've come across lately.
Was the U.S. government behind a new hacking spree aimed at unmasking people hiding their identity on the Web? Security experts think so. Users of the Tor browser reported Sunday that various websites hosted by the company Freedom Hosting had gone suddenly offline and had in some cases been infected with malware. Freedom Hosting provides socalled Tor hidden service servers that allow users to access websites available only through the Tor network. These sites are commonly referred to as being part of the dark Web and are used by activists and journalists who are attempting to evade surveillance. But hidden services also attract criminal elementsand are known to be used to share images of child abuse or to arrange drug deals.
Family
Targeting
the
Tibetan
from citizenlab.org As part of our ongoing study into targeted attacks on human rights groups and civil society organizations, the Citizen Lab analyzed a malicious email sent to Tibetan organizations in June 2013. The email in question purported to be from a prominent member of the Tibetan community and repurposed content from a community mailing list. Attached to the email were what appeared to be three Microsoft Word documents (.doc), but which were trojaned with a malware family we call Surtr.1 All three attachments drop the exact same malware. We have seen the Surtr malware family used in attacks on Tibetan groups dating back to November 2012.
Google launches Android Device Manager for tracking lost and stolen smartphones
from www.theinquirer.net SOFTWARE DEVELOPER Google has launched a remote management tool for its mobile operating system called Android Device Manager. The feature, which is similar to Apple's Find My iPhone app, lets users of Android smartphones and tablets locate and remotely wipe the device if it is lost or stolen, a feature long called for by Android users. While firms like HTC, Sony and Samsung all have proprietary security tools on their Android smartphones, this is the first time Google has released such a feature.
Sentinel Labs kills cyber attacks right on your device with $2M
from venturebeat.com More money goes out to the security community today. Attack protection service Sentinel Labs got $2 million to stop malware right there on your device.
Researchers release tool to pickup the SLAAC in Man-InThe-Middle attacks using IPv6
from www.computerworld.com.sg A group of researchers from Neohapsis Labs released a tool last weekend during DEF CON that drops the time needed for a Man-in-the-Middle attack using IPv6 (SLAAC Attack), from hours down to minutes or less. SLAAC, or Stateless Address Auto Configuration, is required on all IPv6 stack implementations. It's a mechanism, which allows a host to generate their own IPv6 addresses, even if routable addresses are assigned or pre-configured.
CIAs John Mullen Declares People Biggest Threat and Risk Management Best Defense
from www.infosecurity-us.com People present the greatest cyber vulnerability and educating them is key to protecting your valuable information, John K. Mullen, senior operations officer at the CIA told the audience at 2013 SINET Innovation Summit in New York, August 6th 2013.
create a relatively cheap cellular intrusion detection system that enables enterprises and private individuals to test their or their employees' smartphones for malware.
The Frightening Reality About How Easily Hackers Could Shut Down The US
from www.businessinsider.com Hacking into and shutting down industrial systems on which the U.S. relies is staggeringly easy, according to recent presentations from the Black Hat hacker conference. Picture this: A few pump station operators along New York City's water tunnels fire up their computers to check the status of various water pressure readings.
DHS building actionable response plans for cyber attacks on critical infrastructure
from www.federalnewsradio.com Even as they analyse and respond to operational cyber threats on a day-to-day basis, officials at the Homeland Security Department's National Cybersecurity and Communications Integration Center (NCCIC) say they're working to build concrete plans that public and private sector responders can act on in the event of a major attack in the future.
Security
with
Two-factor
from www.infosecurity-us.com When Twitter introduced SMS-based 2FA in May, it was both welcomed and criticized. Now that Twitter has launched a new, improved, more secure and app-based 2FA system, it is both welcomed and criticized yet again.
12
already erroneously resolved the malicious domains would retain those records for a typical 24 hours.
14
Bugtraq: [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
from securityfocus.com [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
Bugtraq: [security bulletin] HPSBUX02908 rev.1 - HPUX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
from securityfocus.com [security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Bugtraq: [security bulletin] HPSBUX02907 rev.1 - HPUX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
from securityfocus.com [security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
17