IRISSCERT, ESET Ireland and the Luck of the Irish
The IRISSCERT conference in Dublin has drawn attention to Irish cybercrime statistics since January 2011.
Browsing category
The IRISSCERT conference in Dublin has drawn attention to Irish cybercrime statistics since January 2011.
SCADA, a network-enabled setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to Supervisory Control and Data Acquisition (SCADA) systems recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
Awhile back we noticed signals from the US Pentagon that they were considering the possibility of a traditional military response to cyber attacks on US physical infrastructure. Basically, a cyber attack on infrastructure could be considered an act of war. We now see the official report released, confirming this. The report states, “When warranted, we
Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one
Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around
Here’s an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.
Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in
On the heels of the arrest of Cory Kretsinger, aka “Recursion”, for one of the Sony data breaches, following an FBI request for traffic records from his VPN provider, users wonder whether anonymizing service providers really are all that anonymous. Using a VPN to connect securely out of reach of prying eyes, is a common
Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might
The United States Attorney Office for the Southern District of New York received a flurry of attention in April, 2011 when they unsealed an indictment against the three largest Internet poker companies in the United States—Absolute Poker, Full Tilt Poker and PokerStars—for fraud, gambling and money laundering. Today, the USAO upped the ante with an
You may be aware that Cameron Camp and I regularly write articles for SC Magazine’s Cybercrime Corner: here here’s a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it’ll give some idea of the range of content covered. Ten years later, still the same
Can’t find a way to support a hacktivist with your l337 sK1LLz? Turns out they take tips, bitcoin tips. We mused awhile back about the emergence of bitcoin as a favorite underground currency. Now, on the heels of the latest announcement by “Anonymous” that they’re releasing personal data belonging to a defense contractor VP with
Is that possible? Well, a researcher with Identity Finder, Aaron Titus, believes so, since he says he managed to use internet searches to unearth a trove of unsecured private health records on a website, around 300,000 of them. He notified the company, Southern California Medical-Legal Consultants, which represents doctors and hospitals seeking payment from patients
Nearly three years old, the Conficker worm continues to pose a threat to PCs. Aryeh Goretsky wants to know why this is, and what can be done about it.
Aryeh Goretsky interviewed, as his paper on Possibly Unwanted Applications is published.
On the heels of the recent activity with Stuxnet, the industrial process control computer worm that targeted Iranian nuclear centrifuges, a Blackhat talk by Thanassis Giannetsos explains how to hack yet another commonly used family of controllers. We have mused that this trend, targeting critical infrastructure nodes, is but a shade of things yet to
What we’re lacking here is a clear differentiation between types of “hacktivist” or, indeed, “activist”: much of the commentary that’s around at the moment seems to assume that all hacktivists are the same.
In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 — one of the best presentations of the workshop, in my unbiased opinion 😉 — Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.
Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in
“Infrastructure Attacks: The Next Generation?” now includes the speaker notes, which hopefully makes it more interesting and useful.