Headline »

Interview with Mischel Kwon – FOSE

May 15, 2013 – 9:10 AM |

Mischel Kwon and Associates LLC (MKA) is a minority, women-owned small business focused on security architecture, cyber tool development, testing and integration, security operations, and cyber defense. MKA’s skilled cyber technologists provide architecture, tools, policy and process that enable defensive security for mission-focused networks.

Read the full story »
General Security

Information about general information security issues.

Mac OS X

Information about Mac/Apple related security issues

Privacy

Information about items pertaining to information privacy

Windows Security

Information about items pertaining to Windows Security

Mobile Security

Information about items pertaining to mobile security

Hack »

Don’t Be a Victim of a Phishing Attack

May 15, 2013 – 2:50 PM |

Criminals and hackers have been extremely sophisticated in creating phony, but authentic looking e-mails that seemed to have originated from legitimate companies. If you receive an e-mail that you believe to be a phishing attempt, do not reply to it since by doing so will just validate the e-mail address is correct. Trust me, you do not want that to happen.

New Trojan Malware Attempts to Hijack Facebook Accounts

May 15, 2013 – 11:32 AM |

Microsoft recently announced that it had found a malicious browser extension making the rounds on Mozilla Firefox and Google Chrome that, when downloaded, attempted to hijack users’ Facebook profiles.

Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes

May 15, 2013 – 11:24 AM |

A posting from Naked Security about Mozilla pushes out new Firefox and Thunderbird:  Not to be outdone by Microsoft’s and Adobe’s Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today. The Firefox browser goes to 21.0, on Android as well as on desktops. (You don’t install browsers on your servers, do you?) The Thunderbird email client is only available in an Extended Support Release [...]

U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013

May 15, 2013 – 11:18 AM |

A posting from Dark Reading  in there New section: Major information security event Black Hat has announced that General Keith Alexander — Commander, U.S. Cyber Command/Director, National Security Agency/Chief, Central Security Service (NSA/CSS) — will present the Day One keynote address at Black Hat USA 2013 in Las Vegas this July.
In 2010, the U.S. Senate confirmed GEN Alexander [...]

Web Application Testing Using Real-World Attacks

May 15, 2013 – 11:11 AM |

A posting from Dark Reading in there Vulnerability Management section:  Vulnerability management and scanning systems typically combine a number of techniques to assess the risk faced by a business’s information technology, from scanning files and evaluating the current patch level to launching attacks and testing for practical vulnerabilities.
While assessing patch level tends to be the most reliable way [...]

Anonymous Taiwan takes down multiple Philippines Govt. Websites and Leaked Confidential data online

May 14, 2013 – 10:29 AM |

Anonymous Taiwan takes down multiple Philippines Govt. Websites and Leaked Confidential data online

Microsoft warns of new Trojan hijacking Facebook accounts

May 14, 2013 – 9:20 AM |

A posting from Cnet News in there Security &  Privacy section:  Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts. First detected in Brazil, Trojan:JS/Febipos.A attempts to keep itself updated, just like normal, legitimate browser extensions, [...]

Outbreak! Fake Amazon UK emails spammed out, delivering malware

May 14, 2013 – 9:06 AM |

A posting from Naked Security  about malware :   Beware! A spate of malicious emails have been spammed out by online criminals, disguised as legitimate communications from the UK branch of online retail giant Amazon. In a widespread attack, email messages have been distributed designed to trick computer users into opening an attachment disguised as information about an order for an [...]

3 Big Mistakes In Incident Response

May 14, 2013 – 9:00 AM |

A posting from  DarkReading from there Security monitoring section:  The incident response specialist investigating a recent breach of a government services firm was convinced the attack he was investigating was the handiwork of a group of Chinese hackers. The type of malware he found was commonly associated with that group of attackers, so he concentrated his efforts on cleanup and analysis [...]

Is Application Sandboxing The Next Endpoint Security Must-Have?

May 14, 2013 – 8:54 AM |

A posting  from Dark Reading in there Endpoint Security  section :  With the onslaught of zero-day attacks continuing to increase the barrage of unanswered threats against endpoints, there’s a growing contingent of security advocates championing the addition of a virtualized container layer in the endpoint security mix. Analyst predictions are rosy for the virtual containerization [...]

Sony hacking suspect smashes computers to get out of prosecution

May 13, 2013 – 6:49 AM |

A posting from Naked Security: A 23-year-old man suspected of helping to hack into Sony’s PlayStation Network got out of being penalized for the crime by smashing his computers and making his hard drives disappear.
Todd M. Miller, of Columbus, in the US state of Ohio, was sentenced on Thursday to a year on house arrest for obstructing a [...]

May Patch Tuesday coming up – Microsoft still not sure if latest 0-day fix will make the cut

May 13, 2013 – 6:44 AM |

A posting from Naked Security on patch Tuesday :  Microsoft’s Patch Tuesday for May 2013 will be published in the coming week.
It’ll be out on Tuesday 14 May 2013. (Wednesday 14 May for everywhere from about Malaysia eastwards.)
Here’s the elevator pitch:

33 vulnerabilities identified and fixed.
Ten separate patches.
Eight rated Important. (Apply ASAP.)
Two rated Critical. (Apply immediately.)
A reboot is required.

Loosely translated, Microsoft’s [...]

Indian government investigates firms at center of global cyber heist

May 13, 2013 – 6:40 AM |

A posting from NBCNEWS in there technology section about Indian’s government investigates firms at center of global cyber heist:  MUMBAI/BANGALORE, May 12 (Reuters) – The Indian government’s cyber watchdog is investigating how security at two companies that are part of the country’s vast IT services industry was breached in a global ATM heist that saw $45 million stolen [...]

US cyberwar strategy stokes fear of blowback

May 13, 2013 – 6:35 AM |

A posting from NBC NEWS in there technology section:  WASHINGTON (Reuters) – Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.
The strategy is spurring concern in the technology industry and intelligence community that [...]

Microsoft rushes out CVE-2013-1347 “Fix it” for the latest Internet Explorer zero-day

May 9, 2013 – 10:20 AM |

A posting from Naked Security:  Remember the US Department of Labor hackwe wrote about at the beginning of the month?
A microsite off the main web page was compromised and used to serve up a drive-by download cocktail that aimed to infect your computer surreptitiously.
The vulnerability that was exploited in the drive-by turned out to an unpatched [...]

Nordstrom tracking customer movement via smartphones’ WiFi sniffing

May 9, 2013 – 10:17 AM |

A posting from Naked Security:
You’ve spent quite some time in the lingerie department, but you haven’t even peeked at our display of Bose® ‘OE2′ Audio Headphones, which were $149.95 but are now ONLY $134.96! Can we talk?”
OK, so that’s not exactly what Nordstrom says it’s planning to do with the information it gleans from tracking [...]

Senate Bill Calls For ‘Watch List’ Of Nations Cyberspying On U.S., Trade Sanctions

May 9, 2013 – 10:11 AM |

A posting from Dark Reading  in there Advance threats  section:
In a week that began with the rare move of the Pentagon calling out the Chinese government and military for attacks on U.S. government networks, some key senators have drafted a bill that would create a watch list of nations conducting cyberespionage against the U.S., and spell out [...]

Unpatched Remote Access Tools: Your Gift To Attackers

May 9, 2013 – 10:07 AM |

A posting from Information Week in there Security section:
Help desk teams love remote-control software. When employees call with computer problems, the IT department can remotely take control of the user’s machine, copy over files and set all application and operating system wrongs to right.
Unfortunately, they’re not the only group interested in putting TeamViewer, Symantec PCAnywhere, [...]

Pentagon OKs Androids, BlackBerrys for soldiers

May 7, 2013 – 12:50 PM |

A posting from Naked Security about the Pentagon OKs Androids, BlackBerrys for soldiers:
The US Department of Defense (DoD) announced on Thursday that it has approved the use of Samsung phones running a hardened version of Android.
According to the BBC, the approval for other types of smartphones and mobile devices for use by US soldiers is coming soon.
Specifically, [...]

Metasploit Module Released For IE Zero-Day Flaw Used In Labor Attack

May 7, 2013 – 12:42 PM |

A posting from Dark reading:  A targeted attack discovered last week serving up malware from the U.S. Department of Labor’s (DOL) website employed a previously unknown vulnerability in Internet Explorer 8 that Microsoft says it will fix either with an emergency patch or via its monthly patch process.
And as is tradition, Metasploit also has quickly [...]

5 Ways For SMBs To Boost Security But Not Costs

May 7, 2013 – 12:36 PM |

A posting from Dark reading: For many businesses, improving their security seems like the proverbial money pit: but it doesn’t have to be that way.
While the time crunch of attending to the demands of the daily business has typically created an accumulation of security problems for many businesses, information technology professionals at SMBs can improve their [...]

Sweet Password Security Strategy: Honeywords

May 7, 2013 – 12:29 PM |

A posting from Information Week in there security section: Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information.
That’s the thinking behind the “honeywords” concept first proposed this month in ”Honeywords: Making Password-Cracking Detectable,” a paper written by Ari Juels, chief scientist at [...]

Malicious link on Facebook distributing Fake Adobe Flash Player add-on; Hackers Hijacking your Online Accounts

May 6, 2013 – 11:43 AM |

A Malicious Link is nearby you on Facebook which claims to give you the info that who viewed your profile but on the name of that gives you the fake and Malware filled browser add-on of Adobe Flash Player.