iPhone Tracks Your Every Move, and There’s a Map for That
Leaked Cables Indicate Chinese Military Hackers Attacked U.S.
U.S. authorities have reportedly traced the “Byzantine Hades” spear-phishing attacks to specific Chinese military groups.
Final report: Pan-European cyber security exercise
ORNL computers coming back online after cyber attack
Cyber attacks rise at critical infrastructure firms
Cyber attacks on critical infrastructure companies are on the rise, with a jump in extortion attempts and malware designed to sabotage systems, like Stuxnet, according to a new report.
Verizon Finds Stunning Drop in Data Theft
The news isn’t really stunning, Brian Krebs says identity theft is so common, the profit bottomed out. So they found other sources of income,
Some say the new criminal “money maker” is selling source code.
IPhone tracking – not so much a concern.
It turns out they track the towers, not your GPS.
One-Fourth Of SSL Websites At Risk
Many sites haven’t applied patches for well-known ‘renegotiation’ flaw
Google’s Android phones face more attacks via apps
Oak Ridge National Labs Hit by Spear Phishing Attack
“Tennessee-based Oak Ridge National Laboratory (www.ornl.gov) was hit with a spear phishing attack Friday, forcing the federal data center to cut Internet access for employees, according to a report by Wired.”
Adobe Reader, Acrobat Update Nixes Zero Day
Security First: Security and data protection in Google data centers
Google shows how they protect their data centers
Ashampoo warns of security breach
Sony confirms external attack brought down PlayStation Network
Kapersky’s son kidnapped. He paid ransom.
Breakthrough in Quantum Computing
Fast AND reliable.
NSA Recommendations For RSA SecurID Users After Cyber Intrusion
In reaction to the RSA cyber intrusion, The National Security Agency (NSA) released Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion. This advisory expands on the information previously released by NSA via Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion, and provides additional guidance on:
- The use of SecurID hard tokens and soft tokens
- Fortifying the security profile of SecurID’s authentication factors
- Measures to harden SecurID’s Authentication Manager
Yahoo Weighs Spinning Out Hadoop Engineering Group for $1 Billion Opportunity
China Implicated In Hacking Of SMB Online Bank Accounts
FBI warns that small- to mid-size businesses are being targeted in an attack that so far has bilked companies’ accounts of millions of dollars and wired the money to Chinese companies
This time it wasn’t an “advanced persistent threat” that China was associated with: a fraud alert issued by the FBI today implicates China in a cybercrime operation that bilked U.S.-based small- to midsized businesses of $11 million over the past year.
Trojans Shifting Focus to Less Widely Used Browsers
Current versions of the SpyEye Trojan now include functionality designed to steal sensitive data from individuals surfing the Web with Chrome and Opera browsers according to a Brian Krebs report.
Sony Says PlayStation Hacker Got Personal Data, credit card numbers, passwords, etc.
Then, on Tuesday, after several days of near-silence, Sony said that as a result of the attack, an “unauthorized person” had obtained personal information about account-holders, including their names, addresses, e-mail addresses, and PlayStation usernames and passwords. Sony warned that other sensitive information, including credit card numbers, could have been compromised also, warning customers through a statement to “remain vigilant” by monitoring identity theft or other financial loss.
PTES Technical Guidelines – Penetration Test Standards
This is a web page that provides a “standard” set of steps to take in a Penetration Test. It’s new, but the outline is growing to be very large.
Insecure Defaults Lead to Mass Open Proxies in China
This seems due to the popularity of the “PPTV online TV” software, which is a P2P file sharing program used for exchanging TV, and movies.
Chinese databases exposed to hackers – Researcher finds government flaws
Besides the database of foreign recruits in China, “[o]ther vulnerable networks Mr. Beresford found include the website of the Beijing-based Institute for High Energy Physics and the computer systems of hundreds of other government agencies and departments using poorly configuredInternet telephones, webcams and other devices. Spies could use these devices to eavesdrop on the Chinese government or military offices where they are installed.”
FBI Warns Small Businesses of Unauthorized Wire Transfers to China
Many small businesses are having funds transferred without their knowledge.
Microsoft has a new security scanner that augments their virus detection software
A good write-up on this is here
Apple response to phone tracking questions
Google patches 27 Chrome bugs, pays out record bounties
“Google today patched 27 vulnerabilities in Chrome as it boosted the “stable” build of the browser to version 11 on Windows, Mac and Linux.
The company paid out a record $16,500 in bounties to researchers who reported a majority of the bugs, beating the previous biggest payday by several hundred dollars.”
Visualizing Application Flows with xtractr
Interesting packet visualization tool