Security News for April

iPhone Tracks Your Every Move, and There’s a Map for That

Leaked Cables Indicate Chinese Military Hackers Attacked U.S.

U.S. authorities have reportedly traced the “Byzantine Hades” spear-phishing attacks to specific Chinese military groups.

Final report: Pan-European cyber security exercise

ORNL computers coming back online after cyber attack

Cyber attacks rise at critical infrastructure firms

Cyber attacks on critical infrastructure companies are on the rise, with a jump in extortion attempts and malware designed to sabotage systems, like Stuxnet, according to a new report.

Verizon Finds Stunning Drop in Data Theft

The news isn’t really stunning, Brian Krebs says identity theft is so common, the profit bottomed out. So they found other sources of income,

Some say the new criminal “money maker” is selling source code.

IPhone tracking – not so much a concern.

It turns out they track the towers, not your GPS.

One-Fourth Of SSL Websites At Risk

Many sites haven’t applied patches for well-known ‘renegotiation’ flaw

Google’s Android phones face more attacks via apps

Oak Ridge National Labs Hit by Spear Phishing Attack

“Tennessee-based Oak Ridge National Laboratory ( was hit with a spear phishing attack Friday, forcing the federal data center to cut Internet access for employees, according to a report by Wired.”

Adobe Reader, Acrobat Update Nixes Zero Day

Security First: Security and data protection in Google data centers

Google shows how they protect their data centers

Ashampoo warns of security breach

Sony confirms external attack brought down PlayStation Network

Kapersky’s son kidnapped. He paid ransom.

Breakthrough in Quantum Computing

Fast AND reliable.

NSA Recommendations For RSA SecurID Users After Cyber Intrusion

In reaction to the RSA cyber intrusion, The National Security Agency (NSA) released Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion. This advisory expands on the information previously released by NSA via Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion, and provides additional guidance on:

  • The use of SecurID hard tokens and soft tokens
  • Fortifying the security profile of SecurID’s authentication factors
  • Measures to harden SecurID’s Authentication Manager

Yahoo Weighs Spinning Out Hadoop Engineering Group for $1 Billion Opportunity

China Implicated In Hacking Of SMB Online Bank Accounts

FBI warns that small- to mid-size businesses are being targeted in an attack that so far has bilked companies’ accounts of millions of dollars and wired the money to Chinese companies

This time it wasn’t an “advanced persistent threat” that China was associated with: a fraud alert issued by the FBI today implicates China in a cybercrime operation that bilked U.S.-based small- to midsized businesses of $11 million over the past year.

Trojans Shifting Focus to Less Widely Used Browsers

Current versions of the SpyEye Trojan now include functionality designed to steal sensitive data from individuals surfing the Web with Chrome and Opera browsers according to a Brian Krebs report.

Sony Says PlayStation Hacker Got Personal Data, credit card numbers, passwords, etc.


Then, on Tuesday, after several days of near-silence, Sony said that as a result of the attack, an “unauthorized person” had obtained personal information about account-holders, including their names, addresses, e-mail addresses, and PlayStation usernames and passwords. Sony warned that other sensitive information, including credit card numbers, could have been compromised also, warning customers through a statement to “remain vigilant” by monitoring identity theft or other financial loss.

PTES Technical Guidelines – Penetration Test Standards

This is a web page that provides a “standard” set of steps to take in a Penetration Test. It’s new, but the outline is growing to be very large.

Insecure Defaults Lead to Mass Open Proxies in China

This seems due to the popularity of the “PPTV online TV” software, which is a P2P file sharing program used for exchanging TV, and movies.

Chinese databases exposed to hackers – Researcher finds government flaws

Besides the database of foreign recruits in China, “[o]ther vulnerable networks Mr. Beresford found include the website of the Beijing-based Institute for High Energy Physics and the computer systems of hundreds of other government agencies and departments using poorly configuredInternet telephones, webcams and other devices. Spies could use these devices to eavesdrop on the Chinese government or military offices where they are installed.”

FBI Warns Small Businesses of Unauthorized Wire Transfers to China

Many small businesses are having funds transferred without their knowledge.

Microsoft has a new security scanner that augments their virus detection software

A good write-up on this is here

Apple response to phone tracking questions

Google patches 27 Chrome bugs, pays out record bounties

“Google today patched 27 vulnerabilities in Chrome as it boosted the “stable” build of the browser to version 11 on Windows, Mac and Linux.

The company paid out a record $16,500 in bounties to researchers who reported a majority of the bugs, beating the previous biggest payday by several hundred dollars.”

Visualizing Application Flows with xtractr

Interesting packet visualization tool

This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s