category

Cybersecurity

Got Hacked? You have 48 hours to fess up

Or so the current legislation being proposed in a U.S. House of Representative subcommittee would like it. A hearing scheduled for today at the House Energy and Commerce Committee’s Commerce, Manufacturing, and Trade Subcommittee centered around draft legislation proposed by Rep. Mary Bono Mack (R-Calif.) hoping to accomplish a security baseline companies must adhere to,

Social engineers don’t care about your OS: and nor should you

Security companies in general and, unfortunately, anti-malware companies in particular, are often accused of ‘hyping’ threats because of a perceived self-interest. However, in the main, legitimate vendors and researchers like those at ESET typically try to resist overhyping or playing up threats where possible, in favor of more balanced discussion that can help customers take

Natl Research Council Says: Show Us The MONEY

Surprised to find annual cybercrime damage spread somewhere between 300 million and 54 BILLION? So is the Director of National Intelligence. Today Brian Krebs of the Washington Post and Krebsonsecurity.com detailed a strong push for mandatory disclosure of cyber intrusion to include account hijacking and online identity theft.

Securing Our eCity Listed as Winner of National Cybersecurity Awareness Challenge

For the Best Local/Community Plan, Securing Our eCity San Diego and MyMainePrivacy were both selected as winners. Both proposals offered innovated strategies for grassroots collaborative approaches with state and local government, public and private sector, and the academic community through their online classroom style trainings. The National Cybersecurity Awareness Challenge, which Secretary Napolitano announced in

Carr’s Four Cyber Trends That Must Be Reversed Now

I’m not always in alignment with Jeffrey Carr’s point of view but in this he is spot on. Succinct and to the point, Jeffrey Carr addresses cybercrime, cyberwarfare rules of engagement and forecasts the United States’ rapid decline: Should these trends continue unabated, we will have no one to blame but ourselves as the economical

Debate Heating Up: Cybersecurity Act of 2010 S. 773

Forbes contributor Richard Stennion doesn’t like the Cybersecurity Act of 2010 very much. We know it around here as S. 773 and have been tracking it for some time. Mr. Stennion and I disagree on some key points. He says that S. 773: “…contains some pretty drastic measures that are going to be very disruptive,

Continued Malware Hijinks with Mass Webserver Compromises

While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:

Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns.

Malware Injection Campaign: A Retaliation?

This week there have been several major malware injection campaigns against WordPress blogs and other php-based content management systems. This malware injection battle began last week with Network Solutions and GoDaddy. Recently researcher Dancho Danchev has found evidence linking two US Treasury sites into the malware injection campaign: What's particularly interesting about this campaign is

Laughs: Redefining “Security Researcher”

Got a kick out of this Verizon Business Risk Intelligence post: “Problem-makers and Solution-makers should no more have the same label as terrorists and engineers. Sure, they both interact with explosives in their daily business but they put their skills to vastly different uses. Is there a reason we must continue to label people by

Geek with an edge: Gordon Snow, Asst. Dir. FBI Cyber Division

it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he

Cybercrime and Cyberwarfare: Warnings Unheeded?

Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when

Cyberwarfare and Music: It’s All Tempo

Old joke: how can you tell a lousy drummer is at your front door? The knocks keep slowing down. Tempo of operations are similar in that if you can keep a fast, sustained rhythm outpacing the adversary, you’ll keep the initiative. If your side knows when the tempo is supposed to speed up or slow

FBI Cyber Division Describes Criminal Specialization

According to FBI Cyber Division Director Chabinsky’s keynote speech last week the supporting elements of a somewhat clannish and tribal entity such as a cybercrime organization are also specialized and diverse in the 21st century:

Is Net Neutrality a legit beef against Senate Bill 773?

After posting the article regarding this new legislature I continued my research into the objections which have been raised by many cyber activists. Some of the concern is about ‘Net Neutrality’ and the potential for abuse of power. Let’s look first at the issue of content-neutral or client-neutral packet routing. Net Neutrality – A Deeper

HR 4061: What Three Bucks buys you…

According to the CBO report quoted in this graphic, three dollars from every citizen of the United States each year for four years is what the final cost will be. We’re talking about the amped up Cybersecurity Enhancement Act of 2010 (HR 4061) currently passed by the House of Representatives. This can easily be confused

From Megatons to Megapings: Cyberwarfare

A bit of news this week dealt with Cyberwarfare. Far from becoming part of the tinfoil hat crowd, cyberwarfare has been growing in real world relevance in the past eighteen months and is the primary impetus for pending legislation. While in the Cold War, detente could be measured in the megatonnage of nuclear weapons, the

Senate Bill 773: What it means for Cyber Security and Cybercrime

Allow me to frame the threat of cybercrime that we all face by quoting from Jeff Debrosse’s 2009 Cybersecurity Review white paper: Cybercriminals are global and often well organized. They are smaller and more maneuverable than most corporations. Some are sheltered by certain G8 economic countries’ policies and laws. Their thefts fuel their home country’s

PDFs Exploitable?!? I’m shocked…

September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these

Deus ex machina

It will likely come as no surprise to regular readers of ESET's Threat Blog that we are somewhat gadget aficionados here in the Research Department. Our focus, however, is usually on issues such as malware, spam and privacy so we do not spend a lot of time discussing gadgetry.  Every once in a while, though,

While Rome Burns…

A flurry of long-overdue government initiatives designed to address cybercrime has begun to actually develop some momentum. When I consider that it took a year to just get a cybersecurity bill through committee, I think of Nero fiddling while Rome burns, especially when everyone on the committee appears to believe it’s critical legislation. The CyberSecurity

Follow us

Copyright © 2016 ESET, All Rights Reserved.