As increasing sectors of the internet migrate to Facebook as a deployment platform (Zygna, etc.), a new effort aims to spread the preference aggregation features to include things users either own or would like to own. By allowing users to add Own and Want buttons to their profile, users can highlight both a Wishlist and
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
Do Xmas shopping and porn surfing account for a spike in Win32/Scrinject detections?
Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,
Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of
Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, throwing in a law enforcement scare. In this latest scam, an official-looking banner appears on infected machines, purporting
To round out our series of malware and cybercrime predictions here are some of my thoughts on what the next 12 months will bring. I expect more high profile arrests of cyber-criminals but no abatement in criminal activity that seeks to profit at the expense of data owners. Some of these arrests will occur in
In a scathing and far-reaching US Congressional report released recently the Transportation Security Administration (TSA) was characterized in these unflattering terms: “Since its inception, TSA has lost its focus on transportation security. Instead, it has grown into an enormous, inflexible and distracted bureaucracy, more concerned with human resource management and consolidating power, and acting reactively
Citing a “serious lack” of attorney expertise in prosecuting cybercrime, New Jersey Prosecutor John Molinelli decided it was time for attorneys to go back to school. He states, “There was a serious lack of prosecuting attorneys – there’s probably a lack of attorneys, in general, who really know this area,” and decided to do something
The IRISSCERT conference in Dublin has drawn attention to Irish cybercrime statistics since January 2011.
SCADA, a network-enabled setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to Supervisory Control and Data Acquisition (SCADA) systems recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
Awhile back we noticed signals from the US Pentagon that they were considering the possibility of a traditional military response to cyber attacks on US physical infrastructure. Basically, a cyber attack on infrastructure could be considered an act of war. We now see the official report released, confirming this. The report states, “When warranted, we
Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one
Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around
Here's an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.
Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in
On the heels of the arrest of Cory Kretsinger, aka “Recursion”, for one of the Sony data breaches, following an FBI request for traffic records from his VPN provider, users wonder whether anonymizing service providers really are all that anonymous. Using a VPN to connect securely out of reach of prying eyes, is a common
Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might
