...So here are what we consider to be the 10 commandments of corporate security...
The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth. As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates
[NOTE: As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook. Click here to view their article in Spanish. We will follow up on this shortly. AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues
My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making
[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.
Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies
Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see
[Update: it's likely that the attacks described below will also take advantage of the more recent bombings in Dagestan, as described by the BBC here. Isn't it bad enough that horrors like this take place at all, let alone provide revenue for cybercriminals?] Late last night (30th March) I added a pointer to my earlier
Two new white papers have been posted on the white papers page at http://www.eset.com/download/whitepapers.php. (1) "Ten Ways to Dodge CyberBullets" by David Harley Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worst-dressed French poodles, the 10 most embarrassing political speeches and
As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/. Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https Thanks, Sebastián! David Harley Director of Malware Intelligence ESET LLC
Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https – Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an
Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle
Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only
Over the weekend our colleagues at ESET Latin America found that Slideshare was being used to spread malware. As they haven’t found much information on the web about this, Sebastián Bortnik blogged today about what they found. (Errors in translation and interpretation should be attributed to David Harley!) I’ve added some thoughts and some content