Easily available tools, botnets contribute to DDoS rise. August 03, 2012 Distributed denial-of-service (Doz) attacks against websites or web services continue to grow in volume and complexity, and are also increasingly being used as a distraction from other criminal activities, security firm Arbor Networks warned this week. An analysis of DDoS attacks around the world show that they are getting bigger, more frequent and more complex thanks to the general availability of botnets and toolkits, according to the company. There are even DDoS services that, for a set fee, offer to attack telecommunications providers, Curt Wilson, an engineer with the Arbor Security Engineering and Response Team, said in a blog post.
The team observed advertisements on underground forums offering phone attack services starting at $20 per day. And the ambushes aren't just being readied to cut off website accessibility, he said. Attackers no longer require large botnets at their disposal to launch DDoS attacks. There are many types of DDoS attacks. Dem senator pushes measure to make concealing data breaches a crime. Sen. Patrick Leahy (D-Vt.) is pushing for an amendment to a cybersecurity bill that would make it a crime for a company to hide a data breach from its customers. Under the legislation, anyone who purposefully conceals a data breach that causes financial damage could face up to five years in prison. Other amendments offered by Leahy would set a national standard for companies to notify their customers in the event of a data breach and would require businesses that store consumers' sensitive personal information to establish data security programs.
Many states already require that firms notify their customers following a data breach, but the standards vary by state, and there is no national requirement. The Senate could vote on Leahy's amendments when it takes up the Cybersecurity Act next week. The measures are all part of Leahy's Personal Data Privacy and Security Act, which was offered last year but has yet to receive a vote on the floor. Sen. In the House, Rep. One-quarter of websites examined by testing service were malicious | ICT Security-Sécurité PC et Internet.
The fuel that drives global cybercrime. Karine de Ponteves is a FortiGuard AV analyst with Fortinet. In this interview she discusses how cybercriminals exploit major events to deliver malware, the oversharing of personal information and how that leads to targeted attacks, and more. Every major event is exploited by cybercriminals to deliver malware. Based on your research, what events are targeted the most? What are the biggest threats to those searching for information about these events? The more people feel concerned with the event, the bigger the game and the easier the hoax. You can group these past years' major events into 3 categories: 1. 2. 3. This year's novelty is actually scammers using their own fake shortened URL services. The spam emails contain a shortened URL created with a legitimate URL-shortening service. Spammers use it to better disguise their spam by giving them the appearance and functionality of a legitimate URL-shortening service: to better evade anti-spam filters and to better avoid disruption.
Hacker-smasher: White hats join forces to build bot-beating weapon. High performance access to file storage Open ... and Shut In Hollywood, the good guys nearly always win. In information security, the bad guys ("black hats") often win, in large part because the bad guys know how to collaborate much better than the good guys ("white hats"). Until now. From Lulzsec to Chaos Computer Club, hackers increasingly band together to spring sophisticated attacks on websites, mobile applications, and more, while the white hats have mostly failed to coordinate a robust defence.
In a sign that the white hats are getting their act together, a variety of initiatives have sprung up to turn information security ("InfoSec") into a group activity, with the latest being Incapsula's BotoPedia online, community-sourced directory of web robots ("bots"). Incapsula has been developing on its own the directory and its underlying info on the world's worst 50 bots, but recently came to the conclusion that a solo InfoSec effort was never going to be as effective as a group effort. Mariposa Botnet: Iserdo on Trial. Spread the word about Defence Intelligence.
Sharing is caring. Slovenia is more than a beautiful European country. Surrounded by Austria, Hungary, Croatia and Italy, it offers a fascinating history, from their celebrated wines and prehistoric caves to their majestic castles. They have a strong showing at the London Olympic Games too, receiving four Olympic medals to date: one gold, one silver and two bronze. (They have the best per capita medal of the 59 countries that have medals.) The Mariposa botnet is famous for its widespread reach into more than half of the Fortune 1,000 companies and more than 40 major banks. Its main focus being information theft, the Mariposa botnet was used to steal PII and various login credentials from its victims.
FBI director, Robert S. "In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world. Security News and Data Breach Roundup — July Edition. Home « News « IT Security and Data Protection « Security News and Data Breach Roundup — July… July has proven to be an interesting month in the IT / Information Security world. Over the past 30 days, we have seen large-scale security leaks, the lack of strong passwords used by companies and individuals alike, new conversations brewing for Chief Information Security Officers (CISO’s) as security evolves and hackers become more of a threat, the shortcomings of the newly enacted data breach bill, and how new online tools and software may be sub par for today’s standards.
Below are the some interesting articles covering topics related to information technology. Tip of the month: Create a password that is unique (incorporate capital and lowercase letters, numbers, and symbols), change it often and don’t share it. Hasta pronto! @cindyv News image courtesy of Shutterstock.
Categories: IT Security and Data Protection Tags: data breach About Cindy Valladares. Fujitsu starts field trials of technology to nix phone scams – Gizmag. Fujitsu starts field trials of technology to nix phone scamsGizmagResearchers from Nagoya University and Fujitsu have spent the last few years developing an automated detection system that alerts the recipient to possible phone phishing scams.
See on www.gizmag.com. Is iCloud's 'Epic Hack' a game changer? Recent breaches at DropBox, Amazon and iCloud have raised new concerns about the security of personal data stored on cloud services. But there are two sides to every story. Apple co-founder Steve Wozniak expressed his concerns about the cloud to the Associated Press fearing that consumers have signed away content they would otherwise own after buying and warned of horrible problems the could result after migrating to the cloud: “I really worry about everything going to the cloud,” he said.
“I think it’s going to be horrendous. Backupify's CEO Rob May takes issue with Woniak's analysis and respectfully disagrees: Those that say you're giving up control when you use the cloud must realize that there are easy fixes to controlling your data when it resides on a cloud environment. Do you really need a backup of your cloud backup? But is it enough? I still have faith in cloud services, provided that they're used with fair deal of precaution, as I outlined in yesterday's post. Anonymous Ethical code. Back to the origins. Several months ago I wrote on the future of the famous group of hacktivism , Anonymous explaining that the model the originated the movements was evolving in unpredictable way due the large consensus of the hackers and possible infiltration made by law enforcement and governments. According recent revelation inside the group there are two principal faction, the anarchists and the hacktivist s, but I consider this consideration really optimistic.
The two schools of thought are really different, one is inspired by the anarchy model without rules meanwhile the other one is more focused on the rule that anonymous have in today society as defender of human right and of the public moral. Just the collaboration of the second soul of the group has made possible the capture of the hacker who vandalized Red Sky site. The day after Bruce has been contacted by Anonymous that provided the identity of the attacker that has violated the ethical code of the group.
Don’t attack media. Pierluigi Paganini. Business lessons learned in iCloud hack. The recent Apple iCloud hack that caused a veteran tech journalist a lot of misery has several lessons for businesses whose employees are also taking advantage of the convenience of cloud services. Last Friday, hackers raised Cain after getting into Wired writer Mat Honan's Gmail, iCloud, Amazon.com and Twitter accounts. Access to Honan's iCloud account let the miscreants wipe all data from Honan's iPhone, iPad and MacBook Pro. Hijacking his Twitter account let them broadcast racist and homophobic messages under his handle.
"In the space of one hour, my entire digital life was destroyed," Honan said in a Wired article. As Honan tells it, the blame lies with weaknesses in the security procedures of Apple and Amazon.com. In a statement to The New York Times, Apple acknowledged making mistakes. The flaws in the vendors' security procedures that led to the hack raise the first lesson for businesses: Look closely at the cloud providers' security practices and ask for changes if necessary. Cybercriminals eye gold with Olympic Games scams. The public's appetite for scandal around the world is practically insatiable. Not surprisingly, cybercriminals try to take advantage of it, especially during an event like the 2012 Olympic Games. But the good news, say experts, is that the bulk of the scams are unsophisticated, looking to take advantage of so-called "low-hanging fruit.
" One of the more recent, discovered by security vendor Sophos, is a malware campaign that tries to snare victims with a fake scandal at the Olympics. A post by Graham Cluley on Sophos' Naked Security blog said a spam email comes with a subject line saying: "Huge scandal with the USA Women's Gymnastics Team on the 2012 London Olympics. " The body of the email then promises salacious details about USA women's gymnastics gold-medal winner Gabrielle Douglas facing a lifetime ban after reportedly testing positive to banned diuretic furosemide. "View the video on youtube now," it says. [See also: Phishing - The Basics] "The usual advice applies," said Jaquith. U.S. infrastructure vulnerable to attack.
If it is left to the politicians, the door to the nation's utilities might be left open. Almost telling terrorists, like in those motel commercials, "We'll leave the light on for you. " The ironic part is that a terrorist attack on the nation's infrastructure would mean those lights would go out, along with other catastrophic possibilities. A cybersecurity bill has been largely declawed by Congress, leaving a watered-downed version barely alive.
A recent survey showed that security experts have little faith that government regulation will be the answer. Critical infrastructure has been defined as natural gas, electricity, water, roads and highways, air traffic, railroads and the Internet. To continue reading, register here to become an Insider It's FREE to join Network World - If it is left to the politicians, the door to the nation's utilities might be left open.
Top 3 HTML5 Vulnerability Risk Categories. Korea's Hyosung accuses manufacturer of tech theft. Korean industrial group Hyosung has accused the country's largest power-transmission components manufacturer, LSIS, of stealing its technology. According to a report Tuesday by The Korea Times, Hyosung is demanding compensation from LSIS, claiming the latter stole technology related to power transmission and control, costing it "several billions of dollars". The Seoul Metropolitan Police also are questioning four former Hyosung executives who moved to LSIS on suspicions they leaked trade secrets related to high-voltage, direct-current (HVDC) transmission technology to their new employer.
Hyosung executives told the Korean news site a former Hyosung executive, identified as Lee, had downloaded documents on HVDC technology from the company's servers to his extended hard disk drive without permission and was suspected of providing the files to LSIS. "This was definitely a crime and that is why police are investigating it," a senior Hyosung executive said. Computer glitch halts Tokyo trading. The Tokyo Stock Exchange (TSE) experienced a computer error which halted derivatives trading for 95 minutes on Tuesday, marking its second glitch in seven months. The system failure lasted from 9:20am to 10:55am local time and was due to a failure in its backup systems, similar to the glitch in Feburary, Hiroaki Uji, director of trading systems at TSE, told Bloomberg.
The Feb. 2 glitch had been its biggest disruption in six years, halting trading for 3.5 hours in some of the country's biggest companies, according to a seperate report by the newswire. The error this week had taken place in the system used for derivatives at the bourse, and not Arrowhead--which handles cash equity transactions and was the cause of the Feb. 2 failure, said Hiroki Kawai, director of IT planning and corporate strategy at TSE, at a press briefing in Tokyo on Tuesday night, according to Bloomberg.