Cybercrime

Cybercrime / Most Viewed

ACMA: 30,000 PC's Infected in Australia Per Day

Anti-spam and malware enforcement agency ACMA reports on this (shocking high?) figure. Keep this up and ca. 50% of the Australian population is infected within a year. I remember a presentation from Sweden only a few years ago, that there were only a little over a thousand infected pc's in Sweden. (Reactions were: that can't be correct. Too low) Do you know what the numbers are for your country and maybe more importantly what your government and/or Industry is/are doing about it? more»

EU Launches First European Public-Private Partnership on Cybersecurity, Plans $2B Investment

The European Commission has launched a new public-private partnership on cybersecurity expected to trigger €1.8 billion ($2B) of investment by 2020. more»

Feds Seek Code of Conduct for Detecting, Mitigating Botnets

The U.S. departments of Commerce and Homeland Security (DHS) has met with other agencies and private-sector leaders in the information technology industry discussing the need to create a voluntary industry code of conduct to address the detection and mitigation of botnets. The meeting, hosted by the Center for Strategic and International Studies (CSIS), included topics such as the problematic and at time controversial issue of notifying individuals whose computers have been infected with malware and are part of a botnet. more»

ICANN Releases DNS Attack Factsheet Concerning Recent Attacks

ICANN has released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience and hopes to enlarge public understanding surrounding this and related issues.

Aside from covering the attack itself and the engineers' response to it, the factsheet also briefly reviews the root server system, the domain name system, Anycast technology, and what can be done in order to deal with such attacks in future. The fact sheet can be downloaded here [PDF]. more»

Duqu Reported as Precursor to a Future Stuxnet-Like Attack

Virus researchers at Symantec Corp. have revealed a variant of the Stuxnet worm, named Duqu, that is found to be stealing information about industrial control systems. Symantec reports: "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility... Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose." more»

Universities Spending $80K to Over $100K Per Year on Policing P2P Activities

As a result of the new P2P filesharing mandates signed into U.S. law this past summer, the country's 4400 colleges and universities are required to address issues of illegal P2P filesharing -- particularly music and movies. For instance, colleges and universities are "required to consider the use of technology-based deterrents" in developing plans to counter illegal P2P activity, such as traffic monitoring and bandwidth shaping. A new study by the Campus Computing Project reports the results of a summer 2008 survey aimed at addressing the campus costs of compliance with the new P2P filesharing mandates. more»

Obama Says Cybersecurity Would Be Top Priority in His Administration

Sen. Barack Obama, the U.S. presidential candidate outlined in a speech yesterday, what he envisioned for a cyber-security infrastructure that would protect the nation's computer networks and strengthen science and computer education programs. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information -- from the networks that power the federal government, to the networks that you use in your personal lives." more»

New Study Highlights Growing Risk, Lack of Urgency with Mobile and IoT Application Security

Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. more»

CADNA Held London Online Brand Abuses and Internet Governance Education Forum

The Coalition Against Domain Name Abuse (CADNA) recently held its London Online Brand Abuses and Internet Governance Education Forum. The forum included companies from the US, UK, Belgium, Netherlands and Switzerland, with half of the attendees representing Global 500 companies. Forum attendees expressed concerns over issues such as online brand dilution and the often-ineffective governance of ICANN. more»

Don't Fall for This Domain Name 'Expiration' Scam

If, like me and my clients, you ever receive an email about a domain name expiration, proceed with great suspicion -- because many of these "notices" are a sham. They're designed to sell you services you don't need or to trick you into transferring your domain name to another registrar. Usually, the emails can safely be ignored. Here's an example: As shown, an important-looking email from "Domain Service" refers to a specific domain name in the subject line. more»

Botnets Now Number One Threat to ISP Backbones

Increasingly-intense distributed denial-of-service (DDOS) attacks on ISP backbones are surpassing providers' capacity and knocking customers offline, according to a new survey of service providers by Arbor Networks. While most large ISPs have upgraded their backbones to 10-Gbit/s speeds over the past two years, three respondents said they have experienced sustained attacks from 20- to 22 Gbit/s, and one hosting services provider in the survey reported a 24-Gbit/s DNS-targeted attack. The most powerful sustained attack previously was 17 Gbit/s, which was reported in last year's survey by Arbor. more»

Researchers Demonstrate How to Launch Undetectable Phishing Attacks

With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack. To do this, they've exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign's RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet. more»

EFF's Emerging Alignment With Offshore Internet Pharmacies

The last few years have been challenging ones for members of the Canadian International Pharmacy Association. First, in 2010, they lost their ability to advertise in the US search space after the US Department of Justice noted that many seemingly "Canadian" pharmacy websites "sell drugs obtained from countries other than Canada" when shipping medicines into the US, and major search advertising programs tightened their policies, effectively excluding CIPA's members from advertising in the US. more»

Mass Hacker Attack Reported on 40,000 Legitimate Websites

Hackers have compromised about 40,000 legitimate Websites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site, says Websense. Security researchers at Websense say the tactics are reminiscent of the notorious RBN group. Although Websense would not name any of the compromised sites, researchers said the victims did not include any "big-name government or business sites." The compromised sites are redirecting users to typo-squatted misspellings of legitimate Google Analytics domains... more»

Verizon Tops US ISPs for Spam Abuse, Plans Prevention and Shift to Port 587

Brian Krebs of Washington Post reporting: "Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers. ... If spammers are attracted to the company's network, it may be because Verizon still allows customers to send e-mail on Port 25, the communications channel that is traditionally used by large organizations to send e-mail." more»