Cybercrime

Cybercrime / Most Viewed

Unconfirmed Reports Suggest Top Brazilian Bank Hit With Cache-Poisoning Attack

One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report. According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what's known as a cache poisoning attack on Brazilian internet service provider NET Virtua... more»

Secret Service, IBM, Others Form Alliance to Fight Cyber Crime, Identity Theft

A coalition of leading corporate, government and academic institutions today announced the formation of the Center for Applied Identity Management Research (CAIMR). CAIMR plans include developing research and solutions for identity management challenges such as cyber crime, terrorism, financial crimes, identity theft and fraud, weapons of mass destruction, and narcotics and human trafficking. The Center brings cross-disciplinary experts in criminal justice, financial crime, biometrics, cyber crime and cyber defense, data protection, homeland security and national defense to address identity management challenges that impact individuals, public safety, commerce, government programs and national security. more»

How Safe is FttH?

My blog 'What PRISM, credit card hacking and Chromecast have to do with FttH' led to some very interesting discussions all around the world. One of issues that was discussed was that the sheer capacity of FttH will also allow hackers, criminals and others to use that massive capacity for the wrong reasons. Its volume will make it increasingly difficult to police. more»

Interpol Joining ICANN's Governmental Advisory Committee as an Observer

Kevin Murphy reporting in DomainIncite: "Interpol plans to apply to join ICANN's Governmental Advisory Committee as an observer, according to ICANN. The news came in a press release this evening, detailing a meeting between ICANN president Rod Beckstrom and Interpol secretary general Ronald Noble. The meeting 'focused on Internet security governance and enhancing common means for preventing and addressing Internet crime'." more»

EuroDIG Sessions on Friday, June 5, about Cybersecurity, Network Neutrality, IANA, Access and More

What do Europeans interested in Internet policy think about cybersecurity, network neutrality, IANA, improving Internet access and other topics? Tomorrow the second day of the European Dialog on Internet Governance (EuroDIG) 2015 in Sofia, Bulgaria, will cover all those topics and many more. I've listed some of the sessions that either I or my Internet Society colleagues are participating in. I will personally be involved as a panelist on the two sessions about cybersecurity. more»

Close to a Quarter of ZeroAccess Botnet Disabled, Reports Symantec

Symantec has disabled part of one of the world's largest networks of infected computers, according to reports today. About 500,000 hijacked computers have been taken out of the 1.9 million strong ZeroAccess botnet. The zombie computers were used for advertising and online currency fraud and to infect other machines. Security experts warned that any benefits from the takedown might be short-lived. more»

April 8 2014: A World Less Secure

Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more»

Many Systems Open to Attack Through Channels Enabled to Support IPv6 Traffic

It may be years before the new internet protocol IPv6 takes over from the current IPv4, but a security researcher is warning that many systems -- corporate and personal -- are already open to attack through channels that have been enabled on their machines to support IPv6 traffic, according to the Wired report by Kim Zetter. Joe Klein, a security researcher with Command Information, says many organizations and home users have IPv6 enabled on their systems by default but don't know it. They also don't have protection in place to block malicious traffic, since some intrusion detection systems and firewalls aren't set up to monitor IPv6 traffic, presenting an appealing vector through which outsiders can attack their networks undetected. more»

US Homeland Security Still Without Cybercrisis Plan

When the U.S. Department of Homeland Security was created, it was supposed to find a way to respond to serious "cybercrises." "The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the legislation in November 2002. More than six years later, and after spending more than $400 million on cybersecurity, DHS still has not accomplished that stated goal. "We need to have a plan tailored for a cybercrisis," DHS Secretary Michael Chertoff said on Thursdaymore»

Mind the Step(-function): Are We Really Less Secure Than We Were a Year Ago?

In January 1995, the RFC Editor published RFC 1752: "The Recommendation for the IP Next Generation Protocol"... The Internet is a security officer's nightmare -- so much openness, so easy to capture packet traffic (and/or spoof it!) and send all manner of unwanted traffic. It was built as a research network, hosted by institutes that were 1/ professionally responsible and 2/ interested in working together collegially. So, in the 19 years since the publication of that statement, have we really failed to address the stated goal? more»

Major International Botnet Disabled Says U.S. Department of Justice

The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information. more»

Microsoft Data Suggests 1 Out of Every 14 Downloads is Malware

Microsoft Program Manager, Jeb Haber, reports in a blog post that from browser data collected on user downloads, 1 out of every 14 programs downloaded is later confirmed as malware. Haber says: "Consumers need information to make better decisions. That said, IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded -- this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation." more»

Cyberattacks on Estonia Further Explored

The distributed denial of service (DDoS) attack that brought down most of Estonia's internet infrastructure a few months ago, has been explored by Joshua Davis in a recent story at the Wired Magazine. "In the coming months, commentators around the world would look back at this moment and debate its significance. But for Aaviksoo, the meaning was clear. This was not the first botnet strike ever, nor was it the largest. But never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back..." more»

Cyberspace is Man-Made and Its Laws Can Be Rewritten to Favor Defensive Forces, Says US Air Force

Air Force Research Laboratory's "Integrated Cyber Defense" program, has recently announced a project request for proposals based on the belief that "the 'laws' of cyberspace can be rewritten, and therefore the domain can be modified at any level to favor defensive forces." The objective of the program, according to the announcement issued last month, is to "avoid threats entirely by obviating the effects of adversary actions, deterring attacks, and anticipating threats," which is partly based on the following philosophy offered by the Air Force... more»

ZeuS Botnet Takes a Hit But Already on the Rebound

Brian Krebs reporting in Krebs on Security: "Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world's most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound..." more»