Posted by Kevin on August 15, 2014.
The ITsecurity daily security briefing: Friday August 15, 2014.
Gameover botnet being rebuilt as NewGOZ
Now domain generation rather than P2P. “…how long will the threat actor focus on rebuilding their botnet before they return to focusing on stealing money?”
AB Acquisition LLC Confirms Incident Involving Payment Card Data Processing
“AB Acquisition LLC, which operates Albertsons stores under Albertson’s LLC and ACME Markets, Jewel-Osco, and Shaw’s and Star Markets under New Albertson’s, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores.” See also SuperValu below.
AB Acquisition LLC:
Computer intrusion at SuperValu
“…experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores. This criminal intrusion may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores.”
4G ~ becoming old news. Next up, 5G
EU lags behind North America and Asia on 4G implementation – but hopes to leapfrog straight to 5G. “Currently lagging behind other markets in 4G LTE adoption, the EU is investing €700m ($940 m) over the next seven years in developing 5G..”
Trustwave offers advice on passwords
“We set out to determine how easily we could crack a sample of 626,718 hashed passwords… We recovered more than half of the passwords within just the first few minutes. We eventually cracked 576,533 or almost 92 percent of the sample within a period of 31 days.”
Cyber insurance, is it for you?
“The real art of the insurance business is putting a price tag on the risk assessment. I don’t expect there to be much science behind this. My expectation is that it is a mixture of analysing old events, experience gathered in other fields, and gut feeling.”
Verisign DDoS Trends Report
“Increasingly prepared attackers using packets crafted to the size of GRE tunnels, and targeting specific ports may point toward more resilient, unpredictable and expedient attacks in the future…”
BYOD Policy Roadmap (ebook)
“Are you looking for trouble? Without a policy roadmap for bring your own device (BYOD), you’re asking for it.”
The 8 Biggest Security Breaches in History
WikiLeaks Cables; NSA/GCHQ Leaks; Mt Gox Bitcoin Hack; The Great Corporate Hack; The Ebay Account Hack; The Heartland Payment Systems Hack; The Adobe Hack; The TJX Retail Hack: Infographic
10 Most Common Web Security Vulnerabilities
An overview of the top coding error types that lead to vulnerabilities in websites. Essential reading for anyone involved in or responsible for developing sites.
Spearphishing campaign targeting multiple government departments
“The spearphishing email explains that a (fictitious) earlier email was sent to the recipient, but that the delivery had failed. The email requests that the recipient follow a hyperlink to view the email.”
NCSC Security Advisory – NCSC-C-2014-17