ITsecurity
twitter facebook rss

ITsecurity Daily Briefing: 08/15/2014

Posted by on August 15, 2014.

The ITsecurity daily security briefing: Friday August 15, 2014.

News Papers/Reports WebThings Events M&A Alerts

line

News

Gameover botnet being rebuilt as NewGOZ
Now domain generation rather than P2P. “…how long will the threat actor focus on rebuilding their botnet before they return to focusing on stealing money?”
Arbor Networks:
http://www.arbornetworks.com/asert/2014/08/five-sinkholes-of-newgoz/

AB Acquisition LLC Confirms Incident Involving Payment Card Data Processing
“AB Acquisition LLC, which operates Albertsons stores under Albertson’s LLC and ACME Markets, Jewel-Osco, and Shaw’s and Star Markets under New Albertson’s, Inc., recently learned of an unlawful intrusion to obtain credit and debit card payment information in some of its stores.” See also SuperValu below.
AB Acquisition LLC:
http://www.jewelosco.com/2014/08/ab-acquisition-llc-confirms-incident-involving-payment-card-data-processing/

Computer intrusion at SuperValu
“…experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores.  This criminal intrusion may have resulted in the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores.”
SuperValu
http://www.supervalu.com/security.html

4G ~ becoming old news. Next up, 5G
EU lags behind North America and Asia on 4G implementation – but hopes to leapfrog straight to 5G. “Currently lagging behind other markets in 4G LTE adoption, the EU is investing €700m ($940 m) over the next seven years in developing 5G..”
Juniper Research:
http://www.juniperresearch.com/analyst-xpress-blog/2014/08/15/4g-becoming-old-news-next-up-5g/

Trustwave offers advice on passwords
“We set out to determine how easily we could crack a sample of 626,718 hashed passwords… We recovered more than half of the passwords within just the first few minutes. We eventually cracked 576,533 or almost 92 percent of the sample within a period of 31 days.”
Trustwave:
https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/

line

Whitepapers and Reports

Cyber insurance, is it for you?
“The real art of the insurance business is putting a price tag on the risk assessment. I don’t expect there to be much science behind this. My expectation is that it is a mixture of analysing old events, experience gathered in other fields, and gut feeling.”
Virus Bulletin:
https://www.virusbtn.com/blog/2014/08_14.xml

Verisign DDoS Trends Report
“Increasingly prepared attackers using packets crafted to the size of GRE tunnels, and targeting specific ports may point toward more resilient, unpredictable and expedient attacks in the future…”
Verisign:
http://www.verisigninc.com/assets/report-ddos-trends-Q22014.pdf

BYOD Policy Roadmap (ebook)
“Are you looking for trouble? Without a policy roadmap for bring your own device (BYOD), you’re asking for it.”
GFI:
http://www.gfi.com/landing/byod/BYOD-eBook_en.pdf

The 8 Biggest Security Breaches in History
WikiLeaks Cables; NSA/GCHQ Leaks; Mt Gox Bitcoin Hack; The Great Corporate Hack; The Ebay Account Hack; The Heartland Payment Systems Hack; The Adobe Hack; The TJX Retail Hack: Infographic
WhoIsHostingThis.com:
http://www.whoishostingthis.com/blog/2014/08/11/8-security-breaches/

10 Most Common Web Security Vulnerabilities
An overview of the top coding error types that lead to vulnerabilities in websites. Essential reading for anyone involved in or responsible for developing sites.
Toptal:
http://www.toptal.com/security/10-most-common-web-security-vulnerabilities

line

Webcasts and Webinars

line

Events

line

Mergers and Acquisitions

line

Alerts

Spearphishing campaign targeting multiple government departments
“The spearphishing email explains that a (fictitious) earlier email was sent to the recipient, but that the delivery had failed. The email requests that the recipient follow a hyperlink to view the email.”
NCSC Security Advisory – NCSC-C-2014-17
http://www.ncsc.govt.nz/assets/NCSC-Advisory-NCSC-C-2014-17.pdf


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News | Tags: , , , , , , , , , , , ,