Feed aggregator

Cisco Releases Open Source FNR Cipher

Threatpost for B2B - Mon, 06/23/2014 - 10:57
Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new cipher–called Flexible Naor and […]

Microsoft to Preview Interflow Information Sharing Platform

Threatpost for B2B - Mon, 06/23/2014 - 09:03
A private preview of Microsoft's new Interflow security threat information-sharing platform opens this week. Interflow, built on industry standards such as STIX and TAXII, automates information sharing across industries.

House Amendment Limits Funding for NSA Surveillance

Threatpost for B2B - Fri, 06/20/2014 - 13:27
The House of Representatives yesterday passed an amendment that reins in NSA surveillance by cutting Department of Defense funds.

FBI, NYPD Form Financial Cybercrime Task Force

Threatpost for B2B - Fri, 06/20/2014 - 10:08
The FBI has formed a new cybercrime task force with the New York Police Department and the Metropolitan Transit Authority whose job will be to go after high-level financial cyber crimes, employing a model of interagency cooperation that the bureau and other federal law enforcement agencies have used with notable success in other areas. The […]

Plaintext Supermicro IPMI Credentials Exposed

Threatpost for B2B - Fri, 06/20/2014 - 09:28
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.

Google, Microsoft to Implement Mobile ‘Kill Switch’

Threatpost for B2B - Thu, 06/19/2014 - 13:58
Google and Microsoft will implement 'kill switches' into their mobile offering in response to petitions from elected officials claiming that a similar Apple feature has deterred theft and violent crime.

Adware or money loss instead of your favorite World Cup game

Secure List feed for B2B - Thu, 06/19/2014 - 13:28

This is the fourth and final part of our series of blogposts about the World Cup and the IT threats associated with it. Moreover, these are problems that we face right now, while our soccer stars are strutting their stuff in Brazil.

Many fans have found themselves away from the TV and looking for a live stream of a big game - but looking for live broadcasts on the Internet can cost you money or leave a malicious program on your computer.

When you search on Internet for the live Word Cup broadcast, you will sometimes find purchased advertisements that lead to fraudulent or malicious content. Here are two fresh examples of it, all set up for the World Cup:

When you go to the Website, it asks you to download a special plugin available for all browsers. This is supposed to be the player needed to watch the on-line broadcast of the games:

In reality, it is an Adware program, which may not show you anything but will drain your computer's resources. Adware software straddles a thin line between classic cybercrime and legitimate software. This is why our statistics show the constant detection grow on the same on the user's devices:

Sites like these also promise to show all the World Cup action:

The sites offer every game, at any time. They promise high quality footage taken from the best cameras in the arenas. Of course, all credit cards are accepted!

However, if you pay, you will just lose your money. Dubious and dishonest websites like these have no interest in playing by any rules.

One last important point is every day we see a lot of new registered domain names containing words like "Fifa Live World Cup steaming 2014". We believe most of them will be used for a malicious purpose.

Cybercriminals, opportunists and other malicious individuals look for occasions like the World Cup. They know this is the best time to cheat people, stealing their money and infecting their devices. Stay ahead of the game and do not fall into their social engineering traps. Use the best anti-malware protection and keep your wits about you when browsing and looking for the content. By the way, if you want to see a live broadcasting, probably you may use one of these legitimate councils.

You may follow me on twitter: @dimitribest

Research Project Pays People to Download, Run Executables

Threatpost for B2B - Thu, 06/19/2014 - 11:57
Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences.

Possible TrueCrypt Fork in the Works

Threatpost for B2B - Thu, 06/19/2014 - 11:08
Although the developers behind the TrueCrypt encryption software have given up the ghost and decided to no longer maintain the application, interest in the project has never been higher. But, one of the developers says that a nascent effort to fork TrueCrypt is unlikely to succeed. Matthew Green, a cryptographer and professor at Johns Hopkins […]

Hacker Puts Hosting Service Code Spaces Out of Business

Threatpost for B2B - Wed, 06/18/2014 - 17:09
Cloud-based code-hosting service Code Spaces announced today it was going out of business after a hacker deleted most of its machines, customer data and backups.

Hacker Exploits NAS Vulnerabilities to Mine $620K in Dogecoin

Threatpost for B2B - Wed, 06/18/2014 - 15:01
A hacker exploiting vulnerabilities in Synology network attached storage boxes was able to mine $620,000 in Dogecoin.

FTC Asking DEF CON to Help Catch Robocallers

Threatpost for B2B - Wed, 06/18/2014 - 13:01
The FTC is seeking help from hackers at DEF CON to help lure and identify the perpetrators of illegal robocalling scams, whether they are criminal or corporate.

A Spam Trinity: Email Harvesters, Botmasters, Spammers

Threatpost for B2B - Wed, 06/18/2014 - 12:55
Researchers at the University of California Santa Barbara and Aachen University in Germany examined the relationship between spammers, botmasters and email harvesters in order to improve antispam systems.

Flaws Found in USCIS RFID Card Production System

Threatpost for B2B - Wed, 06/18/2014 - 11:42
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]

Belkin Patches Directory Traversal Bug in Wireless Router

Threatpost for B2B - Wed, 06/18/2014 - 10:42
There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router. The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version […]
Syndicate content