Don’t Be a Victim of a Phishing Attack
Criminals and hackers have been extremely sophisticated in creating phony, but authentic looking e-mails that seemed to have originated from legitimate companies. If you receive an e-mail that you believe to be a phishing attempt, do not reply to it since by doing so will just validate the e-mail address is correct. Trust me, you do not want that to happen.
For those who are not aware of the term “Phishing” (pronounced “fishing”), it is a type of online identity theft that uses email and fraudulent websites that are designed to steal your personal data or information. You may have seen these type of emails show up in your inbox before.
Instead, your best course of action it to submit phishing e-mails received at work as an attachment (do not forward the e-mail) to your security department or simply delete it. If you receive phishing e-mail while at home, again you should either delete it or forward it to the Federal Trade Commission (FTC) at spam@uce.gov so they can add it to their database.
Here are some tips to avoid becoming a victim to a phishing attack:
At home, use trusted security software and set it to update automatically.
Read more here.
New Trojan Malware Attempts to Hijack Facebook Accounts
An interesting article from the guys at FaceCrooks.com:
Microsoft recently announced that it had found a malicious browser extension making the rounds on Mozilla Firefox and Google Chrome that, when downloaded, attempted to hijack users’ Facebook profiles.
The Trojan works by first seeing if the user is logged in to Facebook. If so, it tries to get a configuration file from the website in order to take control of a user’s profile. Some of the malware’s actions have so far included posting “15 YEAR-OLD VICTIM OF BULLYING COMMITS SUICIDE AFTER SHOWING HER BREASTS ON FACEBOOK” in Portuguese with a URL link to a fake video, posting promotions in the comments section of posts and pages, like “Get a brand new Celta paying R$13 per day!!”, and sending out messages via Facebook chat, like “The coolest tune at the moment. It’s really nice!”
Read more here.
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
A posting from Naked Security about Mozilla pushes out new Firefox and Thunderbird: Not to be outdone by Microsoft’s and Adobe’s Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today. The Firefox browser goes to 21.0, on Android as well as on desktops. (You don’t install browsers on your servers, do you?) The Thunderbird email client is only available in an Extended Support Release these days, meaning it gets regular security patches but infrequent product enhancements; it hits 17.0.6. Microsoft’s May 2013 Internet Explorer updates included two patches for which the world was waiting with bated breath – one to fix a vulnerabilityexposed at the 2013 PWN2OWN competition, and a second to close amuch-publicised zero-day briefly found on a US government website at the end of April. Mozilla, on the other hand, fixed its own PWN2OWN-found flaws within 24 hours, so its last two updates, 20.0 and 21.0, have been largely proactive on the security front.
To read more click here:
U.S. Cyber Command Head General Alexander To Keynote Black Hat USA 2013
A posting from Dark Reading in there New section: Major information security event Black Hat has announced that General Keith Alexander — Commander, U.S. Cyber Command/Director, National Security Agency/Chief, Central Security Service (NSA/CSS) — will present the Day One keynote address at Black Hat USA 2013 in Las Vegas this July.
In 2010, the U.S. Senate confirmed GEN Alexander to head U.S. Cyber Command (USCYBERCOM), as a four-star general. The establishment of USCYBERCOM both unified and strengthened the American Defense Department’s work to protect vital networks and ensure integration of cyber operations.
A highly regarded advocate of battlefield visualization and ‘data fusion’ for more useful intelligence, Gen. Alexander has also led NSA/CSS since 2005. NSA/CSS gives the nation a decisive edge to make information and information technology an asset for the United States and a liability for its adversaries. It applies tools and tradecraft with creativity and agility — maintaining capabilities that exceed what others think is possible. The aim is to discover, make sense of, and securely share information at Net speed. What’s more, NSA/CSS measurably improves the security of critical information systems and other operations.
To read more click here:
Web Application Testing Using Real-World Attacks
A posting from Dark Reading in there Vulnerability Management section: Vulnerability management and scanning systems typically combine a number of techniques to assess the risk faced by a business’s information technology, from scanning files and evaluating the current patch level to launching attacks and testing for practical vulnerabilities.
While assessing patch level tends to be the most reliable way to check for vulnerable code, there are times when real-world exploits are needed. In cases where the patch has not been correctly applied, or when there is no patch, the best way to check for the vulnerability is to actually probe the application. Custom Web applications, for example, will generally not be able to be assessed using a patch-level check, says Ross Barrett, senior manager for security engineering at Rapid7, a vulnerability management firm. “If a company has in-house Web apps, that is where you are going to get a lot of value out of that approach,” he says. “The real-world attacks can be replayed and give you results.”
To read more click here:
Interview with Mischel Kwon – FOSE
Mischel Kwon, former Director of US-CERT, and former Deputy CISO, former Director of the JSOC, and former Chief IT Security Technologist at USDOJ brings a very balanced approach to cybersecurity issues, whether technical, defensive, or compliance related. Ms. Kwon’s experience at DHS and DOJ give her the in depth knowledge of the current threat and attack landscape as well as how this affects all sector cyber space.
