Thursday, April 24, 2014
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
AOL Email Hacked by Spoofers to Send Spam A slew of old AOL email accounts were hacked over the weekend to send spam to other users.
Apple Fixes Serious SSL Issue in OSX and iOS Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections.
DBIR: Poor Patching, Weak Credentials Open Door to Data Breaches Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
Targeted Attack Uses Heartbleed to Hijack VPN Sessions Details of a targeted attack have emerged where hackers are using the Heartbleed OpenSSL vulnerability to hijack active VPN sessions to remotely access an enterprise.

Latest News

Spam report: March 2014

In March, spammers weren’t content to stick with traditional holiday-related advertising; they also used holiday-themed messages to con personal information from users of social networks.

Changing characters: something exotic in place of regular Latin script

Spammers use all types of tricks to bypass spam filters: adding ‘noise’ to texts, inserting redirects to advertised sites, replacing text with pictures - anything to stop the automatic filter from reading the keywords and blocking the message. Recently, we’ve been seeing a trend to replace Latin characters with similar-looking symbols from other alphabets. This “font kink” is especially typical of phishing messages written in Italian.

Non-Latin characters are inserted in place of similar-looking Latin characters both in the “Subject” field and in the body of the message. Here is an example of what headers obscured with ‘foreign’ symbols look like:

CeCOS VIII – Hong Kong

The eighth annual Counter-eCrime Operations Summit (CeCOS VIII) was held in Hong Kong on April 8th , 9th and 10th, 2014. The event brings together global leaders from financial services, technology, government, law enforcement, communications sectors and research centers.

Cybercrime fighters from the field examined:

- Public-source criminal tracking techniques - Cloud and mobile malware forensics - The latest crimeware and web-based attack schemes - Bitcoin as a cybercrime tool - Globalized industrial cybercrime event data sharing - Ransomware scams menacing businesses - Global approaches to securing the Domain Name System

CeCOS VIII was an open conference for members of the electronic-crime fighting community.

The agenda is located at http://apwg.org/apwg-events/cecos2014/agenda and I had the opportunity to share recent research results on the second day of the event.

New NIST Tool Streamlines Government App Vetting

Developers who produce apps intended for use on internal networks at government agencies are getting a vetting process of their own called AppVet.

Google Adding Security Checks to Non-OAuth 2.0 Compliant Apps

Google announced it will add additional security checks to log-in attempts from applications or devices that do not support OAuth 2.0.

LibreSSL Sticks a Fork in OpenSSL

LibreSSL, a fork of OpenSSL, has already made \\"improvements\\" in OpenSSL programming practices according to OpenBSD officials.

Iowa State Hacked–To Mine Bitcoins

Officials at Iowa State University said Tuesday that the personal data of nearly 30,000 alumni, including Social Security numbers, was compromised during a data breach.

Easter bunnies for all occasions

On the eve of Easter, we noticed an unusual chain of spam messages. The spammers offered various services: from reducing mortgage costs and helping repay a loan, to enhancing male sexual performance. Neither the subject nor the text of the message had any allusions to the approaching holiday; however, the links leading to the sites advertised by the slogans included Easter-themed keywords: eastertime, easterbunnies, greateastern.

OpenSSL Heartbleed Highlights Crypto Pitfalls

There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about how to do these tasks hasn’t changed much. Cryptosystems are the […]

An SMS Trojan with global ambitions

Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware ТОР 20. It can currently send short messages to premium-rate numbers in 14 countries around the world.

But this is not all. Another Trojan, Trojan-SMS.AndroidOS.FakeInst.ef, targets users in 66 countries, including the US. This is the first case we have found involving an active SMS Trojan in the United States.