Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging.
More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy’s nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; Some great incident response documents from Society Generale; More ideas on cleaning up family’s computers when visiting for the holidays.
Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing attacks, Google reports that compromised legitimate sites are more dangerous than malicious sites, Sophos says 30,000 SMB sites are hacked per day to spread malware, the age old debate about administrator rights, password complexity, and the unintended consequences of leaks: foreign companies defect to more hospitable countries, renewed focus on systems administrators, and we can stop pretending to not know where Stuxnet came from. Continue reading Defensive Security Podcast Episode 24
Episode 9 – From Las Vegas
Comments/questions/hate mail to firstname.lastname@example.org
Follow podcast on twitter @defensivesec
DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/
Site compromised – serving malware, had rudimentary defense against automated analysis
Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
– kudos to bit9 for transparency and disclosure – hopefully works in their favor