CSIA 459

2013 Threat Report

"Flame: Trying to Unravel the Mystery of Spying Malware"

We will see more of this type of modification of Stuxnet and Flame. The bad thing about finding stuff like this, is others who could not have made malware as technically advanced as this, will be able to modify it much easier than if they would have had to design it from scratch.

focused on the comment made by the analyst on the differentiation of cyber "war" vs. cyber "espionage" as it appears that Flame is more on cuber espionage since it is desgined to collect infor from specific targets.

If you like podcasts this is interesting - helping to understand that security does not really exist and instead we are just managing risk.

Scary when the criminals are fighting each other....

Framework for Insider threats

Interesting read, the Dept. of VA breach is a good reminder about physical security. It seems that quite often we focus so much on the technical that the fundamental is overlooked. It find it interesting that they have Stuxnet on this list. It is my understanding that Stuxnet was not really a data breach but more of a process breach.

Interesting article from the NY Times on how some companies are utilizing big data in the work environment.

This was an interesting and informative paper about rootkit design and methodologies to help us better understand their capabilities, and it give ways in which one can spy on the attackers.

Wanted to share even though it is off topic for this week. Definitely something that would be good to have over here in the States - especially at 51 dollars per month.

In relation to this week's Anonymous reading. WBC says they are going to protest the Boston victims.

Thought this was interesting - especially with all the current events involving North Korea.

Here's an interesting article from DHS. They're seeking high school students and college students.

This magazine published by UMUC is all about Cybersecurity. Thought you might enjoy reading it.

Article from the Washington Post about law enforcement's struggle to respond to "smaller" cybercrimes.

Interesting article about an app that has been specifically designed to take control of an airplane.

This paper provides insight into where fake antivirus comes from and how it is distributed, what happens when a system is infected with fake antivirus, and how to stop this persistent threat from infecting your network and your users.

This malware is highly profitable, with as many as 2.9 percent of compromised users paying out.

Here is a recent article that discusses additional exploit kits besides the Blackhole kit discussed in the video.

A fun read about a former Google vulnerability. Of note is the "attacker's" use of Amazon Web Services to aid in cracking certificates.

Be careful what you ask for -- NIST is now sorting through all the public comments related to the cybersecurity executive order and 185 days to get the framework publish.