Group items tagged

It's the last thing security professionals want to see: A new hacking method that makes it even harder to detect suspect code in emails. The method is actually a stealthy combination of two favorite attack modes, and it shows that hackers are pulling out all the stops to ensnare computer users in their webs. Phishing and spear phishing have long been thought to be mutually exclusive hacking tricks, but cybercrooks have found a way to combine the two in a technique called longline phishing. "The technique allows you to hit a lot of people very quickly and largely go undetected," Dave Jevans, founder and CTO of Marble Security and founder of the Anti-Phishing Work Group, told TechNewsWorld. With spear phishing, which is typically used as a vehicle for advanced persistent threat attacks like the recent one on The New York Times, a select group of connected people are targeted with a highly credible email message based on extensive research of the targets' backgrounds. "With longlining, you can get hundreds of people exposed to a website that will infect their computers," Jevans noted. He explained that longliners -- named after commercial fishermen who use long lines of hooks to catch fish -- might send 100,000 emails from 50,000 IP addresses, which makes it difficult to identify an email from a particular server as hacking bait.

http://figment.com/groups/14443-Financial-Accounting-Hass-And-Associat/discussions/72445 Nettkriminalitet er blomstrende, med ondsinnet hacking og elektronisk svindel vokser i et urovekkende tempo. Snu denne trenden vises en nesten sisyphean oppgave, men maskinen læring og Bayesisk statistikk viser seg uvurderlige for cyber sikkerhetsorganisasjoner Hacking, svindel og andre hemmelig nettaktiviteter har vært å gjøre overskriftene de siste ukene, gir opphav til bekymringer at politiet taper krigen mot Cyberkriminelle. Men hvor alvorlig en trussel mot offentligheten er cyber-kriminalitet, og kunne data vitenskap holde nøkkelen til snu trenden? RSA, cyber sikkerhet arm av amerikanske big data firmaet EMC, spesialiserer seg på bruk av avanserte analyser og maskin lære å forutse og forhindre online fraud. Dens Anti-Fraud kommandoen (AFCC) har identifisert og avsluttet 500.000 slike angrep i sin åtte års eksistens, hvorav halvparten kom i 2012 alene. Denne økende oppklaringsprosenten skyldes på ingen liten del til dens rask adopsjon av maskinen lære teknikker. Fem år siden foretok RSAS israelske operasjonen et skritt endring, beveger seg bort fra ikke-fleksibel regelbasert svindel detection system, i favør av en selv bedre tilnærming ved hjelp av data-vitenskap understøttet av Bayesisk inferencing. Related Articles: https://www.zotero.org/groups/hass_associates/items/itemKey/G3Z9SHHX http://hasscarlisle.quora.com/

The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been

http://hassassociates-online.com/articles/2013/04/23/house-passes-cybersecurity-bill-as-privacy-concerns-linger/ The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have

http://www.wellsphere.com/brain-health-article/hundreds-of-south-african-facebook-profiles-have-been-cloned/1954857 Computer forensics expert Bennie Labuschagne said scammers used programs designed to "deep mine" online accounts to bypass security features."Cloning is very common and it is now like the 419 scams, only on social networks," he said. One of the South African Facebook victims, Dinesh Ramrathan, said yesterday: "A Facebook friend called me to find out why I had sent her a message asking for money online. I then discovered that my page had been duplicated. "My friends were caught off guard and accepted friend requests from the hacker, who then started sending requests for money." The impostor claimed that Ramrathan was in trouble and needed money urgently."I am lucky because all my Facebook friends know me personally outside of the social network so they knew that I was not in trouble," he said. Debby Bonnin's husband received a friend request from her even though they were already Facebook friends. One of sixmillion local users of Facebook, Bonnin said: "My major concern is identity theft and all the possible ramifications of that. On Facebook the prime issue is reputation. But the person behind the false profile could use your identity to access confidential information from your friends and then there could be security or financial problems that arise." Another Facebook user, Josh Delport, said his stored scores and tokens on game applications on the site had disappeared. University of KwaZulu-Natal associate professor of information systems Manoj Maharaj said that, though Facebook could not be hacked because of its hi-tech security features, the affected users might have put themselves at risk by clicking on links to external games, applications and shopping sites. "Users are clicking on these links without realising that their information is being passed on. If one of those sites is hacked, their information, such as credit card details, is easily a

Source: http://www.huffingtonpost.com/jason-alderman/dont-get-spoofed-by-rogue_b_3574710.html When caller ID first arrived on the scene it seemed like a godsend to many people: Now you could easily identify who was on the line and ignore unwanted calls, whether from telemarketers, an ex-boyfriend or an unfriendly collection agency. But as often happens, unscrupulous individuals soon began manipulating the technology to defraud people by pretending to be someone else. Their scheme is called "caller ID spoofing" and disturbingly, it's perfectly legal in many cases. Here's how caller ID spoofing works and what precautions you should take to avoid being victimized: For a very low cost, businesses and individuals can use widely available caller ID spoofing software to generate calls which alter the telephone number and/or name that appear on the recipient's caller ID screen. Police, private investigators and collection agencies have used legal spoofing services for many years. Others who might have a legitimate reason to hide their identity when making a call include domestic violence victims and doctors returning patient calls who don't wish to release their private telephone numbers. Beyond that, the lines of legality begin to blur. The Truth in Caller ID Act of 2009 prohibits anyone from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongfully obtain anything of value. Violators can be penalized up to $10,000 for each infraction. Unfortunately, such penalties haven't dissuaded many scammers. One common caller ID scam involves spoofers pretending to represent a bank, government agency, insurer, credit card company or other organization with which you do business. They count on you being reassured after recognizing the company's name on your screen. Related Articles: http://hass-associates-daffy.wikia.com/wiki/Main_Page Under the pretext of warning about an urgent situation (breached account, late payment,

Former Homeland Security Secretary Janet Napolitano gave her farewell speech last week. She had quite a bit to say, but there was one thing that caught my attention: She warned that a major cyberattack is on the way. I believe it. Most major U.S. companies have been under siege from hackers over the last 18 months. In fact, two days after Napolitano's speech, a hacker group called the Syrian Electronic Army hacked the New York Times' website and Twitter feed - for the second time this year. Of course, Napolitano wasn't just talking about American business. She was talking about America's infrastructure: power grid, communications, banking and so forth. Every one of these services relies on computers. A well-placed virus could do a lot of damage, especially if an insider planted it. The Northeast blackout of 2003 started at a single power center. A computer bug disabled an important alarm. The operators couldn't react in time to a downed power line and it blacked out 55 million people for several days. Imagine waking up one morning with no power. Cellphones can't connect, banks are closed, the Internet is down and credit cards don't work. In localized emergencies, workers from other areas help to restore services quickly. A cyberattack could affect wide regions of the country, overwhelming the available manpower. It could take days, weeks or months for basic services to be fully restored. Not a pretty picture. Now, a cyberattack might not take down everything, but it could make basic services unreliable. You won't be able to trust technology to always work. Further Information: http://www.usatoday.com/story/tech/columnist/komando/2013/09/06/cyberattack-hackers-syrian-electronic-army/2757833/ Related Article: http://forums.devarticles.com/asp-development-3/hass-and-associates-cyber-security-online-scams-to-watch-out-for-444796.html http://hassbiggerprice.wordpress.com/tag/hass-associates-online-cyber-review-scam-du-jour-theyre-creative/