Actus Sécurité Grand public 2012 S10

=> Kelihos Back In Town Using Fast Flux. 04/03/2012. «In September 2011, Microsoft announced the takedown of the Kelihos botnet. In the beginning of 2012, Kaspersky found a new version of Kelihos in the wild. Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques (…).»
Source : www.abuse.ch/?p=3658

=> Cloud Infections on Fire – Amazon’s WS . 04/03/2012. «It has been seen recently that Amazon’s Web Service (AWS) has become the playground for attackers to host malware. Some incidents have been reported early. However, cloud services are providing a good storage as well as remote access property for serving malware through cloud (…).»
Source : secniche.blogspot.com/2012/03/cloud-infections-on-fire-amazon-aws.html

=> Cookie-based SQL Injection. 05/03/2012. «A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data (…).»
Source : resources.infosecinstitute.com/cookie-based-sql-injection/

=> Updated Automated SQL Injection Tools . 05/03/2012. «In our Anonymous report, we provided some detail about Havij, a SQL injection tool that is used by good and–mostly–bad guys to exploit SQL injection vulnerabilities. But Havij isn’t the only game in town. Today, version 3,0 of Mole was released–a « competitor » to Havij. Whereas Havij has a windows GUI, Mole uses command lines. Some geeky people prefer that since it makes them feel smarter (…).»
Source : blog.imperva.com/2012/03/updated-automated-sql-injection-tools.html

=> February 2012 Cyber Attacks Timeline. 05/03/2012. «With a small delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012 (…).»
Source : hackmageddon.com/2012/03/05/february-2012-cyber-attacks-timeline/
Billets en relation :
16/02/2012. February 2012 Cyber Attacks Timeline (Part I) : hackmageddon.com/2012/02/16/february-2012-cyber-attacks-timeline-part-i/
07/03/2012. Doxed on Pastebin : hackmageddon.com/2012/03/07/doxed-on-pastebin/
10/03/2012. Middle East Cyber War Update (Part VII) : hackmageddon.com/2012/03/10/middle-east-cyber-war-update-part-vii/

=> Memories of the Michelangelo virus. 05/03/2012. «On Tuesday March 6th 2012, it will have been precisely twenty years since the world held its breath, waiting to see if its computers would boot up. Because March 6th 1992 was day zero for the Great Michelangelo Virus Scare, the first and probably one of the biggest computer virus scares that the world has ever seen (…).»
Source : nakedsecurity.sophos.com/2012/03/05/michelangelo-virus

=> Attaques sur Dotclear. 05/03/2012. «Il y a en ce moment une vague d’attaques sur Dotclear, je viens d’en faire les frais (…).»
Source : www.glazman.org/weblog/dotclear/index.php?post/2012/03/05/Attaques-sur-Dotclear

=> Faille sur GitHub révèle un problème sur Ruby on Rails. 05/03/2012. «Ce dimanche 4 mars, Egor Homakov a exploité une faille dans la façon dont le framework web Ruby on Rails gère ce qu’on appelle les « mass assignments » qui lui ont permis d’écrire ou supprimer un message et aussi de faire des modifications dans le code source de projets GitHub (…).»
Source : www.crazyws.fr/hacking/faille-sur-github-revele-un-probleme-sur-ruby-on-rails-RR1PT.html
Billets en relation :
05/03/2012. GitHub hacked, millions of projects at risk of being modified or deleted : www.extremetech.com/computing/120981-github-hacked-millions-of-projects-at-risk-of-being-modified-or-deleted
05/03/2012. Rails mis à mal – Github a échappé au pire ! : korben.info/egor-homakov.html

=> Le RSSI stratégique terrain – Ou pourquoi est-il nécessaire de toujours se remettre en cause ?. 05/03/2012. «Je discutais dernièrement avec mon comité de direction d’une nouvelle publiée il y a quelques semaines concernant la filiale américaine d’un grand groupe pharmaceutique français. Cette filiale américaine venait de porter plainte contre une de ses salariées qui vendait des informations commerciales à un concurrent. (…).»
Source : www.lecercle.biz/publication_desc.aspx?f_id_publication=3

=> Marché noir : multiplication des ventes automatisées de serveurs compromis. 05/03/2012. «La vente d’accès à des serveurs compromis se généralise de plus en plus et devient accessible à des cybercriminels n’ayant pas les compétences nécessaires afin d’effectuer ce type de piratage. Les accès proposés sont multiples (…).»
Source : cert.xmco.fr/blog/index.php?post/2012/03/05/March%C3%A9-noir-%3A-multiplication-des-ventes-automatis%C3%A9es-de-serveurs-compromis

=> InsomniHack 2012, c’est gagné !. 05/03/2012. «Insomni’Hack, c’était super ! Et je remercie tout le staff de la société SCRT, qui nous a concocté de très belles et motivantes épreuves, il y en avait vraiment beaucoup et de tout : Stéganographie, web, réseaux, exploitation, reverse-engineering, crypto, et j’en passe… (…).»
Source : bruno.kerouanton.net/blog/2012/03/05/insomnihack-2012/
Billets en relation :
04/03/2012. Insomni’hack 2012 reverse_me.bin Write-up : codezen.fr/2012/03/04/insomnihack-2012-reverse_me-bin-write-up/
04/03/2012. Insomni’hack 2012 Network PCAP Write-ups : codezen.fr/2012/03/04/insomnihack-2012-network-pcap-write-ups/
09/03/2012. Les épreuves : www.scrt.ch/insomnihack/2012/epreuves
09/03/2012. Photos & Vidéos : www.scrt.ch/insomnihack/2012/photos-et-videos

=> Anonymous hacké par Anonymous, selon Symantec. 05/03/2012. «Selon l’éditeur Symantec, des Anonymous voulant attaquer les adversaires de MegaUpload avec un outils dédié aux attaques DDOS auraient installé un logiciel infecté par le trojan Zeus, qui a notamment pour fonction d’envoyer à des serveurs de contrôle les identifiants bancaires et de messagerie de la victime (…).» Retour sur une actu. Qu’en retenir ? Comme pour toute actualité faisant la ‘une’ (comme le décès d’un people, etc.), les vilains profitent du ‘buzz’ pour essayer de corrompre un maximum de systèmes. Rien de neuf sous le soleil donc, sinon que même pour télécharger un outil de ddos, il vaut mieux savoir d’où il vient.
Source : www.numerama.com/magazine/21914-anonymous-hacke-par-anonymous-selon-symantec.html
Billets en relation :
02/03/2012. Anonymous Supporters Tricked into Installing Zeus Trojan : www.symantec.com/connect/fr/blogs/anonymous-supporters-tricked-installing-zeus-trojan
05/03/2012. Anonymous reacts to Symantec Trojan report : www.zdnet.com/blog/security/anonymous-reacts-to-symantec-trojan-report/10485
06/03/2012. ‘Anonymous is a Brand Like al-Qaida’ – An Interview with Mikko Hypponen : www.ibtimes.co.uk/articles/309731/20120306/anonymous-hackers-mikko-hypponen-hacktivism.htm

=> New Mass Injection Wave of WordPress Websites on the Prowl . 05/03/2012. «The Websense® ThreatSeeker® Network has detected a new wave of mass-injections of a well-known rogue antivirus campaign that we’ve been following in Security LabsTM for months. The majority of targets are Web sites hosted by the WordPress content management system (…).»
Source : community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx
Billets en relation :
07/03/2012. WordPress victime d’un nouveau malware : www.fredzone.org/malware-wordpress-danger-893
08/03/2012. Latest Mass Compromise of WordPress sites – More Details : blog.sucuri.net/2012/03/rr-nu-malware-campain-more-details.html
08/03/2012. WordPress : injection massive de code malveillant : www.generation-nt.com/wordpress-mawlare-websense-faux-antivirus-actualite-1553061.html

=> Beware of the Google Chrome Extension Neat Bookmarks . 06/03/2012. «Back in December 2011 a new generation of rogue advertising saw the day. Several Firefox and Chrome plugins did hijack the legitimate ads on selected sites by replacing them with ads (…) Today the situation has barely changed. Advertising networks are publicly complaining about these so called sponsored plugins / extensions which take a bite of their earnings. The finger is being pointed at several Chrome Extensions (Bookmark Sentry, Auto Refresh Plus, Sexy Undo Close Tab) which have been removed from the Google Store in meanwhile (…).»
Source : stopmalvertising.com/malvertisements/beware-of-the-google-chrome-extension-neat-bookmarks.html

=> POS Carding . 06/03/2012. «I got recently a package of files found in a infected POS (POS hacked due to a weak rdp password) (…).» La veille de Xilit0l, plusieurs billets à parcourir.
Source : xylibox.blogspot.com/2012/03/pos-carding.html

=> Mise à jour du : DNS-OK.FR, vérifiez maintenant si vous êtes infectés par DNSChanger. 06/03/2012. «La justice américaine a accédé à la requête du FBI demandant une prolongation de l’autorisation de mener des actions pour mitiger les postes infectés par le cheval de Troie DNSChanger. Un délai de 4 mois supplémentaires a été accordé par le juge hier (…).»
Source : cert.lexsi.com/weblog/index.php/2012/03/06/425-dns-okfr
Billets en relation :
06/03/2012. Court: 4 More Months for DNSChanger-Infected PCs : krebsonsecurity.com/2012/03/court-4-more-months-for-dnschanger-infected-pcs/

=> Changing how people see the malware threat: images can make a difference. 07/03/2012. «This is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective in changing the way people perceive the threat of malicious software (…).»
Source : blog.eset.com/2012/03/06/changing-perceptions-of-malware-threat-images-make-a-difference?
Billets en relation :
07/03/2012. Facing the Challenge [slides pdf] : blog.eset.com/wp-content/media_files/2012-RSA-ESET-Malware-Inc.pdf

=> How Anonymous spied on FBI / UK Police hacking investigation conference call. 07/03/2012. «Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net (…).»
Source : nakedsecurity.sophos.com/2012/03/07/anonymous-fbi-conference-call/

=> Windows Personal Doctor. 07/03/2012. «Windows Personal Doctor is a fake Antivirus. This rogue displays fake alerts to scare users (…).» La veille de la semaine de S!Ri. Il y en a quelques-uns, je ne cite que le plus récent.
Source : siri-urz.blogspot.com/2012_03_01_archive.html

=> All your device are belong to us – device hacking dangers. 08/03/2012. «Avi Rubin is Professor of Computer Science at Johns Hopkins University. He offers a TEDx talk in which he discusses hacking of devices. Would you be surprised if? (…).»
Source : www.geekstogo.com/2413/all-your-device-are-belong-to-us-device-hacking-dangers

=> A peek inside the Darkness (Optima) DDoS Bot. 08/03/2012. «With politically motivated DDoS (distributed denial of service attack) attacks proliferating along with the overall increase in the supply of managed “DDoS for hire” services, it’s time to get back the basics, and find out just what makes an average DDoS bot used by cybercriminals successful (…).»
Source : blog.webroot.com/2012/03/08/a-peek-inside-the-darkness-optima-ddos-bot/

=> Kevin Mitnick : le Social Engineering ça marche à tous les coups !. 08/03/2012. «« Kevin Mitnick est en mesure de déclencher la troisième guerre mondiale en sifflant dans un téléphone« . C’est faux, bien entendu, mais ça fait son petit effet. Surtout devant un tribunal (…).»
Source : www.securityvibes.fr/menaces-alertes/kevin-mitnick-le-social-engineering-ca-passe-a-tous-les-coups/

=> CanSecWest : la sécurité de Chrome est tombée par deux fois. 08/03/2012. «Chaque année, la conférence CanSecWest attire de nombreux spécialistes de la sécurité informatique. Le « clou » du spectacle est toujours le concours Pwn2Own qui réunit les hackers autour d’un thème très simple : percer les défenses des navigateurs et remporter des récompenses basées sur leurs performances. Plusieurs évènements marquants sont à signaler cette année, dont les défenses de Chrome percées à deux reprises (…).»
Source : www.pcinpact.com/news/69466-pwn2own-chrome-sandbox-charlie-miller.htm
Billets en relation :
08/03/2012. Chrome Owned by Exploits in Hacker Contests, But Google’s $1M Purse Still Safe : www.wired.com/threatlevel/2012/03/pwnium-and-pwn2own/
08/03/2012. Pwn2own : Google Chrome « cracké » en 5 minutes : www.01net.com/editorial/561044/pwn2own-google-chrome-cracke-en-5-minutes/
08/03/2012. IE 9, on most secure Windows yet, next browser to fall at hacker contest : arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars
08/03/2012. Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities : www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621
08/03/2012. Offense is Being Pushed Underground : threatpost.com/en_us/blogs/offense-being-pushed-underground-030812
08/03/2012. IE 9 Falls to Pair of Zero Days at Pwn2Own : threatpost.com/en_us/blogs/ie-9-falls-pair-zero-days-pwn2own-030812
08/03/2012. Chrome tombe le premier jour, le navigateur de Google hacké par les experts en sécurité français de Vupen : www.developpez.com/actu/42078/Pwn2Own-2012-Chrome-tombe-le-premier-jour-le-navigateur-de-Google-hacke-par-les-experts-en-securite-francais-de-Vupen/
08/03/2012. Pwn2own.zerodayinitiative.com : pwn2own.zerodayinitiative.com/status.html
09/03/2012. Chaouki Bekrar: The Man Behind the Bugs : threatpost.com/en_us/blogs/chaouki-bekrar-man-behind-bugs-030912
10/03/2012. CanSecWest: Let’s talk about non-targeted attacks : www.securelist.com/en/blog/208193410/CanSecWest_Let_s_talk_about_non_targeted_attacks

=> OTAN : cérémonie de lancement du NCIRC FOC . 09/03/2012. «Le 8 mars a été l’occasion pour l’OTAN, et plus particulièrement l’entité chargé des questions de réseaux et de systèmes d’informations, le NC3A qui a la charge plus général de nombre de questions technologiques qui ont des impacts sur les activités de l’organisation (…).»
Source : cidris-news.blogspot.com/2012/03/otan-ceremonie-de-lancement-du-ncirc.html
Billets en relation :
29/02/2012. Les gouvernements, les militaires et les entreprises menacent la sécurité du Net » selon le DSI de British Telecom au RSA 2012 : www.developpez.com/actu/41683/-Les-gouvernements-les-militaires-et-les-entreprises-menacent-la-securite-du-Net-selon-le-DSI-de-British-Telecom-au-RSA-2012/
04/03/2012. Former NSA Director Calls Stuxnet « Good Idea » : threatpost.com/en_us/blogs/former-nsa-director-calls-stuxnet-good-idea-030412
05/03/2012. 60 Minutes Weighs Stuxnet’s Legacy : threatpost.com/en_us/blogs/60-minutes-weighs-stuxnets-legacy-030512
07/03/2012. Cybersécurité USA : le volet normatif comme outil de puissance et de volonté stratégique : si-vis.blogspot.com/2012/03/cybersecurite-usa-le-volet-normatif.html
08/03/2012. NATO signs largest contract to date for cyber defence : nc3a.nato.int/news/Pages/NATO-signs-largest-contract-to-date-for-cyber-defence.aspx
11/03/2012. Campagne de recrutement US : usaacyberjobs.com/

=> Finns Targeted By Localized Ransomware. 09/03/2012. «Over the past few days we’ve received reports of Finns being targeted by ransomware which is localized in Finnish language and claims to be from Finnish police (…).»
Source : www.f-secure.com/weblog/archives/00002325.html
Billets en relation :
08/03/2012. Ransomware Attacks Continue to Spread Across Europe : blog.trendmicro.com/ransomware-attacks-continue-to-spread-across-europe
11/03/2012. GEMA / FakePoliceAlert and money laundering : xylibox.blogspot.com/2012/03/gema-fakepolicealert.html

Rapports, études, slides et publications

=> Social Engineering in Banking Trojans (RootedCON). 04/03/2012. «Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers (…).»
Source : eternal-todo.com/files/presentations/Social%20Engineering%20&%20Banking%20Trojans%20-%20RootedCON.pdf

=> Dénis de service distribués au deuxième semestre 2011. 05/03/2012. «Toutes les statistiques fournies dans ce rapport ont été obtenues à l’aide du système de surveillance des réseaux de zombies de Kaspersky Lab et du système Kaspersky DDoS Prevention (…).»
Source : www.viruslist.com/fr/analysis?pubid=200676273

=> Domain Generation Algorithms (DGA) in Stealthy Malware. 05/03/2012. «Do you remember all the fuss about Conficker many moons ago and its odd method of locating C&C servers? Instead of relying upon a static list of preconfigured domain names that corresponded to the location of the badguys C&C servers, it used an algorithm to calculate candidate domain names – and then tried reaching out to a handful of the candidates in a vein attempt to locate an active C&C server. (…).»
Source : blog.damballa.com/?p=1504
Billets en relation :
05/03/2012. DGAs and Cyber-Criminals: A Case Study [pdf] : www.damballa.com/downloads/r_pubs/RN_DGAs-and-Cyber-Criminals-A-Case-Study.pdf
05/03/2012. DGAs in the Hands of Cyber-Criminals – Examining the state of the art in malware evasion techniques [pdf] : www.damballa.com/downloads/r_pubs/WP_DGAs-in-the-Hands-of-Cyber-Criminals.pdf
08/03/2012. DGA’s vs Automated Malware Signature Generation : blog.damballa.com/?p=1522

=> Le système d’e-vote américain cracké en moins de 48 heures. 05/03/2012. «Des chercheurs de l’université du Michigan ont rapporté que cela leur a pris peu de temps pour crackers les fonctions de sécurité d’un projet pilote pour le vote en ligne à Washington, DC (…).»
Source : www.crazyws.fr/hacking/le-systeme-d-e-vote-americain-cracke-en-moins-de-48-heures-780F1.html
Billets en relation :
05/03/2012. Attacking the Washington, D.C. Internet Voting System [pdf] : jhalderm.com/pub/papers/dcvoting-fc12.pdf

=> Trend – Security Threats TO Evolving Data Centers [pdf]. 05/03/2012. «This report discusses the security threats that enterprises face when deploying and using virtualization and cloud computing infrastructures. The report contains real-world examples of attacks and attack tools that cyber criminals use to exploit vulnerabilities in virtualization and cloud computing environments, as well as recommendations for security best practices (…).»
Source : www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_security-threats-to-datacenters.pdf

=> March 2012 Web Server Survey. 05/03/2012. «In the March 2012 survey we received responses from 644,275,754 sites, giving a rise of 31.4M hostnames (5.1%) since last month (…).»
Source : news.netcraft.com/archives/2012/03/05/march-2012-web-server-survey.html

=> M-Trends: The One Threat Report You Need to Read. 06/03/2012. «Today is a big day. If you’ve followed us for a while you know that once a year we step back and take stock of what we’ve seen on the front lines battling targeted attacks. What is the advanced persistent threat (APT) up to? How are organized crime groups changing their tactics? What can organizations do to respond? Hot off the presses, M-Trends 2012, is full of facts, figures, case studies and recommendations (…).»
Source : blog.mandiant.com/archives/2326
Billets en relation :
06/03/2012. M-Trends 2012: An Evolving Threat [pdf] : fred.mandiant.com/M-Trends_2012.pdf
06/03/2012. Mandiant® Releases Annual Threat Report on Advanced Targeted Attacks : www.mandiant.com/news_events/article/mandiant_releases_annual_threat_report_on_advanced_targeted_attacks

=> Téléphonie fixe ou mobile : un guide pour faire respecter vos droits sur toute la ligne. 06/03/2012. «Vous avez souscrit un abonnement de téléphonie fixe ou mobile auprès d’un opérateur de téléphonie ou d’un fournisseur d’accès à Internet (FAI). A cette occasion, vous communiquez des informations à votre opérateur, qui les exploite pour gérer votre abonnement ou vous proposer des services. Quelles informations a-t-il le droit de détenir ? Comment exploite-t-il ses données ? Comment ne plus être démarché par téléphone ? Pourquoi un abonnement téléphonique vous a-t-il été refusé ?Puis-je ne pas figurer dans les annuaires ? (…).»
Source : www.cnil.fr/nc/la-cnil/actualite/article/article/telephonie-fixe-ou-mobile-un-guide-pour-faire-respecter-vos-droits-sur-toute-la-ligne/
Billets en relation :
06/03/2012. Guide Téléphonie [pdf] : www.cnil.fr/fileadmin/documents/Guides_pratiques/CNIL_Telephonie.pdf

=> Survivre aux nouvelles règles de Google. 07/03/2012. «Suite aux récents changements apportés par Google à sa gestion de nos données, plusieurs personnes nous demandent s’il est possible de se protéger. Ce petit document propose quelques solutions (…).»
Source : www.easi-ie.com/2012/03/07/intelligence-economique-survivre-aux-nouvelles-regles-de-google
Billets en relation :
07/03/2012. Survivre aux nouvelles règles de Google [pdf] : www.easi-ie.com/wp-content/uploads/2012/03/cvb120305-Comment-survivre-aux-nouvelles-r%C3%A8gles-de-confidentialit%C3%A9-de-Google.pdf

=> Android Reverse Engineering Tools [slides pdf]. 07/03/2012. «Android Reverse Engineering Tools-From an anti-virus analyst’s perspective – Axelle Apvrille – InsomniHack’12 (…).»
Source : www.fortiguard.com/sites/default/files/insomnidroid.pdf

=> The Making of the FOCUS 11 Apple iPad Hack [pdf]. 07/03/2012. «At FOCUS 2011, one of the most popular events was the Hacking Exposed keynote, which drew more than 2,000 people. Most of the attendees turned off their laptops, phones, Apple iPads, and other devices when McAfee CTO Stuart McClure announced that his team would perform live hacks at the session (…).»
Source : www.mcafee.com/us/resources/white-papers/wp-apple-ipad-hack.pdf

=> Chine & USA : vers une évolution des moeurs ? . 09/03/2012. «Un nouveau rapport portant sur les stratégies de défense relatives au domaine du cyberespace portés respectivement par la Chine et les Etats-Unis est l’occasion de repenser quelque peu les relations ambiguës des deux pays sur ce sujet ainsi que de questionner la réalité (…).»
Source : cidris-news.blogspot.com/2012/03/chine-usa-vers-une-evolution-des-moeurs.html
Billets en relation :
09/03/2012. Cyber-espionnage : Les Chinois représentent un risque pour l’armée américaine : www.theatrum-belli.com/archive/2012/03/09/cyber-espionnage-les-chinois-representent-un-risque-pour-l-a.html
09/03/2012. Cybersecurity and U.S.-China Relations [pdf] : www.brookings.edu/~/media/Files/rc/papers/2012/0223_cybersecurity_china_us_lieberthal_singer/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf

=> Research: proper screening could have prevented 67% of abusive domain registrations. 09/03/2012. «On a daily basis, spammers register thousands of new domains across multiple domain registrars, and take advantage of WHOIS privacy services to ensure that security researchers and anti-spam fighters will have hard time taking them down. So what can we do about it? (…).»
Source : blog.webroot.com/2012/03/09/research-proper-screening-could-have-prevented-67-of-abusive-domain-registrations/
Billets en relation :
09/03/2012. Abused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity [pdf] : knujon.com/knujon2012_adminanalysis_BRIEFv1.pdf

=> The Luckycat Hackers – Symantec [pdf]. 09/03/2012. «A series of attacks, targeting both Indian military research and south Asian shipping organizations, demonstrate the minimum level of effort required to successfully compromise a target and steal sensitive information. The attackers use very simple malware, which required little development time or skills, in conjunction with freely available Web hosting, to implement a highly effective attack. It is a case of the attackers obtaining a maximum return on their investment. The attack shows how an intelligent attacker does not need to be particularly technically skilled in order to steal the information they are after (…).»
Source : www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_luckycat_hackers.pdf

=> CrossTalk – iPhone Malware Paradigm. 10/03/2012. «The sphere of malware attacks is expanding to engulf the compact world of smartphones. This paper sheds light on exploitation tactics used by malware writers in designing iPhone applications that exploit the integrity of the victim’s phone. Our interest is in the harder problem of malware on iPhones that are not jailbroken (…).»
Source : secniche.blogspot.com/2012/03/crosstalk-iphone-malware-paradigm.html
Billets en relation :
10/03/2012. CrossTalk [pdf] : www.crosstalkonline.org/storage/issue-archives/2012/201203/201203-0-Issue.pdf

=> #csw12 slides – Vulnerability Analysis and Practical Data Flow Analysis & Visualization by Jeong Wook Oh [pdf]. 10/03/2012. «#csw12 slides – Vulnerability Analysis and Practical Data Flow Analysis & Visualization (…).»
Source : t.co/xAgzb0Mm

 

 

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation