09 September 2011

Syria's Cyberthugs | #arabspring #revolution #bashir

The embattled government of Syrian PresidentBashar al-Assad has pulled no punches in holding on to power throughout the country's months-long uprising.

First, street thugs beat back the protesters. Then, tanks. Now, Assad has apparently turned to an army of mostly anonymous propagandists to sway public opinion in his favor on the Facebook pages of Western media organizations.

 We've seen this Syrian Electronic Army, as it's been dubbed, firsthand.

Link: http://bit.ly/mYtUnK

Thursday evening BART protests affect evening commutes | #SFBart #OpBart #protest

CBS News Poll analysis by the CBS News Polling Unit: Sarah Dutton, Jennifer De Pinto, Fred Backus and Anthony Salvanto.
[/i]Ten years the Sept. 11 terrorist attacks, most Americans believe their country will always have to live with the threat of terrorism, a new CBS News/New York Times poll finds. But they don't expect a terrorist attack anytime soon.

Read full article: http://bit.ly/rmX2TZ

Most say US will always face terrorism threat | #WMD #cyberwar #DHS

CBS News Poll analysis by the CBS News Polling Unit: Sarah Dutton, Jennifer De Pinto, Fred Backus and Anthony Salvanto.
[/i]Ten years the Sept. 11 terrorist attacks, most Americans believe their country will always have to live with the threat of terrorism, a new CBS News/New York Times poll finds. But they don't expect a terrorist attack anytime soon.

Read full article: http://bit.ly/nDyZWw

How StartCom Foiled Comodohacker: 4 Lessons | #diginotar #ssl #ca

Strategic Security Survey: Global Threat, Local Pain (click image for larger view and for full slideshow) Based on the boasts of "Comodohacker," he's compromised six certificate authorities (CAs) this year, including Comodo in March and DigiNotar in July. He's also claimed to have exploited at least four more, including GlobalSign.

But the Comodohacker also said that he was unable to hack into StartCom Certification Authority, despite managing to access its network and a hardware security module (HSM). "I already connected to their HSM, got access to their HSM, sent my request, but lucky Eddy . . . was sitting behind HSM and was doing manual verification," according to a Comodohacker post.

Read full article: http://bit.ly/ooAB9I

Google Contacts Iranian Users to Secure Gmail Accounts | #diginotar #ssl #cyberwar

Google is directly contacting users in Iran, who may have been compromised by a rogue SSL certificate, to recommend measures to secure their accounts.

While Google's internal systems were not compromised, it is directly contacting possibly affected users and providing information on securing their accounts because its top priority is to protect the privacy and security of its users, Eric Grosse, vice president of security engineering, said in a blog post late Thursday.

Read full article: http://bit.ly/oGhFih

Apple Delays DigiNotar SSL Update, Partners 'Not Surprised' | #ssl #evssl #verisign

More than a week after a DigiNotar hack that prompted Google (NSDQ:GOOG), Mozilla andMicrosoft (NSDQ:MSFT) to blacklist hundreds of fraudulent secure socket layer certificates, Apple(NSDQ:AAPL) users are still without a security update protecting them from spoofs and man-in-the-middle attacks stemming from the bogus certificates.

But while alarming, Apple's failure to issue an update protecting its customers from hundreds of compromised SSL certificates issued by Dutch certificate authority DigiNotar is not entirely surprising given the company's longstanding history regarding security, security solution providers said Thursday.

Read full article: http://bit.ly/nOcUnE

08 September 2011

Would the United States win a cyberwar? | #apt #hackers #NSA

A while back I taught a week-long class for aspiring hackers, a war room of sorts with attack and defend scenarios, points tallied for successful exploits, and stuff like that. We balanced the war room with plenty of classroom and lecture time. One of the questions raised by the students, directed at a visiting law enforcement head during a lecture, was, "How prepared would the U.S. be for a large-scale cyberattack?" The answer: "Not at all."

This was a couple years back. Since then we're seeing the accelerated ramp-up of U.S. defenses against potential cyberattacks, complete with a raft of new legislation. Conversely, headlines are starting to pop up about attacks with "state-sponsored fingerprints" all over them. We've seen attempts at cooperation across national lines to track agile, cross-border criminals. Companies are ramping up their defenses and wrestling with their security posture and policy to fight things like advanced persistent threats (APT) and other emerging threats. So, let's say we posed the same question again, two years later: How would the United States do in a large-scale cyberattack?"

Read full article: http://bit.ly/nzyGNv

Facebook hacking tool hacks hackers | #bitdefender #hackers #skiddies

A case of criminal irony: Tools built to help hackers break into Facebook accounts have been found hiding malware that infects the computers of the would-be criminals who download them.

The security firm Bitdefender detected three separate tools in the past two days, all of which promise fledgling Facebook fraudsters an easy and free way to steal people's passwords and gain access to their photos.

Link: http://bit.ly/pLPcr7

The Mexican TCO Threat has Entered Cyberspace | #TCO #cybercrime #drugwar

Mexican transnational criminal organizations (TCOs) are no strangers to cyberspace. For the last few years, they've been posting videos of their kidnap victims and rivals being tortured on YouTube. They push propaganda on Facebook and MySpace. They've even learned how to communicate with each other through Twitter to evade the watchful eyes of Mexican authorities.


But now they're taking their presence on the Internet to new levels: fraud, piracy and information theft, hacking and sabotage. This only adds to their electronic expansion of existing crimes, like extortion, intimidation and money laundering. The question is, are they targeting American individuals or businesses, and what impact are they having on US cybersecurity?

Read full article: http://bit.ly/r30KPx

General Dynamics Joins Cyber Security Industry/University Cooperative Research | #NSF #DHS #virginiatech

General Dynamics Advanced Information Systems, a leading provider of cyber security solutions to the U.S. Departments of Homeland Security and Defense, has joined with Virginia Tech as an affiliate of the newest Security and Software Engineering Research Center (S2ERC), founded with support from the National Science Foundation (NSF). The NSF established the S2ERC program 25 years ago as the Industry & University Cooperative Research Center (I/UCRC) program dedicated to software engineering and recently re-chartered the center with an added focus on security.

Read full article: http://bit.ly/p6AESF

Cybersecurity is focus of new bills | #whitehouse #infosec #cyberwar

House lawmakers have returned from the August recess resolved to fight the nation's cyber adversaries with a flurry of new legislative proposals aiming to boost security of public and private networks and infrastructure.

Key House members are readying a series of bills that address a variety of issues — from toughening law enforcement of cybercrimes to giving the Department of Homeland Security oversight of federal IT and critical infrastructure security to lessening liability for private companies that adopt cybersecurity best practices.

Read full article: http://bit.ly/oWKpZU

Naval Academy Expands on Cyber Security | #USN #usna #infosec

The new academic year marks the beginning of the Naval Academy's new cyber security curriculum, in which midshipmen are required to take classes that will enhance their knowledge of cyber warfare and the threat it poses to national security.

Discussion of building a cyber curriculum at the academy began several years ago, when the Chief of Naval Operations (CNO) explained the importance of cyber security to the fleet, said Capt. Steven Simon, director of the academy's Center for Cyber Security Studies.

Read full article: http://bit.ly/qJAG2J

ESC keynoter sees 'arms race' with cyber attackers | #stuxnet #scada #cisp

Joerg Borchert, vice president of chip card and security ICs at Infineon Technologies North America, will take the stage at ESC Bostonlater this month to deliver a message to embedded systems designers: you are in an arms race with potential attackers. 

Borchert, who will deliver a keynote address at the conference on Sept. 27, said he will provide details about what types of attacks can be done physically to microcontrollers today, based on his experience in microcontroller security, and talk about some of the ways embedded systems designers can go about mitigating risk. But will Borchert is a proponent of certain techniques, he stresses that no approach to security is bullet proof. 

Read full article: http://bit.ly/piZChN

Massive Wall Street Protest Planned on Sept 17th | #anonymous #occupywallstreet #dayofrage

On Sept. 17, the Arab Spring becomes the new American Fall, with 20,000 revolutionaries in a tent city. Plus "solidarity" occupations in major financial centers worldwide, all ready for a long siege, vowing not to leave till they get their "one simple demand."

Occupy Wall Street is a "leaderless resistance movement" spearheaded by the edgy Adbusters magazine, which in July issued a call for the Sept. 17 occupation of Wall Street.

Their allies have names like "CultureJammers," "USDayofRage.org," "People of the NYC General Assembly," "TaketheSquare.net," and recently they were joined by the noted civil disobedience anarchists, "Anonymous" and many others worldwide. This movement reminds us of the historic rag-tag armies General Washington commanded from 13 Colonies for the first American Revolution.

Read full article here: ADBUSTERS

View complete blog here: CYBERWAR_NEWS

Read CYBERWAR NEWS MORNING REPORT for daily news updates

Google Maps Abused by Business Rivals: 3 Other Dirty Cyber Crimes | #Blackhat #cyberfraud #reviews

These users (or the black hat "marketing" firms they hired) went on Google Places - which contains listings of the businesses seen on Google Maps - and spam the "this place is permanently closed" button.

If enough users do it, Google marks the victim business as "Reported to be closed."  Then, pending a review and approval, the victim's mark becomes "This place is permanently closed."

Read full article: http://bit.ly/qHAVpm

Forensic Tool Unlocks Online History | #owade #Microsoft #infosec

Software that allows police and other authorities to see every site a web user has visited, and what identity they were using, has been put in the public domain.

New Scientist reports on a open-source software package called Offline Windows Analysis and Data Extraction (OWADE). It was launched at the Black Hat 2011 security conference, and can unlock files that show where PCs running the Windows operating system have been.

Read full article: http://bit.ly/pP4N8v

The Towson Hack: The mystery of vanishing iTunes credit | #apple #iPhone #hackers

Back on November 28, 2010, a user named stereocourier started a thread on Apple's support forums. The poster claimed that--without his knowledge or consent--someone spent more than $50 of his iTunes Store credit on iPhone apps. The user had no credit card linked to his account; all the mysterious purchases drew from his store credit. Oh, and stereocourier also noted that various personal details were changed on his account; specifically, his home address was replaced with an address that he didn't recognize in Towson, Maryland.

As of this writing, that discussion thread has since swelled to more than 45 pages, with nearly 700 posts. Someone--or some group of someones--seems to be able to spend iTunes gift card credit without permission, buying apps that users don't want. And whoever's doing the hacking seems pretty good at it: Hundreds of users have seen their iTunes credit stolen, and the hack shows no signs of slowing, ten months after it was first reported.

Read full article: http://bit.ly/oKv5nM

07 September 2011

(In)security redux: Hundreds of SSL certificates faked | #diginotar #verisign #cyberwar

The news that hackers got the best of a Dutch company that issues digital security certificates for websites, affecting the CIA, Google, Facebook, Twitter and many others raises some key questions: Is it cyberwar? Was the Iranian government behind the attack? And can we trust SSL certificates again?

Last week, reports surfaced about Iranian users of Google's sites being affected by the attack on DigiNotar, carried out by hackers who issued fake digital security certificates. Yesterday, the Dutch government said the attack was more widespread, involving more than 500 faked certificates and affecting the websites of the CIA, the Israeli and British spy agencies, and of other well-known brands such as Yahoo, Microsoft, Mozilla and more.

Read full article: http://bit.ly/o9vBzx

Cyber terrorist threats loom 10 years after 9/11 | #cyberwar #hackers #WMD


Since the attacks of Sept. 11, 2001, the possibility of a second devastating attack by al-Qaida or a similar group has been on the minds of many Americans. There has been much discussion as to whether terrorist groups could get access to nuclear, biological or chemical weapons — weapons of mass destruction.

Should we be concerned about another potential threat — a cyber weapon of mass destruction?

Yes, say security experts. The cyber terrorist threat is real, and plots involving such attacks may already be in the works.

Read full article: http://bit.ly/mQNcQM

Comodo CEO Says DigiNotar Hack Was State-Sponsored | #cyberwar #Iran #ssl

An attack on a Dutch company that issues certificates used to authenticate websites was state-sponsored, according to the chief executive of Comodo, a company that also issues digital certificates and suffered asimilar setback in March.

Asked by PC World to characterize the DigiNotar attack, Melih Abdulhayoglu, president and chief executive of Comodo, said in an e-mail, "We believe this is state-sponsored."

Read full article: http://bit.ly/oCXWry

Hackers Turn On Each Other #rankmyhack #Wikileaks #whitehouse

Is there no honor among hackers, or information leakers?

Last week, even RankMyHack.com got hacked. The website, which awards points for proof that you've hacked particular websites, isn't the first such leaderboard. But the site had grabbed a lot of attention in a short period of time for listing hacking point values for prominent websites, such as the White House's (34,594 points).

Read full article: http://bit.ly/qdkGOI

Cybercrime spreading to Canadian cellphones | #malware #infosec #antivirus

Lock up your cellphones.

That's the message from a new cybercrime report from security company Norton by Symantec.

The survey found 5% of Canadians have experienced a mobile-related cybercrime, half of the global average of 10%. But that doesn't mean Canadians are safe, Lynn Hargrove, the director of consumer solutions of Symantec Canada, told QMI Agency.

Read full article: http://bit.ly/osxmKM

One Million Victims of Cybercrime a Day Says Report | #malware #crimeware #antivirus

Over one million adults around the world are the victim of cybercrime every day, according to figures published Wednesday.

The Norton Cybercrime Report 2011 paints a gloomy picture. The company estimates that cybercrime cost online consumers over the 24 countries surveyed a total of $388 billion in just one year. By contrast, according to Adam Palmer, Lead Advisor at Norton Cybersecurity Institute and a former U.S. Navy prosecutor, the entire global trade in cocaine, heroin and marijuana is worth $288 billion.

Read full article: http://bit.ly/qld0m5

Ten years after 9/11, cyber attacks pose national threat, committee says | #cyberwar #infosec #nationalsecurity

Title: Ten years after 9/11, cyber attacks pose national threat, committee says
Link: http://bit.ly/oHqYcQ

More than 100 hackers arrested in US and UK | #LULZSEC #AntiSec #cyberwar

Anonymous made breaking news last December when it took the Mastercard, Visa, the Swiss bank Post Finance and PayPal websites offline with what is called a Distributed Denial of Service attack. The attacks came as a response to the companies removing their services from the leak publishing website Wikileaks, just as the organization began releasing leaked State Department diplomatic cables.

Read full article: http://bit.ly/ql72Dw

06 September 2011

WikiLeaks knocked offline by Anonymous - RefRef due Sept. 17 | #loic #ddos #hackers

On Tuesday, WikiLeaks.org crashed, under what the organization called a heavy cyberattack. However, the developer behind RefRef, an application created for those associating with Anonymous to use instead of LOIC, said that WikiLeaks was taken offline during a test of the new tool. RefRef will be tested again Wednesday, before it is released on September 17.

RefRef is platform neutral tool, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. In late July, an Anon on IRC was promoting the tool, explaining to those in a room frequented by journalists that RefRef is pure JavaScript, and uses the target site's own processing power against itself. In the end, the server succumbs to resource exhaustion due to RefRef's usage.

Read full article: http://bit.ly/rntv81

BART Protesters Plan Thursday Demonstration to Give Commuters a Free Ride | #OpBART #SFBART #sf

Yesterday's BART protest may have been a dud in terms of turnout, but after a month of weekly protests there's still lingering animosity between commuters and organizers from Anonymous and No Justice, No BART. In order to win back favor with the commuters who have come to expect messy Mondays, the No Justice, No BART group is hoping a Thursday "Spare the Fare" protest will save BART Riders a couple bucks and maybe pick up a little good PR for their cause in the process.

Read full article: http://bit.ly/ocgHwA

The 'Top Secret America' Created After Sept. 11 | #security #NSA #CIA

Thousands of government organizations and private companies work on programs related to counterterrorism, homeland security and intelligence. Last December, The Washington Post reported that this "top-secret world ... has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work."

Read full article: http://bit.ly/ra1Yqj

Wikileaks Border Cables: From The Mundane To The Violent | #cbp #cartels #drugwar

Secret diplomatic cables from consulates along the U.S.-Mexico border show how the escalating drug violence disrupted its consulate operations. It also shows how more routine operations, like the issuance of visas, continued as Mexico's drug war escalated.

In Nuevo Laredo, members of the ZETAS drug cartel were seen near a compound that housed personnel from theconsulate. The incident in February 2010 came during a particularly violent time as the ZETAS and the Gulf Cartel fought for control of the city.

Read full article: http://bit.ly/qPhRkC

NK boosts electronic warfare capabilities | #gps #cyberwar #radar

North Korea is independently developing a GPS jamming system effective over more than 100 kilometers, according to a government report on Tuesday.

The report by the Ministry of National Defense said the North imported some 20 different kinds of communication and radar jamming instruments from the then Soviet Union.

Submitted to the National Assembly's Defense Committee, the report said the North is now believed to be developing new electronic warfare devices capable of jamming GPS signals within a radius of more than 100 km.

Read full article: http://bit.ly/oYabU7

What Does the FBI Worry About? | #Emp #nuclear #cisp

An electromagnetic pulse (EMP) attack is one of the "huge" potential threats that the Federal Bureau of Investigation (FBI) worries about. At least that is what Art Cummings, a deputy assistant director in the agency's Counterterrorism Division, told Ronald Kessler in an interview for Kessler's new book The Secrets of the FBI.

An EMP is a high-intensity burst of electromagnetic energy caused by the rapid acceleration of charged particles. The burst causes disruption of an electromagnetic system and fries electronic devices within its line of sight. Depending on its intensity, an EMP could instantly send the United States back to the 19th century. An EMP is one of the results of a nuclear weapon explosion, but non-nuclear weapons and geomagnetic storms can cause it as well. Despite the FBI's recognition, the United States remains largely unprotected from the effects of an EMP.

Read full article: http://bit.ly/pdh89H

Anonymous calls for the release of arrested members | #AntiSec #hackers #LULZSEC

Protesting Anonymous-related arrests across the world, the ubiquitous hacker collective has issued a statement asserting that those detained and charged for distributed denial-of-service (DDoS) attacks are really no different than civil protesters organizing a sit-in.

Read full article: http://bit.ly/nUAugP

Imperva uses cloud as DDoS shield

Imperva today launched a new security tool, based in the cloud, to keep business safe from the increasing risk of Distributed Denial of Service (DDoS) attacks.

Using the security firm's cloud division – Incapsula – the Imperva Cloud DDoS Protection solution provides instant scaling when a website is under attack, allowing genuine traffic to still access the URL, whilst keeping track of trends in emerging DDoS attacks to keep a company website prepared.

Read full article: http://bit.ly/pIkpcp

Dirty keyboards: This computer virus could make you sick | #qwerty #virus #illness

Worried that your computer might catch latest Facebook virus or suffer from an online malware disaster? You should be equally concerned about how your computer keyboard could be making you sick.

If you don't clean your keyboard regularly, you open yourself up to food poisoning and other common illnesses—a condition often nicknamed the "qwerty tummy" after the "Q-W-E-R-T-Y" keys on the keyboard.

Read full article: http://bit.ly/oR94tV

Fighting 21st Century Cyber-Threats | #hackers #9/11 #cyberwar

In the 10 years since hijackers flew two passenger jets into the World Trade Center in New York City and a third one into the Pentagon, federal, state and local governments have struggled to secure transportation systems and physical infrastructure from terrorist attacks.

However, the damage was done. The attacks ended-probably forever-Americans' belief that we were immune from the terrorist attacks that had plagued the Middle East, Europe and the Asia-Pacific regions for years.

Link: http://bit.ly/pTTXXr

New Zeus-based variant targets banks around the world | #crimeware #infosec #licat

Another Zeus-based offering has been unearthed by Trend Micros researchers, and by the look of things, this one seems to be better crafted than the recently discovered Ice IX crimeware that doesn't deliver on its promises.

Having analyzed the code, they believe that it was created by using version of the Zeus toolkit and that it was created specifically for a professional gang comparable to LICAT.

This solution is likely to succeed where Ice IX has failed: an updated encryption/decryption algorithm that should prevent trackers from analyzing its configuration file.

Read full article: http://bit.ly/r6zWE6

Alleged LulzSec Hacker 'Kayla' Arrested By UK Police | #anonymous #hbgary #ddos

Another two men suspected of involvement in attacks by Anonymous and LulzSec have been arrested by British police, bringing the total detained in an extraordinary week to seven.

The unnamed pair, a 24-year old picked up in Doncaster, and a 20-year old detained in Wiltshire, are reportedly being connected by police sources to the activities of one member of the LulzSec collective who used the handle 'Kayla'.

Read full article: http://bit.ly/oErpXo

Are Digital Certificates Doomed? | #diginotar #comodo #ssl

Have digital certificates become too unwieldy to be trusted?

Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.

Read full article: http://bit.ly/n6GpMV

Sony Taps DHS Cyber Security Expert | #hackers #ps3 #infosec

Sony is taking steps to repair damage caused by more than 100 million customers having their personal information leaked. The company has hired Philip R. Reitinger, previously head of U.S. cyber security, to take charge of all security matters effective immediately.

In the newly created position of senior vice president and chief information security officer, Reitinger will report to Nicole Seligman, Sony's executive vice president and general counsel, corporate executive officer. Sony had previously stated the top security person would report directly to Shinji Hasejima, Sony's chief information officer.

Reitinger resigned on May 19 from his position as deputy undersecretary overseeing cyber security and computer crimes for the U.S. Department of Homeland Security. He also has held senior cyber security positions at Microsoft, the U.S. Department of Defense, and the U.S. Department of Justice.

Read full article: http://bit.ly/nofFmr

Rebels scour desert for Gaddafi as his loyalists reportedly flee to Niger | #ghadafi #TNc #NATO

A chaotic and apparently ill-coordinated effort by rebels to track down Moammar Gaddafi is being led by competing factions of military commanders and bounty hunters, as well as Libyan commandos commissioned by civilian leaders.

Libyans involved in the hunt say they are not getting much help from NATO, despite the alliance's state-of-the-art electronic and aerial surveillance methods. Instead, they are relying on a deluge of human intelligence from informers and witnesses, but seem to be struggling to sift, process and share all the information that is coming in.

Read full article: http://bit.ly/oOy4Ac

Libya: Tell it like it is | #NATO #TNC #ghadafi

Two weeks ago, western journalists swept into Tripoli on a wave of euphoria as the city welcomed the NATO/TNC with open arms. Not a shot was fired as the city where just a few weeks previously, millions of people had turned out to support Muammar al-Qathafi, came out to celebrate. Then why is the NATO/TNC leadership still holed up in Benghazi?

Did Tripoli "fall" two weeks ago, or were we fed a classic piece of disinformation during NATO's blackout? If the images we were receiving were true, then why were all telecommunications hacked in a classic case of cyber terrorism by NATO? Why did NATO continue to carry out terrorist attacks on Government forces in Tripoli after it "fell"? Why did NATO cut the electricity and water supply to the civilian population to "break" them, if the city had fallen into the hands of the NATO/TNC terrorist forces? Did NATO special forces enter the arena? If so, this was a violation of the UNSC resolutions covering the case.

Read full article: http://bit.ly/o8Tpg3

Comodo Hacker Claims Credit for DigiNotar Attack | #hackers #ssl #infosec

The hacker responsible for a stunning attack on a Dutch company that issues security certificates for websites warned on Monday that he would "strike back again," after previously breaching another company earlier this year.

The hacker posted the warning on Pastebin under the handle "Comodohacker." The same account was used earlier this year to describe the attack on Comodo, which sells SSL (Secure Socket Layer) certificates, a crucial Internet security component used to secure encrypted communication between a computer and a website.

Read full article: http://bit.ly/rfRKOs

04 September 2011

Alleged 'Anonymous 14' plead innocent to PayPal DDoS | #hackers #LULZSEC

Fourteen individuals believed to be part of the hacktivist group Anonymous pleaded innocent on Thursday in federal court in San Jose, Calif  to charges of participating in an attack against PayPal.

The defendants, mostly in their twenties, were facing felony charges of damaging a protected computer and conspiracy for allegedly launching distributed denial-of-service attacks against the PayPal site.

Read full article: http://bit.ly/obNVYw

Spamvertised 'Facebook notification' leads to exploits and malware | #cutwail #botnet #spam

Security researchers from M86 Security Labs, have intercepted a spamvertised malware campaign using bogus Facebook notifications as a social engineering element.

Spamvertised through the Cutwail botnet, the malware campaign is impersonating Facebook in an attempt to trick users into clicking on a bogus Facebook notification message. However, the HTML source of the email reveals a link to a malicious iFrame leading to the BlackHole web malware exploitation kit. Upon clicking on the link, the exploit kit will check for remotely exploitable client-side applications and browser plugins, and serve the malware.

Read full article: http://bit.ly/nKrKgF

Ice IX, Foremost Botnet Built With Publicly-Exposed Zeus Source Code | #hackers #infosec #cybersecurity

According to the security investigators at Kaspersky Labs, one fresh crimeware suite named Ice IX can be found that has been built with the help of the ZeuS information stealer's source code, which got exposed this year (2011). Softpedia reported this on August 24, 2011.

Described as the foremost Web-application of the current making, Botnet Ice IX regulates centralized networks of bots via HTTP associated with the exposed Zeus code. This botnet can be bought on the undisclosed economy as also is capable of producing custom Trojans, which add contaminated PCs to botnets.

Read full article: http://bit.ly/qaNIyi

Two Suspected Anonymous, LulzSec Members Arrested In UK | #Kayla #lolspoon #topiary

Police in United Kingdom said Friday they have arrested two suspected members of international hacking groups Anonymous and Lulz Security as part of a trans-Atlantic investigation into a series of cyber attacks claimed by the two groups.

Scotland Yard said the two suspects, a 24-year-old and a 20-year-old, were detained at two separate addresses in the UK as part of an ongoing investigation involving the FBI and other law-enforcement agencies.

Read full article: http://bit.ly/qHlJ1e

How to Avoid Getting Skimmed By ATM Scammers | #bankfraud #hackers #infosec

Seth Rabinowitz recalls the time he used his HSBC ATM card on a Sunday afternoon in São Paulo, Brazil, at an ATM outside a bank that seemed closed, because it was after regular hours. "It rejected my PIN and spit out the card. I tried again. Same thing. The next day, I used a different card at a different ATM to get some cash, thinking the first ATM card I used the day before would then be locked for faulty PIN entry and I'd call the bank later to unlock it -- it's a hassle to call customer service at certain banks from certain foreign countries ... doable, but a hassle with which one might tend to procrastinate," says Rabinowitz.

A couple of days went by; then, he checked his online statement. "I saw $8,000 deducted from my account in three days from ATM withdrawals," says Rabinowitz.

Read full article: http://bit.ly/pQFEvN

Texas cops red-faced as AntiSec leaks docs | #LEO #cbp #AntiSec

Texas law enforcement officials were left red-faced after Anonymous hackers associated with the AntiSec movement published "boatloads" of classified police documents extracted during a series of digital raids.

The thousands of pages - which are currently available online - include several dozen FBI, Border Patrol, and counter-terrorism documents classified as "law enforcement sensitive" and "for official use only."

Read full article: http://bit.ly/pgsAib

Syria's Digital Counter-Revolutionaries | #arabspring #anonymous #hackers

As President Bashar al-Assad dispatches tanks against peaceful protesters across Syria, pro-regime forces are launching a parallel effort against the uprising on a very different front: the Internet. A collective of pro-Assad hackers and online activists, calling themselves the Syrian Electronic Army, appears to be targeting dissidents within Syria as well as sympathizers without. Though the nature of the group's connection to the regime remains unclear, their tactics -- the most sophisticated response to online activism of the Arab Spring -- reveal the skill of Assad's forces and their determination to defeat the protest movement that toppled fellow dictators in Egypt, Libya, and Tunisia.

Read full article: http://bit.ly/nH66VF