CyberheistNews Vol 1, #27
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Email CaaS: Crime as a Service
This time, I'd like to invite you to 15 minutes of video. It's going
to be very interesting, I promise. The speaker is Marc Goodman.
Over the past 20 years, he has built his expertise in cybercrime,
cyber terrorism and critical infrastructure protection working with
organizations such as INTERPOL, the United Nations and NATO. His quick
overview of the current state of cybercrime is timely, up-to-date and
Marc is specific about the problems you are going to see in 2012,
especially about data theft. For instance, did you know that 85% of
data stolen is stolen by organized crime? Spend these 15 minutes to
see his presentation at the Strata Summit:
http://www.youtube.com/watch?v=6ueKilyThQg&feature;=player_embedded
Quotes of the Week
"Imagination is more important than knowledge." - Einstein
"Reality leaves a lot to the imagination." - John Lennon
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
"We Discovered A Serious Human Vulnerability"
"I'm a system administrator and we regularly get user's workstations
infected with malware. Then Microsoft reported that 45% of the infections
are caused by the users being 'social engineered', so we decided to test it
out for ourselves."
"First we did the Email Exposure Check. Out of our 197 users, 87 email
addresses were found on the Internet. Then we did the Phishing Security
Test, and sent these 87 a relatively simple simulated phishing attack,
that could have been sent by any bad guy."
"We were shocked to see that our spam filters and antivirus did not
catch the phishing email, and that 24 of these 87 clicked on the link.
We discovered a serious human vulnerability." -- P.H. System Admin
Find out for yourself how big this human security hole is in your
organization. Fill out this form, you will get the results for free:
http://www.knowbe4.com/eec/
Attackers Pose As Police In New Ransomware Campaign
The DarkReading site had an interesting item. "In a new twist to
ransomware attacks, the bad guys are pushing pop-up warnings posing
as federal law enforcement messages claiming to have discovered illicit
and illegal material on victims' computers -- and the malware locks
down their machines and deletes data unless they pay a fine. Ransomware
is nothing new, but researchers at Microsoft say this latest batch includes
different versions for each country it targets.
232300884/attackers-pose-as-police-in-new-ransomware-campaign.html">http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/
232300884/attackers-pose-as-police-in-new-ransomware-campaign.html
Amnesty International Site Serves Java Exploit
This is how the bad guys operate. They hack reputable sites, and then
put malware on those sites that infects the maximum amount of visitors.
Brian Krebs has a story about Amnesty's site in the UK: "Amnesty
International's homepage in the United Kingdom is hacked and is currently
serving malware that exploits a recently-patched vulnerability in Java.
Security experts say the attack may be opportunistic, or it may be part of
a more nefarious scheme to target human rights workers.":
http://krebsonsecurity.com/2011/12/amnesty-international-site-serving-java-exploit/
Feds Indict 55 For Cybercrime Fraud
Federal authorities Friday announced the indictment of 55 people for
participating in a cybercrime fraud ring that relied on insiders to steal
hundreds of people's personal details from a bank and a car dealer, among
other organizations. The stolen information was then used to defraud both
the victims, as well as the organizations at which the insiders worked.
"These insiders used their positions to gain access to client data, and
then sold that data to make money for themselves and their accomplices,"
said Manhattan District Attorney Cyrus R. Vance, Jr., in a statement.
Dark Reading has the story:
http://www.darkreading.com/attacks-and-breaches/feds-indict-55-for-cyber-crime-fraud/d/d-id/1101904
Security Minefield: BYOD Will Bedevil IT Security In 2012
I have been talking about this before, and Ellen Messmer over at
InfoWorld has an excellent overview about this problem: "As companies
allow employees to use their personal smartphones and tablets for
business, pressure to protect and manage these devices is growing.
"The rapid adoption of the newest mobile devices -- especially the Apple
iPhone and iPad and the Google Android-based equivalents -- will be a
huge disruptive force in enterprise security next year. Not only will
there be pressure to decide how to protect and manage these devices,
which are growing as malware targets, the complexity of this task is
magnified many times over because companies are allowing employees to
use their own personal smartphones and tablets for business purposes --
what's sometime called "bring your own device" (BYOD)." Story at:
http://www.infoworld.com/article/2618154/apple-phone/security-minefield--byod-will-bedevil-it-security-in-2012.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
'Rollerman' Jean Yves Blondeau swoops down some of the most scenic mountain
roads in the world:
http://www.flixxy.com/rollerman-travels-the-world.htm
Riding on a mountain bike along the Garnitzenklamm gorge in Austria. These
guys are nuts, have a death wish, or both! LOL
http://www.flixxy.com/mountain-bike-riding-austria.htm
The weirdest, wackiest and coolest sci/tech stories of 2011:
http://www.networkworld.com/slideshows/2011/121411-wacky.html?
The Best of 'Damn You, Autocorrect':
http://www.networkworld.com/slideshows/2011/070711-auto-correct.html?
A Google Ad from India, based on a real life story of an artist who used
the web to bring the dying art of 'Tanjore' paintings back to life and
became successful in the process. Interesting:
http://www.flixxy.com/indian-google-ad-based-on-a-real-life-story.htm
The 'Skating King of Pakistan' controls a motorcycle with two strings
while being towed along. Definitely do not try this at home:
http://www.flixxy.com/pakistani-rollerblader-controls-motorcycle-with-strings.htm
High-res time-lapse sequences captured by astronauts aboard the ISS give
us a beautiful view of well-known coastlines and countries around the world:
http://www.flixxy.com/view-from-space-countries-and-coastlines.htm
A group of researchers encounters a pack of wild mountain gorillas near
Uganda’s Bwindi National Park and one lucky human gets groomed by baby
gorillas:
http://www.flixxy.com/wild-gorillas-meet-humans.htm
The 16 Greatest Cities In Human History. This is actually REALLY interesting:
http://www.businessinsider.com/greatest-cities-in-human-history-2011-12
African Bullfrog Plays Video Game:
http://news.yahoo.com/blogs/sideshow/video-african-bullfrog-plays-video-game-175145367.html
