[Owasp-cincinnati] Selected InfoSec and AppSec News Of the Past 3 weeks

Marco M. Morana marco.m.morana at gmail.com
Thu Oct 28 22:53:21 EDT 2010


[OWASP] AppSec DC is just 2 weeks away

AppSec DC is just 2 weeks away!  We have a great schedule
http://schedule.appsecdc.org

 this year with 4 tracks of amazing talks and a selection of great training
classes at rock bottom prices.  Register now at http://reg.appsecdc.org

 

[OWASP] Chapter-led training events. 

http://www.owasp.org/index.php/OWASP_Training

                

[ISN] New Zeus Attack Preys On Quarterly Federal Taxpayers 

A widespread spam campaign that began several days ago started spiking
today, Oct. 15 -- quarterly tax payment deadline day in the U.S.: The
Zeus-laden attack poses as an alert from the government's electronic tax
payment system, telling recipients that their payment was rejected and
sending them to a link that both infects them and redirects them to the
legitimate electronic federal tax payment system website, eftps.gov.

http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?a
rticleID=227900050

 

[ISN] "Trojan Zeus" cyber theft ring foiled 

http://blogs.mcall.com/watchdog/2010/10/trojan-zeus-cyber-theft-ring-foiled.
html

 

[ISN] Researchers hack toys, attack iPhones at ToorCon

Eric Monti, a senior security researcher at Trustwave, "weaponized" an
exploit that was launched as the Jailbreakme.com program this summer,
designed to allow iPhone owners to use unauthorized apps.

http://news.cnet.com/8301-27080_3-20020547-245.html

 

[ISN] The Online Threat 

On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an
eavesdropping mission collided with a Chinese interceptor jet over the South
China Sea, triggering the first international crisis of George W. Bush's
Administration. 

And over the next few years the U.S. intelligence community began to “read
the tells” that China had access to sensitive traffic.

http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh

 

[ISN] Hackers in China swiped sensitive data from gov’

Hackers from China have successfully stolen confidential information from
foreign service and security officials through e-mails that purport to be
from the Blue House or diplomats abroad, a report from the National
Intelligence Service showed

http://joongangdaily.joins.com/article/view.asp?aid=2927242

 

[Dataloss Weekly Summary] Data theft by cybercriminals biggest loss for
businesses, survey reveals

Data theft has more than doubled to overtake physical property losses for
the first time in the past year, according to an annual global fraud survey.
Cybercriminals are collecting information about individuals as a way of
penetrating corporate networks, said Uri Rivner, head of new technologies,
identity protection and verification at RSA

http://www.computerweekly.com/Articles/2010/10/18/243378/data-theft-by-cyber
criminals-biggest-loss-for-businesses-survey-reveals.htm

 

[Dataloss Weekly Summary] Annual cost of identity theft is £2.7bn

Almost two million people have their identities stolen every year at a cost
to the UK of £2.7bn, according to research published today. Around 1.8
million people fall victim to identity fraud each year, with criminals
gaining an average of £1,000 in credit or benefits for each name they steal,
according to the National Fraud Authority (NFA).

http://www.independent.co.uk/news/uk/crime/annual-cost-of-identity-theft-is-
16327bn-2109431.html

 

[ISN] Incidence Of Cybertheft Surpasses Incidence Of Physical Theft For The
First Time, Study Says 

Incidence of theft of information and electronic data at global companies
has overtaken physical theft for the first time

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=2279
00305

 

[ISN] PCI: Smaller Merchants Threatened

Level 3 and 4 retailers are now being targeted by cyber criminals for the
theft of credit card data. Examples of these targets include restaurants in
several states that were hit in the past several months -- the latest being
one that had its POS system breached in Tallahassee, Fla.

http://www.bankinfosecurity.com/articles.php?art_id=3019

 

[ISN] DOD, DHS working on one-two punch for cybersecurity

The Defense and Homeland Security departments have launched an initiative to
share analysts and coordinate their cyber operations. 

http://fcw.com/articles/2010/10/18/dod-dhs-cooperate-on-cyber-defense.aspx

 

[ISN] SCADA security just got more serious 

There are reports that a new, more powerful, Stuxnet virus could be
unleashed very soon as code is posted on the internet for anyone to copy.
Manufacturing, infrastrucure and engineering industries are, therefore being
urged to take even tighter preventative measures to protect themselves and
not to delay doing this.

http://www.controlenguk.com/article.aspx?ArticleID=37383

 

[ISN] Smart Grids Offer Cyber Attack Opportunities 

Researchers at last week's IEEE SmartGridComm2010 conference in
Gaithersburg, Md., warned that as utilities transition to greater use of
smart grids, their increased two-way communication would leave consumers and
suppliers open to more forms of cyber attack. In fact, by 2015, they
estimated, the smart grid will offer up to 440 million potential points to
be hacked.

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht
ml?articleID=227701134

 

[ISN] [Dataloss Weekly Summary] Beyond the Check-In: How Location Services
Can Now Fight Identity Theft

two companies officially announced the launch of Finsphere's PinPoint
identity validation product, which helps to fight identity theft and
validate a user's identity with the use of Location Labs' Universal Location
Service. 

http://feeds.nytimes.com/click.phdo?i=d3ab39641e38c813d7e85d70bad82019

 

[ISN] [Dataloss Weekly Summary]  New device lets diners swipe credit cards
themselves

“The CATS Card At Table Service provides a revolutionary alternative to the
process of how credit card transactions are handled,” Raven said. “It is
designed so that a customer’s credit card will never have to leave the
table.”

http://www.heraldnet.com/article/20101012/BIZ/710129926/-1/RSS03

 

[ISN] Unprecedented wave' of Java exploits hits users,                says
Microsoft

According to a manager at Microsoft's Malware Protection Center (MMPC),
attempts to exploit Java bugs have skyrocketed in the past nine months,
climbing from less than half a million in the first quarter of 2010 to more
than 6 million in the third quarter

http://www.computerworld.com/s/article/9191640/_Unprecedented_wave_of_Java_e
xploits_hits_users_says_Microsoft

[ISN] Secunia Weekly Summary - Issue: 2010-41 

Multiple vulnerabilities have been reported in Sun Java, which can be
exploited by malicious users to cause a DoS (Denial of Service) and by
malicious people to disclose potentially sensitive information, manipulate
certain data, and compromise a vulnerable system.

http://secunia.com/advisories/41791

 

Marco Mirko Morana

OWASP Cincinnati USA Chapter Lead

Writing Secure Software Blogger

Application Threat Modeling Book Author

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20101028/624ee74c/attachment.html 


More information about the Owasp-cincinnati mailing list