The people at howtogeek.com wrote a pretty funny yet sad post about research they performed. The concept is they went to download.com and downloaded the top 10 most popular downloads onto a virtual windows system to see what would happen (they skipped a few Anti Viruses since it doesn’t make sense to install more than one but outside of that went through the list). As shown in the previous screenshot, most of the software was laced with malware pretty much killing the functionality of their test system. The ironic thing is download.com has disclaimers on their website stating they don’t post software with malware, trojans or malicious adware before during or after the installation of software being shared (shown later in the post). According to the results from the howtogeek team, this is obviously not the case. I guess those old sayings are right about nothing is free and if its too good to be true … it probably is. Continue reading
Andrea Allievi and Earl Carter posted a very interesting article on the Cisco security blog about a new version of Cryptowall. They talk about a very advanced threat capable of bypassing anti-malware and sandbox based defenses along with methods to hide communication to the control center using TOR channels. The original post can be found HERE.
Ransomware holds a user’s data hostage. The latest ransomware variants encrypt the user’s data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. Continue reading
Norse is a research group that leverages hundreds of honey pots placed all over the world to collect attack data. Their claim to fame is their research goes beyond the general internet targeting “dark intelligence” meaning parts of the darknet where the bad actors live. They offer a few products that can be placed on your network as well as SAS services that work with their threat intelligence to identify attacks against your network. You can find their main website HERE.
One cool free online tool they offer is a live mapping of attack data. That data can be found at http://map.ipviking.com/ or HERE. Below is a screenshot of this tool. Its a pretty cool concept. Check it out Continue reading
My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.
Pierluigi Paganini from Security Affairs posted a great article about how Cisco NetFlow could possibly be used to identify Tor clients. The idea is a NetFlow sensor could monitor a certain percent of random generated Tor circuits and possibly link clients back to their users. The original post can be found HERE. Here is the post.
The research revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting a new traffic analysis attack based on Netflow technology.
A team of researchers conducted a study between 2008 and 2014 on the de-anonymization of the Tor users, the team worked to disclose their originating IP addresses. Continue reading
The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading
Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.
You can find more about Neohapsis HERE.
The official announcement from Cisco can be found HERE.