Year – Week: 2013 – 10
Evernote was the highest profile victim of an attack this week. The attack on their systems meant that 50 million account names and encrypted passwords were stolen.
USA has also become the world’s leading spam-relayer. This most likely doesn’t mean that there is a kingpin spammer in USA, but what it does show is that there is a large amount of hijacked computers being used for this. USA it’s not the number one malware infected country (China was 2012 according to PandaLabs), but there are reasons such as IPs from USA is less likely to be blacklisted as easily as well as speeds between email providers are likely to be higher from USA than China.
More information about the zero-day-exploiting malware MiniDuke has also surfaced. It appears that MiniDuke has been running its cyber-espionage campaign around since mid 2011, and appears to have targeting governments in countries such as Belgium, Unites States and Ireland.
The Dubai Police made arrests this with in regards to a cyber crime gang who were able to transfer more than $2m from Dubai Exchange companies’ accounts, while Bank Muscat in Oman was hit by $39m ATM cash-out heist which most likely happened due to the hackers being able to duplicate a set of pre-paid Travel Cards.
The first couple of days of the Pwn2Own has also taken place. Pwn2Own, which is being co-sponsored by HP this year, is a yealy competition where security researchers attempt to be the first to exploit software, with resulting prize money for doing so. So far, over $270K has been given out to people who managed to exploit IE10, Chrome 25, Firefox 19, and Java 7.
Important Software Security updates
We’d like to remind everyone of the importance of not reusing any of your passwords. Doing so could mean that you end up losing a great deal of things.
Let’s say I’m using X and I have the same password on my email account Z and Website X.
I signed up to Website X with my email account, which means that if Website X is hacked and my password decrypted (it’s not even certain they will have encrypted my password) then that means that they will be able to access my email account as well from there.
By having access to my email account they could for example gain further access to other services by doing password resets or pretend to be me and send out malware.
This is one of the reasons why we suggest that you create complex and unique passwords for every site you use.
It’s understandable that you can’t remember these kind of passwords, but don’t worry – there are tools for this which means you only have to remember one single passphrase in order to gain access to your password vault.
My personal preference is 1Password Pro which has got a stand-alone client as well as a web interface. It also got plugins for IE, Chrome and Firefox which makes signing into accounts a breeze.
Those who prefer to use free and open source can use KeePass Password Safe. I believe it lacks a bit of functionality, but it’s got a lot of plugins/extensions that you can use to further its use.
16-28 February 2013 Cyber Attacks Timeline
Hacking the Mind: How & Why Social Engineering Works
The web won’t be safe or secure until we Break it
Jailed cybercriminal hacked into his own prison’s computer system after being put in IT class
The Life Cycle of Web Server Botnet Recruitment
Security Blogger Award Winners 2013