blog trackingRealtime Web Statistics Staged Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘staged’

When Hackers Hack Each Other—A Staged Affair in the French Underground?

feature_deepweb

Source: National Cyber Security – Produced By Gregory Evans

When Hackers Hack Each Other—A Staged Affair in the French Underground?

This past July, we published a blog post on a new illegal gambling system known as “French Dark Bets (FDB).” FDB is run and hosted by one of the biggest French underground marketplace, the French Dark Net (FDN). This betting

The post When Hackers Hack Each Other—A Staged Affair in the French Underground? appeared first on National Cyber Security.

View full post on National Cyber Security

Syrian War: Is The Chemical Attack A False Flag & Staged? – To day (24h August 2013)

Syrian War: Is The Chemical Attack A False Flag & Staged? Alex covers the move toward war against Syria following a questionable chemical attack on this Thur… Read More….

View full post on The Cyber Wars

Art professor impersonated tea party activist, staged Facebook hacking, calls it ‘performance art’

A Utah college professor helped create and cultivate a fake identity as a tea party activist for nearly two years, using a fictional Facebook account to deceive thousands of conservatives as part of an elaborate “performance art” project, The Daily Caller has learned.

View full post on facebook hacker — Yahoo! News Search Results

View full post on National Cyber Security

Multifunctional malware, staged drive-by attacks to rise in 2012

Automated toolkits with business models that include rental agreements and constant updates will
gain considerable improvements in 2012, with many attack kits being primed with new features that
enable even the least tech-savvy cybercriminals to hone malware
in 2012
for highly targeted attacks.

It all starts with a blob of
heavily obfuscated Javascript and ends within a few minutes with the victim’s PC
pwned and the victim’s
passwords in the hands of some Asian or eastern European goon squad.

Andrew Brandt,  director of Threat Research at
Solera    

Financial malware designed to target and infiltrate bank accounts could be recoded for targeted
non-financial attacks, according to Boston-based security vendor Trusteer. The Zeus and SpyEye
codebases, which are now publicly available, can be manipulated to pull off more sophisticated
targeted attacks against enterprises. “Over the next twelve months perimeters will face an
onslaught from various sources, viruses going financial, APT-style technologies in Zeus code
derivatives manipulated by new coders and in other commercially available malware kits,” Trusteer
CTO Amit Klein noted in the company’s list of predictions.  

A scourge of compromised legitimate websites will continue to fuel an increase in staged attacks
in 2012, according to South Jordan, Utah-based network security vendor, Solera Networks Inc.
High-profile attacks carried out by hactivist groups demonstrated that even the largest
enterprisesstruggle
to control website vulnerabilities
that can give cybercriminals a way into sensitive systems.
Andrew Brandt, Solera’s director of Threat Research, urges Mozilla Firefox users to keep their
plug-ins updated and install NoScript to stop the onslaught of drive-by
attacks using malicious JavaScript
.

“As far as I can tell, it’s the only surefire method of preventing an accidental infection of a
Windows PC by exploit-kitted webpages,” Brandt wrote in the Solera blog. “It all starts with a blob
of heavily obfuscated Javascript and ends within a few minutes with the victim’s PC pwned
and the victim’s passwords in the hands of some Asian or eastern European goon squad.”

Solera’s Brandt also points to vulnerable WordPress.org blog plug-ins as a major contributor to
the problem. Malware writers upload their code to the vulnerable webpages, enabling them to serve
up keyloggers to blog visitors. “Most of the code we’ve seen uploaded to legit sites redirects the
browser into the maw of one or another exploit kits,” Brandt wrote.

Hardware security weaknesses
Meanwhile, security giant McAfee, which was acquired
in 2010 by chipmaker Intel
, is predicting a spike in attacks that leverage embedded hardware or
use a computer’s master boot record and BIOS layers, to bypass traditional security technologies.
“We expect to see more effort put into hardware and firmware exploits and their related real-world
attacks throughout 2012 and beyond,” according to McAfee.

Embedded systems that run GPS routers, ATM machines, medical devices and other systems can be
rooted and are at risk to falling under the control of sophisticated cybercriminals, according to
McAfee’s “2012
Threats Predictions
” (.pdf) report.

“Controlling hardware is the promised land of sophisticated attackers,” according to the report.
“If attackers can insert code that alters the boot order or loading order of the operating system,
they will gain greater control and can maintain long-term access to the system and its data.”

McAfee’s prediction is somewhat buoyed by Columbia University researchers who demonstrated how
HP
printer vulnerabilities
could be used by cybercriminals to gain access to corporate
networks.

Michael Sutton, vice president of security research at SaaS-based email and Web gateway security
vendor Zscaler Inc. said the focus on hardware-based
threats
may force hardware vendors to increase their focus on security and take vulnerability
disclosure more seriously. Sutton’s presentation at Black Hat 2011 focused on weaknesses in
embedded Web servers.

“Security in the hardware space is at least ten years behind security in the software industry,”
Sutton wrote in Zscaler’s ThreatLabZ blog. “Hardware vendors will get a wake-up call as researchers
shift their efforts to hardware and party like it’s 1999.”


Article source: http://searchsecurity.techtarget.com/news/2240113180/Multifunctional-malware-staged-drive-by-attacks-to-rise-in-2012

View full post on National Cyber Security » Virus/Malware/Worms

My Twitter

  • RT @GregoryDEvans: IT’S TIME FOR BOTH PARTIES TO GET SERIOUS ABOUT CYBERSECURITY: PICKS OF THE WEEK https://t.co/8B5WykWYGP https://t.co/XU…
    about 6 hours ago
  • RT @GregoryDEvans: Teacher Gets Rid Of Homework, Gets A+ From Students And Parents https://t.co/HJVDfZCChe
    about 6 hours ago
  • RT @GregoryDEvans: ALLEGED NSA HACKERS PROBABLY GAVE AWAY A SMALL FORTUNE BY LEAKING EXPLOITS https://t.co/CxrIh0WXHy https://t.co/3YMQmX1b…
    about 10 hours ago
  • RT @GregoryDEvans: Turkish journalist Baris Pehlivan jailed for terrorism was framed by hackers, says report https://t.co/DNFlEB7ZFV https:…
    about 12 hours ago
  • RT @GregoryDEvans: John Krasinski Is The Kind Of Dad Who Shows Photos Of His Newborn At A Movie Premiere https://t.co/rEvveKkuAK
    about 19 hours ago

AmIHackerProof.com By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans