Tag: Web

Fraud Analytics: You’re Doing It Wrong!

One of the most vexing problems in computer security today is distinguishing malicious from legitimate behavior on victim networks. Sophisticated cyber criminals and nation-backed hacking groups make a point of moving low and slow on compromised end points and networks, while victim organizations are (rightly) wary of disrupting legitimate business activity for the sake of spotting a breach. In this Security Ledger Podcast, Paul interviews Jason Sloderbeck, Director of Product Management at RSA, EMC’s security division.  Jason talks about RSA’s Silvertail fraud analytics technology, and the organizational and technology issues that keep victims from spotting attacks. One of the big mistakes organizations make when they investigate attacks, Sloderbeck said, is focusing too narrowly on a point in time during a web session that is felt to be a good indicator of compromise – like when a user authenticates to a service or “checks out” on an e-commerce web site. “There’s a whole […]

Continue Reading

Wardriving Goes Corporate: Comcast Turning Residential WiFi Into ‘Millions of Hotspots’

One of the big challenges to the growth of the “Internet of Things” is access. It goes without saying that, without access to the Internet, almost all of the benefits of connected devices disappear. Your smart phone becomes a dumb phone. Your ‘net connected watch or running shoes or car scream into the void – trying desperately to connect to a network that isn’t there. Here in the U.S., that problem has typically been addressed by routing traffic through 3G or – depending on where you live – 4G wireless networks. However, access to those networks is spotty, especially in the sparsely populated Western U.S. According to a survey by the U.S. Federal Communications Commission (FCC), much of the Western U.S. is a 3G wasteland, with little or no access to broadband wireless networks. One solution is to tap the loose network of residential broadband subscribers, allowing them to peel […]

Continue Reading

UN Calls Electronic Surveillance A Threat To Democracy

A new report out from the United Nations’ General Assembly warns that governments’ use of electronic surveillance and monitoring of citizen communications is a violation of human rights and calls for updated laws and guidelines that reflect changes in communications “techniques and technologies.” The growing use and sophistication of digital surveillance has outstripped the ability of societies to legislate their proper use, leading to “ad hoc practices that are beyond the supervision of any independent authority,” and that threaten to stifle free expression, according to the report, issued by the UN General Assembly’s Human Rights Council (PDF). First issued in April, but released to the public this week, the report looks at States’ use of communications surveillance and their impact on what the report calls “human rights to privacy and to freedom of opinion and expression.” It concludes that the growth of online surveillance of electronic communications, including access to stored […]

Continue Reading

Illiquid: Liberty Reserve Gone, Cybercrooks Look For Alternatives

Now that authorities in Spain, Costa Rica and the U.S. have taken down online money transfer service Liberty Reserve, the cyber underground is facing a serious liquidity crunch, as criminal gangs, botmasters, spammers and malicious hackers look for a safe platform on which to transact business. But finding a ready substitute may not be easy, with Liberty Reserve’s close competitors showing less tolerance of its “no questions asked” account creation policy, and less scrupulous outlets wary of the long arm of the U.S. Justice Department. Liberty Reserve (libertyreserve.com) went offline on Friday along with dozens of other domains operated by its founder, Arthur Budovsky – a.k.a. “Arthur Belanchuk” a.k.a “Eric Paltz.” Budovsky was arrested in Spain on May 24th. Spanish authorities acted at the request of authorities in Costa Rica, where Budovsky had set up shop, and the U.S. A three-count criminal complaint filed there by the U.S. Attorney for the […]

Continue Reading

Browser Plug-in Steals Facebook Logins, Pumps Spam For GM Cars

Microsoft is warning users of Google’s Chrome and The Mozilla Foundation’s Firefox web browsers that a malicious browser extension for those platforms attempts to steal Facebook account login information after it is installed. The attacks have mostly occurred in Brazil, Microsoft, and have been linked to spam campaigns promoting GM cars, like the Chevy Celta, an ultracompact car produced by General Motors do Brasil, according to a post on Microsoft’s Technet web site. Microsoft identified the malware bundled with the browser extensions as Febipos.A, a malicious Trojan. After being installed, the Trojan waits for the user to log in to Facebook before it springs to life. Febipos downloads commands from a remote website that instruct it to carry out a wide range of actions through the active Facebook account, including wall posts, sharing and “liking” pages, commenting on other users’ posts and inviting Facebook friends to a group chat. You […]

Continue Reading
1 16 17 18 19 20 26