21st Century Learning and Teaching

The game of cat-and-mouse between malware authors and security white hats may have entered a new phase this week, thanks to an aggressive new malware system that doesn’t just attempt to obfuscate its own operation — it aggressively scans for clues that others are monitoring its actions. If it detects that it’s operating within a Virtual Machine, the malware, dubbed Rombertik, will go nuclear and attempt to overwrite the master boot record of the local hard drive.

Cisco’s threat response team has detailed the operation of Rombertik, and the malware’s obfuscation and attack vectors are unique. Once installed, it’s a fairly standard data sniffer that grabs indiscriminately from the information available on an infected PC. What sets Rombertik apart is the way it checks to see if it’s running in a VM-provided sandbox, and the actions it takes if it finds itself in such a mode.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Rombertik

Das Vergleichsportal Netzsieger.de hat Infografiken mit Malware-Fakten veröffentlicht. Demnach ist jeder dritte Computer weltweit mit Malware infiziert. In Deutschland sieht es nicht viel besser aus.

Mehr erfahren:

- https://gustmeesde.wordpress.com/2014/12/13/mobile-security-smartphones-sind-auch-mini-computer/

- https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

- https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

Russian security software maker Kaspersky Lab published a report all but accusing the NSA of hiding spyware on hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers. And there’s no way to know if it’s on there.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Equation-Group

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

Targeted attacks aim to steal sensitive data from Mac systems, says F-Secure

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Malware is still being created at the record levels reached in the previous quarter: 15 million new samples were generated, at an average rate of 160,000 every day, according to Panda Security.

Learn more:

- http://gustmees.wordpress.com/2012/07/11/cyberhygiene-hygiene-for-ict-in-education-and-business/

The official Microsoft Security Blog provides in-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance.

Each week you’ll hear from Microsoft security experts who share insights and report on research and our collaborative work internally and with industry and governments around the world to build more secure software and services; to advance the IT ecosystem; and collective efforts to build a safer, more trusted Internet for everyone.

The SANS Securing The Human Program provides IT/information security awareness training to address everything your organization needs to secure your employees, contractors, IT staff, and management.

"Wow! This is the first security awareness document that our users really like! Thank you, SANS"

That note came from the CISO of an 8,000 employee organization. OUCH! is the world's leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community.

Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization. OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license. You are encouraged to distribute OUCH! within your organization or share with family and friends, the only limitation is you cannot modify nor sell OUCH!.

Le mythe vient de s'effondrer : un chercheur en sécurité vient de démontrer combien il était facile de contourner les mécanismes de sécurité mis en place par Apple dans OS X pour polluer le système avec des malwares.

Finalement, Apple ne fait pas mieux que les autres fabricants ni même éditeurs de solutions de protection, puisque la conférence a démontré que la plupart des outils de protection pouvaient être contournés.

Apple reste toutefois moins sujet aux attaques pour l'instant, mais les choses pourraient changer à l'avenir.

En savoir plus / Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Immune+No+More%3A+An+Apple+Story

Web site security monitoring and malware removal

Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.

Learn more:

- http://www.scoop.it/t/ict-security-tools

Is there any (Mac) OS X-specific malware around? Oh yes. But for some odd reason I haven't said anything interesting on this topic for quite a while… The last time was two and a half years ago. Yes...

So what can we deduce from these data?

First: cybercriminals find it easiest making money with mostly legal (well, almost legal) approaches. Persistent advertising also makes money, and coupled with large-scale infections – big money.

Second: OS X virus writers are a fairly rare but sophisticated species. Unlike the Windows virus scene, the OS X virus scene bypassed the childish stage of ‘viruses for fun’ and went straight to the grown-up – Mac OS – stuff with all the attendant hardcore malware tricks that are necessary for it. These are serious folks, folks! It’s very likely they honed their skills on the Windows platform first, and then went over to Mac to conquer new, uncharted territory in search of new untapped money-making possibilities. After all, the money’s there, and the users are relatively blasé about security, which means there are plenty of opportunities – for those blackhatters who are willing to put in the work.

Third: professional espionage groups have really taken to exploiting OS X. Many APT attacks in the last few years acquired Mac-modules, for example Careto, Icefog, and the targeted attacks against Uyghur activists. Yes, here we’re talking pinpointed –exclusive as opposed to mass – attacks, aimed at specially chosen victims; this is why they don’t figure in the top-20. Not that they are any less dangerous; especially if your data may be interesting to intelligence agencies.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

F-Secure Security Labs brings you the latest online security news from around the world. Ensure that you are up-to-date with the latest online threats to guarantee your online wellbeing.

A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several