Daniel Gifford

Posts by Daniel Gifford

New Variant of Bugat Malware Borrows Lucrative Gameover Zeus Techniques- 14 August 2014

14 August 2014 by Etay Maor- “IBM’s Security Intelligence” A new version of the Bugat/Cridex/Feodo/Geodo malware family has adopted techniques of HTML injection used in the highly successful but now largely defunct GameOver Zeus botnet. The new versions have been … Continue reading

UPS Stores hacked, possibly compromising user data 20 August 2014

20 August 2014 by Dara Kerr- “CNET” UPS has disclosed a malware attack on at least 51 of its branch locations which has resulted in the possible compromise of consumer credit and debit card information. An incident response company has … Continue reading

Twitter Steps Up, Suspends Accounts That Share Horrific Beheading Video- 20 August 2014

20 August 2014 by Issie Lapowsky- “Wired” Twitter has announced plans to suspend any accounts which share the video of the beheading of journalist James Foley at the hands of the Islamic State. This marks a continuing evolution in policy … Continue reading

How to Break Cryptography With Your Bare Hands- 20 August 2014

20 August 2014 by David Talbot- “MIT Technology Review” Researchers have found a new method of breaking encryption, by measuring the electrical potential changes in the chassis of the device as it performs cryptographic operations. The attack can even be … Continue reading

New Site Recovers Files Locked by Cryptolocker Ransomware- 6 August 2014

6 August 2014- By Brian Krebs- KrebsOnSecurity.com New Site Recovers Files Locked by Cryptolocker Ransomware. FireEye and Fox-It have collaborated to help out the hundreds of thousands of users worldwide who fell victim to the Cryptolocker ransomware.  Users simply need … Continue reading

Russian Hackers Amass Over a Billion Internet Passwords- 5 August 2014

5 August 2014- by Nicole Perlroth and David Gelles- New York Times Russian Hackers Amass Over a Billion Internet Passwords. A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password … Continue reading

New Malware Operates Entirely from the Registry Using No Files- 31 July 2014

31 July 2014- by Paul Rascagnères- GDATA SecurityBlog Poweliks: the persistent malware without a file. Malware has been discovered which operates exclusively from the victim machine’s registry, posing problems for some of the dominant remediation paradigms. The malware also uses a … Continue reading

The Social Laboratory: Singapore’s Experience with Surveillance and Big Data- 29 July 2014

29 July 2014- by Shane Harris- Foreign Policy The Social Laboratory. Singapore is testing whether mass surveillance and big data can not only protect national security, but actually engineer a more harmonious society. This essay explores Singapore’s mass surveillance and data-mining apparatus, … Continue reading

Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers- 15 July 2014

15 July 2014- by Andy Greenberg- “Wired” Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers. Google has put together a team of renowned vulnerability researchers who will work to find and secure vulnerabilities in software and protocols not made or … Continue reading

Israel’s Channel 10 TV Station Hacked by Hamas- 16 July 2014

16 July 2014- by “Waqas”- “HackRead” Israel’s Channel 10 TV Station Hacked by Hamas. Hamas has attacked the satellite uplink used by Israeli channel 10, in a broadcast signal intrusion incident. This is the second such attack, the first being … Continue reading

Crowdstrike Attributes Hacking Attacks to PLA Unit 61486- 9 June 2014

9  June 2014- by Nathaniel Hartley- “Crowdstrike Blog” Hat-tribution to PLA Unit 61486. Crowdstrike has attributed a number of hacking attacks on the US and European defense, aerospace and satellite industries to a Chinese military unit. Among the evidence presented … Continue reading

Microsoft Research Paper on Individual Password Management- 1 July 2014

1 July 2014- by Dinei Florencio, Cormac Herley, and Paul C. van Oorschot- “Microsoft Research” Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. Microsoft researchers have published a paper, to be presented at the USENIX Security 2014 conference … Continue reading

The WIP hosted #LocalVoicesTalk about Women in Islam, a Twitter event.

On Thursday, July 24, The WIP hosted a Twitter chat “Women in Islam: Myth vs. Reality.” Join the conversation from 9:30 am – 10:30 am PDT on Twitter. #LocalVoicesTalk.  You can view a recap of the discussion here. There will also be … Continue reading

How Russian Hackers Stole the Nasdaq- 17 July 2014

17 July 2014- by Michael Riley- “Bloomberg Businessweek” How Russian Hackers Stole the Nasdaq. A review of an incident, still not wholly resolved within the public domain, wherein hackers of possible Russian origin gained access to the operating code for … Continue reading

Apple hits back at China over iPhone privacy claims- 14 July 2014

14 July 2014- by Kevin Rawlinson- “BBC News” Apple hits back at China over iPhone privacy claims. Apple has responded to claims by researchers in China that the IPhone IOS 7 threatens Chinese national security through the “Frequent Locations” feature, … Continue reading

Chinese Hackers Pursue Key Data on U.S. Government Workers- 9 July 2014

9 July 2014- By Michael S. Schmidt, David E. Sanger, and Nicole Perlroth- “The New York Times” Chinese Hackers Pursue Key Data on U.S. Government Workers. The Office of Personnel Management has apparently had its servers and databases breached by … Continue reading

Smart LED light bulbs leak wi-fi passwords- 8 July 2014

8 July 2014- by Jane Wakefield- “BBC News” Smart LED light bulbs leak wi-fi passwords. Context Security has released details of a security lapse in the design of the LIFX LED light bulb, which allow users to remotely control their … Continue reading

EFF sues NSA over the “hoarding” of zero-day security bugs- 2 July 2014

2 July 2014- by Lain Thompson- “The Register” EFF sues NSA over snoops ‘hoarding’ zero-day security bugs. The controversy over the purchase of zero-day flaws has expanded with a new lawsuit by the EFF against the NSA for their practices. … Continue reading

Infrastructure Hackers, Script Kiddies and “Watchdogs”: A Round-up of Monsters Under the Bed from CIS/MS-ISAC

A recent report from the MS-ISAC (Multi-State Information Sharing Analysis Center) and written by CIS (Center for Internet Security, a private nonprofit) publicized by security journalist Brian Krebs addresses a series of concerns regarding an infrastructure hacker who calls himself “Sun Hacker” … Continue reading

Turkey Thrashes Twitter, Leaks put Gov in a Twist

Amid deepening corruption scandals in Turkey, the Turkish Government has shut down access to a number of social media outlets, most recently Twitter, after Twitter failed to comply with their demands to censor links to wiretapped conversations of the inner … Continue reading