HP Security Research OSINT (OpenSource Intelligence) articles of interest--June 20, 2014

 Key Articles of Interest

 

H4CKER5 WANTED: An Examination of the Cybersecurity Labor Market
There is a general perception that there is a shortage of cybersecurity professionals within the United States (indeed, in the world), and a particular shortage of these professionals within the federal government, notably those working on national and homeland security as well as intelligence. Shortages of this nature complicate securing the nation’s networks and may leave the United States ill-prepared to carry out conflict in cyberspace.

 

So Why That Chip, Mr. GCHQ?
Recently, a report on the chips destroyed last year in the Guardian office disturbed me, raising some subtle but important red flags. The report revealed that when the British counterpart to the NSA—GCHQ—destroyed copies of Snowden’s leaked documents at the Guardian, it ALSO destroyed keyboard controllers and power converters. Why?

The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the ...
A spammer needs three elements to run a spam operation: a list of victim email addresses, content to be sent, and a botnet to send it. Each of these three elements are critical for the success of the spam operation: a good email list should be composed of valid email addresses, a good email content should be both convincing to the reader and evades anti-spam filters, and a good botnet should efficiently sent spam.

APT Kill chain - Part 4 : Initial compromise
This blog post is part of a series on APT killchain. In the previous step, we’ve seen how the attacker used reconnaissance techniques to collect data on its target. Now we will focus on the initial compromise.

Cybersecurity firm says large hedge fund attacked
In an audacious and sophisticated attack, cybercriminals acting in late 2013 installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers, CNBC has learned.

Pentagon cyber unit wants to ‘get inside the bad guy’s head’
After several years of planning, the Pentagon’s Cyber Command is finally beginning to conduct operations such as tracking adversaries overseas to detect attacks against critical computer networks in the United States, according to a senior defense official.

Ukraine election narrowly avoided ‘wanton destruction’ from hackers (+video)
A brazen three-pronged cyberattack against last month’s Ukrainian presidential elections has set the world on notice—and bears Russian fingerprints, some say.

Static program analysis assisted dynamic taint tracking for software vulnerability discovery
The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF to detect software vulnerabilities with high code coverage.

How an FBI Informant Helped Orchestrate the Hack of an FBI Contractor
Weeks after he started working quietly as an FBI informant, Hector Xavier Monsegur, known by his online alias “Sabu,” led a cyberattack against one of the bureau’s very own IT contractors.

10 Ways to ‘Fix’ Cybersecurity
Security reporter, Byron Acohido, and I asked ten cyber-experts to offer up their best ideas for stemming the threats we face when it comes to digital security. Note: Almost every one of them muttered something about there being no silver bullets.

The Cybersecurity Risk Paradox: Measuring the Impact of Social, Economic, and Technological Factors ...
Around the globe, societies are becoming increasingly dependent upon information and communications technology (ICT) which is driving rapid social, economic, and governmental development. Yet with this development, new threats to digital infrastructures have emerged.

IBM Security Services 2014 Cyber Security Intelligence Index
IBM Managed Security Services continuously monitors billions of events per year, as reported by a sample of nearly 1,000 of our clients in 133 countries. This report is based on the cyberattack event data IBM collected between 1 January 2013 and 31 December 2013 in the course of monitoring client security devices, as well as data derived from responding to and performing forensics on cyberattack incidents.

Gear to Block ‘Juice Jacking’ on Your Mobile
Ever since I learned about the threat of “juice-jacking”—the possibility that plugging your mobile device into a random power charging station using a USB cord could jeopardize the data on that device—I’ve been more mindful about bringing a proper power-outlet charging adapter on my travels.

How to Catch a Chess Cheater: Ken Regan Finds Moves Out of Mind
“What’s God’s rating?” asks Ken Regan, as he leads me down the stairs to the finished basement of his house in Buffalo, New York. Outside, the cold intrudes on an overcast morning in late May 2013; but in here, sunlight pierces through two windows near the ceiling, as if this point on earth enjoys a direct link to heaven.

 

Click here to see last week's articles of interest. 

Labels: HPSR
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation