ICSA Labs Security Testing Blog

Print
Terms of Use

Flame ON

This morning’s revelation that Flame used a Microsoft certificate to sign update code underscores exactly what I said earlier about the real issue being that Flame had apparently been on the victim’s systems for at least a couple of years.

Countries Rushing to Cyber Weapons: First Stuxnet, Now Advanced Iran W32/Flame, Flamer or SkyWiper

The Other Shoe Just Dropped
Over the weekend, multiple reports appeared about a new piece of cyber malware, named, W32/Flame, Flamer or SkyWiper. I’ll stick with the official CARO name of W32/Flame.A.

Been around for a least a couple of years, undetected

Smart Phones Do VPNs Too. Who Knew?

What makes a tablet or smart phone a powerful tool? 

Cloud Computing Data Breaches – The Facts

Every year the buzz grows around the Verizon RISK team’s release of its annual Data Breach Investigations Report (DBIR). 

As an incident response professional, the DBIR is one of my favorite reads.  This year’s DBIR included analysis of security concerns in cloud computing.  So for those of you interested in cloud security, this is the blog post for you! 

The report, on page 40 states:

Identity Theft – How You Could Become a Lifelong Victim

Hi folks,

Continuing in the vein of Things That Normal People Need To Watch Out for, I came out of the gym a couple of weeks ago, and as I went to my car door to open it, I found the ground was covered by smashed windscreen glass. Having quickly assured myself that it didn’t come from my car, I found it came from the car beside me, and while I was contemplating this fact, the owner of said car came up, simultaneously talking on her cell phone, looking worried and trying to assure me that all was well.

My view: Some cracks in Apple’s aura of invincibility?

Let me preface this whole article by saying that these are my own personal thoughts and opinions, and in no way reflect those of my employer.

I've always been a Windows guy, and finally bought a Mac about four years ago, partly to see what they were about, and partly to be able to provide tech support to my wife, who was already on her second Mac. She loved it, but kept asking how to do things, or where a document had been saved to, and I had no clue. Here's how it all went down...

Mac Attacks: What n00bs are saying

A couple of days ago, I got this phish in email…

You can instantly tell it’s a phish by the fact that it is addressed to multiple recipients, but to my eyes, it is further proof of the changing situation for Macs. 

Mac Malware

For quite some time, techies have understood that Macs were not invulnerable to malware, and the idea that there was not much Mac malware was a natural consequence of relative market opportunity for the bad guys. Put another way, there were way more PCs than Macs, so there was simply more opportunity for a return on their development and marketing effort. To paraphrase John Dillinger, “I rob banks because that’s where the money is.”

How to Unmask Spam and Scams

 
I nearly wasn’t going to write about this, as it seems so basic, but then I got my second direct pitch from them in less than two weeks, and if nothing else, I figure they deserve to be outed.
 
It all starts with an email like this ….
 

Sponsored Ads Serving Up Scams On Facebook

Over the weekend, my eyes were drawn to this sponsored ad on my Facebook page.
 
 
Hmm… I’ve seen that sort of thing before, but it says it’s something to do with Amazon, so I click it, expecting to go to amazon.com.