According to semantic intelligence report, July 2013; number of identities exposed by hackers are 86,901,952 this year alone (are you one of them?), how does the hackers able to achieve this? Well, it is simple, the use of social engineering and reverse engineering; the basic thing we do daily when logging-in our accounts with very complex passwords repetitively in numerous account users operate.
“Hackers expect that you’re probably using the same s***ty password on everything you’ve ever logged into because it’s the easiest way for you to use the internet.
For a hacker, this means if they’ve hacked you anywhere, they’ve hacked you everywhere, even if it’s a complex password. Simply, some websites do a crappy job keeping your password a secret from hackers and hackers can grab it from one of these crappy websites and use it on websites that you care more about.
More often than not a hacker wouldn’t be targeting individuals specifically but processing some kind of password dump for fraud or spam of some kind which would include you.
Tips for you:
- Use unique passwords on every site under the assumption that it someday may end up in the hands of someone that will use it on your bank, your email, social networks of choice, etc. It’s annoying and it sucks, do it anyway, and cross your fingers with me that someone will figure out how to fix the internet’s crappy password situation.
- Factor authentications.
- Password managers
Lastly, if you’re one of those really-smart-people that know all this stuff already, make an effort to make sure your family / friends / co-worker’s do too. Getting hacked is the worst.” Forbes, 2013.
Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic.
Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexic’s president Stuart Scholly said Tuesday. Continue reading High bandwidth DDoS attacks are now common, researcher says
Researchers at Kaspersky Lab are asking for help peeling back the layers covering a mysterious payload of the Gauss malware.
Speculated to be linked to Flame, Gauss was revealed last week to be the latest piece of cyber-espionage malware targeting the Middle East. Primarily hitting users in Lebanon, Gauss steals data about the infected machine as well as information from browsers, such as the history of visited websites and user passwords. In addition, it targets financial information from clients of several Lebanese banks, as well as Citibank and PayPal – possibly making it the first publicly known state-sponsored banking Trojan, Kaspersky has said. Continue reading Are you are a world class cryptographer? Kaspersky Looks for Help Deciphering Gauss Malware
Security researchers have reported spikes in mass SQL injection attacks of late that take advantage of very common vulnerabilities in the way that Web applications interact with back-end databases. Particularly targeting ASP, ASP.Net, and MS-SQL sites, these mass SQL injection campaigns have been linked to black hat efforts to redirect victims to browser exploit kits like Blackhole or Phoenix. Continue reading Mass SQL Injections Spike Again
Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines
The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. With the change in FISMA reporting implemented on June 1, the 20 Critical Controls become the centerpiece of effective security programs across government These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. Continue reading 20 Critical Security Controls
Researchers offer a new way to deal with cyberattacks on critical infrastructure like power and water utilities and banking networks: slow down Internet traffic, including the malicious code, when an attack is suspected; this would allow networks time to deal with the attacks
One of the striking special effects in the film The Matrix occurs during the scene in which Keanu Reeves’ character Neo, sways and bends to dodge bullets as time appears to slow to a crawl. Now, that scene has inspired researchers to develop a way to deal with cyberattacks on critical infrastructure, like power and water utilities and banking networks. Continue reading Slowing time as a way to counter cyberattacks
An industry advisory group wants U.S.-based internet service providers (ISPs) to adopt a “code of conduct” for weeding out botnet infections.
Made up of more than 50 experts, the Communications, Security, Reliability and Interoperability Council (CSRIC), which reports to the Federal Communications Commission, drafted the code that gives ISPs a voluntarily blueprint to follow to address compromised computers belonging to their customers. Continue reading New anti-bot code of conduct approved by FCC