Blog

Posted on February 3, 2015 by David Jevans in Blog 42 Percent of Malicious and Risky Apps
Are Published by US Companies or Individuals
In our most recent research report, February 2015 Mobile Threat Report, “U.S. Publishers Are Responsible for Most Malicious and Risky Apps, Putting Everyone with a Smartphone at Risk", we analyzed 1...
Posted on February 3, 2015 by David Jevans in Blog Call for Speakers on Bitcoin Crime:
eCrime 2015 Conference Barcelona
The APWG (www.apwg.org) is hosting the eCrime 2015 conference in Barcelona, Spain. May 26-29, 2015. On Thursday, May 28 the eCrime conference will focus on crypto currencies. https://apwg.org/ap...
Posted on January 27, 2015 by David Jevans in Blog Cybersecurity Non-Profits Should Be America’s Secret Weapon in Obama’s Cyberwar Plan It is inevitable that the United States government will fund a cyberwarfare capability, as discussed in President Obama’s State of the Union Address. Other nations have already begun preparing for c...
Posted on April 29, 2014 by David Jevans in Blog The Beginners Guide to Bring Your Own Device (BYOD) Imagine this scenario. John, an employee of your business, is having a typical morning at work. It's 9:15 a.m., as he's checking his morning emails. Oddly, he gets a notice from the HR department as...
Posted on April 9, 2014 by David Jevans in Blog The Best Information Security Resources on Google Plus Lately, we've been unraveling the top security resources to follow — including the best security experts on Twitter and the best security blogs to read — as it's helpful to discover experts on mul...
Posted on March 24, 2014 by David Jevans in Blog 12 Must-Have iPhone Security Apps to Protect Your Data For the first time in history, people spent more time on their mobile phones than on desktop computers in 2013. As a result, the necessity for phone security is increasingly important. A compromised d...
Posted on January 22, 2014 by David Jevans in Blog, security 10 Security Blogs You Should Be Reading With security the top IT concern for companies, it's critical that professionals stay current with breaking security news. Any business that leverages technology should understand what it can do to pr...
Posted on January 14, 2014 by David Jevans in Blog, security The Biggest Security Breaches of 2013 In 2013, millions of accounts were compromised. Customers suffered and businesses lost millions of dollars due to the massive security breaches that took place. However, these security breaches are on...
top-100-security-experts-80x80 Posted on November 20, 2013 by David Jevans in Blog, security 100 Security Experts to Follow on Twitter As the worldwide security technology market is forecasted to grow 28% by 2016, according to Gartner, companies are continuing to strengthen their security technologies. With security being the p...
Posted on October 21, 2013 by David Jevans in Blog, security One in Four Young Adults Experience Hacked Accounts New research by Marble Security indicates that more than 1 in 4 U.S. young adults born between 1980-2000 have had online accounts hacked. The national average — regardless of age — is closer to 1 ...
ushomelandsecuritylogoTN Posted on August 27, 2013 by David Jevans in Blog, security FBI and Homeland Security Warn of Android Security Risks The US Department of Homeland Security has circulated a report to government agencies, including fire departments, ambulance services and police, warning of the risks of Android mobile devices. The...
phishing-activity-reportTN Posted on August 5, 2013 by David Jevans in Blog, eCrime, security APWG Releases Latest 2013 Phishing and Malware Report The Anti-Phishing working group has released their latest 2013 phishing and malware report.  Click here to download the full report from www.apgw.org. Broad-based phishing attacks declined in nu...
Posted on August 5, 2013 by David Jevans in Blog, security “Good” Trojan Horse??? Dove, a maker of soap, released a Trojan into the art world.  This Trojan horse malware tampers with Photoshop files, and attempts to educate artists that modifying body images for advertising is "wr...
Posted on June 27, 2013 by David Jevans in Blog, eCrime, security New insight into bank hacking and malware – carberp source code leak Even hackers get hacked. The source code software for the Carberp malware has been leaked onto the Internet. Carberp is sophisticated criminal software that can infect your PC and allow criminals to...
Posted on June 25, 2013 by David Jevans in Blog, eCrime, security Cyber Security and its Implications for the Economy and the Financial Sector The Organization of American States is hosting a one-day conference tomorrow to address “Cyber Security and its Implications for the Economy and the Financial Sector.” Government and industry dign...
Posted on June 8, 2013 by David Jevans in Blog, eCrime, security A Very Sophisticated Android Malware Our friends at Kaspersky Lab have posted an analysis of the Android Trojan Backdoor.AndroidOS.Obad.a This looks like one of the most sophisticated malware samples ever on the Android platform. It ...
Posted on May 28, 2013 by David Jevans in Blog, eCrime, security Liberty Reserve Shut Down By Feds for Money Laundering Liberty Reserve, a cross-border payments service based in Costa Rica, has been effectively shut down by the US and Spain. The US claims that Liberty Reserve has laundered over $6B over the last 10 ye...
Posted on May 25, 2013 by David Jevans in Blog, eCrime, security Vendini notifies me that they have been hacked Payment processor Vendini just notified me that their customer database has been hacked and my personal information has been stolen. It includes name, address and credit card details. I'm shocked th...
Posted on May 24, 2013 by David Jevans in Blog, eCrime, security Twitter adds 2-Factor Authentication using SMS messages to your mobile In the wake of numerous high profile account takeovers of the twitter accounts of media companies including CBS News' "60 Minutes" and "48 Hours" and the Associated Press, Twitter has finally rolled o...
Posted on May 19, 2013 by David Jevans in Blog, security How To Attack And Evesdrop On An Open WiFi As users become increasingly mobile, on their Android devices, iPhones and iPads, they are using more and more WiFi networks in more and more locations. The BYOD (bring your own device) trend only mak...
Posted on May 19, 2013 by David Jevans in Blog, eCrime, security The Mobile Device Cyber Crime Economy Is Taking Off Researchers at the APWG Mobile Working Group (Anti-Phishing Working Group) have released two comprehensive reports detailing the new threat landscape against users of mobile devices, and how the crimi...
Posted on May 19, 2013 by David Jevans in Blog, eCrime, security How everyday criminals are involved in high tech cyber crime Last week Federal prosecutors announced the arrests and charges against members of a cybercrime gang accused of stealing more than $45 million from banks around the globe. Apparently skilled hacker...
Posted on May 8, 2013 by David Jevans in Blog, eCrime, security Obama may back FBI Internet wiretapping capabilities Amid the increasing visibility of cyber crime and cyber war, the Obama administration may be about to back legislation that would dramatically expand the FBI’s ability to track internet communicatio...
Posted on May 7, 2013 by David Jevans in Blog, eCrime, security Homeland Security Forewarned of Today’s OpUSA Hacktivists Attack Last week I received a cyber security bulletin from US Department of Homeland Security, issued to government agencies, financial institutions, large corporations and law enforcement agencies warning o...
Posted on March 17, 2013 by David Jevans in Blog, eCrime US Postal Service Warns Me Of Fake Lottery Scams By Physical Mail! I was surprised this week to receive a postcard in my mailbox that looked like regular junk mail, but turned out to be a clever warning from the USPS and AARP regarding advanced fee fraud. They are...
Posted on March 2, 2013 by David Jevans in Blog Bitcoin gains more legitimacy with Silicon Valley Bank support. My favorite anonymous digital currency, bitcoin, has gained a new foothold of legitimacy. California-based Silicon Valley Bank has forged a deal with bitcoin exchange MtGox to facilitate the flow o...
Posted on February 26, 2013 by David Jevans in Blog, security Identity and Account Takeover fraud hits $21B in 2012 I really respect Javelin Strategies and their annual bank fraud report. According to their newly released report, identity fraud is on the rise due to Internet account takeover. They say that 12M pe...
Posted on February 19, 2013 by David Jevans in Blog, security Using Google Docs for Spear Phishing Spearphishing is one of the most dangerous of all the Advanced Persistent Threats. It is basically a targeted attack against a single user, or a small group of users, in order for the attacker to gai...
Posted on February 15, 2013 by David Jevans in Blog, Latest News, security Obama’s Presidential Cyber-Security Order Promotes Data Sharing, And That’s A Very Good Thing Some have criticized President Obama's cyber-security order for being unspecific, and calling for more study. However, the order, which was presented the day before this State of the Union address, i...
Posted on February 4, 2013 by David Jevans in Blog, eCrime, security Twitter Hacked. 250,000 users info stolen. Beware APTs From the Twitter IT blog: http://blog.twitter.com/2013/02/keeping-our-users-secure.html?m=1 This week, we detected unusual access patterns that led to us identifying unauthorized access attempts ...
Posted on February 1, 2013 by David Jevans in Blog, eCrime Identity Theft and Drugs Go Together It's not the first time that I have heard of this. Police investigations are increasingly turning up links between traditional drug gangs and online identity theft rings. Here is a bulletin I just r...
Posted on January 24, 2013 by David Jevans in Blog, security Barracuda Networks Devices Contain SSH BackDoor Apparently tens of thousands of Barracuda Networks devices (VPN, web filters, spam filters) are configured to listen for SSH connections from various IP address ranges, without decent authentication. ...
Posted on January 24, 2013 by David Jevans in Blog, security Cyber Threat Watch: Fidelity.com to add online wire transfer capability Fidelity.com today emailed me a pre-announcement that they will be adding the ability to initiate bank wire transfers from Fidelity.com soon. Their email states that to add security, they will reques...
Posted on January 23, 2013 by David Jevans in Blog, security Does Anyone Believe Mega’s Encrypted Filesharing Traffic Claims? Kim DotCom's new file sharing service, Mega, claimed this week to be approaching the utilization rates of industry leader DropBox. I'm not sure I buy it. But one thing that I do like is that the...
Posted on January 22, 2013 by David Jevans in Blog, security Google Proposes Hardware Devices To Replace Passwords In a forthcoming paper, researchers at Google are proposing that passwords on the Internet be replaced with hardware devices, such as plugable USB tokens or wireless rings, that would store and manage...
Posted on December 13, 2012 by David Jevans in Blog Example of how Windows Malware Injects Code Into Your Apps Here is a nice detailed debug analysis of how Windows malware injects itself into pre-existing applications to turn them into malware.
Posted on December 6, 2012 by David Jevans in Blog Click Here to Send SMS Spam Today I received this marketing email from a well-meaning company that plans to bombard your SMS text message inbox with spam. "Mobile Commons is an award-winning text messaging and CRM platform that...
Posted on December 6, 2012 by David Jevans in Blog Websites Pushing Fake MDM Profiles To Take Over iPads In the last week I have encountered 3 websites that are trying to take over control of iPads by pushing Mobile Device Management (MDM) profiles on to the device. iPhones and iPads are much more secur...
Posted on December 6, 2012 by David Jevans in Blog LSU Healthcare Facing Identity Theft Challenges from an Employee LSU Healthcare is facing a crisis of confidence this week. An internal employee in the finance department stole the identity information of over 400 patients, and wrote counterfeit checks against the...
Posted on November 14, 2012 by David Jevans in Blog, eCrime FBI Warns Against Smartphone Android Malware The FBI's Internet Crime Complaint Center has been warning banks and their customers this month about malware that is targeting smartphones, particularly Android devices, to steal online banking crede...
Posted on October 22, 2012 by David Jevans in Blog, security 8% of Android Apps are Vulnerable to Man In The Middle Data Interception A new report has analyzed over 13,000 Android apps on the Play marketplace, and found that 8% do not properly implement SSL server authentication. These popular appps do not verify the hostname again...
Posted on October 16, 2012 by David Jevans in Blog, security Data is the New Oil "We're able to view just everything that they do," Bill Diggins at Verizon Wireless told an industry conference earlier this year. "And that's really where data is going today. Data is the new oil." ...
Posted on July 12, 2012 by David Jevans in Blog, eCrime, security Almost half a million Yahoo passwords stolen and published I was shocked to learn today that the Yahoo Contributor Network has been hacked by SQL injection, and a database of usernames and passwords was stolen and published publicly. What is astonishing is t...
Posted on May 7, 2012 by David Jevans in Blog, eCrime, security Most Natural Gas Infrastructure Under Phishing Attacks The US Department of Homeland Security is warning that “Most natural gas pipeline infrastructure in the U.S.” is experiencing targeted spear-phishing attacks designed to infect employee computers ...
Posted on April 20, 2012 by David Jevans in Blog, eCrime, security Fidelity – What are you thinking regards security? I was pleased to receive a statement for a rollover 401k from Fidelity today. Imagine my surprise when I found out that my 401K was registered to RSA Security (whom I’ve never worked for). As a s...
Posted on April 20, 2012 by David Jevans in Blog, eCrime, security LulzSec/Anonymous Jail Sentences Will Not Stop Cyber Crime The guys who were arrested for LulzSec and Anonymous hacking last summer face still jail terms. While the “mastermind” faces over 100 years of sentences, he will likely only serve 2. Still, 2 ye...
Posted on April 19, 2012 by David Jevans in Blog, eCrime, security More than 30% of the disputed Google/Oracle/Sun Java APIS are for Security By my count, 14 of the 37 disputed Java APIs in the Google vs Oracle (Sun) dispute around java are security specific APIs. Do we really need to go to court to fight around simple common APIs such as ...
Posted on April 12, 2012 by David Jevans in Blog, eCrime, security SpyEye banking malware author rumored to be dead Rumors are circulating on the Internet that “Krabz”, the author of the notorious SpyEye banking trojan, has died of a drug overdose.
Posted on April 11, 2012 by David Jevans in Blog, eCrime, security An ISP/Mobile Phone provider dedicated to user privacy? News.com published an article about Nicholas Merrill describing his plans to develop an ISP and mobile phone carrier that is focused on user privacy. Using end-to-end encryption, and not storing any ...
Posted on April 9, 2012 by David Jevans in Blog, eCrime, security The Android Malware Race Begins Researchers at NQ Mobile and North Carolina State University have found Android malware circulating in the wild that appears to me to be test code by attackers to see how they can exploit vulnerabili...
Posted on March 23, 2012 by David Jevans in Blog, eCrime, security Nigerian Credit Card Scammers Use AT&T Government Funded Services To Perpetrate Fraud!?!? In my role at the Anti-Phishing Working Group (www.apwg.org), I get to learn all about the latest kinds of Internet fraud. For a decade now, we have been dealing with scammers, based in Nigeria, who ...
Posted on March 23, 2012 by David Jevans in Blog, eCrime, security Just say “No” when employers ask for your Facebook password I was shocked to read an article today on News.com, describing a practice by employers or potential employers of asking employees or job applicants for their Facebook passwords! This just seems like...