Holidays are prime time for phishing scams – USATODAY.com

Holidays are prime time for phishing scams – USATODAY.com

BBC News - Hackers 'hit' US water treatment systems

BBC News - Hackers 'hit' US water treatment systems

Who's In Your Database? - Security - Security administration/management - Informationweek

Who's In Your Database? - Security - Security administration/management - Informationweek

Click-jacking

Attaching a nice presentation on the topic of Click-jacking.

http://elie.im/publication/busting-frame-busting-a-study-of-clickjacking-vulnerabilities-on-popular-sites

The presentation and site also describe a "mobile" version of Click-jacking named Tap-jacking,

and also state the importance of addressing these different threats on mobile versions of sites (if a specific version was even developed).

Almost a third of execs lack confidence in info security strategy | TechCentral.ie

Almost a third of execs lack confidence in info security strategy | TechCentral.ie

Symantec uncovers Nitro attacks targeting chemical industry

Symantec has revealed yet another large-scale targeted cyber attack, this time designed primarily to steal information from chemical and defense companies.

The attack, which seems to be related to China, is part of a growing overall trend in the chemicals market of stealing intellectual property.

The discovery comes during a year in which many similar attacks have been uncovered, including Night Dragon, Shady RAT and Lurid, all apparently designed to covertly steal intellectual property from a range of organizations. 

Attached is the original Reuters link which first published the news along with a more detailed analysis of the attack.

http://www.reuters.com/article/2011/10/31/us-cyberattack-chemicals-idUSTRE79U4K920111031

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf

How organizations manage cloud computing security risks

How organizations manage cloud computing security risks

Duqu vs. Stuxnet – more of the same?

Duqu, the newly discovered malware, has been named by many as a 'predecessor to Stuxnet', but in fact this piece of sneaky code has its resemblances and differences  to the notorious worm.

A variety of anti-malware researchers and firms recently reported that Duqu's structure, in terms of files and some internal logic, is almost identical to its alleged predecessor - offering a close familiarity with Stuxnet source-code in order to conduct it.

One of the firms even identified Duqu as a version of Stuxnet, and their automatic malware analysis determined it was Stuxnet itself.

On one hand, Duqu is signed with a legitimate digital certificate; Stuxnet did the same with a different certificate, obviously the certificate has been revoked upon discovery.

On the other hand, the purpose of Duqu is entirely different. Some of the uncovered features include keylogging, autodestruct of itself including many traces and transmitting collected data to a Command and Control server using encrypted files, and strange image files that are still under investigation.  

Nonetheless, Duqu's level of sophistication is rare, and it's raison d'être is still remained unsolved.

Keep an eye open on this one, as the story of Duqu's history is slowly revealed.