Follow Us

 

In this episode we cover the new news and there is lots of it this week.  And we cover the security predictions for 2013.

 

Downloads

HD    Apple HD    Apple SD    Audio MP3    Android

 

The 2013 Predictions

These are the predictions from a number of sources such as Computer World and Trend Micro.

  • ZeuS. Though last updated around more than 2 years ago, ZeuS remains popular among cybecriminals due to its reliability. Because it was coded well, cybercriminals continue to earn money from this toolkit and evade law enforcement.
  • Spyeye. Initially deemed as ZeuS’ rival, SpyEye’s creator Gribodemon offered the toolkit as an alternative while providing support to existing ZeuS customers. Since its debut in 2009, it underwent several improvements until its creator disappeared sometime in 2010.
  • Blackhole exploit kits. Known to distribute malware by exploiting known software vulnerabilities, the stealthier version of Blackhole Exploit Kit was recently released. To avoid detection, its creator Paunch does not directly provide the kit, but instead installed in a web server somewhere that is connected to a database for logging and reporting.
  • These kits will also likely to be more robust, reliable and harder to detect. The current life cycle for a kit is around 2 or 3 years, we should then expect a new wave of new kits anytime soon as we are already seeing some new kits popping up such as Red Kit, Sweet Orange, CritXPack and Cool ExploitKit.
  • Increasing sophistication in malware attacks, not necessarily in the technical aspects of the malware itself but in the deployment of an attack. Such attacks will increasingly have a destructive capacity and that it will be challenging to determine attribution.
  • increasing recognition that social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks.
  • destructive capacity
  • We will see an increase in localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks.
  • Africa will become a new safe harbor for cybercriminals.
  • Conventional malware threats will only gradually evolve, with few, if any, new threats. Attacks will become more sophisticated in terms of deployment.
  • Consumers will use multiple computing platforms and devices. Securing these will be complex and difficult.
  • The volume of malicious and high-risk Android apps will hit 1 million in 2013.
  • Since 2012 saw a surge of “ransomware malware which encrypts your data and holds it for ransom,” expect to see more “irreversible malware.”

 

This week in the News:

  • Blackhole Spam
  • Java Zero Day
  • Phishing Attacks Increase In December
  • Watering Holes
  • IE Zero Day
  • Adobe Flash and Microsoft Updates
  • Ruby On Rails Flaw
  • Facebook and Yahoo Security Hole
  • Android Apps in Debug Mode
  • Malware Author Funds An Exploit Buying Spree
  • Hacker Arrested
  • Android Spam Malware

 

 

Article References:

These are the links to the references we used for news items during the show.

 

blackhole spam

http://blog.trendmicro.com/trendlabs-security-intelligence/blackhole-spam-runs-return-from-holiday-break/  *

  • Holiday Phish- Just because the holiday season is over - Phish campain all for the new year
  • Exploits Exploits --- 2.9 percent

 

Phishing Attacks increase in december

http://blog.trendmicro.com/trendlabs-security-intelligence/holiday-season-unwraps-phishing-blackhole-exploit-attacks/

java zero day

http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-in-the-wild-spreading-ransomware/
http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/
http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/

  • New years gift

 

  • Another Java Zero day is being exploiting
  • Cool - Blackhole - Reverton - Ruby on rails - ransomware
  • Why Java - unplug

Watering Hole

http://blog.trendmicro.com/trendlabs-security-intelligence/why-is-the-watering-hole-technique-effective/

IE zero day

http://www.symantec.com/connect/blogs/elderwood-project-behind-latest-internet-explorer-zero-day-vulnerability

Adobe Flash and Microsoft Updates

http://www.adobe.com/support/security/bulletins/apsb13-01.html
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-adobe-start-2013-with-security-updates/

Ruby On Rails flaw

http://threatpost.com/en_us/blogs/exploit-code-metasploit-module-out-ruby-rails-flaws-011013?utm_source=twitterfeed&utm_medium=twitter
http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/


Facebook

http://krebsonsecurity.com/2013/01/facebook-yahoo-fix-valuable-ecurity-hole/


android debug

http://blog.trendmicro.com/trendlabs-security-intelligence/the-issues-surrounding-android-debugging/

  • Can Steal information
  • App must be in in debug mode
  • Approximately 5% of apps in the Top Free apps list are set to be debuggable, so the risk is not insignificant.






Malware author funds a exploit buying spree

http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/



Hacker Arrested

http://krebsonsecurity.com/2013/01/police-arrest-alleged-zeus-botmaster-bx1/

android spam malware

http://www.symantec.com/connect/blogs/malware-authors-create-androidexprespam-after-prosecutors-drop-case

 

 

Security Decoded Recent Shows

  • South Korean under cyber attack - Security Decoded - Episode 8 +

    In this show: South Korean banks under attack, Remote Linux Wiper, Your web hosting account is getting hacked, EA's Origin Read More
  • Cyber Crime Worse Than Terrorism - Episode 7 +

    In this show: US Government says that Cyber Crime is worse than Terrorism, Hacking Back, New exploit kit: Neutrino, Andromeda Read More
  • Snowmageddon - Episode 6 +

    This weeks top news... No it is not the snow storm that wasn't. Of course, another Java patch release for Read More
  • Cyber Cold War +

    Downloads HD Apple HD Apple SD Audio MP3 Android We have a lot to cover this week, but before we Read More
  • Broadcast Zombie Alert +

    Downloads HD Apple HD Apple SD Audio MP3 Android In Security Decoded this week we cover the news and there Read More
  • 1

Contact Security Decoded

email: securitydecoded@tech-zen.tv
twitter: @securitydecoded
phone: 913-SEC-DEC7   (913.732.3327)

Subscribe To Podcasts

 

Twitter - Home