The document summarizes phishing activity trends from the 2nd quarter of 2013 based on data reported to the Anti-Phishing Working Group (APWG). Some key findings include:
- The number of unique brands targeted by phishing attacks set a new record high in April of 441 brands.
- During Q2 2013, a total of 639 unique brands were targeted, topping the previous high of 614 brands in Q4 2012.
- Phishing hosted in Russia almost disappeared in June, replaced by phishing hosted in Kazakhstan, highlighting the mobility of criminal infrastructure across countries.
- The number of unique phishing reports submitted to APWG saw a steady decrease during the quarter, dropping
The document summarizes McAfee's Threats Report for the third quarter of 2013. Some key points:
- Mobile malware increased 33% while overall new malware exceeded 20 million. New ransomware and rootkits also rose.
- Digital currencies like Bitcoin are increasingly used by cybercriminals for money laundering and anonymous transactions on dark web markets. The shutdown of Silk Road prompted new illegal sites.
- The "Deep Web" contains unregulated online markets selling illegal drugs, weapons, credit cards, and even murder-for-hire services accessible through Tor and paid with Bitcoin.
- Hacktivism and political hacking increased, while spam volume reached its highest level since 2010. Browser
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
This document is the table of contents for the 2013 Data Breach Investigations Report, which analyzes data breaches from various organizations. The report includes sections on methodology, results and analysis, demographics of breached organizations, threat actors like external and internal parties, threat actions like hacking and malware, compromised assets and data, attack targeting and difficulty, breach timelines, and discovery methods.
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
The document provides a specification for the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables private conversations over instant messaging and draws from related protocols like ZRTP, OTR, and Cryptocat. It provides strong encryption, authentication, and perfect forward secrecy using algorithms approved by NIST like ECCDH, AES, and SHA. The protocol establishes an encrypted session in 3 messages using key continuity and optional voice verification to prevent man-in-the-middle attacks. It then encrypts messages with CCM authenticated encryption.
This document provides information about a graduate-level course on medical device security taught by Professor Kevin Fu at the University of Michigan. The key points are:
1. The course covers topics in computer engineering, human factors, and regulatory policy to teach students how to create more secure medical devices.
2. Students will complete a group project analyzing the security of a real-world medical device and apply the concepts learned in class.
3. Grades are based on the group project, individual homework, exams, and class participation. The group project makes up 40% of the final grade.
The document discusses improvements organizations have made to address cyber threats, but also areas that still need work. It finds that many organizations now recognize the extent of cyber threats, with 76% owning information security policies at the highest level. 70% conduct security assessments of third parties accessing their data. However, the document notes that while improvements have been made, organizations need to do more quickly to address increasing cyber risks. Leading practices and innovation are needed to better protect against known and unknown future threats.
The document summarizes McAfee's Threats Report for the third quarter of 2013. Some key points:
- Mobile malware increased 33% while overall new malware exceeded 20 million. New ransomware and rootkits also rose.
- Digital currencies like Bitcoin are increasingly used by cybercriminals for money laundering and anonymous transactions on dark web markets. The shutdown of Silk Road prompted new illegal sites.
- The "Deep Web" contains unregulated online markets selling illegal drugs, weapons, credit cards, and even murder-for-hire services accessible through Tor and paid with Bitcoin.
- Hacktivism and political hacking increased, while spam volume reached its highest level since 2010. Browser
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
This document is the table of contents for the 2013 Data Breach Investigations Report, which analyzes data breaches from various organizations. The report includes sections on methodology, results and analysis, demographics of breached organizations, threat actors like external and internal parties, threat actions like hacking and malware, compromised assets and data, attack targeting and difficulty, breach timelines, and discovery methods.
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
The document provides a specification for the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables private conversations over instant messaging and draws from related protocols like ZRTP, OTR, and Cryptocat. It provides strong encryption, authentication, and perfect forward secrecy using algorithms approved by NIST like ECCDH, AES, and SHA. The protocol establishes an encrypted session in 3 messages using key continuity and optional voice verification to prevent man-in-the-middle attacks. It then encrypts messages with CCM authenticated encryption.
This document provides information about a graduate-level course on medical device security taught by Professor Kevin Fu at the University of Michigan. The key points are:
1. The course covers topics in computer engineering, human factors, and regulatory policy to teach students how to create more secure medical devices.
2. Students will complete a group project analyzing the security of a real-world medical device and apply the concepts learned in class.
3. Grades are based on the group project, individual homework, exams, and class participation. The group project makes up 40% of the final grade.
The document discusses improvements organizations have made to address cyber threats, but also areas that still need work. It finds that many organizations now recognize the extent of cyber threats, with 76% owning information security policies at the highest level. 70% conduct security assessments of third parties accessing their data. However, the document notes that while improvements have been made, organizations need to do more quickly to address increasing cyber risks. Leading practices and innovation are needed to better protect against known and unknown future threats.
Marketing Automotive Companies through Mobile and Social Media Qualex Asia
This is a chapter from the upcoming book Going Mobile: Going Social that describes how automobile manufacturers and auto dealers can market their business through mobile and social media.
Full book can be found here: http://www.amazon.com/dp/B00Q49WHD4
In the 3rd quarter of 2016:
- The total number of phishing sites detected fell 25% from the previous quarter's record high.
- The Retail/Service sector continued to be the most targeted, suffering 43% of attacks.
- The number of brands targeted also fell slightly, down 17% from the previous quarter.
- China had the highest malware infection rate at 47.23%, while Scandinavian countries had the lowest rates.
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
The document summarizes key findings from a media report conducted by Buzz Marketing Group. 500 millennials ages 18-34 were surveyed online in March 2013 about their media consumption habits. Key findings include that while 96% subscribe to the free YouTube, many are also willing to pay for services like Netflix, Hulu, and Spotify. Facebook and Twitter are the most popular social networks but Tumblr and LinkedIn are growing in popularity among millennials. About half have blogs or vlogs, preferring to express themselves through video on sites like YouTube rather than traditional writing.
GraphTalks Italy - Using graphs to fight financial fraudNeo4j
1. Traditional fraud detection methods like analyzing individual user accounts and transactions are ineffective at detecting modern fraud carried out by organized rings using synthetic identities and stolen data.
2. Graph databases allow connecting and analyzing related data across systems in real-time to detect complex fraudulent patterns like a ring of accounts linked by shared addresses, phone numbers, and social security numbers.
3. A demo shows how a financial services company can use Neo4j to augment their existing fraud detection by modeling operational data as a graph to identify potential fraud rings and generate alerts for an analyst to investigate in near real-time.
GraphTalks Frankfurt - Leveraging Graph-Technology to fight financial fraudNeo4j
1. Traditional fraud detection methods like analyzing individual user accounts and transactions are ineffective at detecting modern fraud carried out by organized rings using synthetic identities and stolen data.
2. Graph databases allow connecting and analyzing related data across systems in real-time to detect complex fraudulent patterns like a ring of accounts linked by shared addresses, phone numbers, and social security numbers.
3. A demo of a fraud detection application built with Neo4j showed how it could generate alerts in real-time by linking operational data on users and transactions to identify potential fraud cases for further human or automated investigation.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
The document summarizes phishing activity trends from the 1st to 3rd quarters of 2015 based on data collected by the Anti-Phishing Working Group (APWG). Some key points:
- Over 630,000 unique phishing sites were detected from Q1 to Q3 2015, with over 250,000 in Q2 and over 240,000 in Q3. Over 1 million unique phishing email reports were received.
- "Business email compromise" scams became a major problem in 2015, using spear-phishing to fool companies into transferring large sums of money.
- Internet service providers were the most targeted industry sector in the first three quarters of 2015, surpassing banking and financial services
ConVox is a company that helps other companies manage social risks in emerging markets by obtaining continuous feedback from workers and communities. It collects micro-survey data through mobile phones to understand stakeholder perceptions and concerns. ConVox then analyzes the data and provides recommendations to address issues. This closes the loop with stakeholders and improves social risk management, with the goal of creating shared value between companies and the communities. ConVox's costs are a fraction of traditional compliance audits and surveys, and its services are intended to boost cooperation, reputation, and profits for client companies.
Hispanic mobile banking_trends_study_think_now_researchThinkNow
The document summarizes the findings of a survey on Hispanic mobile banking trends conducted by Zpryme and ThinkNow Research. Some key findings include: 69% of Hispanics use their smartphone for mobile banking and 47% use tablets; younger Hispanics and those with higher incomes were more likely to use mobile banking. Over the past year, 27% increased their mobile banking substantially. Three recommendations are made: conduct a review of mobile banking products to ensure satisfaction; incorporate social media to address issues and promote features; and ensure high quality Spanish and English mobile banking experiences.
mobileYouth trends download: Droidettes - will teens drive Android?Graham Brown
Google is running a 12-week program called Technovation Challenge that teaches high school girls in New York how to develop Android apps. The girls learn programming, app design, and business skills. They are split into teams to prototype their own app ideas. Some proposed app ideas from the teams include an RSS feed app, an app to help immigrants learn about American culture, and an app that aggregates fashion look books. The program aims to introduce the girls to entrepreneurship and technology careers through hands-on learning and mentorship. It also seeks to increase diversity in the tech industry.
[We Are Social] Social, Digital and Mobile in VietnamHATCH! PROGRAM
This document provides statistics on social media, internet, and mobile phone usage in Vietnam as of October 2012. It finds that Vietnam has over 30 million internet users, with a penetration rate of 34%, and over 8.5 million people using the top social network, Facebook. Mobile phone subscriptions number over 127 million, with 62% of internet users accessing the web via mobile devices. Social media is very popular, with 86% of internet users visiting social networking sites and 28% having a Facebook account.
CloudCamp. Danile Power - It's All About Managing the AppChris Purrington
The document discusses the growing success of the Software as a Service (SaaS) market and the problem of "shadow IT" or uncontrolled adoption of SaaS applications by employees. It notes that the average company uses around 20 SaaS apps, which broadens security risks. The document provides recommendations for IT staff to address shadow IT, such as establishing inclusive SaaS policies, communicating policies clearly, and implementing identity and access protection standards like Security Assertion Markup Language (SAML). For developers, it recommends focusing on making apps easier for customers to manage and more enterprise-friendly by supporting SAML single sign-on.
Blasting News is a social journalism platform that produces news through freelance contributors (Blasters) from around the world. Blasters are paid based on the number of visitors to their articles. All articles are fact-checked by professionals and distributed on social media by a team of digital influencers. The platform has experienced extraordinary growth, reaching 86 million monthly unique visitors in October 2016. It operates with a global approach through offices in multiple countries and content in 25 languages. Blasting News represents a new model of journalism that is popular, democratic and connects writers directly to engaged audiences through a technology platform.
The document summarizes key findings from the APWG Phishing Activity Trends Report for the 1st quarter of 2016. It finds that the number of unique phishing websites detected increased 250% from the last quarter of 2015 through the 1st quarter of 2016. The retail/service sector remained the most targeted by phishers. The United States continued to be the top country hosting phishing websites. In Q1 2016, 20 million new malware samples were captured globally.
This document discusses mobility planning and marketing to mobile users. It notes that mobility experts must understand the context of how and where users access mobile content. While some mobile users are interested in advertising, content must add value rather than be spam. Different mobile devices and contexts require different approaches to create useful and engaging experiences. Effective mobile marketing relies on inventive ideas and strong execution rather than just mobile channels.
A study of major U.S. white collar fraud cases in 2013.
* Covers: How big, how long, how committed, # of thieves
* Who: age, gender, job, why, first time
* Victims: industry and location
* Sentencing and other punishment
* How to prevent and detect
For more information chris@marquetinternational.com or gzfraud@TheProsAndTheCons.com.
Phishers upped their attacks during the 2015 holiday season, with a large spike in phishing sites detected from November to December. The retail/service sector became the most targeted industry in Q4 2015, with 24.03% of attacks. Belize and the United States topped the list of countries hosting phishing sites in Q4, though the US was by far the highest in December. Phishers unleashed many phishing scams in December in an attempt to defraud consumers during the holiday season.
The document discusses HTTP request hijacking attacks against native mobile apps. It describes how an attacker can intercept an app's HTTP requests and redirect them to a malicious server using 301 redirects, allowing the attacker to control the app's traffic. The presentation demonstrates this attack and discusses how it can be extended through techniques like malicious profiles and captive networks. It provides recommendations for developers to prevent request hijacking through secure communication and cache policies, and advises end users and organizations on security best practices.
Marketing Automotive Companies through Mobile and Social Media Qualex Asia
This is a chapter from the upcoming book Going Mobile: Going Social that describes how automobile manufacturers and auto dealers can market their business through mobile and social media.
Full book can be found here: http://www.amazon.com/dp/B00Q49WHD4
In the 3rd quarter of 2016:
- The total number of phishing sites detected fell 25% from the previous quarter's record high.
- The Retail/Service sector continued to be the most targeted, suffering 43% of attacks.
- The number of brands targeted also fell slightly, down 17% from the previous quarter.
- China had the highest malware infection rate at 47.23%, while Scandinavian countries had the lowest rates.
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
The document summarizes key findings from a media report conducted by Buzz Marketing Group. 500 millennials ages 18-34 were surveyed online in March 2013 about their media consumption habits. Key findings include that while 96% subscribe to the free YouTube, many are also willing to pay for services like Netflix, Hulu, and Spotify. Facebook and Twitter are the most popular social networks but Tumblr and LinkedIn are growing in popularity among millennials. About half have blogs or vlogs, preferring to express themselves through video on sites like YouTube rather than traditional writing.
GraphTalks Italy - Using graphs to fight financial fraudNeo4j
1. Traditional fraud detection methods like analyzing individual user accounts and transactions are ineffective at detecting modern fraud carried out by organized rings using synthetic identities and stolen data.
2. Graph databases allow connecting and analyzing related data across systems in real-time to detect complex fraudulent patterns like a ring of accounts linked by shared addresses, phone numbers, and social security numbers.
3. A demo shows how a financial services company can use Neo4j to augment their existing fraud detection by modeling operational data as a graph to identify potential fraud rings and generate alerts for an analyst to investigate in near real-time.
GraphTalks Frankfurt - Leveraging Graph-Technology to fight financial fraudNeo4j
1. Traditional fraud detection methods like analyzing individual user accounts and transactions are ineffective at detecting modern fraud carried out by organized rings using synthetic identities and stolen data.
2. Graph databases allow connecting and analyzing related data across systems in real-time to detect complex fraudulent patterns like a ring of accounts linked by shared addresses, phone numbers, and social security numbers.
3. A demo of a fraud detection application built with Neo4j showed how it could generate alerts in real-time by linking operational data on users and transactions to identify potential fraud cases for further human or automated investigation.
Every year Group IB releases reports on the development of high tech and cyber-crime, describing new tendencies and interesting emerging trends from recent months and forecasting future threats. This report covers the second half of 2014 and the first half of 2015.
In last year’s report we primarily forecast the increase in targeted attacks on banks. This has been mostly accurate and accordingly, in the second half of last year, the Anunak hacking group, also known as Carbanak, carried out a series of thefts for hundreds of millions of Rubles from the banking sector. However, after the publication of the co-authored Group IB and Fox-IT report, which outlined the group’s methodology, they ceased their activity.
Despite this, as predicted, new hacking groups have appeared conducting similar attacks, for example, the much discussed targeted attack on a Kazan based bank, which resulted in volatility on the currency exchange market of over 10 Rubles to the US Dollar for a short period.
Our predictions of increased attacks on ATMs were also correct. Group IB has discovered new Trojans and insider fraud, and also new equipment, including Blackbox, a tool which hackers developed and installed on cash machines, allowing them to receive remote access to systems.
Following research and analysis of the threats to mobile devices, Group IB predicted an increase in the amount of mobile Trojans that allow hackers to automatically transfer money from bank accounts, sidestepping the most advanced bank security systems. This prediction was correct in assessing the speed of development in this area of fraud and accordingly we have allocated a specific section of this year’s report to this growing issue.
Another major forecast was a decrease in the amount of thefts from individuals, using Trojans which reroute users to phishing sites. Thanks to the arrest of participants in one of the most aggressive hacking groups using this scheme, the amount of thefts was not just lowered but completely stopped. More details are provided in the Group IB completed investigations and arrested criminals section of this report.
We also predicted an increase in the attacks on Russian internet and digital resources by hacktivists and again were correct. Hackers affiliated with ISIS carried out over 600 attacks which Group IB analysed and assessed in a separate report on their international activity.
The document summarizes phishing activity trends from the 1st to 3rd quarters of 2015 based on data collected by the Anti-Phishing Working Group (APWG). Some key points:
- Over 630,000 unique phishing sites were detected from Q1 to Q3 2015, with over 250,000 in Q2 and over 240,000 in Q3. Over 1 million unique phishing email reports were received.
- "Business email compromise" scams became a major problem in 2015, using spear-phishing to fool companies into transferring large sums of money.
- Internet service providers were the most targeted industry sector in the first three quarters of 2015, surpassing banking and financial services
ConVox is a company that helps other companies manage social risks in emerging markets by obtaining continuous feedback from workers and communities. It collects micro-survey data through mobile phones to understand stakeholder perceptions and concerns. ConVox then analyzes the data and provides recommendations to address issues. This closes the loop with stakeholders and improves social risk management, with the goal of creating shared value between companies and the communities. ConVox's costs are a fraction of traditional compliance audits and surveys, and its services are intended to boost cooperation, reputation, and profits for client companies.
Hispanic mobile banking_trends_study_think_now_researchThinkNow
The document summarizes the findings of a survey on Hispanic mobile banking trends conducted by Zpryme and ThinkNow Research. Some key findings include: 69% of Hispanics use their smartphone for mobile banking and 47% use tablets; younger Hispanics and those with higher incomes were more likely to use mobile banking. Over the past year, 27% increased their mobile banking substantially. Three recommendations are made: conduct a review of mobile banking products to ensure satisfaction; incorporate social media to address issues and promote features; and ensure high quality Spanish and English mobile banking experiences.
mobileYouth trends download: Droidettes - will teens drive Android?Graham Brown
Google is running a 12-week program called Technovation Challenge that teaches high school girls in New York how to develop Android apps. The girls learn programming, app design, and business skills. They are split into teams to prototype their own app ideas. Some proposed app ideas from the teams include an RSS feed app, an app to help immigrants learn about American culture, and an app that aggregates fashion look books. The program aims to introduce the girls to entrepreneurship and technology careers through hands-on learning and mentorship. It also seeks to increase diversity in the tech industry.
[We Are Social] Social, Digital and Mobile in VietnamHATCH! PROGRAM
This document provides statistics on social media, internet, and mobile phone usage in Vietnam as of October 2012. It finds that Vietnam has over 30 million internet users, with a penetration rate of 34%, and over 8.5 million people using the top social network, Facebook. Mobile phone subscriptions number over 127 million, with 62% of internet users accessing the web via mobile devices. Social media is very popular, with 86% of internet users visiting social networking sites and 28% having a Facebook account.
CloudCamp. Danile Power - It's All About Managing the AppChris Purrington
The document discusses the growing success of the Software as a Service (SaaS) market and the problem of "shadow IT" or uncontrolled adoption of SaaS applications by employees. It notes that the average company uses around 20 SaaS apps, which broadens security risks. The document provides recommendations for IT staff to address shadow IT, such as establishing inclusive SaaS policies, communicating policies clearly, and implementing identity and access protection standards like Security Assertion Markup Language (SAML). For developers, it recommends focusing on making apps easier for customers to manage and more enterprise-friendly by supporting SAML single sign-on.
Blasting News is a social journalism platform that produces news through freelance contributors (Blasters) from around the world. Blasters are paid based on the number of visitors to their articles. All articles are fact-checked by professionals and distributed on social media by a team of digital influencers. The platform has experienced extraordinary growth, reaching 86 million monthly unique visitors in October 2016. It operates with a global approach through offices in multiple countries and content in 25 languages. Blasting News represents a new model of journalism that is popular, democratic and connects writers directly to engaged audiences through a technology platform.
The document summarizes key findings from the APWG Phishing Activity Trends Report for the 1st quarter of 2016. It finds that the number of unique phishing websites detected increased 250% from the last quarter of 2015 through the 1st quarter of 2016. The retail/service sector remained the most targeted by phishers. The United States continued to be the top country hosting phishing websites. In Q1 2016, 20 million new malware samples were captured globally.
This document discusses mobility planning and marketing to mobile users. It notes that mobility experts must understand the context of how and where users access mobile content. While some mobile users are interested in advertising, content must add value rather than be spam. Different mobile devices and contexts require different approaches to create useful and engaging experiences. Effective mobile marketing relies on inventive ideas and strong execution rather than just mobile channels.
A study of major U.S. white collar fraud cases in 2013.
* Covers: How big, how long, how committed, # of thieves
* Who: age, gender, job, why, first time
* Victims: industry and location
* Sentencing and other punishment
* How to prevent and detect
For more information chris@marquetinternational.com or gzfraud@TheProsAndTheCons.com.
Phishers upped their attacks during the 2015 holiday season, with a large spike in phishing sites detected from November to December. The retail/service sector became the most targeted industry in Q4 2015, with 24.03% of attacks. Belize and the United States topped the list of countries hosting phishing sites in Q4, though the US was by far the highest in December. Phishers unleashed many phishing scams in December in an attempt to defraud consumers during the holiday season.
The document discusses HTTP request hijacking attacks against native mobile apps. It describes how an attacker can intercept an app's HTTP requests and redirect them to a malicious server using 301 redirects, allowing the attacker to control the app's traffic. The presentation demonstrates this attack and discusses how it can be extended through techniques like malicious profiles and captive networks. It provides recommendations for developers to prevent request hijacking through secure communication and cache policies, and advises end users and organizations on security best practices.
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
The document summarizes key internet security trends from 2012, as analyzed by Symantec Corporation in their Internet Security Threat Report. Some of the top trends include:
1) Small businesses were increasingly targeted by attackers, with 50% of attacks aimed at businesses with less than 2,500 employees. Small businesses are seen as having weaker security defenses.
2) Malware authors sought to steal users' private information through spying on computers, mobile devices, and social networks, in order to profit through identity theft and banking fraud. Targeted attacks involved extensive profiling of victims.
3) The rise of mobile malware continued significantly, with a 58% increase in mobile malware families compared to 2011. However, mobile
The document provides an overview of cybersecurity threats in the first half of 2013. Key points include:
- Exploit attacks targeting known Java vulnerabilities accounted for about half of all detections, focusing on CVE-2013-1493 and CVE-2011-3544.
- The ZeroAccess botnet was active spreading via exploit kits and Java exploits, with potential monthly profits from Bitcoin mining estimated at over $50,000.
- Ransomware called "Anti Child Porn Spam Protection" circulated in March and April.
- APT attacks often use specially crafted documents as bait targeting people in specific organizations or fields.
- The first Android malware spread through spam emails was
In August 2013, Symantec reported the following key findings:
1. Social media scams involving fake discount offers dominated social attacks in 2013, comprising 82% of incidents. Fake plug-ins were the second most common attack at 8.2%.
2. There were 7 reported data breaches in August, with an additional 9 from earlier in the year, bringing the 2013 total to 125 breaches exposing 91 million identities. The top 3 exposed data types were real names, birth dates, and government IDs.
3. 213 new mobile malware variants were discovered in August, a modest increase from July. Cumulative Android malware reached 6,852 variants in 2013.
The document summarizes the results of a test of the effectiveness of various home anti-virus programs. It found that the most accurate programs, which blocked threats without falsely flagging legitimate software, were BitDefender Internet Security 2013, Kaspersky Internet Security 2013, and Norton Internet Security 2013. However, some free programs like Avast! Free Antivirus 8 were also effective. The tests exposed the programs to real internet threats to evaluate their ability to protect users from malware infections.
The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
The document summarizes the results of a test of Kaspersky's Whitelisting Database conducted by AV-Test GmbH from November 2012 to January 2013. The test assessed the database's coverage, quality, speed, false positive rate, and default deny mode. It found that Kaspersky had very good coverage of over 91% for files previously known, and 50% coverage of new daily files at the time of testing. Response times for database queries and additions were generally fast. The database was found to provide useful qualification and metadata for known files while maintaining a low false positive rate in default deny mode.
This document summarizes the key findings from an analysis of over 26,000 malware samples collected over 3 months from over 1,000 enterprise networks. The analysis found that 90% of unknown malware was delivered via web browsing, with an average of 20 days to detection compared to 5 days for email-delivered malware. The document provides recommendations to address unknown malware such as bringing anti-malware technologies into networks, enabling real-time detection and blocking, and enforcing user and application controls on files transfers.
This document compares application control software from four vendors: Kaspersky Endpoint Security for Windows, McAfee Application Control, Sophos Endpoint Protection - Advanced, and Symantec Endpoint Protection. It evaluates their abilities to regularly control applications, audit installed software, protect against advanced persistent threats, and manage users. The testing found that Kaspersky provided the most fully-featured application control and was most effective against threats. While no product was perfect, default deny policies that whitelist approved applications were deemed the strongest approach to application control.
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android devices especially through third-party app stores. Ransomware like the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and governments. Macs saw their largest infection to date, showing they are also vulnerable. Trends in social media threats and cyber espionage were analyzed. The report concludes with a forecast of security trends for 2013.
This document is the table of contents for the course "EECS 598-008: Medical Device Security" taught at the University of Michigan. It lists 17 readings on topics related to medical device and software security, safety, and regulation. The readings are from books and cover subjects like software design principles, identifying and preventing software defects, system dependability requirements, design of implantable cardiac devices, embedded debugging methods, system safety principles, managing safety culture, medication errors in healthcare, privacy and security economics, and FDA regulation of medical devices. The instructor is listed as Prof. Kevin Fu and additional reading material is noted to be available on the course website.
This document summarizes predictions for cyber threats in 2013 from McAfee Labs researchers. They predict:
- Mobile worms that buy malicious apps and steal payment info using NFC. Malware that blocks security updates on phones. Ransomware "kits" for mobile.
- Covert, persistent attacks targeting below the kernel of Windows. Rapid development of ways to attack the new Windows 8 and HTML5.
- Large-scale infrastructure attacks like Stuxnet. Highly targeted attacks using the Citadel Trojan to evade detection. Malware that reconnects after botnets are taken down.
This document summarizes the results of a comparative analysis of phishing protection in four major web browsers: Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox. The analysis found that on average, Chrome blocked 94% of phishing URLs, Internet Explorer blocked 92%, Safari blocked 91%, and Firefox blocked 90% over a 10 day testing period. While block rates have improved significantly in recent years, the document recommends keeping browsers up to date and considering other security factors beyond just phishing protection.
Technology auto protection_from_exploitКомсс Файквэе
This document provides an introduction, methodology, and results of a comparative assessment of Kaspersky Internet Security 2013 conducted by MRG Effitas in August 2012. The assessment tested Kaspersky and nine other leading antivirus/internet security applications to evaluate the effectiveness of Kaspersky's new Automatic Exploit Prevention technology at detecting exploits and protecting against zero-day vulnerabilities. The methodology used both in-the-wild exploits and samples generated by the Metasploit framework to bypass traditional detection methods and test protection against unknown threats. The full report contains the security applications tested, details of the vulnerabilities and payloads used, and conclusions about the test results.
This document describes a study that analyzes the permission models of eight popular Android smartphones. The researchers developed a tool called Woodpecker to systematically detect "capability leaks", where an app can access privileged permissions without explicitly requesting them. Woodpecker analyzes pre-loaded apps to identify explicit leaks through public interfaces and implicit leaks through shared user IDs. The results showed 11 of 13 privileged permissions were leaked across the phones, allowing unrequested access to user data and device functions.
The document discusses the history and risks of malicious browser extensions. It begins with a brief history of malicious Firefox extensions from 2004-2012, noting a rise from 5 to 48 detected extensions between 2011-2012. Examples are shown of extensions that can steal cookies, passwords, files and execute binaries on the host system. Live demos are presented of proof-of-concept extensions developed for Firefox, Chrome, and Safari that demonstrate these risks. The document concludes by noting limitations of these extensions and providing recommendations to browser developers, antivirus companies, website developers and users to help mitigate these risks.
The document describes an empirical study that identifies zero-day attacks from data on 11 million real-world hosts. The study finds 18 vulnerabilities exploited before public disclosure, with 11 being previously unknown zero-day attacks. On average, a zero-day attack lasts 312 days and affects few hosts, though some high-profile attacks like Stuxnet are exceptions. After disclosure, the number of malware variants and attacks increase by up to 5 orders of magnitude, showing cyber criminals closely watch disclosures to start exploiting vulnerabilities.
This document analyzes the security of SSL/TLS usage in Android apps. The authors:
1) Analyzed 13,500 popular Android apps and found that 1,074 (8%) contained SSL/TLS code vulnerable to man-in-the-middle attacks.
2) Manually audited 100 apps and successfully launched MITM attacks against 41 apps, capturing sensitive data like credentials.
3) Conducted a user survey that found half of 754 participants could not correctly judge if a browser session was secure.
This document provides account information for Anton Titov's PayPal business account. The account was created on November 2, 2009 and is verified. It has a balance of $0 and a reserved amount of $0. The document lists contact information, addresses, phone numbers, and IP addresses associated with the account.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology