via Phys.org, comes a brief news item targeting the trojan exploit dubbed 'Adylkuzz', and it's mining feature. Additionally, read the highly detailed Proofpoint post, of which, contains the true gist of this trojan, as it were..
'Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.' - via Phys.org
PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, described in the released paper, details the newly developed capability to predict bad-behavior (in this case criminally bad behavior), with the use of analytics at the time of domain registration. Created by Nick Feamster, Shuang Ho, Alex Kantchelian, Brad Miller and Vern Paxson. Outstanding.
"Princeton professor Nick Feamster and University of California Santa Barbara PhD student Shuang Ho worked with Alex Kantchelian (UC Berkley), Google's Brad Miller and Vern Paxson of the International Computer Science Institute to create PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration...." "The important numbers are: the researchers say PREDATOR identified 70 per cent of domain registrations that were later abused; and they claim a false positive rate of just 0.35 per cent." - via El Reg's Richard Chirgwin
Earlier this month (in April 2015 if you are reading this post in the far distant future...) the National Institute of Standards and Technology (NIST) released NIST Draft NISTIR 8050; in which, an interesting summary appears of a technical workshop held at Stanford University in conjuction with the Presidents' Cybersecurity Summit.
Pursuant to completeing the draft cycle of the document, the National Cybersecurity Center of Excellence NNCoE (a Center of Excellence and a component of NIST) has issued a Call for Comments, focusing on the content of that document. In this instance, related to your agency, company, buereau, department, country or other organizations' information and/or cybersecurity issues. I've included a link to NISTIR 8050 to assist in fulfilling the Call for Comments. Enjoy.
If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].
'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University
Spamhaus has released research targeting cyber-crime within the 2014 calendar year. Evidence of increased pernicious botnet behavior attributed to these master/slave systems is the research report's message. Interestingly, Spamhaus has said "Because these IP addresses host no legitimate services or activities, they can be blocked (blackholed) on an ISP's or company's network without the fear of affecting legitimate traffic."
Today's MustRead - via the inimitable Brian Krebs at Krebs on Security - targets the nefarious Dread Pirate Roberts. Allegedly the Master of the Silk Road, and the ramifications to the configuration of the sites' conceptually flawed CAPTCHA configuration (utilizing data from the open interweb, rather than the apparently less-than-dark web). Enjoy!
Brian Krebs illustrates a proliferation of legal businesses with nefarious polar-opposites as the lead-in to the main topic of that day's posting: An online service that will thoroughly deplete a targeted competitor's advertising budgets. While interesting in-and-of-itself, the topical post contains a sub-plot of existential interest. Curious? Read On.
The fascinating content of Mr. Krebs well-researched and concise post is not the miscreant service he describes in superb detail, but the notion of business/anti-business constructs [a la Matter/Antimatter, if you will...].
With the application of scrutiny (whether cursory or in-depth), researchers can locate exact, crime-laden copies of nearly every legit business or activity existing in the under-belly of our beloved Interweb. This behavior exactly matches the physical world, as the nature of the two opposing antagonists will expand to fill any empty space, vis-à-vis the concept of horror vacui.