Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview

Posted by Avik Sarkar On 2/10/2014 01:49:00 am

Implementing an Intrusion (Cyber) Kill Chain 

The Intrusion (Cyber) Kill Chain is a phrase popularized by infosec industry professionals and introduced in a Lockheed Martin Corporation paper titled; “ Intelligence Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”. 
The intrusion kill chain model is derived from a military model describing the phases of an attack. The phases of the military model are: find, fix, track, target, engage, and assess. The analyses of these phases are used to pinpoint gaps in capability and prioritize the development of needed systems. The first phase in this military model is to decide on a target (find). Second, once the target is decided you set about to locate it (fix). Next, you would surveill to gather intelligence (track). Once you have enough information, you decide the best way to realize your objective (target) and then implement your strategy (engage). And finally, you analyze what went wrong and what went right (assess) so that adjustments can be made in future attacks.
Lockheed Martin analysts began by mapping the phases of cyber attacks. The mapping focused on specific types of attacks, Advanced Persistent Threats (APTs) - The adversary/intruder gets into your network and stays for years– sending information, usually encrypted – to collection sites without being detected. Since the intruder spent so much time in the network, analysts were able to gather data about what was happening. Analysts could then sift through the data and begin grouping it into the military attack model phases. Analysts soon realized that while there were predictable phases in cyber attacks, the phases were slightly different from the military model.  The intrusion (cyber) kill chain shown below, describe the phases of a cyber attack.
The chain of events or activities are as follows:
  

Link in the Chain
Description
1.  Reconnaissance
Research, identification and selection of targets- scraping websites for information on companies and their employees in order to select targets.
2.  Weaponization
Most often, a Trojan with an exploit embedded in documents, photos, etc.
3.  Delivery
Transmission of the weapon (document with an embedded exploit) to the targeted environment.  According to Lockheed Martin's Computer Incident Response Team (LM-CIRT), the most prevalent delivery methods are email attachments,websites, and USB removable media.
4.  Exploitation
After the weapon is delivered, the intruder's code is triggered to exploit an operating system or application vulnerability, to make use of an operating system's auto execute feature or exploit the users themselves.
5.  Installation
Along with the exploit the weapon installs a remote access Trojan and/or a backdoor that allows the intruder to maintain presence in the environment
6.  Command and Control
Intruders establish a connection to an outside collection server from compromised systems and gain 'hands on the keyboard' control of the target's compromised network/systems/applications.
7.  Actions on Objective
After progressing through the previous 6 phases, the intruder takes action to achieve their objective.  The most common objectives are:  data extraction, disruption of the network, and/or use of the target's network as a hop point.
Lockheed Martin's analysts also discovered while mapping the intruder's activities, that a break (kill) in any one link in the chain would cause the intrusion to fail in its objective. This is one of the major benefits of the intrusion kill chain framework as security professionals have traditionally taken a defensive approach when it comes to incident response. This means that intrusions can be dealt with offensively too.
Lockheed Martin's case studies reveal that knowledge about previous intrusions and how they were accomplished allow analysts to recognize those previously used tactics and exploits in current attacks.  For example, mapping of three intrusions revealed that all three were delivered via email, all three used  very similar encryption, all three used the same installation program and connected to the same outside collection site. All of the intrusions were stopped before they accomplished their objective.
How did they do this? How can my company utilize this approach?
Monitoring and mapping is the key.
The following list contains some of the necessary components (not in any particular order) needed to do intrusion mapping and setting up the kill.
·         Network Intrusion Detection (NIDS)
·         Network Intrusion Prevention (NIPS)
·         Host Intrusion Detection (HIDS)
·         Firewall access control lists (ACL)
·         Full packet inspection
·         A mature IT asset management system
·         A mature and comprehensive Configuration Management Database (CMDB)
·         Device and system hardening
·         Secure configurations baselines
·         Website inspection
·         Honeypots
·         Anti-virus and anti-malware
·         Verbose logging – network devices, servers, databases, and applications
·         Log correlation
·         Alerting
·         Patching
·         Email and FTP inspection and filtering
·         Network tracing tools
·         Information Security staff trained in tracking and mapping events end-to-end
·         Coordination and partnering with IT, Application Owners, Database Administrators, Business Units and Management both in investigation and communicating the mapped intrusions.

In short, in order to implement intrusion kill chain activity a company needs to have a mature inter-operating and information security program. Additionally, they need trained staff that can investigate, map and advise 'kill' activities, keep a compendium of mapped intrusions, analyze and compare old and new intruder activity, code use, and delivery methods to thwart current and future intrusions.
The intrusion (cyber) kill chain is not an endeavor that can be successfully implemented in place of a comprehensive Information Security Program, it’s another tool to be used to protect the company's data assets.
The good news is if your company doesn't have a mature information security program there is a lot you can do while making plans to introduce an intrusion kill chains in your department's arsenal.
·         Educate your employees to watch for suspicious emails. For instance, emails that seem to be off – such as, someone in accounting receiving an invitation to attend a marketing conference. Let them know that they shouldn't open attachments included in email like this.
·         Make sure you have anti-virus and anti-malware software installed and up to date.
·         Start an inventory of your computing devices, laptops, desktops, tablets, smartphones, network devices and security devices.
·         You have an advantage over intruders. You know your network and what is normal and usual, they don't.  Notice user behavior that is not usual and look into it.  For example, a login at 2am for someone who works 9 to 5. Or an application process that normally runs overnight that is kicking off during the day.
·         Keep your security patches up to date.
·         Create and monitor baseline configurations.
·         Write, publish and communicate information security policies and company standards.
·         Turn on logging and start collecting and keeping logs. Start with network devices and firewalls and then add servers and databases.  Set up alerts for things such as repeated attempts at access.
·         Spend some time using search engines from outside your network to see how much information can be learned about your company from the Internet.  You'd be surprised how much you can find including sensitive documents.

All of these practices and activities give you more information about your computing environment and what is normal and usual. The more you know about your environment, the more likely it is that you will spot the intruder before any damage is done.

Disclaimer:- Before conclusion, on behalf of Team VOGH, I would like to personally thank Mr. Adrian Stolarski for sharing this remarkable article with our readers. I would also like to thank Ryan Fahey  of Infosec Institute for his spontaneous effort. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BBC Server Compromised! Russian Hackers Broke Into FTP & Tried to Sell Unauthorized Access

Posted by Avik Sarkar On 1/02/2014 11:09:00 pm

BBC Server Compromised! Russian Hackers Hacked Into FTP & Tried to Sell Unauthorized Access on The X-Mass Evening 
Earlier we have seen world renowned media houses like CNN, NBC, Fox News, Washington Post, NY Times, NDTV and so on have fallen victim to hackers and cyber criminals. Now it was the turn for world’s largest and oldest broadcaster -British Broadcasting Corporation, widely known to us as BBC. Sources revealed that cyber criminals have managed to breach the security system of BBC and secretly took over a computer server at the BBC and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. The attack was first identified by a cyber security firm named Hold Security LLC, in Milwaukee that monitors underground cyber crime forums in search of stolen information. However, it is still not clear whether the hacker stole any information or data or caused any damage to the site. In conversation with press Alex Holden, founder and Chief Information Security Officer of Hold Security told -"So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC.” So far the identity of hacker has not been confirmed, but the firm researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25. However, BBC's security team managed to secure the site on Saturday, claims a person close to clean up efforts. One of the BBC spokesman refused to comment on the issue, he said, “We do not comment on security issues.” On the other hand, Justin Clarke, a principal consultant for the cyber security firm Cylance, said that while "accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources.” So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. But we all know that  ftp systems are typically used to manage the transfer of large data files over the Internet. That's why the chances of data breach cant not be denied at this time. For updates on this piece of news and other hot information of the cyber & tech world stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

Posted by Avik Sarkar On 5/09/2013 04:28:00 pm

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:
  • Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
  • Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
  • Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.
GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

Posted by Avik Sarkar On 5/05/2013 03:10:00 pm

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

The rising amount of cyber crime has already put the world of security under a serious threat. Since last five years we have seen many devastating cyber attack which have broken almost every security measure. In short, today the entire cyber space is posing a serious risk. To get rid of this situation many developed countries have already started taking required counter measure. Cyber awareness program, campaigns are going in almost every part of the world. Such steps and countermeasures were mainly limited to government and corporate, but now as we are sitting at the edge of cyber threat, so the security system should be more enhanced. While looking at the current status OXFORD University have came forward, and they are going to open a cyber hub to tackle these ongoing cyber challenges. Acceding to the official website of Oxford Mail - OXFORD University will get £1 million of investment in the next two years to fund a center to tackle cyber crime. Funding for the Government’s Global Center for Cyber Security Capacity Building has been announced by Foreign Secretary William Hague, who pledged £500,000 a year for at least the next two years. It will be based at the home of the Oxford Martin School, with the aim of combating activists and terrorists who are posing a growing threat to our national security and economy.
The school’s director, Ian Goldin, Oxford University Professor of Globalisation and Development, said: “The whole purpose is to address critical challenges of the future. The international scale of the challenge requires new research and connections with the business world, which is part of the school’s mandate.” The centre will be based at the Old Indian Institute, a former university library building, on the corner of Broad Street and Catte Street, which is currently being refurbished. Prof Goldin, whose new book Divided Nations explores the risks brought about by rapid globalization and technological leaps like the internet, said keeping up with criminals will be far from easy. He said: “We are in a race, or struggle, between people who want to keep systems safe and secure and those who – for whatever reasons that may be commercial, nationalist or anarchical – want to undermine the system. That won’t end. 
According to some legitimate sources it has been confirmed that the new center will be a beacon of expertise and put the UK at the forefront of cyber policy development. It will operate from Broad Street from September. The two-year funding will help pay for an additional 12 specialists. Sadie Creese will head the new center as professor of cyber security.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Controversial Cyber Security Bill CISPA Passed Again By The US House

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Controversial Cyber Security Bill CISPA Passed Again By The US House

Couple of months ago we reported that the White House is planning for an executive cyber security order, from some official sources it has also come to know that the U.S. President Mr. Barack Obama has a special plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA). Today that deceleration get executed as the US House of Representatives has passed the controversial Cyber Information Sharing and Protection Act. This is the second time when CISPA have been passed by the White House, first it was rejected by the Senator while saying that the bill did not do enough to protect privacy. But yet again with the initiative of Obama and a substantial majority of politicians in the House backed the bill. Though there is a huge chance of getting rejected. According to some relevant sources it has been came to light that, this time also CISPA could fail again in the Senate after threats from President Obama to veto it over privacy concerns. Sources are saying that the main reason of re-introducing CISPA is the the President Barack Obama expressed concerns that it could pose a privacy risk. The White House wants amendments so more is done to ensure the minimum amount of data is handed over in investigations.  The law is passing through the US legislative system as American federal agencies warn that malicious hackers, motivated by money or acting on behalf of foreign governments, such as China, are one of the biggest threats facing the nation.  "If you want to take a shot across China's bow, this is the answer," said Mike Rogers, the Republican politician who co-wrote CISPA and chairs the House Intelligence Committee. 

On the other hand CISPA has also secured the backing of several technology firms, including the CTIA wireless industry group, as well as the TechNet computer industry lobby group, which has Google, Apple and Yahoo as members. By contrast, some other big names like Mozilla, Reddit has been vocal in its opposition to the bill. In the beginning the social networking giant Facebook supported CISPA but later they took back its support. The American Civil Liberties Union has also opposed CISPA, saying the bill was "fatally flawed". The Electronic Frontier Foundation (EFF), Reporters Without Borders and the American Library Association have all voiced similar worries.


-Source (BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NATO Prepared Tallinn Manual -International Law Applicable to Cyber Warfare

Posted by Avik Sarkar On 3/20/2013 04:09:00 am

NATO Prepared Tallinn Manual -International Law Applicable to Cyber Warfare

NATO finally published the final version of a document expected to shape cyber warfare policies among Western nations was published last week, clarifying when and how countries can legally conduct online aggression against one another. The International law of Cyber Warfare have been  published by the Cooperative Cyber Defence Centre of Excellence (CCDCOE) set up in Estonia, in 2008, the Tallinn Manual on the International Law Applicable to Cyber Warfare. Spanning 215 pages, the Tallinn Manual makes it clear that a full-scale war can be triggered by network-borne attacks on computer systems and that civilian activists that participate in those are considered legitimate targets. However, the manual specifically rules out state-sponsored attacks on critical civilian infrastructure. Nuclear power plants, hospitals, dams and similar are all out of bounds for cyber war, the manual states.

The Tallinn Manual:-
The Tallinn Manual on the International Law Applicable to Cyber Warfare, written at the invitation of the Centre by an independent ‘International Group of Experts’, is the result of a three-year effort to examine how extant international law norms apply to this ‘new’ form of warfare. The Tallinn Manual pays particular attention to the jus ad bellum, the international law governing the resort to force by States as an instrument of their national policy, and the jus in bello, the international law regulating the conduct of armed conflict (also labelled the law of war, the law of armed conflict, or international humanitarian law).  Related bodies of international law, such as the law of State responsibility and the law of the sea, are dealt within the context of these topics.
The Tallinn Manual is not an official document, but instead an expression of opinions of a group of independent experts acting solely in their personal capacity.  It does not represent the views of the Centre, our Sponsoring Nations, or NATO.  It is also not meant to reflect NATO doctrine.  Nor does it reflect the position of any organization or State represented by observers. 

The Tallinn Manual is available in both paper and electronic copies from Cambridge University Press



-Source (IT News & CCDCOE)










SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Australia Joined 38 Other Nations as Part of an International Cybercrime Treaty

Posted by Avik Sarkar On 3/09/2013 03:55:00 am

Australia Joined 38 Other Nations as Part of an International Cybercrime Treaty

Sitting at the edge of the latest technology, today we can easily separate our world into two parts. One is the real world where we live and another is the virtual or cyber world, in which we all are tightly attached. As these two fields are the prime factor where we have to stay happily so the matter of safety, security is highly required on the both said areas. Being one of the leading cyber media, our main concern is the cyber domain,  so we are worried as well are responsible and committed to server our readers. In this period of time many of us feel terrified to engage themselves in the cyber space due to lack of security and privacy, and also keeping in mind the major disaster done by cyber criminals. But how long? To get rid of that not only we the media people but also the sincere government of several countries make themselves committed to prepare a safe cyber world for the people. Earlier we have seen several developed countries came under a shade, in order to make an united shield to protect this cyber domain and its people. Today that shield got a new member. Yes it is Australia who has now formally joined 38 other nations as a party to the world's first international treaty on crimes committed via the internet. This deceleration came from the Attorney-General Mark Dreyfus. In his speech he said "Australia becoming a party to the Council of Europe Convention on Cybercrime will help combat criminal offences relating to forgery, fraud, child pornography, and infringement of copyright and intellectual property" 
By joining the Convention, Australian law enforcement agencies will be able to rapidly obtain data about communications relevant to cybercrimes from partner agencies around the world. With the Convention now in effect, Australia's investigative agencies are able to use new powers contained in the Cybercrime Legislation Amendment Act 2012 to work with cybercrime investigators around the globe. The Act amended certain Commonwealth cybercrime offences and enabled domestic agencies to access and share information relating to international investigations. Dreyfus says the Act also created new privacy protections, safeguards and reporting requirements for the exercise of new and existing powers.
"A warrant is always required to access the content of a communication whether the information is in Australia, or accessed from overseas under the Cybercrime Convention. The Cybercrime Act and the Cybercrime Convention do not impact in any way on the need to have a warrant to access content from a telephone call, SMS or e-mail." -Dreyfus said in his statement.


-Source (ZDNet)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Data Theft' A Serious Issue! Be Watch Full, Be Safe

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Hidden Costs of 'Data Theft' A Serious Issue! What You Need to Know to Be Safe 

Sitting at the edge of technology, we the people of this century are blessed with all the required equipment  which makes our work so easy that one could have even imagined three hundred years ago. Along with these positive sides, we must have to keep in mind that, these technologies not only elaborating our effort  making life easier, but also posing  high level of threat. As the main concern of VOGH is cyber domain, so here w would like to share a fact which will make you think and even make your cyber life and your personal life too uncanny. Yes, I am talking about the rising cyber threats; the more we are shedding with technologies, the more we are involving our lives with some dangerous threats and challenges. Now a days cyber criminals are every where, you don't even know, what trap has already been set for you, that can ruin your happy life. One of the big example is "Data Theft" which becoming boomerang for us. In an age of fully digitized data, consumers and businesses can lose thousands of dollars in the blink of a hacker’s eye. The costs of data theft are well known to anyone who has ever found themselves victim to financial identity or medical record fraud. What few of us realize is that the procedures required to right a financial wrong are often costlier than the crimes themselves. Lets share some interesting statistic, which will surely put terror in your mind - the economy loses an average of $22,346 for every time an identity is stolen. And to fully recuperate losses, repair credit and prosecute fraudsters, consumers, accountants, lawyers and IRS officials can spend up to 5,000 hours, the equivalent of two years of full-time work on a single case. Even so, 60% of medical record fraud victims admit that they don’t monitor their medical statements for inconsistencies. 

Shocking!! Why not?

For one, most consumers don’t have time every month to file through complex medical or financial statements and check for accuracy. And secondly, the image of thousands of evil savants working around the clock to hack BOA databases sure makes a consumer feel helpless. Identity theft seems random and unpreventable–a stroke of bad luck like getting struck by lightning. If we are struck, we tell ourselves, banks, credit agencies and insurance companies are legally bound to recover our funds and correct our records. 

Now lets check out a fascinating video in our Hidden Costs Series to get a deeper look at how our high-cost, high-risk data management systems really work.



Hidden Costs of Data Theft (Statistic At a Glance):-


Data theft includes financial identity theft, identity cloning, and medical identity theft. The average cost per victim was $22,346 in 2012. And the total national cost of just medical identity fraud was $41 billion in 2012. The worst part – nearly 60% of reported victims say they don’t ever check their medical records for fraud. Depending on the severity of the case, it can take over 5,000 hours (the equivalent of working a full-time job for two years) to correct the damage.
Since 1935, over 435 million social security cards have been issued. That’s over 2,175 tons of paper issued as cards, or 52,200 trees and 5 million new cards are issued every year. 
Worldwide, digital warehouses storing private information, like banking and personal history, use about 30 billion watts of electricity, which equals roughly the output of 30 nuclear power plants. Data centers in the US make up almost a third of that usage, and waste 90% of the electricity they pull off the grid.
On average, 47% of victims encounter problems qualifying for a new loan and 70% have difficulty removing the negative information from their credit reports.
Over the next five years, the IRS stands to lose as much as $21 billion in revenue due to identity theft, and worldwide, businesses lose close to $221 billion a year with the US, UK, Canada and Australia ranking the highest in reported fraudulent activity.


After reading the above story carefully, many of you will feel insecure and panic. But I would like to inform you that the main purpose of sharing such important information, is to enhance carefulness, to rise cyber awareness. Many people became victim, not because of less knowledge, but of less information, less awareness. So from now onward before connecting your self into the digital world make sure that the significant & the emergent knowledge and information you have gathered from the article, should remain intact inside your brain. Trust me, if you became a bit cautious, you can easily get rid of all those cyber threats, and can enjoy the bless of technologies to make your life prosperous and happy. 

So stay tuned with VOGH and also be canny, be attentive and be safe inside the digital world. 

We the Team VOGH heartily thanks one of our invaluable reader and friend Emily Stewart of Insurance Quotes for the statistic and the awesome video. We love you Emily :) 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#opSOTU By Anonymous To Oppose Executive Cyber Security Order (The Revised CISPA)

Posted by Avik Sarkar On 2/14/2013 03:16:00 pm

#opSOTU By Anonymous To Oppose Executive Cyber Security Order (The Revised CISPA)

Last year the Internet and its trillion of users across the globe has faced several barrier when, number of approach from Senate and government, along with few corporate and other organization were in the target to make the entire Internet censored. To engage this motive they have approached and introduced a number of regulations and act such as SOPA, PIPA, CISPA & ACTA. But to implement those enactment was not that easy, as huge number of organization (including White House, Wikipedia & so on), billions of mass people stand against those controversial act, and as expected those acts were ruled back, that said protest might not get the full success, if hackers around the globe did not take part in it. It was the hackers communities who forced the govt to roll back those rules. But the victory was not that easy to achieve, as the president of U.S. appeared before a joint session of Congress to deliver the State of the Union Address and he plans to sign an executive order for cyber-security as the House Intelligence committee reintroduces the defeated CISPA act which turns private companies into government informants. As soon as the deceleration of the executive order for cyber-security came, immediately protest came. Hacktivist group Anonymous yet against stand against the controversial CISPA, and called an operation dubbed Operation SOTU (#opSOTU). In the campaign the hacker group states a clear intent to obstruct Internet broadcasts of the president's State of the Union address, an action the group justifies by pointing to renewed interest in Congress to pass the Cybersecurity Intelligence Sharing and Protection Act (CISPA), a measure Anonymous has long opposed. 

Press Release of Anonymous (#opSOTU):- 
Citizens of the Internet,
Last year we faced our greatest threat from lawmakers. We faced down SOPA, PIPA, CISPA and ACTA.

And we won!

But that victory did not come easily. Nor did it come without a price.

Aaron Swartz was one of the leading voices in the fight against these idiotic and destructive efforts to control the last free space on Earth.

Aaron Swartz was persecuted. Now Aaron Swartz is dead.
Tonight, the President of the United States will appear before a joint session of Congress to deliver the State of the Union Address and tomorrow he plans to sign an executive order for cyber-security as the House Intelligence committee reintroduces the defeated CISPA act which turns private companies into government informants.

He will not be covering the NDAA, an act of outright tyrannical legislation allowing for indefinite detention of citizens completely outside due process and the rule of law. In fact, lawyers for the government have point-blank refused to state whether or not journalists who cover stories or groups the Government disfavors would be subject to this detention.

He will not be covering the extra-judicial and unregulated justifications for targeted killings of citizens by military drones within the borders of America, or the fact that Orwellian newspeak had to be used to make words like “imminent” mean their opposite.

He will not be covering Bradley Manning, 1000 days in detention with no trial for revealing military murders, told that his motive for leaking cannot be taken into consideration, that the Government does not have room for conscience.

He will not be covering the secret interpretations of law that allow for warrant-less wiretapping and surveillance of any US citizen without probably cause of criminal acts, or the use of Catch-22 logic where no-one can complain about being snooped on because the state won’t tell you who they’re snooping on, and if you don’t know you’re being snooped on, you don’t have a right to complain.

We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet.
The President of the United States of America, and the Joint Session of Congress will face an Army tonight.
We will form a virtual blockade between Capitol Hill and the Internet. Armed with nothing more than Lulz, Nyancat and PEW-PEW-PEW! Lazers, we will face down the largest superpower on Earth.

And we will win!

There will be no State of the Union Address on the web tonight.

For freedom, for Aaron Swartz, for the Internet, and of course, for the lulz.

We Are Anonymous,
We Are Legion,
We Do Not forgive,
We Do Not forget,
Expect Us.

..."

But unlike last year, this time the approach of CISPA is more organized, as not only Congress but also the White House will also unveil President Barack Obama's long-awaited executive order on cyber security. So to stand against such an organized and well planned act, the protester need to be more decent and more united. As we all want and prefer freedom and privacy in our personal life as well as in the Internet, so we will fight and expect to win. So stay tuned with VOGH, and lets see what is coming for us. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search