Hackin9

Infosec seen as a grudge purchase - Security Summit 2014 Press Office
ITWeb
Infosec seen as a grudge purchase. Misdirected information security spend is leading enterprises to see information security as a grudge buy, says SITA's Maiendra Moodley. Issued by: Security Summit 2014. [Johannesburg, 11 March 2014] - ...

 

US-European Union Issue Cyber Accord
BankInfoSecurity.com
... with ISMG, White House Cybersecurity Coordinator Michael Daniel said his talks with his counterparts among allies in Europe and elsewhere show the need for international cooperation on cybersecurity (see Obama Cyber Coordinator on Global InfoSec).

 

We got reports for a massive scam sent to colombian users claiming to be from one of the two credit score agencies in Colombia. The agency is called Datacredito, affiliated to experian. The following e-mail was received:

email received

This e-mail poses as an alert for a false negative report to the credit agency. It comes with an attached PDF with the following information:

The file does not show malicious payload when scanned by antimalware software. However, this file has a PDF structure. Ater using PDFStreamDumper for reviewing, the following interesting information appeared:

PDF Stream Dumper

This PDF has malicious scripting, which instructs the reader to download and execute the URL shown in the previous URL. After downloading the file shown in that URL, which is live at this time, a keylogger is downloaded.

Malicious PDFs are still a problem. If you want to avoid falling into one of this scams, please remember the following:

  • Have the last version of acrobat reader installed in your computer
  • Do not open attachments from unknown sources
  • Do not enable scripting in your acrobat reader configuration. Keep it turned off.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Infosecurity Interviews (ISC)2's New MD EMEA, Adrian Davis
Infosecurity Magazine
“More and more people are starting to realize that information security is an actual career, and a nice one at that”, said Davis, who mentioned a “recent realization that you don't have to be a geek to be an infosec professional”. Whilst he ...

 
Microsoft CEO Satya Nadella's first public appearance on Thursday was a hit with analysts, who gave him a thumbs up for his time on stage as the company unveiled Office for iPad.
 
It was a loony week in Silicon Valley. Four major technology companies announced expensive and risky programs to become less like themselves and more like their competitors.
 
Internet Storm Center Infocon Status