Thursday, January 13, 2011

Cyber Spoofed White House eCard Targets Execs

My friend, Mike, at NetWitness, sent me information on a fake White House email that is circulating.

We were involved in the discovery of a Fake White House email that targeted senior government and a few corporate officials as part of Cyber Espionage campaign. The attack was Kneber again, a Zeus variant designed to steel credentials & confidential documents.

Fake White House holiday e-mail is cyber attack
Associated Press: January 6, 2011

Espionage Via Spoofed White House eCard
Network World By Ms. Smith – January 3, 2011

Kneber botnet strikes again, targets gov't agencies By Gregg Keizer - January 4, 2011

Malware Campaign Cyber-Espionage or Cyber-Crime?
eWeek: By: Brian Prince – January 3, 2011

Spam Attack Captures Government Data
InformationWeek: By Mathew J. Schwartz - January 5, 201

Government computers hacked by fake e-mail
WashingtonTimes: By Shaun Waterman - January 5, 2011 White House E-Card Scam Part of Larger Zeus-Related Attack
By Dennis Fisher – January 4, 2011

Friday, January 7, 2011

RSA Conference 2011: On Enterprise Metrics

My proposal for a peer-to-peer discussion on "Gathering and Applying Meaningful Security Metrics" at this year's RSA Conference in San Francisco was accepted. This means I will facilitate a discussion a peer-to-peer group discussion on the topic (P2P-201B), on Wednesday, February 16th at 8:30 AM.

Security metrics are somewhat subjective, but I feel that the more data we can gather, the more we can do. Sounds obvious, but very few security programs are based on objective data. This will be an opportunity for conference participants to share their experiences and learn from experts in the field.