The Verizon Risk Report (VRR) Explained

In today’s ever-evolving cybersecurity landscape, organizations cannot afford to rely on stale security strategies and wait for threats to hit them. The Verizon Risk Report (VRR) is a method for organizations to quantify risk using real-time data and intelligence from Recorded Future. Combining extensive data on cybercriminal activity from Verizon’s Data Breach Investigations Report (DBIR) with specialized data sources from technology providers, this new security assessment creates a comprehensive security risk scoring framework that can identify current security gaps and weaknesses.

Make Your SIEM Awesome!

Sign up to get your own personalized Reddit experience!

By having a Reddit account, you can subscribe, vote, and comment on all your favorite Reddit content. Sign up in just seconds.

The battle for e-privacy

At the Chaos Communications Congress, experts come together to discuss the hottest topics concerning security, privacy, and human rights in the digital age. Naturally, the new European ePrivacy Regulation was on the agenda this year.

Transatlantic Cable podcast, episode 30

Welcome to the 30th edition of the Transatlantic Cable podcast. In this episode, Dave and I discuss a cryptocurrency that seems like it missed a huge naming opportunity, more calls to delete Facebook now, and a rocket man. For more details on the stories we discuss, please see the links below:

The FBI’s 10 Most-Wanted Black-Hat Hackers – #9 and #8

Recently, we renewed our countdown of the FBI’s 10 most wanted black-hat hackers. First up was Bezhad Mesri at number 10. He is accused of having compromised Home Box Office (HBO) employees’ emails and abused that access to steal data, extort the company for ransom, and leak the information online when he didn’t get his way.This week, we present No. 9 and No. 8: Viet Quoc Nguyen and nine individuals collectively known as the “JabberZeus” suspects.#9 – Viet Quoc NguyenBeginning around February 2009, Viet Quoc Nguyen a/k/a “Vandehiu” a/k/a “Peter Nguyen” partnered with Giang Hoang Vu a/k/a “Lee Vu” and others to defraud at least eight different email service providers (ESPs) and to send spam mail to numerous individual recipients.Nguyen and Vu’s malicious scheme began when they acquired crypters, covert monitoring tools, and malware. The two black-hat hackers then launched phishing email attacks against some of their targeted ESPs. Those campaigns delivered malware, thereby allowing Nguyen and Vu to access victimized employees’ computers in order to steal credentials for their employer’s systems.The stolen information laid the foundation for Nguyen and Vu to access the ESPs’ systems and steal confidential information including tens of millions of customers’ email addresses. In other cases, they abused that access to launch phishing attacks against other ESPs’ employees in order to infiltrate those companies’ systems. Sometimes they even leveraged the email addresses they stole to conduct spam mail campaigns leading to Nguyen’s affiliate-marketing websites.For his alleged crimes, a federal grand jury charged Nguyen with 29 counts including wire fraud, aggravated identity theft, and other offenses. It wasn’t long after that the United States District Court in the Northern District of Georgia in Atlanta, Georgia issued a federal warrant for his arrest on 3 October 2012.Nguyen is known to have resided in Deventer, Netherlands and Hanoi, Vietnam around the time that he is believed to have committed the crimes.#8 – The JabberZeus SuspectsIn 2012, the United States District Court for the District of Nebraska indicted nine individuals for having infected thousands of computers with the Zeus banking Trojan, malware which they used to steal millions of dollars from victims’ bank accounts.The charges against them include conspiracy to participate in a racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.Those named in the indictment include the following:Vyacheslav Igorevich Penchukov, 32, of Ukraine, aka “tank” or father”Ivan Viktorvich Klepikov, 30, of Ukraine, aka “petr0vich” or “nowhere”Alexey Dmitrievich Bron, 26, of Ukraine, aka “thehead”Alexey Tikonov, of Russia, aka “kusanagi”Yevhen Kulibab, aka “jonni”Yuriy Konovalenko, aka “jtk0”John Doe #1, aka “lucky12345”John Doe #2, aka “aqua”John Doe #3, aka “mricq”Together, this cybercrime ring unlawfully installed the Zeus banking Trojan on victims’ computers, allowing them to steal usernames, passwords, and other information necessary for them to gain access to their victims’ banking accounts.By claiming they were employees of the victims and were authorized to manage their funds on their behalf, the JabberZeus suspects tricked a number of organizations, including a bank and a company based in Nebraska, into wiring more than $70 million to “money mules” based in the United States. These persons then forwarded some of the funds to the conspirators.In total, the JabberZeus suspects are believed to have successfully stolen or attempted to steal upwards of $220 million.While a number of individuals have been found, tried, and convicted, the scheme’s four masterminds—Penchukov, Klepikov, Bron and Tikonov—remain at large.

8 checklist items to help with GDPR compliance

The European Union (EU) adopted the General Data Protection Regulation or GDPR on April 2106 to keep personal data for EU citizens safe. In the wake of an increase in the number of malicious attacks that compromise businesses’ networks, it was high time government regulation stepped in to protect personal data.

Energy-saving Bitcoin rival Chia raises from A16Z, plans mini-IPO

Bram Cohen invented torrenting. Now he’s building a cryptocurrency called Chia that doesn’t waste electricity like Bitcoin, and top investors are lining up. Chia has just raised a $3.395 million seed round led by AngelList’s Naval Ravikant and joined by Andreessen Horowitz, Greylock and more. The money will help the startup build out its Chia coin and blockchain powered by proofs of space and time instead of Bitcoin’s energy-sucking proofs of work, which it plans to launch in Q1 2019.