Archive for the ‘Featured’ category


Researcher demos threat of “transparent” smartphone botnets

In a presentation at TakeDownCon in Las Vegas today, security researcher Georgia Weidman demonstrated how malware on smartphones could be used to create smartphone “botnets” that could be used in the same way as PC botnets, providing hackers with a way to insert code between the operating system’s security layers and the cell network. In an interview with Ars Technica, Weidman said that the approaches used by Carrier IQ developers to create phone monitoring software could be adopted by hackers as well to create botnets that could silently steal users’ data, or send data without users’ knowledge. “From what I’ve seen in Carrier IQ, they just didn’t think about what they were going to do,” Weidman said. “But malware writers are going to take advantage of those techniques.


Google Earth, other mobile apps leave door open for scripting attacks

In the rush to create mobile apps that work across the leading smartphones and tablets, many developers have leaned heavily on web development tools and use embedded browsers as part of their packaged applications. But security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting.

At today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered on mobile devices. “XSS is generally considered to be a browser attack,” Osborn said in an interview with Ars Technica. But many applications, he said, such as those built with cross-platform mobile-development tools like PhoneGap, use HTML rendering to handle display of data. If applications aren’t properly coded, it’s possible for JavaScript or other web-based attacks to be injected into them through externally-provided data. “Often, there are times when you can just make a JavaScript request and pull files from the local filesystem,” he said. Read more…


TakeDownCon Las Vegas Hosts Leading Industry Experts on Mobile Threats

As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, their security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.

December 1, 2011 – Top ethical hackers from across the US will unveil the latest threats to mobile devices at next week’s TakeDownCon security conference in Las Vegas. TakeDownCon is the highly technical IT Security conference series designed by EC-Council that first launched this May in Dallas.

“The focus of TakeDownCon Las Vegas is on mobile and wireless security and we have assembled an all-star cast of leading cybersecurity minds who will be presenting cutting-edge vulnerabilities from mobile cross-site scripting to smartphone botnets, mobile application exploits and Android viruses,” said Leonard Chin, Conference Director for TakeDownCon. “Mobile devices pose one of the most significant and growing threats to corporate IT security and our speakers will be addressing a number of critical security management issues that are highly relevant for today’s businesses.” Read more…


EC-Council Collaborates with Authorized Training Partner in the Netherlands at Infosecurity Netherlands Expo

Utrecht, Netherlands November 2, 2011 – In collaboration with EC-Council’s Authorized Training Partner in the Netherlands, EC-Council stamped its mark at the recently concluded Infosecurity Netherlands Expo.

EC-Council collaborated with its training partner in the Netherlands, Tshukudu Technology College BV (TSTC BV), to co-exhibit at one of the Netherlands’ largest information security tradeshows, held in Utrecht from November 2 -3 , 2011. This partnership demonstrated EC-Council’s goal of creating greater awareness towards information security training and education.

Speakers of EC-Council’s booth were organized by Gerard Smak, EC-Council’s exclusive distributor in the Netherlands, and Emile Kok, Director of TSTC. The speakers informed attendees about EC-Council’s certification classes’ use of labs and tools to educate information security professionals on securing their systems. Attendees were impressed by the presentations that explained how the courses used some of the most current attack vectors employed by the underground hacker community.

Attendees were presented with giveaways from EC-Council. The giveaways included a lucky draw session that awarded the winner electronic courseware, featuring the world-renowned Certified Ethical Hacker (CEH) program.

“The participation at Infosecurity Netherlands has allowed our partners to reap handsome rewards,” said Sean Lim, Vice-President of EC-Council. He further adds, “The awareness generated from this show will no doubt translate to higher take up rate of our certification training programs offered by our partners. We will continue to identify and spearhead such joint initiatives with our partners.”

Emile Kok, Director of Tshukudu Technology College BV (TSTC BV) said, “This has been a very fulfilling exercise, and EC-Council has once again demonstrated its leadership by championing such demand generation initiatives which will definitely help in the efforts to evangelize EC-Council security training offerings.”

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at www.eccouncil.org.

About Infosecurity Netherlands

Infosecurity.nl is the leading IT Security trade show in the Benelux region. For a decade now, Infosecurity.nl has been offering ICT professionals an overview of the latest security technologies, products and services. More than 140 exhibitors guarantee a wide exhibition programme. The keynote sessions, comprehensive seminar programme and other activities at the show also offer a great deal of inspiration for all your security issues. More information about Infosec Netherlands is available at http://www.infosecurity.nl


EC-Council to Host Highly Technical IT Security Conference Focusing on Mobile & Wireless Security

As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, its security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.

TakeDownCon, the highly technical IT security conference series designed EC-Council which was first launched in Dallas in May, is making its second appearance, this time in Las Vegas.

To be held at the magnificent M Resort Spa Casino from December 2 – 7, TakeDownCon Las Vegas will focus purely on mobile and wireless security. This highly technical conference will feature cutting edge presentations and demonstrations revolving around mobile and wireless security, from leading information security professionals and subject matter experts.

“The world is witnessing the evolution of mobile and wireless devices turning into a general-purpose computing platform. These devices and technology has become ubiquitous to our daily lives,” said Jay Bavisi, president of EC-Council. He adds, “As mobile devices grow in popularity, it has become more prominent targets for criminals. We hope to create a platform where critical issues surrounding the integrity of mobile and wireless security are discussed and debated.”

Read more…


Insulin pumps, other medical devices vulnerable to computer hackers

MIAMI — The special pumps used by hundreds of thousands of diabetes patients are vulnerable to computer hackers, who could make them deliver fatal doses of insulin, security researchers say.

Insulin pumps — like many other medical devices and hundreds of other everyday objects from cars to TVs and refrigerators — are vulnerable because they are controlled by computer chips that can be remotely programed via a wireless connection.

“I can issue [the insulin pump] any command I like,” McAfee security researcher Barnaby Jack told The Washington Times. “I can keep [it] dispensing [insulin] until the pump is empty.”

A typical pump reservoir contains about 300 units of insulin. Although exact doses vary among patients depending on body weight and other factors, 10 units would be enough to send someone to the hospital, and 20 units would kill most people. Read more…


Ethical Hacking Scholarship Recipient Announced to Equip Tomorrow’s IA Leaders with Skills to Lead Organizations’ Security Posture

The need for IT skilled professionals has never been greater as cyber threats and breaches increase at rapid speeds. In meeting the strong demand for highly educated information security professionals, EC-Council announces the recipient of a full Ethical Hacking Scholarship that will provide superior Information Assurance (IA) education. In addition, EC-Council University will award fifty applicants a Cyber Security Fellowship that will cut tuition costs in half.

October 24, 2011 Albuquerque, NM – Today, EC-Council University (ECU) awards the full-ride, $17,000 Ethical Hacking Scholarship to Mr. Kris Gairola. Gairola, an experienced IT Security Specialist, holds a bachelors degree in Information Systems and Operations Management from George Mason University along with several industry certifications, including EC-Council’s Certified Ethical Hacker (C|EH).

“We are extremely excited to award this scholarship to such an impressive applicant, and are looking forward to working with him as he develops his executive level IT and management competencies through the Master of Security Science (MSS) program,” says Dr. Kim Freeland, Dean of ECU, but adds that “It was a difficult decision to make due to the extensive pool of well-qualified applicants who submitted applications to be considered for the scholarship. Congratulations, Kris!”

Completion of the Masters of Security Science will provide Kris with the tools necessary to lead an organization regardless of its size in combating the ever-growing cyber threat. The MSS program will lay the foundation for lifelong learning and teach students, like Kris, how to grow, research, and adapt with the agility required to lead an organization’s complete security posture. MSS faculty are professionals who possess years of experience in the field of IT security and are considered experts by their peers. Faculty instruction, combined with their professional experience in IA, supports students as they work to apply various cyber security and management theories to real-world situations.

In addition to awarding the Ethical Hacking Scholarship, ECU is presenting fifty (50) Cyber Security Fellowships to well-qualified applicants who are looking to advance their careers in the ever-growing industry of information assurance. The Cyber Security Fellowship reduces tuition fees by fifty percent.

With cyber-security attacks on the rise, it is evident that the need for highly-trained IT security professionals will increase. A report released by the Government Accountability Office states that there have been 24 key agencies reporting Federal Cyber Security incidents, which is a 650 percent increase over the last five years. The Help Net Security magazine also reports that the number of critical vulnerabilities has tripled in 2011 and this led to the declaration of 2011 as the “Year of the Security Breach.” The Government Accountability Office suggests that the increase in the number of security incidents reported is due to a number of weaknesses with regard to how security is being implemented. Additional research and follow up shows lack of improvement furthering the issue. The lack of adequate training given to authorized personnel assisting in the monitoring of cyber security leaves businesses susceptible to attacks.

EC-Council University operates with the goal of meeting these industry needs by producing skilled IT and management innovators who will be the information assurance leaders of tomorrow. As organizations look for ways to safeguard their networks from cybercriminals, graduates will be there to provide solutions.

The Master’s of Security Science program solidifies a symbiotic blend of executive leadership and tactical information security and infosec leadership skills by educating individuals in industry leading technologies and skills, executive leadership, psychology, management and ethics. Focusing on topics like “inside the hackers mind,” “ethical hacking”, and even “global leadership” provides a very unique skill set arming the graduate with the tools, knowledge, and ability to lead effectively against advanced persistent threats such as individually motivated hacktivists, state sponsored organizations, even organized crime exploiting digital technologies.

ABOUT EC-COUNCIL UNIVERSITY:

EC-Council University is a leading provider of information security education and training to professionals in the security and military fields, and post-graduate students. It is the developer of the ‘Master of Security Science,’ a 100 percent online degree program designed to provide students with a solid foundation in information security. The MS information security course is suitable for students with a wide range of previous security experience. The MSS program is offered online, enabling students to access classes from any location in the world and at any time. The University also offers several certifications, including Information Security Professional, IT Analyst, Digital Forensics and Executive Information Assurance, IT Disaster Recovery Certifications. Digital Forensics and Executive Information Assurance. Website: http://www.eccuni.us


CICRA, EC-Council sponsor first-ever Hacking Challenge and Information Security Quiz

CICRA Institute of Education in association with the International Association of Electronic Commerce Consultants (EC-Council), USA is sponsoring the first-ever Hacking Challenge and Information Security Quiz in Sri Lanka.

Each member of the winning team of the Hacking Challenge and the Information Security Quiz will receive a free training voucher to follow globally recognized, prestigious but expensive Certified Ethical Hacker (C|EH) training programme at the state of the art computer laboratory at the CICRA Institute of Education in Colombo. Read more…


Indian Team Emerge as Regional Champions of the Global Cyberlympics Competition held at GITEX, Dubai

Global CyberLympics (http://cyberlympics.org), the international team ethical hacking championships, held its first Middle East and India championships in Dubai, at GITEX. Teams from UAE, Jordan and India qualified for the regional championships that included for the very first time, two all-female teams. At the end of 3 days of intense competition, team Ctrl+Alt+Del from Deloitte Hyderabad India emerged as regional champions.

Dubai, UAE (PRWEB) October 14, 2011

The Global CyberLympics, endorsed by the cybersecurity executing arm of the United Nations, held its first Middle East and India regional championships at GITEX in Dubai, UAE.

Conceived by EC-Council, the Global CyberLympics is supported by the International Multilateral Partnership Against Cyber Threats (IMPACT), the cybersecurity executing arm of the United Nations’ specialized agency – the International Telecommunications Union (ITU) and endorsed by the Telecommunications Regulatory Authority (TRA) of the UAE. This is a series of ethical hacking games comprised of both offensive and defensive security challenges. Teams will vie for the regional championships, followed by a world finals round to determine the world’s best ethical hacking team. EC-Council is sponsoring over $400,000 worth of prizes at the CyberLympics.

The games come at a crucial time as global cyber threats appear to be escalating. According to the U.S. Cyber Consequences Unit, the annual loss of intellectual property and investment opportunities is $6 to $20 billion as a result of hacking. In a recent article about cyber espionage attacks against the US, the magazine Vanity Fair even referred to 2011 as “the Year of the Hack.”

“Congratulations to the team from Deloitte Hyderabad India! Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “We are very honored to have this initiative supported by key players in the information security community, including IMPACT, the cybersecurity executing arm of the United Nations, and also appreciative to GITEX, one of the 3 largest ICT exhibition in the world, for being such good hosts.”

Majed Almesmar, TRA’s deputy director general said during a press conference: “Proceeding from our belief in the importance of providing a safe cyber environment for UAE Internet users, we are glad to sponsor and support the Global CyberLympics Middle East Championships held during Gitex Technology Week. We believe that such events will help us uncover new talents and ideas in the field of information security, as well as contribute to raising global awareness on such issues and foster partnerships within information technology field among the nations of the globe.

Following up next will be the regional championships for North America, to be held at Hacker Halted Miami on Oct 25; South America, to be held at H2HC in Sao Paolo on Oct 30; and Asia Pacific, to be held at Hacker Halted Kuala Lumpur on Nov 15. The CyberLympics world final is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

Registration for the Global CyberLympics is open, and more details can be found at the official Global CyberLympics website: http://www.cyberlympics.org.

For media and partnership enquiries, please contact: Leonard Chin, Vice Chair – Global CyberLympics Organizing Committee: leonard [at] cyberlympics.org.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.

EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.


TRA and EC-Council Launch a Nationwide Educational Campaign on Cyber Security and Internet Safety at Gitex

The Telecommunications Regulatory Authority (TRA), represented by the National Computer Emergency Response Team (aeCERT), and the International Council of E-Commerce Consultants (EC-Council) launched a nationwide campaign aiming to educate students on cyber security and the risks of improper use of the internet. aeCERT also endorsed the ‘Global CyberLympics’ initiative.

The Global CyberLympics is an annual series of team-based cyber security games, with regional championships across different continents, and conclude with a world finals championship. The Global CyberLympics Middle East Championships will host the most skilled white hat hackers from the region, and the top two teams will represent the region to compete in the world finals championship in 2012. This not-for-profit initiative will create a platform through which information and expertise can be exchanged to support information security sector in the region.

In his opening statement during the press conference, H.E. Majed Almesmar, TRA Deputy Director General said, “Proceeding from our belief in the importance of providing a safe cyber environment for UAE Internet users, we are glad to sponsor and support the Global CyberLympics Middle East Championships held during GITEX Technology Week. We believe that such events will help us uncover new talents and ideas in the field of information security, as well as contribute to raising global awareness on such issues and foster partnerships within information technology field among the nations of the globe.” Read more…