Informática Forense
Follow
Find
23.9K views | +4 today
 
Rescooped by Javier Pagès López from Informática "Made In Spain"
onto Informática Forense
Scoop.it!

Presentación del Libro: "Hacker Épico"

Presentación del Libro: "Hacker Épico" | Informática Forense | Scoop.it

Será el 31 de enero de 2013, a las 20:30, en La Casa de Zamora (C/ las Tres Cruces, 12, Madrid).

 

Habrá degustación de vino y canapés, y sorpresas por parte de los autores.

more...
No comment yet.

From around the web

Informática Forense
Todo sobre las evidencias informáticas, lucha contra la ciberdelincuencia, seguridad informática, etc.
Your new post is loading...
Your new post is loading...
Scooped by Javier Pagès López
Scoop.it!

15 Reasons to be Optimistic about ICS Security in 2015

15 Reasons to be Optimistic about ICS Security in 2015 | Informática Forense | Scoop.it

This is the companion article to our 15 Reasons to be Pessimistic about ICS Security in 2015 that we ran on Friday. On Wednesday I'll lay out what to look forward to in 2015 

based on these two contrasting articles.

Many of the items below come from experiences with clients, peers and ICS community friends. They are not as visible as most of the pessimistic items, but they are activities going on in real companies making real progress on these issues.

 

1) Many large asset owners, those with 10, 50 or 100 ICS spread around the world, are deploying ICS security programs across all sites with required security controls and metrics that management is tracking.

2) The mainstream press remains hot on ICS security stories.

3) Multiple high quality ICS security training options are available.

4) Application whitelisting deployed on ICS computers with and without vendor blessing.

5) Some universities are now performing true ICS security research.

6) More ICS vendors are implementing an effective security development lifecycle (SDL).

7) The NIST Cybersecurity Framework is launching C-level discussions and programs.

8) Governments around the world are now engaged in this problem. Varying approaches, different results.

9) Peer pressure … multiple examples in 2014 where ICSsec projects were launched because competitor/peer was doing it.

10) Virtualization is becoming a mainstream deployment option.

11 Greater acceptance of the need for an inventory, data flow diagrams and other basic documentation.12) Leaders in wide variety of sectors beginning ICS security efforts. It’s not focused on electric, petrochem any more.13) Wait … we are still running Windows XP? Management awakening to state of cyber maintenance neglect and finding it unacceptable.14) Vendors are, admittedly still slowly, adding security posture acceptance tests to FAT and SAT.15) Large consulting practices, i.e. IBM, PWC, …, are creating ICS security teams.
more...
No comment yet.
Rescooped by Javier Pagès López from SME Cyber Security
Scoop.it!

The Seven Types of Cybercriminals - Slate Magazine

The Seven Types of Cybercriminals - Slate Magazine | Informática Forense | Scoop.it
Manhattan District Attorney Cyrus Vance Jr. appeared on Charlie Rose this week to talk about the priorities he has set for his team since taking office at the beginning of 2010.

Via Roger Smith
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Ten Commandments of Disaster and Business Continuity Management

Ten Commandments of Disaster and Business Continuity Management | Informática Forense | Scoop.it

As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.

Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.

Keep Updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.

Be aware of current events: Understand what is happening around the enterprise - know if there is a chance for weather, sporting or political event that can impact the enterprise's operations.

Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.

Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.

Centralize information - Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal, helps avoid the need to hunt for documentation, which can compound a crisis.

Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing - silo testing alone does not accurately reflect multiple applications going down simultaneously.

Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.

Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.

Define metrics and create score cards: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.
more...
No comment yet.
Rescooped by Javier Pagès López from Technology in Business Today
Scoop.it!

Hacking as a Service Hits the Mainstream

Hacking as a Service Hits the Mainstream | Informática Forense | Scoop.it
A fledgling website created last fall connects hackers with clients willing to pay for their services. Nearly 50 hackers have listed their services on Hacker's List so far, for tasks including data recovery, penetration testing and computer forensics. More than 500 hacking jobs reportedly had been out to bid as of last week, with prices ranging from $100 to $5,000.

Via TechinBiz
more...
vinarack's curator insight, January 20, 10:28 PM

hacking as a service hít the mainstream

Roger Smith's curator insight, January 21, 4:23 PM

Once again a paradigm change in tactics from the criminals

Emlyn Davies-Cole's curator insight, January 21, 11:47 PM

Nice, creates more jobs, and now you can get that specialized and ultimately customized service you always wanted.

Scooped by Javier Pagès López
Scoop.it!

La Policía Científica, colapsada: los jueces tienen que esperar hasta dos años para los análisis forenses

La Policía Científica, colapsada: los jueces tienen que esperar hasta dos años para los análisis forenses | Informática Forense | Scoop.it
Los jueces están hartos de los recortes del Gobierno que han afectado a la Policía Científica y un grupo de jueces ha hecho circular por internet su queja, denunciando que los juzgados deben esperar hasta 24 meses para que empiecen a realizarse los análisis forenses que los juzgados solicitan....
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

15 Reasons to be Pessimistic about ICS Security in 2015

15 Reasons to be Pessimistic about ICS Security in 2015 | Informática Forense | Scoop.it
If this is too depressing, wait for Monday's article 15 Reasons to be Optimistic about ICS Security in 2015.

 

1) Almost all ICS protocols are still insecure by design with no end in sight. Access to ICS = Compromise.

2) Most potentially influential organization, US Department of Homeland Security (DHS), still will not say critical infrastructure ICS need to be upgraded or replaced. Playing small ball with little or no impact.

3) No legitimate or reasonably honest and objective Automation Press to reach engineers and technicians.

4) ISASecure stamp is still being put on insecure by design PLC’s and other embedded devices.

5) Influential ARC Advisory Group saying 20-something controlling the plant from his basement is inevitable and focus on securing it.

6) SCADA Apologists still dominate the ICS security thought leader / guru / industry and government expert positions.

7) Admiral Rogers NSA/US Cyber Command testifies that our lack of defense is why we need to have a strong offense in ICS security.

8) Malware targeting ICS applications and protocols.

9) ICS vendors seeing no negative financial impact to vulns/insecure by design product offerings. They are fearlessly saying our product offers no security.

10) The Internet of Things is confusing ICS security efforts.

11) “Nothing will change until something really bad happens” mantra.

12) Even when an ICS vendor has well documented security controls, the ICS vendor or integrator more often than not installs the ICS in most insecure/easiest to install configuration.

13) CSET.

14) Continued fascination and focus on vulnerabilities that matter little to critical infrastructure ICS risk.

15) Widespread misuse of defense-in-depth principle, just put up more security perimeters, as the solution for ICS security issues.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

EL MUNDO, blanco de un 'ciberataque'

EL MUNDO, blanco de un 'ciberataque' | Informática Forense | Scoop.it

Las páginas web de las principales cabeceras de Unidad Editorial sufrieron este miércoles un ataque informático que afectó a su normal uso, según han confirmado esta mañana los especialistas de la Guardia Civil. El ciberataque provocó la caída de los servidores en las ediciones digitales de EL MUNDO, Marca, Expansión y Telva. Las plataformas en internet de estas publicaciones recibieron una afluencia anormal de tráfico basura que colapsó su funcionamiento, lo que se conoce como un ataque de denegación de servicio.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

El CCN-CERT defiende el patrimonio tecnológico español en sus jornadas

El CCN-CERT defiende el patrimonio tecnológico español en sus jornadas | Informática Forense | Scoop.it

El Centro Criptológico Nacional (CCN) celebró los días 10 y 11 de diciembre la octava edición de sus jornadas de ciberseguridad, en las que se dieron cita expertos del sector para debatir sobre los riesgos y amenazas cibernéticas a las que se enfrentan las Administraciones Públicas y las empresas de interés estratégico.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Spam Nation: Cybercrime and spam are far bigger security threats than you think

Spam Nation: Cybercrime and spam are far bigger security threats than you think | Informática Forense | Scoop.it
In Spam Nation, cybersecurity expert Brian Krebs investigates Russian spammers and seeks to educate users about how valuable their assets are to cybercriminals.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes | Informática Forense | Scoop.it

Una vulnerabilidad crítica en los routers ADSL de Movistar compromete la seguridad de sus clientes.

 

Se ha descubierto una grave vulnerabilidad en el router Home Station ADB PDG A4001N que instala Movistar a sus clientes de ADSL. El problema de seguridad permite acceder a la configuración del equipo desde el exterior tan solo sabiendo la dirección IP pública del cliente.

 

El nuevo dispositivo que está instalando la operadora en sus líneas ADSL dará que hablar en los próximos días. Un grave fallo de seguridad descubierto por Eduardo Novella permite leer código HTML desde el exterior sin ningún tipo de restricción  por parte del dispositivo. Un atacante podría acceder al cifrado de la conexión, SSID de la misma o datos críticos que comprometen la conexión del abonado.

 

El equipo llegó al mercado en 2012 y fue diseñado Telefónica I+D para incorporar funciones que hasta el momento no proporcionaban los equipos de la operadora. Fue el primer router  en Movistar con WiFi N, y DLNA para acceder a contenidos multimedia. También fue el primero en incorporar conexión vía 3G para las situaciones en las cuales el ADSL no funcionaba.

 

Tanto Movistar como el fabricante Pirelli deben lanzar una actualización urgente que corrija este problema. 

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

USA - Securing the electric grid

USA - Securing the electric grid | Informática Forense | Scoop.it

New regulations put utilities on the clock for physical security improvements.


Electric substations need to be secure and the Federal Energy Regulatory Commission undertook the creation of regulations for physical access and security.

more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Diez consejos para comprar 'online' de forma segura estas navidades

Diez consejos para comprar 'online' de forma segura estas navidades | Informática Forense | Scoop.it
Un año más, las compras online se presentan como la alternativa más interesante a pasarse largos minutos haciendo cola tras un mostrador.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Cinco medidas de seguridad clave para la Navidad

Cinco medidas de seguridad clave para la Navidad | Informática Forense | Scoop.it
El mayor uso de los equipos informáticos y dispositivos móviles exige revisar la protección antivirus, los permisos de apps y utilizar el sentido común al dar datos personales.
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

El Ministerio del Interior activa el Plan Nacional de Protección de Infraestructuras Críticas para proteger los servicios esenciales tras el atentado en París

El Ministerio del Interior activa el Plan Nacional de Protección de Infraestructuras Críticas para proteger los servicios esenciales tras el atentado en París | Informática Forense | Scoop.it

La Secretaría de Estado de Seguridad ha dado orden a las Fuerzas y Cuerpos de Seguridad del Estado de colaborar con los operadores críticos en la protección de varias decenas de infraestructuras críticas en todo el territorio nacional.


El Ministerio del Interior ha puesto en marcha el Plan Nacional de Infraestructuras Críticas tras el atentado terrorista perpetrado en París (Francia) y ha ordenado al Centro Nacional para la Protección de las Infraestructuras Críticas (CNPIC) la activación de los protocolos de seguridad correspondientes al Nivel 3 del Plan de Prevención y Protección Antiterrorista.

Estos protocolos consisten en la remisión a los Cuerpos Policiales competentes (estatales y autonómicos) de aquellos objetivos, existentes en su demarcación, especialmente sensibles ante un hipotético atentado terrorista.

Al mismo tiempo, se ha contactado con los operadores críticos afectados a fin de que extremen las medidas de seguridad en torno a sus instalaciones, que permanecen en contacto permanente con el CNPIC y monitorizadas por los cuerpos policiales respectivos, que han establecido sus planes de contingencia y apoyo a los diferentes operadores.

Además, se ha activado el equipo de respuesta ante emergencias informáticas Computer Emergency Response Team (CERT) de Seguridad e Industria, competente para la protección de las infraestructuras críticas ante las amenazas provenientes del ciberespacio que está alertado ante la posibilidad de ataques cibernéticos.



more...
No comment yet.
Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

Singapore Forms Cyber Security Agency After World Hack Attacks | SecurityWeek.Com

Singapore Forms Cyber Security Agency After World Hack Attacks | SecurityWeek.Com | Informática Forense | Scoop.it
The Cyber Security Agency of Singapore will established on April 1, 2015 and will provide dedicated and centralized oversight of national cyber security functions.

Via Pierre Levy
more...
No comment yet.
Rescooped by Javier Pagès López from SME Cyber Security
Scoop.it!

The Web's #1 Hacking Tools Directory - with tutorial videos!

The Web's #1 Hacking Tools Directory - with tutorial videos! | Informática Forense | Scoop.it
Learn about the hackers tools of choice and what makes them so lethal when in the wrong hands. You are only as good as your usage of these tools...

Via Roger Smith
more...
No comment yet.
Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

Russia to establish new cyberthreat response centre

Russia to establish new cyberthreat response centre | Informática Forense | Scoop.it
A new state centre for cyberthreat response is being established in Russia this year, expected to be formally approved in March according to a Russian Parliament spokesperson talking to SCMagazineUK.com.

Via Pierre Levy
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC - Noticias de Tecnología

La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC - Noticias de Tecnología | Informática Forense | Scoop.it
La resurrección del DNI electrónico: el modelo 3.0 incorpora NFC El lanzamiento del nuevo documento se ha iniciado en Lleida, desde donde se extenderá al resto de España. Mejora la seguridad y permite la lectura sin PIN
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

El TJUE y los sistemas de videovigilancia de particulares que captan la vía pública | Abogacía Española

El TJUE y los sistemas de videovigilancia de particulares que captan la vía pública | Abogacía Española | Informática Forense | Scoop.it

A raíz de la reciente Sentencia de 11 de diciembre de 2014  recaída sobre el asunto C‑212/13 Sr. Ryneš vs Agencia Checa de protección de datos que había declarado que el Sr. Ryneš había cometido varias infracciones de la normativa de protección de datos, surgen varias cuestiones al respecto.


El supuesto encausado trae base de la instalación y utilización de una cámara fija situada bajo los aleros del tejado de la vivienda familiar. Dicha cámara no se podía girar y captaba imágenes de “la propia vivienda, de la vía pública y de la entrada a la vivienda situada enfrente”. Las imágenes se guardaban en un disco duro que al agotar su capacidad de almacenaje sobrescribía sobre las grabaciones más antiguas, no disponía de monitor por lo que no existían imágenes en tiempo real y solamente el Sr. Ryneš conocía las claves de acceso a sistema.



more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever

A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever | Informática Forense | Scoop.it
The attack marks only the second confirmed incident in which a wholly digital hack created physical destruction of equipment.
The post A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever appeared first on WIRED.
more...
No comment yet.
Rescooped by Javier Pagès López from SME Cyber Security
Scoop.it!

Why It's Time For A Board-Level Cybersecurity Committee

Why It's Time For A Board-Level Cybersecurity Committee | Informática Forense | Scoop.it
Just the past 12 months have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony Pictures), e-commerce sites (eBay), and financial institutions (JP Morgan) have all been victims.

Via Roger Smith
more...
Ewa K.'s curator insight, January 17, 10:51 AM

Artykuł opisujący ataki hakerów na popularne strony internetowe. Autorka opisuje jakie działania prewencyjne przed atakami powinien podjąć zarząd oraz dyrektor w celu ochrony sieci komputerowej swojej firmy.

Rescooped by Javier Pagès López from 21st Century Learning and Teaching
Scoop.it!

World's Biggest Data Breaches | Selected losses greater than 30,000 records | Learning basics of CyberSecurity

World's Biggest Data Breaches | Selected losses greater than 30,000 records | Learning basics of CyberSecurity | Informática Forense | Scoop.it
Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.

 

Learn more:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

 


Via Gust MEES
more...
Iva Santos's curator insight, January 5, 7:55 PM

Segurança e educação devem andar juntos.

 

Oksana Borukh's curator insight, January 7, 2:15 AM

Nice visualization of data breaches by year, by type, by industry etc.

Wron Ga's curator insight, January 18, 1:46 PM

Ukazuje wizualizacje najwiekszych danych,sztuczek oraz przecieków  dotyczacych róznych premier danego producenta

Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

Cyber Espionage Malware Taps Smartphones, Sends Chills - IEEE Spectrum

Cyber Espionage Malware Taps Smartphones, Sends Chills - IEEE Spectrum | Informática Forense | Scoop.it
Sophisticated malicious code hasn't gotten the notice that the Sony hack has, but that's the point

Via Pierre Levy
more...
No comment yet.
Rescooped by Javier Pagès López from War, Cyberwar, Geopolitics
Scoop.it!

A Few Thoughts on Cryptographic Engineering: On the new Snowden documents

A Few Thoughts on Cryptographic Engineering: On the new Snowden documents | Informática Forense | Scoop.it

Via Pierre Levy
more...
No comment yet.
Scooped by Javier Pagès López
Scoop.it!

Los hackers se defienden ante la RAE: “Somos expertos en seguridad, no delincuentes”

Los hackers se defienden ante la RAE: “Somos expertos en seguridad, no delincuentes” | Informática Forense | Scoop.it
La inclusión de palabras como ‘hacker’, ‘intranet’, ‘tuit’ o ‘wifi’, propias de la era de Internet, no ha supuesto, sin embargo, una verdadera modernización del contenido del Diccionario de la Real Academia.
more...
No comment yet.