CyberSecurity Institute

The campaign, part of a distributed denial-of-service (DDoS) operation that began last fall, is being led by the Martyr Izz ad-Din al-Qassam Cyber Fighters, which said it staged the attacks in protest of anti-Muslim film, Innocence of Muslims. … On Dec. 21, the Office of the Comptroller of the Currency (OCC), a regulating body for national banks, issued an alert about the apparent uptick in DDoS attacks being waged in the industry.

Link: http://www.scmagazine.com/news-briefs-the-latest-breaches-malware-and-hacktivist-activities/article/276469/

Appthority runs each app with both static analysis and dynamic analysis to determine what the app can do beyond its advertised main function (e.g., gaming, news services, productivity, etc.). Appthority analyzes an app to uncover, for example, what other apps it can communicate with; what backend systems, URLs or websites the app accesses; what permissions the app requests versus what permissions the app actually uses (because there’s often a mismatch there); what behaviors the app exhibits; and how the app is managing sensitive data, including whether or not it is using encryption.

This information is essential to enterprises that are trying to develop policy and manage mobile security, says Domingo Guerra, president and co-founder of Appthority. … “There are lots of technologies on the market that are policy enforcers, but they only enforce what you tell them to do.”

In the app reputation report released in July 2012, Appthority reported that 96% of iOS and 84% of Android apps can access at least one of these data risk categories.

Organizations that already use a mobile device management (MDM) or mobile app management (MAM) solution can incorporate Appthority’s app reputation information to help formulate policy of who can access what apps, and when.

To secure corporate content, networks and data, an enterprise really has to focus on risk management over that data, and what can access that data.

Link: http://www.networkworld.com/newsletters/techexec/2013/020113bestpractices.html

Just as Muddy Waters confirmed it did not send such a tweet about Audience, so too did Andrew Left, the California-based investor who runs Citron, said his company did not send a message about Sarepta.

The twin incidents targeted a pair of Nasdaq stocks that are not among the most actively traded on a daily basis, showing how certain company shares are vulnerable to information posted on social media networks, even if the information is misleading.

“You need a more volatile stock for this kind of manipulation – obviously if you were to try it on IBM it wouldn’t work,” said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham, New Jersey.

The tweet, with the user name “@citreonresearc,” alleged that drug trial results from the biopharmaceutical company had been tainted and doctored, according to screen shots of the posting captured by Twitter users.

Matt, a trader in San Diego who did not want to give his last name, but who goes by the handle @given2tweet on Twitter, said, “There’s a real severity to that tweet.

The company, which has a market cap of about $692 million, is volatile, moving more than 1 percent in six of the past seven sessions.

Audience went public in May 2012 and has a market cap of $254 million as of Tuesday’s closing price, rising about 15 percent so far this year.

Link: http://au.news.yahoo.com/thewest/business/a/-/tech/16031129/second-twitter-hoax-in-two-days-smacks-another-stock/