Posts Tagged cyber security

DHS Probed Georgia’s Voting System

From The Daily Caller:

Georgian IT specialists traced 10 such scans back to a DHS IP address. DHS officials confirmed the attacks came from an unnamed contractor attached to the Federal Law Enforcement Training Center in Glynco, Georgia, a part of DHS.

FLETCO officials have refuse to identify the contractor and the agency did not respond to a DCNF inquiry about the intrusions.

, , , , , ,

No Comments

Energy Companies on the Frontline of Cyber Defense

From Oil & Gas Monitor:

At the heart of every oil and gas company are industrial control systems (ICS) and other operational technologies (OT) designed to efficiently, reliably, and safely process the extraction, refinement, and distribution of large quantities of fuel needed to keep global economies moving. Initially, OT systems were seen as immune to cyber security threats due to their separation from corporate IT.

However, in today’s hyper connected world, this approach is no longer realistic. In recognition of the cyber threats facing the energy sector, the U.S. Department of Energy issued its cyber security framework implementation guide earlier this year. It is designed to support organizations in the energy sector establish or align existing cyber security risk management programs to meet the objectives of the Cybersecurity Framework released by the National Institutes of Standards and Technology (NIST) in February 2014.

 

, , , , ,

No Comments

Israel Cyber Security Summit

From Defense Update:

Since the creation of cyberspace and the internet Israeli security experts and scientists have positioned the country at the forefront of cyber defense, developing everything from the basic building blocks of network security, data encryption and information protection to integrated system providing monitoring, simulation and rapid response in the event of cyber attacks. The Israeli government has recently established a national cyber center, with the goals to coordinate the research, development, legislation and preparedness among the academy, private and public sector, to enhance the protection and minimize vulnerability of the country’s commercial, industrial and public sector to hacking, cyber crime and cyber attacks.

, , , ,

No Comments

Islamist group warns of new cyber attacks on U.S. banks

From: Raw Story

DUBAI — An Islamist group on Tuesday said it will carry out new cyber attacks on US banking targets, according to SITE Intelligence Group, following similar attacks last week in response to an anti-Islam film.

In a statement a group of hackers calling themselves the “Cyber Fighters of Izz al-Din al-Qassam” said they planned to attack the website of Wells Fargo bank on Tuesday, that of US Bank on Wednesday and the PNC Bank on Thursday, SITE said.

Last week the websites of US banks Chase (a JPMorgan Chase affiliate) and Bank of America suffered a suspected cyber attack following threats against them by the same group.

, , , , , , ,

No Comments

Computer Virus: Reveton Ransomware

Reveton Ransomware

A new Internet virus is holding computers hostage across the United States and beyond.
– FBI, This Week

, , , , , , , ,

No Comments

New Malware Goes After Financial Information

CNET reports on the new Gauss malware tool:

Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.

, , , , , , ,

No Comments

Everyone Has Been Hacked. Now What?

From; Threat Level

On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee. More

Oak Ridge National Laboratory

Oak Ridge National Laboratory

, , , , , ,

No Comments

Mobile users more vulnerable to phishing scams

2011 story from: Fierce CIO

Security vendor: Mobile users more vulnerable to phishing scams
January 10, 2011 — 12:18am ET | By Caron Carlson

It’s not as though we need more reminders of the security risks mobile devices pose to the enterprise, but according to security vendor Trusteer, mobile users are three times more likely to be the victim of phishing scams than desktop users.

According to Trusteer’s research, based on a review of log files of a number of web servers hosting phishing sites, when mobile users access phishing sites, they are three times more likely to hand over their login data. Why are mobile users so gullible? One possibility is that it is more difficult to detect a phishing site on a mobile device, the company suggests.

Part of the vulnerability for mobile users is simply that they are always connected and inclined to read their email as it arrives, writes Trusteer CEO Mickey Boodaei, in a post on his company’s blog. “The first couple of hours in a phishing attack are critical. After that many attacks are blocked by phishing filters or taken down,” he writes. “Hence mobile users are more likely to be hit by Phishing just because they’re ‘always on.'”

more

, , ,

No Comments

Forced Hard Drive Decryption Is Unconstitutional, Appeals Court Rules

From: Threat Level

Forcing a criminal suspect to decrypt hard drives so their contents can be used by prosecutors is a breach of the Fifth Amendment right against compelled self-incrimination, a federal appeals court ruled Thursday.

It was the nation’s first appellate court to issue such a finding. And the outcome comes a day after a different federal appeals court refused to entertain an appeal from another defendant ordered by a lower federal court to decrypt a hard drive by month’s end.

Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.

, , , , ,

No Comments

The Cyber Security Industrial Complex

From: MIT

A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.

The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”

“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.

more

 

, , , , ,

No Comments

Russian Hackers Attack Illinois Utility

From: PopSci

The Illinois Statewide Terrorism and Intelligence Center released a “Public Water District Cyber Intrusion” report on November 10 that indicates that hackers may have had access to the system since September. Hackers using Russian IP addresses hacked the software vendor that makes the system. They were then able to access the vendor’s database of usernames and passwords, and used the stolen credentials for remote access to the SCADA system’s network. These vendors keep records of their customer’s access information for maintenance and upgrading the systems.

Two to three months before the discovery of the hack, operators noticed “glitches” in the remote access to the SCADA system. “They just figured it’s part of the normal instability of the system,” said Joe Weiss, cybersecurity expert and managing partner at Applied Control Solutions, who obtained a copy of the report. “But it wasn’t until the SCADA system actually turned on and off that they realized something was wrong.”

, , , , , , ,

No Comments

New Malware Brings Cyberwar One Step Closer

From: MIT
A newly discovered piece of malicious code dubbed Duqu is closely related to the notorious Stuxnet worm that damaged Iran’s nuclear-enrichment centrifuges last year. Although it has no known target or author, it sets the stage for more industrial and cyberwar attacks, experts say.

“This is definitely a troubling development on a number of levels,” says Ronald Deibert, director of Citizen Lab, an Internet think-tank at the University of Toronto who leads research on cyberwarfare, censorship, and espionage. “In the context of the militarization of cyberspace, policymakers around the world should be concerned.”

Indeed, the spread of such code could be destabilizing. The Pentagon’s cyberwar strategy, for example, makes clear that computer attacks on industrial and civilian infrastructure like chemical factories or power grids as well as military networks could be regarded as equivalent to a conventional bombing or other attack, if civilians were endangered.

more

, , , , , ,

No Comments

Cyber combat: act of war

From: WSJ via Kurzweil AI

Cyber combat: act of war

June 1, 2011

Source: Wall Street Journal — May 31, 2011

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, opening the door for the U.S. to respond using traditional military force.

Pentagon officials believe the most sophisticated computer attacks require the resources of a government. For instance, the weapons used in an assault such as taking down a power grid would likely have been developed with state support.

Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China.

Read original article

Topics: Computers/Infotech/UI | Survival/Defense

, , , , ,

No Comments

GovSec 2011: March 29-30

The Government Security Expo and Conference
Tuesday – Wednesday, March 29-30, 2011
Washington D.C.

Gain valuable insights into key issues central to the protection of our nation through in-depth conference sessions and conference-only keynote addresses.

GovSec, The Government Security Expo and Conference, features an exposition with a full spectrum of physical, IT and cybersecurity solutions, alongside wireless and mobility communications equipment for federal, state and local governments.  GovSec is a one-of-a-kind event that unites thousands of professionals tasked with securing our homeland, from the decision-makers at the federal level to the first responders, firefighters and police officers responding to catastrophic events in their hometown and every government security professional in between.  Attendance to the exposition is free for government, military, law enforcement and first responders as well as industry — new this year!

 

GovSec is co-located with U.S. Law, the U.S. Law Enforcement Conference and Exposition for federal, state and local law enforcement.

, , , , , ,

No Comments

Sophisticated Attacks Threaten Major Energy Firms

From: Dark Reading

New advanced persistent threat (APT) attack combines a variety of vectors, seeks to steal sensitive data, McAfee researchers say

By Tim Wilson

Researchers at McAfee yesterday revealed details of a new advanced persistent threat attack that uses a combination of methods in an effort to steal sensitive operations, exploration, and financial data from petroleum and energy companies.The new series of attacks, dubbed “Night Dragon,” may have begun as long ago as 2008, McAfee says in its report about the threat. “Now, new Night Dragon attacks are being identified every day,” the report says. Night Dragon’s creators “appear to be highly organized and motivated in their pursuits,” McAfee says.

The attack is “a combination of social engineering and well-coordinated, targeted, cyber attacks using Trojans, remote control software, and other malware.” The report says McAfee has seen evidence of the attacks in virtually every region of the globe, and that it has “identified tools, techniques, and network activities utilized … that point to individuals in China as the primary source. ”

more

, , , ,

No Comments