Archive for May, 2012

White House Targets Botnets With New Plan

From: PC Magazine

By Chloe Albanesius

Beware, botnets. The White House is coming for you.

As part of the Industry Botnet Group (IBG) – formed in September 2011 – the Obama administration, the Homeland Security Department, and nine private groups today unveiled several new initiatives designed to combat botnets.

Botnets are a large group of compromised computers used to generate spam, relay viruses, or flood a network or Web server with excessive requests to cause it to fail.

Energy assets in front line of cyber war

* Stuxnet leaks mean virus is available

* Energy sector espionage is on the rise

* Significant disruption could occur

By Daniel Fineren

DUBAI, May 31 (Reuters) – Global energy infrastructure is more vulnerable than ever in an escalating cyber war thanks to “sons of Stuxnet” electronic missiles, which can be created from the virus designed to sabotage Iran’s nuclear programme.

Cyber espionage is on the rise, with Chinese hackers stealing field data and cutting-edge technology from energy companies around the world since at least 2009, according to leading security firm McAfee (part of Intel Corp ).

The White House Unveils New Cyber-Security Strategy

From: Forbes

by Reuven Cohen

In the article “World War 3.0” in this months Vanity Fair magazine, Michael Joseph Gross lays out the stakes in what he describes as “ a new global conflict that could split the virtual world as we know it.” The spectacular piece tells of a decades old battle over who should have the power to control the Internet. Essentially, World War 3 has begun, and it’s not a conventional war, it’s a cyberwar. It’s a war for the future of the Internet and everything that touches it.

New Cybersecurity Center Kicks Off with Workshop

From: NIST

The National Cybersecurity Center of Excellence (NCCoE) will host a kickoff workshop on Tuesday, June 26, 2012. The workshop’s goal is to introduce the center, which will bring together experts from industry, government and academia to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex IT systems. The center is a partnership between the National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County.

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

From: ThreatPost

by Paul Roberts

The Department of Homeland Security Is Offering Organizations That Use Industrial Control Systems advice or mitigating the effects of cyber attacks. Among the agency’s recommendations: hold on to data from infected systems and prevent enemies from moving within your organization.

DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published a technical paper on cyber intrusion mitigation strategies on Friday. The document calls on critical infrastructure owners to take a number of steps to thwart attacks, or limit the damage they cause; among them: improving their ability to collect and retain forensic data, and to detect attempts by attackers to move laterally within their organization.

Gartner predicts huge rise in monitoring of employees’ social media use

From: CIO

by Grant Gross

Sixty percent of companies will monitor employees’ social media use for security breaches by 2015, the analyst says

Corporations are starting to embrace technologies used to monitor employee Internet use, with 60 percent expected to watch workers’ social media use for security breaches by 2015, according to a new report from Gartner.

Less than 10 percent of companies now monitor their employees’ use of Facebook, YouTube, LinkedIn and other social media sites for security breaches, although many companies monitor social media for brand management and marketing purposes, said the report, released Tuesday.

National Centers of Academic Excellence in Cyber Operations

From: Nextgov

The National Security Agency has launched a program that will designate certain schools as National Centers of Academic Excellence in Cyber Operations to build out an identifiable pool of cybersecurity expertise it can tap into, the agency announced this week.

It has selected Dakota State University in South Dakota, the Naval Postgraduate School in California, Northeastern University in Massachusetts, and the University of Tulsa in Oklahoma as the first four centers of excellence. NSA will offer selected students opportunities to enhance their education at summer seminars offered by the agency.

Flame: Massive cyber-attack discovered, researchers say

From: BBC

By Dave Lee

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as “one of the most complex threats ever discovered”.

Research into the attack was carried out in conjunction with the UN’s International Telecommunication Union.

Computer security breach at Thrift Savings Plan

From: Pensions & Investments

By Hazel Bradford

A cyber attack on a computer of a contractor for the $313 billion Thrift Savings Plan, Washington, could have compromised account information for about 123,000 plan participants, the Federal Retirement Thrift Investment Board, which oversees the plan, announced Friday.

Officials at the board stressed that the breach did not affect the TSP computers or website, and there is no evidence of identity theft or funds being diverted.

“The site was not accessed or compromised at all,” said board spokeswoman Kim Weaver in an interview. “It remains safe.”

ZTE confirms security hole in U.S. phone

(Reuters) – ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.

The hole affects ZTE’s Score model that runs on Google Inc’s Android operating system and was described by one researcher as “highly unusual.”

“I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.