NEWS

06.16.10

PC World: Hacker: Apple iPad Simply Not a Safe Platform

Apple's reputation for security continues to take hits as hacker group Goatse Security this week accused the company of failing to patch a flaw in Safari -- known since March -- and rendering iPads susceptible to active exploits in the hundreds, if not thousands.

PC World: Hacker: Apple iPad Simply Not a Safe Platform

Sac Bee: Famous hacker suddenly finds himself infamous, in some quarters

On Thursday afternoon, Adrian Lamo sat quietly in the corner of a Starbucks inside the Carmichael Safeway, tapping on a laptop that requires his thumbprint to turn on and answering his cell phone.

06.11.10

FCW: DHS would be cyber power center under Lieberman/Collins proposal

Three senior senators on the Senate Homeland Security and Governmental Affairs Committee today introduced comprehensive cybersecurity legislation that would establish a center in the Homeland Security Department to protect the country’s computer networks, power grid and critical infrastructure from cyberattacks.

06.09.10

ValleyWag: Apple's Worst Security Breach: 114,000 iPad Owners Exposed

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

06.08.10

Korea Times: Military Leaders Warn of North Korea Cyber Attack

Military leaders called North Korea's cyber threat "real," Tuesday, and said there was a high possibility it will conduct an attack on South Korean communication networks during the G-20 Summit to be held in Seoul in November.

Krebs On Security: ATM Skimmers: Separating Cruft from Craft

ATM skimmers –or fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data — are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap

Times Online: Nato warns of strike against cyber attackers

NATO is considering the use of military force against enemies who launch cyber attacks on its member states. The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China.

06.03.10

Krebs on Security: ATM Skimmers: Separating Cruft from Craft

05.29.10

Krebs on Security: Cyber Thieves Rob Treasury Credit Union

Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake City last week, in a brazen online robbery that involved dozens of co-conspirators, KrebsOnSecurity has learned.

05.24.10

NextGov: NASA Security Chief Orders Bold Change To Secure Networks

In what is being described as a break away movement that security professionals say will better secure porous computer systems, NASA's top security chief ordered his staff on Tuesday to shift their focus from certifying that networks are compliant with a nearly decade-old law to monitoring systems for holes and real-time reporting of threats.

05.14.10

Dark Reading: Authorities Arrest First Suspect In Massive Identity Theft Ring

Indian police said yesterday that they have detained a Ukranian man charged in the U.S. with stealing some 40 million credit and debit card numbers. Sergey Storchak was detained after he landed in New Delhi on a domestic flight from the southwestern holiday state of Goa on Monday, a police spokesman said. He is one of 11 people wanted by the U.S. Justice Department in "the largest hacking and identity theft case ever prosecuted," which was filed in August 2008.

Mashable: Facebook Attracts More Phishing Attacks Than Google and IRS

New research from Kaspersky Lab shows that the number of phishing attacks on social networks has increased in the first quarter of 2010, especially at Facebook, the fourth most popular online target.

05.11.10

Threat Level: Coder Journeys From Wall Street to Prison

Now a little-noted postscript to that high-profile case is unfolding, away from the media spotlight, as a handful of convicted accomplices in Gonzalez’s schemes — who’ve been free on bail since the case began — say goodbye to their families and friends, and check themselves into federal prison for years. They’re paying the price for various roles in the massive crimes.

05.10.10

Zero Day Blog: Should a targeted country strike back at the cyber attackers?

Should a targeted country retaliate over cyber attacks using kinetic weapons, or offensive cyber warfare capabilities? Common sense says 'yes', the dynamics of cyber warfare say 'think twice' before doing it, or you may easily end up attacking the wrong country, perhaps even your own infrastructure

05.06.10

Guardian: Countries are risking cyber terrorism, security expert tells first world summit

The spectre of crashing power grids, stalled air control towers, hospitals brought to a standstill and defences left wide open was raised at the first cyber-security world summit that ended today, when politicians, officials, military leaders and industrialists warned that the US and other countries were failing to protect computer networks and were vulnerable to attacks of catastrophic proportions.

05.04.10

PC World: Palin E-Mail Snoop Found Guilty on Two Charges

A federal jury in Knoxville last week convicted David Kernell, 22, of two charges in connection with the 2008 episode where he accessed the personal Yahoo e-mail account of Republican vice presidential candidate Sarah Palin and then initiated a worldwide rummaging of its contents.

The Hill: Whitehouse: Congress needs clarity on who handles cybersecurity

Sen. Sheldon Whitehouse (D-R.I.) on Monday stressed lawmakers needed to address gaps in cybersecurity enforcement that could create confusion over who handles a specific threat.

The OC Register: St. Jude patients' data stolen on computers

St. Jude Heritage Healthcare in Fullerton has notified about 22,000 patients that their personal health data might have been accessed after five computers were stolen. Heritage, which is affiliated with St. Jude Medical Center, sent letters about the theft last week, according to hospital spokeswoman Dru Ann Copping.

The Register: Hacked US Treasury websites serve visitors malware

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday.

04.30.10

Forbes: Seven Cyber Scenarios To Keep You Awake At Night

Here are several cyber security scenarios. The scary thing is, they have already occurred. While the incidents covered may affect adjacent or even unrelated industries it is advisable that IT security practitioners and other stake holders are aware of the threats posed by the prior occurrence of these scenarios.

04.29.10

PC World: Texas Man to Plead Guilty to Building Botnet-for-hire

David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents.

04.28.10

Wired: S.F. Admin Guilty of Hijacking City Passwords

After a six-month trial, a San Francisco city admin was found guilty Tuesday of a sole felony count of hijacking the city’s computer system. Terry Childs, 45, was guilty of one count of locking out the city from its FiberWAN network containing city e-mails, payroll, police records, information on jail inmates and more — virtually an all-access pass to City Hall.

04.27.10

CNET: Visa targets online marketing 'scam'

Visa, one of the world's largest credit card companies, is taking aim at "scam" marketing practices that were quietly used by some of the Internet's largest retailers in recent years.

Information Week: CIA Boosting Cybersecurity Investment

The move is in line with a government-wide ramp-up in cybersecurity efforts across all agencies that have responsibility for protecting critical infrastructure in the United States, such as the Department of Homeland Security and the National Security Agency.

04.26.10

CIO Today: Sarah Palin Testifies in E-Mail Hacking Case

Sarah Palin has testified against her accused e-mail hacker. A 22-year-old man allegedly hacked into Palin's Yahoo e-mail account during the 2008 presidential race. The former Alaska governor said she used the "gov.palin" Yahoo account and a BlackBerry almost exclusively to communicate with her family in Alaska while she was campaigning.

04.23.10

Dark Reading: Cybercriminal Advertising: 1.5 Million Stolen Facebook Accounts For Sale

Researchers at VeriSign's iDefense trolling an underground black market for stolen social networking credentials found one criminal selling a cache of 1.5 million stolen Facebook account credentials.

Help Net Security: Survey: 71% of companies monitor employee social media use

Over seventy percent of corporations have visibility into employee use of social media, according to a recent survey from nCircle.

04.14.10

Bank Info Security: Insider Threat: No Industry is Safe

The fraud cases that result from employees stealing data continue to grow, and insider threat expert Dawn Cappelli says no industry sector is safe.

Zero Day Blog: Do teens hack? Survey says 1 in 6 do

A newly released survey, ‘Teenage Hacking Habits’, reveals that based on a sample of 1000 teenagers, 16% admitted to hacking, 34% had already started by age 13, 84% by age 16, and 51% hack from home.

04.13.10

Federal News Radio: GAO: Cybersecurity weak at all federal agencies

Federal agencies remain vulnerable to cyber attacks and security breaches. They are not taking the necessary steps to secure Internet connections and computer systems. That's the conclusion in two new reports from the Government Accountability Office.

Forbes: For Small Businesses, Account Fraud Adds Up

One fact that the cybersecurity industry doesn't often mention: that identity theft is largely a problem for businesses, not consumers. As banks take more measures to insulate consumers from the danger of stolen credentials, the cost of fraud for individuals is lower than ever.

Krebs on Security: Adobe, Microsoft Push Security Upgrades

Software giants Adobe and Microsoft today each released software updates to fix critical security flaws in their products. In addition, Adobe is rolling out a new auto-updater tool that should make it easier for hundreds of millions of Adobe Reader users to more safely run one of the most frequently attacked software applications.

04.12.10

Business Week: BofA insider to plead guilty to hacking ATMs

A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.

WSJ: Criminals Prey on the Unemployed

Out of work for six months, Mary Long spent hours each day surfing the Web. She found a job listing this fall for a logistics manager that paid $65,000 a year and fired off her resume. But the company, Advanta Transportation Network LLC, appears to be part of an increasingly common scam that has snared Ms. Long and many others, according to cybercrime experts.

04.09.10

Wired: Online Identity Thieves Filed for $4 Million in Tax Refunds Using Names of Living and Dead

A group of sophisticated identity thieves managed to steal millions of dollars by filing bogus tax returns using the names and Social Security numbers of other people, many of them deceased, according to a 74-count indictment unsealed in Arizona Thursday.

04.08.10

SC Magazine: Romanian police, FBI break up 70-strong eBay fraud ring

Romanian authorities, in conjunction with U.S. law enforcement, have arrested 70 individuals from three different organized cybercrime groups on charges they perpetrated online auction scams that targeted eBay users.

WSJ: Getting Inside the Mind of a Hacker

When it was discovered earlier this year that hackers in Europe and China had successfully broken into computers at close to 2,500 companies and government agencies around the globe, Derek Manky was on the job, helping to minimize damage and coordinate a defense. "In a nutshell, my job is fighting cyber crime," says Mr. Manky who works in cyber security and threat research for Fortinet Inc., a computer network security company.

04.07.10

Computer World: Threat of cyberattacks from overseas high, federal IT execs say

A survey released Tuesday by Lumension Security Inc. highlighted growing fears among federal IT security officials of cyberattacks being launched against critical U.S. infrastructure targets by foreign adversaries in the near future.

04.05.10

Computer World: No one can duck Heartland fallout until it stops

Last week's report of JC Penney trying to keep its name out of the Heartland credit card debacle didn't get anywhere near the attention heaped upon hacker mastermind Albert Gonzalez netting himself a 20-year prison sentence in the case, so it's definitely worth a mention here.

Forbes: US govt effort against ID theft said to fall short

An internal review has found that the Justice Department has not done enough to fight identity theft, the fastest-growing crime in the country.

04.02.10

ExecutiveBiz: Melissa Hathaway on Quantifying the Value of Cybersecurity

Melissa Hathaway, author of the 60-day White House cybersecurity review and former acting senior director for cyberspace at the National Security Council, is promoting the American National Standards Institute and the Internet Security Alliance’s 76-page report “The Financial Management of Cyber Risk.”

PC World: Before Fire, Ukrainian Hosting Company Was Improving

A Ukrainian hosting provider struck by fire last weekend had been taking steps in recent months to cleanse its network of servers used by cybercriminals, according to a security expert.

04.01.10

GovInfoSecurity: A Year of Cybersecurity

On the first anniversary of Government Information Security, Eric Chabrow takes a look back at the major cybersecurity developments of the past year.

The New New Internet: Misunderstanding, Ignorance Reasons Why Businesses Lack Adequate Cybersecurity

Despite growing awareness of how devastating a cyber attack could be, many businesses still haven’t implemented security measures, which risks putting them in a group of corporations that have already lost a trillion dollars in stolen intellectual property, said panelists at a news conference on the release of a report highlighting financial management of cyber risk.

03.31.10

Darpa Chief: Fix America’s Critical Geek Shortage

In a speech last week [.pdf] to the government’s subcommittee on terrorism, unconventional threats and capabilities, Dugan outlined her vision for the future of the Pentagon’s blue-sky research arm, with everything from plant-based vaccines to biomimetics making the short list. But none of it’s possible, she told the panel, without more investment in American universities, and industry, to cultivate the techies of the future.

03.30.10

Boston Globe: TJX hacker’s ‘lieutenant’ gets 7-year sentence

In US District Court in Boston yesterday, Judge Douglas Woodlock sentenced Christopher Scott of Miami, who helped infiltrate the wireless data networks of several national retailers, to seven years in prison.

Computer World: JC Penney tried to block publication of data breach

Retailer JC Penney fought to keep its name secret during court proceedings related to the largest breach of credit card data on record, according to documents unsealed on Monday.

Government Technology: California CIO Teri Takai Named U.S. Defense Department IT Chief

California CIO Teri Takai, one of the highest-profile leaders in state and local government IT, has been nominated by President Barack Obama to become CIO of the U.S. Department of Defense (DoD), according to a White House statement Monday, March 29.

03.29.10

Computer World: Military warns of 'increasingly active' cyber-threat from China

On the same day that Google Inc. and the GoDaddy Group Inc. complained about China to a congressional committee, U.S. Navy Admiral Robert Willard appeared before the U.S. House Armed Services Committee with an even stronger warning about cyber-threats posed by China.

03.26.10

Homeland Security Newswire: DHS to work with ISP to test Einstein 3 cyber security system

DHS will work with a commercial ISP to test the partially classified Einstein 3 system; Einstein 3 is designed to do real-time, deep packet inspection and threat-based decision making on data traffic entering or leaving federal agency networks

03.25.10

CNET: T.J.Maxx hacker sentenced to 20 years in prison

Albert Gonzalez, the computer hacker behind one of the largest known identity fraud cases in U.S. history, was sentenced on Thursday to 20 years in federal prison.

Information Week: President Obama's Twitter Account Hacked

French police arrested a man Thursday for allegedly hacking into the Twitter accounts of U.S. President Barack Obama and other famous individuals. Authorities said the 24-year-old Frenchman, who has not been identified, used the online pseudonym "Hacker Croll" while breaking into various Web sites.

PC World: Safari, IPhone Hacked on First Day of Pwn2Own Contest

Apple's Safari browser got hacked on both Snow Leopard and the iPhone during the first day of the annual Pwn2Own contest, where security specialists can win the hardware they successfully attack. As CNet reports, security analyst Charlie Miller won $10,000 after remotely exploiting Safari on a MacBook Pro.

03.24.10

Computer World: U.S. said to be eyeing cybersecurity ambassador role

The U.S. is weighing the creation of an ambassador-level position for negotiating cybersecurity matters at the United Nations and for ensuring the country has a consistent international policy on the issue, according to the Wall Street Journal.

CSO Online: Smart Phone Attacks: Here and Now

CSO Senior Editor Bill Brenner warns that the ubiquitous nature of BlackBerry, iPhone and other smart phones means once-theoretical threats are now a clear and present danger.

eSecurity Planet: FBI Underboss Says Cyber Criminals the New Mafia

Speaking here at the FOSE government IT show, Deputy Assistant FBI Director Steven Chabinsky said that high-tech crimes have become the bureau's top law-enforcement priority, reflecting the heightened concerns about cybersecurity across the senior ranks of the federal government.

Washington Post: GoDaddy.com plans to stop registering domain names in China

GoDaddy.com Inc., the world's largest domain name registration company, plans to tell lawmakers Wednesday that it will cease registering Web sites in China in response to intrusive new government rules that require applicants to provide extensive personal data, including photographs of themselves.

Washington Post: Thousands of dollars taken from bank accounts linked to ATM card skimmer

Thousands of dollars in unauthorized withdrawals were made from bank accounts in the Washington area after a skimming device was attached to an ATM in Alexandria, authorities said.

03.23.10

Wired: Russia Arrests Alleged Mastermind of RBS WorldPay Hack

Russian authorities have nabbed the man accused of masterminding a coordinated global ATM heist of $9.5 million from Atlanta-based card processing company RBS WorldPay. Viktor Pleshchuk, 28, of St. Petersburg, was arrested by the Russian Federal Security Service, or FSB, according to the Sunday Mail, which broke the story last week in the United Kingdom.

03.22.10

Computer World: As health data goes digital, security risks grow

Over the next four years, the amount of personal medical information online will increase exponentially, opening up new avenues for hackers to expose personal data that, unlike financial information, can result in a permanent violation of privacy.

Politico: Congress vulnerable to online attacks

Congress is under constant attack. But the assailants aren’t just partisan adversaries, special interests or foreign agents. These predators come armed with bytes and have names like Trojan, Spybot and Worm.

Security Info Watch: Breach of patient data at Wake Forest University Baptist Medical Center raises security concerns

The theft of a document containing the names and Social Security numbers of 554 patients at Wake Forest University Baptist Medical Center was hardly unusual. Federal health officials say that it was the 47th time since September 2009 that patient records of some sort had been breached from hospitals and health-insurance companies nationally.

03.20.10

NYT: Academic Paper in China Sets Off Alarms in U.S.

It came as a surprise this month to Wang Jianwei, a graduate engineering student in Liaoning, China, that he had been described as a potential cyberwarrior before the United States Congress

03.19.10

Computer World: Revised US cyber-security bill cuts president’s powers

The latest version of the US Cybersecurity Act, S. 773, does not give the president the unilateral power to disconnect networks from the internet in a major cyber-attack as a previous version did.

ZD Net: Pwn2Own predictions: iPhone will be hacked

Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability. That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.

03.17.10

Wired: Hacker Disables More Than 100 Cars Remotely

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

03.16.10

Krebs on Security: Fiserv to Banks: Stay on Outdated Adobe Reader

One of the nation’s largest providers of money-transfer and online banking services to credit unions and other financial institutions is urging customers not to apply the latest security updates for Adobe Reader, the very application most targeted by criminal hackers and malicious software.

Wired: SEC: Hacker Manipulated Stock Prices

U.S. regulators are moving to freeze the assets and trading accounts of a Russian accused of hacking into personal online portfolios and manipulating the price of dozens of stocks listed on the Nasdaq Stock Market and New York Stock Exchange.

03.15.10

Help Net Security: The rise of amateur-run botnets

It used to be that cyber criminals were people with a highly technical skill set, but this is not the norm anymore. This fact became obvious some two weeks ago when news of the takedown of the Mariposa botnet and the three men behind it reached the global public.

Red Orbit: Cybercrime Losses Up Drastically In 2009

A report filed by the Internet Crime Complaint Center (IC3) said losses in the United States linked to online fraud increased by 110 percent from 2008, when losses were up only 11 percent from the previous year.

03.12.10

BBC: Inside the mind of a Russian hacker

Andrei is a young man with immense power at his fingertips. He's a reformed Russian hacker. Back hunched, eyes fixed on the computer screen in front of him, he demonstrates what he can do.

Politico: Sarah Palin testifying against hacker

Former Alaska Gov. Sarah Palin will testify in person next month against a college student who hacked into her e-mail account during the presidential campaign, Palin’s lawyer confirmed to POLITICO.

Wall Street Journal: China Warns Google

A Chinese minister made the government's strongest statement yet on Google Inc.'s future in the country, warning that the U.S. Internet company "will have to bear the consequences" if its follows through on its pledge to stop censoring its Chinese search site.

03.11.10

Computer World: Pennsylvania fires CISO over RSA talk

Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth's online driving exam scheduling system.

Krebs on Security: Crooks Crank Up Volume of E-Banking Attacks

Computer crooks stole more than $200,000 from an auto body shop in Ohio last month in a brazen online robbery. The attack is yet another example of how thieves are using malicious software to bypass bank security technologies that are often touted as strong deterrents to this type of fraud.

NextGov: VA investigating security breach of veterans' medical data

The Veterans Affairs Department's inspector general has launched a criminal investigation into a physician assistant's alleged downloading of veterans' clinical data at its Atlanta medical center, sources have told Nextgov.

Wired: Feds: TSA Worker Tried to Sabotage Terror Database

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

Wired: TJX Hacking Conspirator Gets 4 Years

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

03.10.10

ComputerWorld: FDIC: Hackers took more than $120M in three months

Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.

Network World: Scareware will be most costly security scam of 2010

Fake antivirus programs that encourage web users to part with their hard-earned cash and download hoax security software is likely to be the most costly scam of 2010, says McAfee. According to the security firm, cybercriminals make upwards of $300m from conning web users worldwide into downloading scareware.

Washington Post: Security gaps exploited in grade scandal remain, may be difficult to close

Montgomery County school officials have not yet closed gaps in their computer system that allowed students at a high-performing Potomac high school to change dozens of grades using a device that can be bought from Amazon.com for $69.

03.09.10

Computer Weekly: US cybersecurity efforts hindered by poorly defined roles says GAO

US cybersecurity defences are being hampered by a lack of clear definitions of the roles of the government agencies involved, according to the Government Accountability Office (GAO).

03.08.10

Dark Reading: Ford Motor Rolls Out New Security Features To Prevent Car-Hacking

Automobile giant Ford Motor this year will debut vehicles with built-in WiFi -- along with enhanced security features to prevent data breaches via its new cars.

IntelFusion: Russian and Ukrainian criminals favor The Planet for their Web hosting

James McQuaid has published an eye-opening post which graphically demonstrates what I’ve been saying ever since the first Project Grey Goose report came out in October, 2008; i.e., that the U.S. is the favored hosting provider for bad actors around the world. In this case, we’re talking about criminal enterprises operating out of Russia and the Ukraine and just one of the 20 or so U.S. companies who sell services to them – The Planet of Plano, TX.

Politico: Cyberattacks explode in Congress

Congress and other government agencies are under a cyber attack an average of 1.8 billion times a month, a number that has been growing exponentially since President Barack Obama took office.

03.03.10

Computer World: Tracing attack source key to cybersecurity strategy, Chertoff says

The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.

03.02.10

USA Today: Authorities bust three in infection of 13 million computers

SAN FRANCISCO — Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.

02.26.10

PC World: More Than 100 Companies Targeted by Google Hackers

The hackers who broke into Google two months ago have gone after more than 100 companies, according to an estimate by security vendor Isec Partners.

02.25.10

TMCnet: Integrity Global Security Intros New Cyber Security Solution

Santa Barbara, Calif.-based Integrity Global Security, LLC, a provider of IT security solutions for government, military and commercial enterprises, announced that it has unveiled a new cyber security solution, called “Integrity nWire,” which has the capability to protect against even the most sophisticated cyber threats, and also save companies’ money in total cost of IT ownership.

TrendLabs: A New Twitter Worm Is Making the Rounds

A new Twitter worm is making the rounds. If you receive a direct message from a “friend” that contains the following message: “This you????”

02.24.10

Business Week: U.S. Unprepared for ’Cyber War’, Former Top Spy Official Says

The U.S. isn’t prepared for a massive attack on its computer networks by another country, a former top intelligence official said.

Krebs on Security:IT Firm Loses $100,000 to Online Bank Fraud

A New Hampshire-based IT consultancy lost nearly $100,000 this month after thieves broke into the company’s bank accounts with the help of 10 co-conspirators across the United States.

TechWorld:Three out of four firms have experienced a cyber attack

Three quarters of firms have been the victim of a cyber attack in the last year, says Symantec. According to the security vendor's '2010 State of Enterprise Security' report, these attacks cost each organisation an average of $2 million a year.

Wired: ‘Sophisticated’ Hack Hit Intel in January

Intel is the latest U.S. corporation to acknowledge that it was hacked in January in a sophisticated attack that occurred at the same time that Google, Adobe and others were targeted.

ZDnet: 10 things you didn't know about the Koobface gang

With Koobface continuing to spreading across Facebook by utilizing hundreds of compromised sites as infection vectors, next to using them as distributed hosting infrastructure in an attempt to undermine potential take down activities, a common misconception regarding the gang’s activities shifts the attention from their true participating within the underground ecosystem.

02.22.10

New York Times: Hacking Inquiry Puts China’s Elite in New Light

With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution..... But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?

02.19.10

NY Times: Two Chinese Schools Said to Be Tied to Online Attacks

A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.

The Atlantic Wire: 4 Takeaways from the 'Kneber Botnet' Cyber Attack

A day after we highlighted America's cyber-security threats, a new hacker plot has been discovered. Cyber criminals from Europe and China have infiltrated around 75,000 computers at companies and government agencies, according to NetWitness, a computer-security company.

02.18.10

Forbes: Dozens Of Defense Contractors, Agencies Hacked

For anyone who has a security clearance and doesn't believe the U.S. faces a cyber-espionage crisis, Colonel Steven Shirley has 102 stories to share with you.

Washington Post More than 75,000 computer systems hacked in one of largest cyber attacks, security firm says

More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm.

02.17.10

eSecurity Planet: Identity Theft Cost Victims $54B in 2009

More than 11.1 million adults in the U.S. were victims of identity theft and fraud in 2009, a record number that illustrates both the volume and sophistication of online hackers and phishers, according to financial services researcher Javelin Strategy & Research.

Washington Post: War game reveals U.S. lacks cyber-crisis skills

Scene: The White House Situation Room. Event: A massive cyber attack has turned the cellphones and computers of tens of millions of Americans into weapons to shut down the Internet. A cascading series of events then knocks out power for most of the East Coast amid hurricanes and a heat wave.

02.16.10

The New New Internet: More Must Be Done to Prepare US for Cyber Attack

The US has experienced a widespread cyber attack, infecting telecommunications and other IT structures throughout the US infrastructure. The attacks have left the US telecom and IT infrastructure virtually disabled throughout the country.

02.15.10

Federal News Radio: DoD gives vendors new rules to protect data

From Titan Rain to the most recent cyber attacks on Google, Adobe and other vendors, federal information on contractor computer systems have been under siege for nearly a decade.

02.12.10

CIO Today: Hackers in China Feast on a Lucrative Market

Amid the Google cyberattack controversy and China's recent show of anti-hacking force, Chinese web sites continue to provide hacker training and spyware with impunity. Trojan horse attackers derive 95 percent of their revenues from selling virtual items and online game accounts. U.S. officials are certain that hackers are employed by the government.

PC World: Criminal hacker 'Iceman' gets 13 years

A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.

02.10.10

PC World: Identity Fraud On the Rise

Identity fraud hit more victims last year, increasing 12% to an estimated 11.1 million adults in the United States, according to new data.

02.09.10

ABC News: Security Chip That Does Encryption in PCs Hacked

Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.

New York Times: China Announces Arrests in Hacking Crackdown

HONG KONG — The police in central China have arrested three people and seized money and equipment worth hundreds of thousands of dollars in a crackdown on the country’s biggest commercial operation to train computer hackers, state media reported Sunday and Monday.

Wired: Sweden Probing Cisco, NASA Hacks

Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.

02.05.10

PC World: Kaspersky: Google Hack Takes Spotlight From Russia

Kaspersky Lab may not be a household name in the United States, but in some parts of the world, it's the most popular consumer antivirus software. In China the company boasts 100 million users, and the software is also popular in Germany, and, of course, Russia, where Kaspersky got its start in 1997.

02.04.10

Washington Post: Google to enlist NSA to help it ward off cyberattacks

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

02.03.10

Forbes: Cybercrime Checks Into The Hotel Industry

Over the past year America's hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals.

Fox: Intel Chief: U.S. at Risk of Crippling Cyber Attack

The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Tuesday.

SF Chronicle: Cybersecurity needs duck-and-cover campaign to boost national awareness

Shoring up U.S. cyberdefense should include educational programs that motivate private citizens to fight cyber threats through safer Web practices, much as school children were taught in the 1950s to hide under their desks and cover their heads in case of nuclear attacks, researchers say.

02.02.10

IT Business: Hackers peddling stolen Twitter accounts for $1,000

According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars.

SC Magazine: Report says U.S. needs new approach for security

The United States needs a new approach to secure cyberspace and prevent a “digital Pearl Harbor or 9/11,” concludes a new report issued Monday by the Cyber Secure Institute, a nonprofit cybersecurity analysis and advocacy organization.

02.01.10

Sydney Morning Herald: Cyber attacks take aim at the heart of the American empire

Al-Qaeda demonstrated on September 11, 2001, how a handful of scruffy extremists could use asymmetrical warfare to damage key US assets. Now imagine that the asymmetrical warfare against the US is being waged not by a few fanatics but by one of the world's most powerful nation states.

01.29.10

PC World: US House Leaders Ask for Investigation Into Hackings

n a letter, House Speaker Nancy Pelosi, a California Democrat, and U.S. Representative John Boehner, an Ohio Republican, asked the U.S. House of Representatives' Chief Administration Officer to immediately assess how hackers managed to deface the Web sites of nearly 50 house members and committees.

01.28.10

eSecurity Planet:National Archives Breach Exposes D.C. Insiders' Data

A hard drive was either lost or stolen from processing room at the National Archives and Records Administration in College Park, Md., sometime between October 2008 and February 2009, putting at risk the personal information of more than 250,000 Clinton administration staffers, White House visitors and job applicants.

NY Times: Survey Finds Growing Fear of Cyberattacks

A survey of 600 computing and computer-security executives in 14 countries suggests that attacks on the Internet pose a growing threat to the energy and communication systems that underlie modern society.

01.26.10

Financial Times: Hackers target friends of Google workers

Personal friends of employees at Google, Adobe and other companies were targeted by hackers in a string of recently disclosed cyberattacks, raising privacy concerns and pointing to a highly sophisticated operation, security experts said.

New York Times: In Digital Combat, U.S. Finds No Easy Deterrent

On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.

Wired: Hackers Targeted Oil Companies for Oil Location Data

Three U.S. oil companies were targeted in a coordinated hack that sought valuable information about new discoveries of oil deposits and other data, according to a new report in the Christian Science Monitor.

01.25.10

Wired:China Accuses U.S. of Cyberwarfare

In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran.

01.22.10

Dark Reading: New Details On Targeted Attacks On Google, Others, Trickle Out

New details about the targeted attacks against Google and other U.S. companies that resulted in the theft of source code and other intellectual property emerged today, while Microsoft released an emergency patch for a flaw in Internet Explorer that was exploited in those attacks.

Dark Reading: Secretary Clinton: Countries, Individuals Who Wage Cyberattacks Should 'Face Consequences And International Condemnation'

It was a speech mostly promoting Internet freedom around the world, but U.S. Secretary of State Hillary Clinton today also called out China in light of allegations by Google that a wave of targeted attacks on Google and other companies originated from that country.

SC Magazine: Political hackers deface Network Solutions-hosted sites

The hackers were able to break into several of Network Solutions' servers and then display their illegitimate content on top of the actual content of victimized websites, Shashi Bellamkonda, head of social media and strategy for Network Solutions, told SCMagazineUS.com on Wednesday.

01.21.10

Computerworld: Heartland's $60M breach settlement offer not enough, lawyers say

Lawyers representing financial institutions in a data breach lawsuit against Heartland Payment Systems Inc are calling a recently proposed $60 million settlement offer from the company as way too meager.

01.20.10

Defense Systems: New threats compel DOD to rethink cyber strategy

The Defense Department’s widely heralded decision to create a new Cyber Command by October 2009 is still languishing in limbo.

Krebs on Security:

A leading security researcher today published perhaps the best evidence yet showing a link between Chinese hackers and the sophisticated cyber intrusions at Google, Adobe and a slew of other top U.S. corporations late last year.

Threat Post: Microsoft: Emergency IE Patch Coming Tomorrow

The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.

01.19.10

Sky: Anti-Semitic Hackers Target Jewish Chronicle

The website of Britain's leading Jewish newspaper has come under attack from hackers calling themselves Palestinian Mujaheeds.

Business World: Bill on cybercrime penalties approved on final reading

THE HOUSE of Representatives yesterday passed on third and final reading a bill that seeks to impose penalties on crimes committed through the Internet.

CNET: Google's spy case: Not the first, nor the last

The recent cyberattacks on Google and other U.S. companies became public because they prompted Google's dramatic showdown with China, but attempts to steal corporate secrets using the Internet happen under the radar on a daily basis.

Hackers create opportunity for military firms

For U.S. military firms, the latest revelations of highly sophisticated hacker attacks on Google Inc. are highlighting a new reality, and a potentially lucrative business: The battlefield is shifting to cyberspace.

01.18.10

Wired: Darpa: U.S. Geek Shortage Is National Security Risk

Sure, we’re all plugged in and online 24/7. But fewer American kids are growing up to be bona fide computer geeks. And that poses a serious security risk for the country, according to the Defense Department.

01.15.10

CNET: New IE hole exploited in attacks on U.S. firms

Attackers targeting Google and a host of other U.S. companies recently used software that exploits a new hole in Internet Explorer, Microsoft said Thursday. "Internet Explorer was one of the vectors" used in the attacks that Google disclosed earlier this week, Microsoft said in a statement. "To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6," the statement said.

01.14.10

Ars Technica: Researchers identify command servers behind Google attack

VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware.

Computer World: Alleged China attacks could test U.S. cybersecurity policy

The attacks on Google and more than 30 other Silicon Valley companies by agents allegedly working for China is focusing renewed attention on the issue of state-sponsored cyber attacks and how the U.S. government should respond to them.

WSJ: Web Is New Front Among Cold War Foes

Alleged attacks on Google Inc. from China redraw the battle lines between the U.S. and its former Cold War adversaries, who are now squaring off on a new front: cyberspace. In the new cyber war, the targets are U.S. companies as much as embassies or spy services, because corporations hold giant repositories of sensitive information and can be easier to crack.

01.13.10

CSO: Google Hack Raises Serious Concerns, US Says

A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday.

Dark Reading: U.S. Army Website Hacked

Romanian hackers continue to have a field day with SQL injection flaws in major Website applications: A vulnerability in a U.S. Army Website that leaves the database wide open to an attacker has now been exposed.

Krebs on Security: Money Mules Helped to Rob W. Va. Bank

I have written a great deal about how organized cyber gangs in Eastern Europe drained tens of millions of dollars from the bank accounts of small- to mid-sized businesses last year. But new evidence indicates one of the gangs chiefly responsible for these attacks actually managed to hack directly into a U.S. bank last year and siphon off tens of thousands of dollars.

01.12.10

Dark Reading: Court Indicts 19 In Massive Cybercrime Scam

A federal grand jury in Dallas Friday indicted 19 defendants in "a massive cybercrime conspiracy" -- a Web hosting scam that defrauded both customers and contractors.

MacWorld: Group behind Twitter hack takes down Baidu.com

The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com.

SF Chronicle: Pirate's cove: The eastern havens

This third in a series of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes discusses the environment or climate affecting the activities of cyber pirates and privateers.

01.11.10

DefenseNews: Cybersecurity: Make It Work This Year

2009 had all the makings to be a banner year for cybersecurity: The need had been identified, guidance was promised, appointments were planned and mandates were discussed. Unfortunately, 2009 will be remembered as the year that wasn't, and the challenge facing us now is to make sure 2010 doesn't follow suit.

01.09.10

Computer World: Social networking hacks: Top 10 Facebook and Twitter security stories of 2009

Facebook and Twitter use skyrocketed in 2009, and naturally the social networking sites became magnets for hacker attacks and sparked other types of privacy concerns.

01.08.10

Information Week: Cyber Thieves Raid School District Bank Account

The Federal Bureau of Investigation (FBI) and New York State Police are investigating an attempt last month to steal about $3.8 million from the Duanesburg Central School District in Schenectady County, New York.

01.06.10

Cybersecurity: Here’s What Really Worries the Pentagon

12.31.09

Threat Level: Feds Warn Small Businesses to Use Dedicated PC for Online Banking

In the wake of a rash of hacks on computers owned by small businesses, the FBI and the American Banking Association have issued an alert advising businesses to use only a dedicated PC for online banking, according to USA Today.

12.22.09

WSJ: FBI Probes Hack at Citibank

The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.

12.15.09

MX Logic: Experts: Real-time search vulnerable to malware

The recent addition of real-time search results from blogs and social networking services has provided a fertile new target for cyber criminals, according to online security experts.

12.14.09

Bloomberg: HSBC Heist Includes Data on 130,000 Clients Worldwide, JDD Says

The data stolen from HSBC Holdings Plc’s private bank in Geneva includes information on 130,000 clients from around the world, Le Journal du Dimanche reported, citing Eric de Montgolfier, chief prosecutor in Nice, France.

CNET: Heartland data breach lawsuit dismissed

The U.S. District Court for the District of New Jersey granted Heartland's motion to dismiss the lawsuit on Monday, Heartland said in a statement on Wednesday. The court said the plaintiffs had not proved their allegations that Heartland executives knew the company had inadequate security and misled the public about it, according to a report on StorefrontBacktalk.

NY Times: In Shift, U.S. Talks to Russia on Internet Security

The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace.

NY Times: Viruses That Leave Victims Red in the Facebook

t used to be that computer viruses attacked only your hard drive. Now they attack your dignity. Malicious programs are rampaging through Web sites like Facebook and Twitter, spreading themselves by taking over people’s accounts and sending out messages to all of their friends and followers.

12.11.09

SC Magazine: National data breach notification bill passed in U.S. House

The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all U.S. individuals whose information is breached. The law requires that the Federal Trade Commission to also be notified.

12.08.09

Dark Reading: Hacker Exposes Unfixed Security Flaws In Pentagon Website

A Romanian hacker has posted a proof-of-concept attack exploiting vulnerabilities on the Pentagon's public Website that were first exposed several months ago and remain unfixed.

The Register: Hacker scalps NASA-run websites

The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online. Hackers appear to have taken advantage of SQL Injection flaws and poor access controls in mounting the attack, reports Gunter Ollmann, an ex-IBM security expert who is now VP of Research at security firm Damballa.

Wired Threat Level: TSA Leaks Sensitive Airport Screening Manual

Who needs anonymous sources when the government is perfectly capable of leaking its own secrets? Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.

12.07.09

Dark Reading: Bank Phishing Attacks Snare Few Victims But Tally Major Damage

If you've ever wondered just how lucrative a phishing campaign against your bank can really be, then consider this: Phishers actually land a tiny percentage of victims, but the end result is big bucks -- to the tune of $2.4 million to $9.4 million a year, according to a new study that measured real phishing attacks on banks.

12.06.09

Danger Room: Cybersecurity: Here’s What Really Worries the Pentagon

In Washington, “cybersecurity” is a term that’s come to have a thousand meanings, and none at all. Any crime, prank, intelligence operation, or foreign-government attack involving a computer has become a “cyber threat.” But at the Pentagon, they aren’t worried about some kid painting a Hitler moustache on Defense Secretary Robert Gates’ online portrait. They’re not even that concerned about a full-scale attack on the military’s networks – even though the modern American way of war depends so heavily on the free flow of data. In the military, there’s now broad agreement that one cyber threat trumps all others: electronic espionage, the infiltration (and possible corruption) of Defense Department networks.

12.04.09

IDG News: New Study Calls for Cybersecurity Overhaul in U.S.

The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.

MX Logic: ntrusive privacy program yanked from DoD online store

A parental control program that can perform as spyware by recording the habits of child internet users has been pulled from an online store run by the U.S. Department of Defense, which cited privacy concerns.

12.03.09

GovTech: Many More Government Records Compromised in 2009 than Year Ago, Report Claims

If you're bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.

12.02.09

Help Net Security: Microsoft's security patches year in review: A malware researcher's perspective

It's no secret that Microsoft has had the lion's share of security vulnerabilities. Its success as a company has made it the most obvious and profitable target for malware authors for nearly twenty years now.

The Register: Malicious PDFs can commandeer BlackBerry Servers, RIM warns

Attackers can commandeer your BlackBerry servers by attaching maliciously formed PDF files to emails, Research in Motion warned Tuesday. The manufacturer of the smartphone advised users to install an update that patches multiple flaws in the BlackBerry's PDF distiller.

Wired: Restaurants Sue Vendor for Unsecured Card Processor

Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.

12.01.09

Bangor Daily News: Court to decide what time, trouble are worth in Hannaford breach

Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court.

GCN: The nation needs a clear cyber war doctrine

A recent study from McAfee on cyber crime and cyber warfare concluded that, like it or not, the world’s information infrastructures are becoming theaters of war, as nations develop offensive and defensive capabilities to wage cyber warfare.

11.25.09

Forbes: The Year Of The Mega Data Breach

But the decrease in data breaches is deceptive. In fact, the number of personal records that were exposed--data like Social Security numbers, medical records and credit card information tied to an individual--that hackers exposed has skyrocketed to 220 million records so far this year, compared with 35 million in 2008.

11.24.09

Computer World: Microsoft confirms IE6, IE7 zero-day bug

Microsoft today confirmed that exploit code published last week can compromise PCs running older versions of Internet Explorer (IE), but said its security team has not yet seen any in-the-wild attacks.

11.23.09

BBC News: New iPhone worm can act like botnet say experts

A second worm to hit the iPhone has been unearthed by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.

SC Magazine: Report: Cyberattacks against the U.S. "rising sharply"

A new report prepared for Congress found that the number of cyberattacks against the U.S. government is “rising sharply” in 2009, and many of the attacks are coming from Chinese state and state-sponsored entities.

SilconValley.com: Cyber criminals lurk on social networking sites

More and more people are using social networking sites, including, sadly, criminals seeking to take advantage of the rest of us. Threats on those sites include applications and quizzes, as well as malware, worms and viruses. But the main risk, says Trend Micro's Rick Ferguson, is information you post yourself that can jeopardize your privacy and your security.

The Australian: Hackers expose climate brawl

COMPUTER hackers have broken into Britain's leading climate science research centre, making public thousands of private emails between top climate change scientists and, in the process, laying bare their bitter disagreements about the cause of climate change.

11.20.09

Network World: Cyberattacks on U.S. military jump sharply in 2009

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60 percent this year.

Threat Level: Palin Calls E-Mail Hack ‘Most Disruptive’ Campaign Event

Never mind the disastrous interview with Katie Couric or the blank stares in response to Charlie Gibson’s question about the Bush Doctrine. Former vice presidential candidate Sarah Palin calls the hacking of her Yahoo e-mail account “the most disruptive and discouraging” incident in last year’s presidential campaign.

Washington Post: Experts: Smart grid poses privacy risks

Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called "smart grid" efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers' daily power consumption.

11.18.09

Infosecurity Magazine: Los Alamos fails to toe information security line again

Los Alamos National Laboratory has spent $45 million on information security for its classified computer network in the past eight years, but it is still inadequate, according to a report from the Government Accountability Office.

11.16.09

Computer World: Obama said to be close again to naming cybersecurity chief

The Obama administration is once again reported to be close to naming a White House cybersecurity coordinator. A story in the Federal Times, quoting unnamed sources, said that an announcement could come as soon as Thanksgiving.

SC Magazine: Mass Mutual database accessed without authorization

The personal information about employees of Springfield, Massachusetts-based insurance provider, Mass Mutual might be at risk after a company database was accessed by an individual without authorization.

11.13.09

Dark Reading: New Flash Attack Has No Real 'Fix'

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.

11.12.09

Computer World: PCI DSS: No Angel, But Certainly Not the Devil

Security luminaries Anton Chuvakin and Ben Rothke explain why 451 Group analyst Josh Corman is off his rocker when he compares PCI security to a devil and "No Child Left Behind."

Dark Reading: 'Likely' Windows Kernel Vuln Addressed By Latest Microsoft Patch

Weighing in at about half the size of its giant October security patch, Microsoft's November security patch includes six security bulletins to address 15 vulnerabilities in Windows, Windows Server and Microsoft (NSDQ: MSFT) Office.

11.10.09

eCommerce Times: An FBI Cybercrime Agent's Tales From the Trenches

The stories that FBI Assistant Director of Cybersecurity Shawn Henry can tell are enough to keep any network security administrator up at night.

11.09.09

ComputerWorld: Gumblar malware's home domain is active again

ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

USA Today: PC users open doors to such worms as Conficker, Taterf

A year after it first slithered onto the Internet, the Conficker worm remains as virulent as ever, despite an unprecedented eradication campaign. Meanwhile, a similar, though less heralded worm, Taterf, is gathering steam.

11.04.09

GovInfoSec: Bill Defines New NIST Infosec Tasks

A House panel Wednesday approved a bill to increase the role of the National Institute of Standards and Technology in developing international cybersecurity technical standards.

11.03.09

Computer World: After one year, Conficker infects 7M computers

The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate.

10.30.09

Federal News Radio: DoD deputy CIO explains recently released open source memo

The Defense Department recently released a memo clarifying DoD's guidance on the use of open source.

Washington Post: A makeover for federal cybersecurity reporting

The federal regulations telling agencies how to secure their computer networks are overdue for an overhaul: Even the author of the 2002 law now admits that it needs updating to reflect today's threats from hackers, viruses and cyber spies.

10.28.09

Nextgov: Debate heats up over cybersecurity regulations for electric utilities

Representatives from the electrical industry sharply criticized on Tuesday a proposal in the House to extend federal regulation to include local power plants in major cities to protect them and the national power grid from cyberattacks.

Nextgov: Federal, industry reps call for national standards to report data breaches

The Homeland Security Department should establish a national standard to encourage companies and individuals to report data breaches to federal authorities, helping them gauge the intensity of cyberattacks and investigate cybercrime, security professionals said on Wednesday.

10.26.09

The Register: Botnet click fraud at record high

Malware-infected computers are increasingly being used to perpetrate click fraud, according to a study released Thursday that found their contribution was the highest since researchers began compiling statistics on the crime.

Threat Level: Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password.

Washington Post: FBI: Cyber crooks stole $40M from U.S. small, mid-sized firms

Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week.

10.23.09

WSJ: China Expands Cyberspying in U.S., Report Says

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

10.20.09

Last Watchdog Blog: Scareware purveyors turn to blackmail and botnet creation

Symantec and Panda Security have separately uncovered yet more evidence underscoring the rapid advance of scareware - and the increasing guile of its purveyors.

SC Magazine: DHS secretary: Cybersecurity is shared burden

In a live web address Tuesday, Department of Homeland Security Secretary Janet Napolitano said cybersecurity is a shared responsibility among consumers, the private sector and government, but a cabinet-level position dedicated to technology and cybersecurity is not needed.

Threat Level: Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks

A vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the internet, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue.

10.19.09

NextGov: Cybersecurity provider says most agencies have already been attacked

A new survey gauging the vulnerability of companies to cyberattack shows that most believe some sort of attack is inevitable. Cybersecurity provider Solera Networks has recently completed a network forensics survey that looks at what a lot of companies have done, and are in the process of doing, to head off cyberattacks.

10.16.09

Threat Level: ‘Known Software Bug’ Disrupts Brain-Tumor Zapping

The maker of a life-saving radiation therapy device has patched a software bug that could cause the system’s emergency stop button to fail to stop, following an incident at a Cleveland hospital in which medical staff had to physically pull a patient from the maw of the machine.

10.15.09

Network World: NASA network security torched

Watchdogs at the Government Accountability Office issued a 53-page report pretty much ripping the space agency’s network security strategy stating that NASA has significant problems protecting the confidentiality, integrity, and availability of the information and variety of networks supporting its mission centers.

10.08.09

SC Magazine: Certifiably Trusted

Rob Housman of the Cyber Secure Institute advocates using only the best IT to prevent attacks, reports Dan Kaplan....

10.06.09

AFP: Threat of next world war may be in cyberspace: UN

The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks.

Internet News: HP Hacking Challenge Yields Surprising Results

Last week, HP held a hacking challenge to test participants' security abilities. The challenge had both an internal HP and a public online component, with the purpose of teaching people about security by putting them through a series of challenges.

Mashable: 20,000+ Gmail, Yahoo, AOL Accounts Compromised [ALERT]

Yesterday, it was revealed that 10,000+ Hotmail accounts were compromised and all of the usernames and passwords of these accounts were posted online. It was a major security and scam issue, but it was thought to only affect Hotmail users.

10.05.09

Computer World: US Legislators Seek Stronger Health Data Breach Notifications

The House Committee on Energy and Commerce is voicing concern over a controversial provision in a recently passed health care breach notification bill that gives health care companies considerable discretion on whether to disclose a data breach.

10.02.09

PC Advisor: Spyware attack beats Facebook CAPTCHA

Hackers have found a way to create automated Facebook pages and are using them to spread spyware to unsuspecting users, says antivirus and internet security firm AVG Technologies.

10.01.09

Threat Level: Probe Targets Archives’ Handling of Data on 70 Million Vet

The inspector general of the National Archives and Records Administration is investigating a potential data breach affecting tens of millions of records about U.S. military veterans, Wired.com has learned. The issue involves a defective hard drive the agency sent back to its vendor for repair and recycling without first destroying the data.

09.30.09

Threat Level: New Malware Re-Writes Online Bank Statements to Cover Fraud

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

09.29.09

Security Fix: New IRS Scam E-mail Could Be Costly

The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix, falling for the ruse could cost you or your employer tens of thousand of dollars.

09.28.09

Dark Reading: New NIST Report Sheds Some Light On Security Of The Smart Grid

A draft report published today by the task group heading up the security strategy and architecture for the nation's smart power grid provided an initial peek at how the grid may be secured.

Security Fix: Cyber Gangs Hit Healthcare Providers

Organized cyber thieves that have stolen millions from corporations and schools over the past few months recently defrauded several health care providers, including a number of non-profit organizations that cater to the disabled and the uninsured.

09.27.09

Jail chaos as lag hacker is left in charge of computer system

A jailed hacker shut down a prison's entire computer system - after bosses gave him the job of programming it. Douglas Havard, 27, serving six years for stealing up to £6.5million using forged credit cards over the internet, was approached after governors wanted to create an internal TV station but needed a special computer program written.

09.25.09

Gov Info Security: DoD Units Fail to Sanitize Hard Drives Before Shipment

Several military units failed to adequately sanitize hard drives of data, including Social Security numbers of military personnel, before shipping the IT equipment to other organizations, in violation of Department of Defense rules, the DoD inspector general said in a report.

09.24.09

eWeek: Network Security & Hardware: Exposing How Rogue Antivirus Sites Snag Victims

eWeek goes behind the scenes of some of the successful rogue antivirus scams that have plagued the Internet.

MacWorld:Study: Social networking sites leaking personal information to third parties

Many major social networking sites are leaking information that allows third-party advertising and tracking companies to associate the Web browsing habits of users with a specific person, researchers warn.

NY Times:Obama Admin Releases Initial 'Smart Grid' Standards

The Commerce Department unveiled the first 77 "smart grid" standards today aimed at removing a major barrier to the implementation of digital grid technologies.

ZDNet: Hijacking Windows System Restore for cybercrime profits

GENEVA — Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials.

09.23.09

Last Watchdog: PCI compliance often ineffective in stopping data thieves

In concept, at least, the Payment Card Industry Data Security Standards, appear to form a useful and necessary layer of protection, well- designed for the specific task of repelling thieves from getting their mitts on credit- and debit- card account numbers and PINs.

09.21.09

Federal Times: Cyber threats adopting new tactics

Most cyber attacks now target software applications instead of operating systems, and federal agencies aren’t moving quickly enough to patch security vulnerabilities in those applications, according to a new study.

IT Pro Portal: Facebook Accounts Can Be Hacked For Only $100

Facebook is cautioning its users to be more watchful, as a group of some Eastern European hackers are reportedly offering an online password hacking service that can help others accessing their user accounts on the website for just $100.

The Register: Facebook app flaws create Trojan download risk

Grey-hat hacker Unu has discovered cross-site scripting vulnerabilities involving Facebook applications, of a type that might be used to distribute Trojan horse malware or launch other hacking attacks.

TimesOnline: New Trojan virus poses online banking threat

Cyber criminals have created a highly sophisticated Trojan virus that steals online banking log-in details from infected computers. The Clampi virus, which is spreading rapidly across hundreds of thousands of computers in Britain and the United States, infects computers when users visit websites that host a malicious code

09.17.09

CNN Money: Cybercrime: A secret underground economy

Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting Internet users every year in an on online black market.

Daily Tech: Hacker: Apple's Snow Leopard Protections Weaker Than Windows 7's

Still, security experts aren't so hot on Snow Leopard, criticizing the operating system's default firewall setting of "off", its lack of fully automatic updates, and weak anti-phishing efforts for Safari. They also weren't impressed that Apple shipped with a vulnerable version of Flash, which downgrade users from the safer current version.

Nextgov: Cybersecurity measure takes a back seat for co-sponsors

The Senate Commerce Committee's timetable for advancing broad cybersecurity legislation continues to slip as aides retool key provisions and the bill's co-sponsors -- Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine -- continue their prominent roles in the high-stakes healthcare debate.

09.15.09

Nextgov: Trade groups outline cybersecurity bill concerns

Technology trade groups and a prominent high-tech watchdog are worried that recent tweaks to a broad cybersecurity bill introduced in April by Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, do not alleviate concerns about proposed government standard-setting powers, which they say could impede innovation.

NY Times: Security Pros Are Focused on the Wrong Threats

Corporate information technology departments are prioritizing the wrong threats to their computer systems, focusing on old problems and leaving their companies open to a raft of new cyberattacks aiming at private customer and corporate information.

Washington Post: Data Breach Highlights Role Of 'Money Mules'

The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws.

09.14.09

Computer World: Windows Bug Enables PC Hijacking, Microsoft Warns

Microsoft Corp. last week confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs.

Nextgov: Outlook dim for international cooperation to fight cyber attacks

Protecting sensitive computer systems and networks from cyberattack requires international standards, but limited experience with Internet crime in developing countries and a reluctance from some nations to participate have stalled cooperation, said a panel of security experts on Monday.

Wired: Intelligence Analyst Charged With Hacking Top Secret, Anti-Terror Program

An analyst at a Defense Department spy satellite agency faces federal hacking charges after allegedly poking around in a top-secret system used in a classified terrorism investigation involving the FBI and the U.S. Army.

Wired: New York Times Reforms Online Ad Sales After Malware Scam

A security breach forced The New York Times on Monday to suspend online ads that are served directly from an advertiser’s website.

09.12.09

New Study from Symantec: Cyber Crime has Surpassed Illegal Drug Trafficking as a Criminal Moneymaker

Every three and a half minutes a crime is committed on the streets of New York City. Every two and half minutes a crime is committed on the streets of Tokyo. But every three seconds, an identity is stolen online — that’s nearly 10,512,000 identities each year. Cyber crime is real crime; and it is more profitable, provides more anonymity, and can be more difficult to prosecute than offline crimes. Today Symantec (Nasdaq: SYMC) the makers of Norton software, has launched a crusade against cyber crime.

ZDNet: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard

Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.

09.11.09

The Register: Scareware scumbags exploit 9/11

Net security firm Sophos reports a number of "9/11-related" webpages that actually host malicious code are using search engine manipulation techniques to boost their rankings on Google. Some of the targeted search terms refer to a woman, called Tania Head, who claimed to have been in the Twin Towers on 9/11 but was later exposed as a fraud.

09.10.09

MX Logic: Hacker pleads guilty in identity theft scam defrauding Wal-Mart

A Sacramento, California, hacker pleaded guilty to charges of fraud and identity theft for his involvement in an international cyberscam that used personal information stolen with phishing sites to open fraudulent Wal-Mart credit accounts.

The Atlantic: Franklin Kramer Is Top Candidate For Cyber Post

Franklin Kramer, a former assistant secretary of defense and well-regarded cyber security consultant, has been interviewed by several senior White House officials in recent weeks, fueling speculation that he is the leading candidate for the administration's top cybersecurity post.

ZDNet: Apple plugs 33 Mac OS X security holes, updates Flash on Leopard

Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.

09.09.09

Dark Reading: DuPont Alleges Second Insider Breach In Two Years

Just two years after discovering an insider breach that might have cost it $400 million, DuPont is alleging theft of trade secrets by another one of its employees According to an article in DuPont's home state of Delaware, DuPont has filed a lawsuit against -- and fired -- a Chinese-born employee who was allegedly about to leave Delaware and return to China with company trade secrets.

09.08.09

CNET: Microsoft issues critical Windows patches

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

FutureGov: US cyber security system sparks privacy row

A new version of a computer intrusion detection system being developed by the United States Department of Homeland Security has raised concerns from advocacy groups over privacy and the involvement of the National Security Agency (NSA) in the development of the software. The new system, known as Einstein 3, can reportedly read email as well as its original function, to detect malicious software.

Network World: Beware the evil lurking behind California wildfire

Capitalizing on popular search terms like "California wildfires" is one strategy hackers are using to direct people to fraudulent Web sites, said a security expert with Symantec Corp.

The Age: Hacking firms one click ahead of law

WHEN Elaine Cioni found out her married boyfriend had other girlfriends she turned to YourHackerz.com. For $US100, the website provided Cioni, then living in northern Virginia, with the password to her boyfriend's AOL email account. For another $100, she got her boyfriend's wife's password. And then the password of another girlfriend and the boyfriend's children.

09.06.09

Pittsburgh Tribune-Review: Experts: Hackers might view summit as 'a chance to make a statement'

Duquesne Light and Alcosan, two of Western Pennsylvania's largest utilities, are working to ensure a potential attack to their computer systems during the G-20 wouldn't disrupt service to tens of thousands of people.

09.03.09

BBC: Phones of princes 'hacked into'

There is evidence the phones of Princes William and Harry were hacked into by a News of the World reporter, a senior Metropolitan Police officer has said.

Fast Company: Security Expert Proves Hacking the Smart Grid Is a Snap

CNN recently demonstrated how a hacker equipped with $500 worth of equipment could take control of the grid, and now Mike Davis, a security consultant at IOActive, has presented a laundry list of ways that hackers could disrupt the smart grid.

09.02.09

Computer World: Five indicted in long-running cybercrime operation

New York prosecutors indicted five Eastern European men on Monday in an extensive credit-card fraud operation that netted the defendants at least US$4 million from some 95,000 stolen card numbers.

09.01.09

Dark Reading: Flaw In Sears Website Left Database Open To Attack

Business-logic flaw in Sears.com Web application could have let hackers brute-force attack the retailer's gift card database

08.28.09

GCN: New threats emerge from once-trusted protocols and services

The rapid morphing and bundling of exploits for known vulnerabilities could be the biggest concern for security experts, but that doesn’t mean that new threats are not emerging. Two of the most troubling are in the Domain Name System and Secure Sockets Layer, services users have trusted for years.

08.27.09

NY Times: Defying Experts, Rogue Computer Code Still Lurks

Like a ghost ship, a rogue software program that glided onto the Internet last November has confounded the efforts of top security experts to eradicate the program and trace its origins and purpose, exposing serious weaknesses in the world’s digital infrastructure.

08.25.09

Nextgov: Cybersecurity draft significantly altered

Sweeping cybersecurity legislation introduced by Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, in April has undergone major changes during the August recess and now features a more prominent focus on ensuring that the U.S. government and private sector have a properly trained workforce to thwart high-tech threats.

NY Times: Hackers Exploit an Evolving Web

The world’s savviest hackers are on to the “real-time Web” and using it to devilish effect. The real-time Web is the fire hose of information coming from services like Twitter. The latest generation of Trojans — nasty little programs that hacking gangs use to burrow onto your computer — sends a Twitter-like stream of updates about everything you do back to their controllers, many of whom, researchers say, are in Eastern Europe.

Wired: ‘The Analyzer’ Pleads Guilty in $10 Million Bank-Hacking Case

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New York last week to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.

08.24.09

Dark Reading: Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg

The long arm of the cybercrime gang allegedly behind some of the biggest data breaches -- TJX, Heartland Payment Systems, Hannaford Bros., and 7-Eleven -- may be connected with yet another major hack: that of a network of Citibank-branded ATM machines.

GCN: When systems are connected, can any be called low impact?

The Cyber Secure Institute has done a preliminary analysis of information security recommendations recently published by the National Institute of Standards and Technology, and, while generally approving, the institute finds fault with some of the recommendations.

SC Magazine: Identity fraud ring busted in New York

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.

08.22.09

Wired: Malware Turns Software Compilers into Virus Breeders

Security experts seem more intrigued than alarmed over a newly-discovered virus that inserts itself into a Delphi compiler, and replicates itself in every program compiled.

08.21.09

Gov Info Security: NIST Eyes IT Lab Reorganization

The National Institute of Standards and Technology is in the early stages of reorganizing its Information Technology Laboratory, with the aim to enhance NIST research on cybersecurity.

08.20.09

Dark Reading: Rare Malware A Hint Of Threats To Come

While pervasive, widespread malware attacks like Conficker get all the attention, there's another generation of obscure and dangerous malware that so far is too rare to be considered a threat -- but could provide a hint of things to come.

08.19.09

Forbes: Avoiding the Identity Theft Underworld

Cybercrime, which includes viruses, bots and phishing scams, has evolved from a nuisance to an extreme danger as global crime rings profit from online identity theft. Young hackers showing off their skills have been supplanted by an organized and underground criminal community. These bad guys understand business and technology, and they are just as structured as legitimate companies, using networks, staff and money laundering processes to earn money from stolen identities.

FTC extends breach notification to Web-based health repositories

The Federal Trade Commission has issued a rule that broadens the reach of data breach notification rules covered by the Health Insurance Portability and Accountability Act (HIPAA). The new FTC rule applies to companies that provide an online repository of health information, such as vendors that provide Web-based tools that track and maintain blood pressure readings and other health related data.

InternetNews: Radisson credit card breach a warning to businesses

t's already happened again. One week ago, ProPay warned readers of the benefits of end to end encryption in securing credit cards. Just yesterday, experts commenting on the Heartland hacker indictment told InternetNews.com that in the future, hackers would attack businesses who did not see IT security as their core competence.

The Street: President Obama's CTO: U.S. Needs Data Lockdown

U.S. firms must look beyond the headlines to see the cyber threats lurking within their own businesses, according to federal Chief Technology Officer Aneesh Chopra, who warns that sloppy security is leaving the door open for hackers.

08.17.09

NY Times: 3 Indicted in Theft of 130 Million Card Numbers

SAN FRANCISCO — The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins.

08.13.09

Threat Post: An Open Letter to Heartland CEO Robert Carr by Rich Mogull (Securosis)

Mr. Carr, I read your interview with Bill Brenner in CSO magazine today, and I sympathize with your situation. I completely agree that the current system of standards and audits contained in the Payment Card Industry Data Security Standard is flawed and unreliable as a breach-prevention mechanism. The truth is that our current transaction systems were never designed for our current threat environment, and I applaud your push to advance the processing system and transaction security.

08.11.09

Fierce Government IT: Are NIST cybersecurity guidelines too tame?

The National Institute of Standards and Technology (NIST) has issued a new set of guidelines for non classified data at civilian agencies, but experts say it falls short of what's needed to protect all government systems.

FutureGov: US cybersecurity guidelines come under fire

A new set of guidelines on cybersecurity released by the National Institute of Standards and Technology (NIST) in the United States has fallen short of the protection needed for government systems, a cybersecurity analysis group has warned.

PC World: Attacks on US, Korea Web Sites Leave a Winding Trail

The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.

08.07.09

CNET: Twitter, Facebook attack targeted one user

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial-of-service attack that led to the sitewide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

ComputerWorld: Cyber attackers empty business accounts in minutes

The criminals knew what they were doing when they hit the Western Beaver County School District. They waited until school administrators were away on holiday, and then during a four-day period between Dec. 29 and Jan. 2, siphoned $704,610.35 out of two of the school district's bank accounts

Financial Times: Marines Ban Social Networking Sites

The US Marine Corps has banned social networking sites from its network, the first move in a broad reassessment of the way the Pentagon and troops are engaging with an increasingly open web.

Internet Evolution: Responding to Digital Too Much Information (DTMI) By CSI's Rob Housman

As I noted in an earlier post on Internet Evolution, American society must eventually deal with an ever-growing digital record of people’s lives. How will we manage DTMI (digital too much information)? With lots of information even more easily accessible, it will be easier for companies to limit the pool of acceptable employees. It will be easier for the FBI to investigate people and deny security clearances for any transgressions. It will be easier for insurance companies to reject applicants.

Times: Millions Locked Out as Hackers Target Facebook and Twitter

The social networking sites Twitter and Facebook came under a “denial of service” attack yesterday, locking out millions of users.

08.04.09

Forbes: Ghost in the ATM

LAS VEGAS -- What happens in Vegas stays in Vegas--unless of course, somebody steals your identity.On Thursday, a Defcon attendee spotted a fake ATM nestled in a security blind spot at the hotel. The machine had an unbranded shell with a PC located inside. It's believed that the setup was designed to skim ATM cards. It is unknown how long the machine was there, or whether there are other fake ATMs in other casinos.

NIST Releases Federal IT Security Recommendations

Read Full Report Here

USA Today: Clampi Virus Targets Companies' Financial Accounts

LAS VEGAS — Cybersecurity experts are racing to tame a fast-spreading computer virus that takes deadly aim at financial accounts that are universally used by businesses.

Wired: Pentagon Social Media Czar Pushes Web 2.0, Despite Ban Threat

Last week, Danger Room broke the news that the Defense Department is considering banning access to Facebook, Twitter and all other Web 2.0 social networking sites from military computers, on the advice of the I.T. gurus at U.S. Strategic Command. “They make it way too easy for people with bad intentions to push malicious code to unsuspecting users,” a Stratcom source said of the sites.

07.30.09

Brits Won't Use Firms Involved in Security Breaches

Almost half of Brits claim they wouldn't purchase good or services from a company that had suffered a security breach, says SafeNet UK.

FCC Doesn't Coordinate Some Networks, GAO Says

The Homeland Security Department and the Federal Communications Commission aren't doing enough to coordinate their efforts in strengthening public safety emergency networks, according to a new report from the Government Accountability Office.

Forbes: How to Hijack Every Phone in the World

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

Google Defends Google Apps Security

Computerworld Google Inc. this week came swinging at critics who have called on the city of Los Angeles to re-think its plan to implement the Google Apps hosted e-mail and office applications due to privacy and security concerns.

IT Pro: Over Half A Million Credit Card Details Exposed

Over half a million credit card details may have been stolen after the servers of US firm Network Solutions were hacked.

TJX Settles Over Breach with 41 States

In a move to close the door on the largest reported retail data breach in history, TJX announced Tuesday that it has settled with 41 states who were probing the discount merchant's data security practices.

Wired: Vulnerabilities Allow Attackers To Impersonate Any Website

LAS VEGAS — Two researchers examining the processes for issuing web certificates have uncovered vulnerabilities that would allow an attacker to masquerade as any website and trick a computer user into providing him with sensitive communications.

07.29.09

Microsoft Offers Patches to Ward off ActiveX Attacks

Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks.

07.28.09

Adobe Investigating Zero-Day Bug in Flash

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers. The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is largely operating system-independent.l

America's 10 Most Wanted Botnets

Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Here's a list of America's 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States.

Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan

The Senate Intelligence Committee is demanding that the Obama administration supply it with the legal justifications it has produced for conducting government cybersecurity operations, or face losing funding for the projects, NextGov reports.

Cnet: LA Officials Question Google Apps Plan

A Los Angeles councilman and the head of a police group are questioning the city's plan to move government e-mail and other records onto Google's hosted Web service Google Apps.

Data Detailing New York Stock Exchange Network Exposed on Unsecured Server

Sensitive information about the technical infrastructure of the New York Stock Exchange’s computer network was left unsecured on a public server for possibly more than a year, Threat Level has learned.

E-Week: U.S. Must Attract More Cyber-Security Pros, Report Finds

he U.S. government needs to do more than buy technology to improve cyber-security – it needs to hire more experts, according to a new report.

Hacker Gary McKinnon will receive no pity, insists US

American officials have made clear that they regard Mr McKinnon, 43, an unemployed computer programmer who has been diagnosed with Asperger's syndrome, as a serious offender whose case must be pursued rigorously in the US courts.

Hacker Says iPhone 3GS Encryption Is ‘Useless’ for Businesses

Apple claims that hundreds of thousands of iPhones are being used by corporations and government agencies. What it won’t tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware.“It is kind of like storing all your secret messages right next to the secret decoder ring,” said Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

SC Magazine: A Rise in Cybercrime Hits SMBs

Small to medium-sized businesses (SMBs) in the United States are increasingly the victims of cybercrime, according to a survey from security firm Panda Security, released Friday.

Seoul Slashed Cyber Security Staff by 80%

Despite increasing risks, Seoul has cut its cyber security personnel by almost 80 percent in the past couple of years, data showed yesterday.

Wired: 4 years after TJK Hack, Payment Industry Sets Security Standards

Four years after hackers breached TJX’s unsecured wireless network and stole information on more than 94 million customers, a standards body for the payment-card industry has finally released guidelines for securing wireless networks.

07.27.09

AP: Senate Bill Would Make International Cooperation a Priority

A new Senate bill would encourage the secretary of state to work with other governments to further cooperation on cybersecurity and would require the secretary to submit a report to Congress about those efforts.

IT Admin Gets Jail Time For Sabotaging Ex-Employees Network

Hell hath no fury like an IT support administrator scorned. At least that's the message being heard loud and clear by firms that are finding their networks at risk of attack from former employees.

LexisNexis Data Breach Linked to NY Mob Family

LexisNexis has incurred another data breach, and federal authorities say this time it’s at the hands of the Bonanno crime family.

NPR: Twitter Admits it was Hacked

Evan Williams, a co-creator of Twitter, has confirmed that the online service was hacked in May. The attack was first reported in PC World, and apparently involved breaking into Williams' e-mail first.

NY Times: Hacker Exposes Private Twitter Documents

Twitter, which is generally quite private about its business plans, has fallen prey to an attack by a hacker who has apparently exposed confidential corporate information.

07.14.09

Three Reasons Why U.S. Cyber Security Sucks

Good news, cyber security nerds: You ain’t running out of work, any time soon. As last week’s cyber panic about North Korea showed, when there isn’t a teenager-simple denial-of-service attack that delays your access to a government web site, there is a voracious hype machine that feeds on the tiniest slivers of data – both significant and trivial – and expels massive quantities of fear and misinformation. And where there’s cyber fear, there’s cyber security work to be done.

What CEO's Don't Know About Cybersecurity

Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.

07.09.09

AP: South Korea on high alert for more cyber attacks

South Korea was on high alert Thursday for more cyber attacks amid suspicions that North Korea was behind a recent wave of Web site outages in the South and in the United States. The South warned that computer networks of key infrastructure could be targeted.

Computer World: CEO's Underestimate Security Risks

Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.

07.08.09

AP: White House among targets of sweeping cyber attack

The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange.

NY Times: Cyberattacks Hit U.S. and South Korean Web Sites

Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea’s main government spy agency said on Wednesday.

07.06.09

Threat Level: FBI: Russian Programmer Stole Stock-Trading Secret Code

A computer programmer working for Goldman Sachs was arrested last week on charges that he stole proprietary source code for software his employer uses to make sophisticated, high-speed, high-volume stock and commodities trades.

07.05.09

Dark Reading: Independence Day Fireworks Video Carries Malware Payload

Hackers are taking advantage of American Independence Day celebrations by spamming out what pretends to be a link to a Fourth of July fireworks show, but is really an attempt to infect computers.

Dark Reading: Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers

A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility's HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a massive DDoS attack on July 4 -- one day after his planned last day on the job.

SC Mag: Koobface variants explode

The number of new variants of Koobface, a social networking worm that installs a trojan on victim machines, has skyrocketed during the month of June. According to Kaspersky Lab, the number of Koobface strains rose from 324 at the end of May to nearly 1,000 by the end of June...

07.03.09

AP: Did hacker threaten Sanford and lover over affair?

A television anchor who's the only journalist known to have spoken with South Carolina Gov. Mark Sanford's Argentine lover since news of their affair broke last week said the couple received an e-mail threat from the person who hacked into her Hotmail account.

06.25.09

AP: Hackers invade Oregon university system computers

Hackers got into the computers of the Oregon University System and posted a message telling President Barack Obama to mind his own business and not to comment on the disputed Iranian election.

Computer World: Reporters find Northrop Grumman data in Ghana market

A team of journalists investigating the global electronic waste business has unearthed a security problem, too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman

06.23.09

Washington Post: A Weak Spot in Our Defenses

Congressional computers have been penetrated, probably by the Chinese. The avionics system of the F-22 fighter may be compromised. Computers of our presidential candidates were hacked into -- and probably not by teenagers on a lark. Last year's advance of Russian tanks into Georgia was accompanied by the disruption of Georgian government computer systems.

06.19.09

FCW: DHS centralizes cybersecurity programs

The Homeland Security Department has centralized its cybersecurity programs under the department’s deputy undersecretary for the National Protection and Programs Directorate (NPPD), Homeland Security Secretary Janet Napolitano recently wrote in a message posted on DHS’ Web site.

GCN: Securing critical infrastructure needs holistic approach, panel says

Securing the nation’s and the world’s increasingly critical, connected and diverse information infrastructure requires a holistic view of cybersecurity, rather than a focus on specific technologies, threats and delivery vectors, according to a panel of government security officials.

Nextgov: Veterans Affairs CIO launches bold plan to stop IT project failures

The chief information officer at the Veterans Affairs Department plans to start requiring program managers to adhere to a strict development plan aimed at reducing failed technology projects, or risk losing their oversight responsibilities.

Time: A Favorite Emerges in Obama's Cyberczar Search

Tom Davis, a moderate Republican from Virginia, has emerged as a leading candidate for the Obama Administration's newly created position of cybersecurity czar.

Wired: Court Stiffs Veterans Caught in Privacy Breach

Veterans suffering anxiety and paranoia following the theft of a government hard drive containing the medical histories and Social Security numbers of 198,000 of their brethren cannot recover financial damages, a federal appeals court says.

06.16.09

Gov Info Security:UK Follows Obama Lead on Cybersecurity

The national cybersecurity center to combat growing threats of criminal gangs and foreign states hacking into Whitehall - the British government's administrative headquarters - and big business is to be reported this month by Prime Minister Gordon Brown (pictured, at left) and be headed by a cybersecurity czar similar to the one Obama is establishing in the White House, according to the website of The Guardian newspaper.

06.15.09

Wired: Taking to the Streets — and Tweets — in Tehran

Iranians are taking to the streets to protest the re-election of President Mahmoud Ahmadinejad. While Ahmadinejad’s rivals claimed widespread electoral fraud — and appealed for Ayatollah Ali Khamenei, Iran’s supreme leader, to intervene. Khamenei, however, appeared on state television today to congratulate Ahmadinejad on his victory.

06.12.09

FCW: Experts urge federal efforts on cybersecurity

Cybersecurity experts from industry and academia today told a House subcommittee that the government's involvement in cybersecurity research, development and education programs needs to be expanded and improved.

06.10.09

FCW: Gates: Cybersecurity is a high priority for DOD

The Defense Department is bolstering its responses to cybersecurity threats, Defense Secretary Robert Gates told the the Senate Appropriations Committee’s Defense Subcommittee today.

Microsoft issues patches, including one for IE exploit

Microsoft has released 10 security updates fixing a record number of Patch Tuesday holes, including one for a critical hole in Internet Explorer 8 that was exploited as part of a hacking contest at CanSecWest in March.

Nextgov: Cell phones, other wireless devices next big cybersecurity targets

Cell phones and other mobile devices that provide access to the Internet will be the source of a "tsunami of insecurity" that will leave computer networks vulnerable to cyberattacks because manufacturers have not considered protecting the equipment, security professionals told Congress on Wednesday.

06.09.09

T-Mobile Investigating Data Breach Claims

Wireless phone giant T-Mobile said today it is investigating claims that hackers have broken in and stolen customer data and company proprietary information. On Saturday, June 6, someone anonymously posted to the Full Disclosure security mailing list claims that a broad range of internal T-Mobile data had been compromised and was being put up for sale to the highest bidder.

06.04.09

Virginia patients warned about hacking of state drug Web site

State officials are notifying more than a half-million Virginians that their Social Security numbers may have been contained in a prescription drug database that was targeted by a computer hacker April 30.

06.03.09

Key Lawmaker: High Rank for Cyber Czar - Interview with Rep. James Langevin

Rep. James Langevin, D.-R.I., holds out hope that the new White House cybersecurity coordinator will have more influence with the president than Obama suggested in his speech last week outlining the administration's approach to information security.

NY Times: The Nation’s C.T.O. Lays Out His Priorities

I had a chance to sit down this week with Aneesh Chopra, the newly confirmed chief technology officer of the United States. My first question, of course, was “What does the nation’s C.T.O. do?” It’s a question that has lingered after Barack Obama announced his intention to create the position during the campaign, and was made more confusing when President Obama appointed a chief information officer, Vivek Kundra, to coordinate the use of computers by the federal government.

06.02.09

Bank of America certificate scam propagating Waledac, Virut

A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm.

Wired: In Legal First, Data-Breach Suit Targets Auditor

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report. In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

06.01.09

DoD’s Robert Lentz: Three ways to strengthen public-private partnership in cyber security

Recently, when members of the armed forces spoke before Congress on the government’s cybersecurity preparedness, the Pentagon’s top information-security official, Robert Lentz, offered this sobering statistic: Last year, DoD detected 360 million attempts to breach its networks — up from six million just three years ago…

Forbes: What Obama's Cyberplan Means For Business

When it comes to cybersecurity, President Obama hasn't been much of a talker. The issue has rarely been mentioned since his presidential campaign, and the technology and defense communities have waited months to hear the results of the 60-day review of government cybersecurity that was commissioned well over 100 days ago.

SC Magazine: Hackers hit U.S. Army websites

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks, according to reports.

WSJ: Cybersecurity, the Electric Grid, and Smokey Bear

As promised, President Obama said Friday he’d name a “cybersecurity czar,” just as the White House published its review of how to start fixing all the cyber-vulnerabilities in the nation. What about electricity and cybersecurity? After all, much of the recent furor over U.S. vulnerability to cyberattacks came after reports that foreign hackers broke into the U.S. electricity grid. With all the emphasis on building a nationwide, Internet-like “smart grid,” worries about black hats and hackers have popped into the energy debate.

05.29.09

CBS News: Obama On Cybersecurity: We're Not That Prepared

President Obama on Friday said the U.S. government is "not as prepared" as it should be to respond to disruptions caused by computer or Internet attacks and announced that a new cybersecurity coordinator position would be created inside the White House staff.

CNET: Experts: Gumblar attack is alive, worse than Conficker

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

Early Word: Cyber-Security and Cyber-Warfare

The White House turns its focus to cyberspace on Friday, with President Obama announcing a new plan to protect the country’s electronic networks from attacks launched both at home and abroad — and to hold at risk any adversary’s.

NY Times: Pentagon Plans New Arm to Wage Cyberspace Wars

The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

05.28.09

Internet News: Feds' cyber challenge to recruit net security team

Now we know how defense secretary Robert Gates is going to find all those security experts. Last month, he proposed to completely overhaul the U.S. military in a widely publicized speech. One of the many changes he recommended was increasing the number of cyber security experts that the Department of Defense (DoD) can train each year from 80 now to 200 in 2011.

PC World: Aetna Contacts 65,000 After Web Site Data Breach

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.

05.27.09

Wired: Obama’s Supreme Court Pick Schooled in Cyberlaw

If elevated to the U.S. Supreme Court, Judge Sonia Sotomayor would become the first justice to join the court with a history of precedent-setting rulings on cyberlaw issues, legal experts say.

Wired: UK Data Breach Makes Royal Air Force Staff Vulnerable to Blackmail

Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others.

05.26.09

Boston Globe: Obama puts homeland security into NSC

President Obama announced this afternoon that he is combining the White House staff focusing on homeland security and counterterrorism into the more established National Security Council.

NY Times: Phishers Now Hitting Twitter

Facebook is no longer alone in its troubles. Twitter is also becoming a target of phishers. The last few days have seen a slew of Twitter phishing attacks, possibly orchestrated in a chess-like multi-move plan that resulted in three sets of victims and, very likely, some seedy profits.

Top Tech News: Health-Site Hacker's Identity Still Unknown

The FBI has not discovered the hacker who broke into the Virginia Department of Health Professions' computer, nor has it discovered what private information was retrieved, Virginia's Secretary of Health and Human Resources Marilyn B. Tavenner said yesterday. Questioned intensely by members of the House Appropriations Committee, Tavenner said the FBI believes it will take another two weeks to complete its investigation.

Washington Post: Obama Set to Create A Cybersecurity Czar With Broad Mandate

President Obama is expected to announce late this week that he will create a "cyber czar," a senior White House official who will have broad authority to develop strategy to protect the nation's government-run and private computer networks, according to people who have been briefed on the plan.

05.23.09

UPI: Prank leaves YouTube facing porn cleanup

A spokesman for the video-sharing Web site YouTube, based in California, says a prank has left the site with scores of pornographic videos.

05.22.09

Nextgov: Experts make push for cybersecurity coordination center

President Obama should create a national cybersecurity coordinating center with public and private sector representation that can provide near real-time warnings and share threat data with government and industry stakeholders about high-tech attacks against critical infrastructure, a panel of experts said Thursday.

05.21.09

CNET: U.S. National Archives offers reward for missing hard drive

The U.S. National Archives on Wednesday said it is offering a $50,000 reward for information leading to the recovery of a missing hard drive that contains personal information of former Clinton administration staff and visitors.

ComputerWorld: Angered by Apple delay, hacker posts Mac Java attack code

In an effort to draw attention to a long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.

Dark Reading: Gartner: Feds Must Play Stronger Cybersecurity Role

Cybersecurity strategy should focus on using public policy and the government's buying power to accelerate progress in eliminating vulnerabilities that enable attacks versus simply driving increased reporting of attacks, report says.

Dark Reading: Hardened OS Vendor Builds Secure Virtual Layer For Network Devices

Green Hills, which last fall released a commercial version of its hardened Integrity-178B operating system used in military fighter planes, is now leveraging that technology for the network, as well. Company officials here revealed they have built a secure virtualization platform for networking equipment based on a combination of the company's secure OS virtualization and networking technologies.

Forbes: Pentagon Seeks High School Hackers

High school hackers, crackers and digital deviants: Uncle Sam wants you. As part of a government information security review released as early as Friday, White House interim cybersecurity chief Melissa Hathaway likely will mention a new military-funded program aimed at leveraging an untapped resource: the U.S.' population of geeky high school and college students.

Nextgov Interviews Vivek Kundra

Nextgov spoke with Kundra on Wednesday about the challenges of his new position and what he hopes to accomplish in this administration's era of open government.

Wired: Accused Palin Hacker Says Stolen E-Mails Were Public Record

A surprise legal maneuver by the defense in the Sarah Palin hacking case could undermine key charges carrying the stiffest potential penalties.

05.20.09

Enterprise Security Today: NYC Officials Break Up International ID Theft Scam

New York City officials busted an international credit card and identity theft ring that ensnared more than 6,000 customers around the world and caused about $15 million in losses, police and prosecutors said Thursday.

05.19.09

Federal Computer Weekly: NARA suffers data breach

An external hard drive with personally identifiable information from the Executive Office of the President during the Clinton administration is missing from a National Archives and Records Administration facility near Washington, government officials have said.

05.18.09

CNET: DMCA conviction for seller of bogus Microsoft product keys

Gladney, 24, is believed to be the first person convicted for DMCA violations dealing with the circumvention of security protections on software, according to Assistant U.S. Attorney Craig Missakian. Typically, product keys are used to activate software and are printed on Certificate of Authenticity labels that accompany legitimate products.

Dark Reading: Report: Over 60 Percent of Websites Contain Serious Vulnerabilities

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security.

05.14.09

Did Hacker Infiltrate Steve Jobs' Amazon Account?

A hacker claimed to have infiltrated Apple (NSDQ:AAPL) CEO Steve Jobs' private Amazon (NSDQ:AMZN).com account. The hacker, who identified himself as "orin0co," claimed to have broken into Jobs' Amazon account in an effort to sell personal account details of the alleged hack to journalists. The hacker apparently contacted Wired News Managing Editor Leander Kahney via e-mail, which Kahney posted at his Cult of Mac blog site.

05.13.09

Court Rules Breach Victims Not Entitled to Restitution

A federal judge has ruled that victims whose bank card numbers were stolen in a data breach are not entitled to sue if their losses were already reimbursed. Only customers who weren’t reimbursed for fraudulent charges may sue.

Insider May Have Breached More Than 10,000 Patient Records At Johns Hopkins

According to a report filed to the administrator of the state of Maryland's Identity Theft Program (PDF), some 31 individuals with connections to Johns Hopkins have reported identity thefts since Jan. 20. Law enforcement agencies suspect the thefts might be part of a fraudulent driver's license scheme discovered in neighboring Virginia.

Reuters: Microsoft says hackers seek to attack PowerPoint users

Microsoft Corp said on Tuesday that hackers are seeking to attack users of its PowerPoint presentation software for Windows PCs and released patches to protect them against the threat.

05.12.09

Network World: Inside a data leak audit

When the director of IT at a Boston-based, midsize pharmaceutical firm was first approached to participate in a data leakage audit, he was thrilled. He figured the audit would uncover a few weak spots in the company's data leak defenses and he would then be able to leverage the audit results into funding for additional security resources.

Washington Post: Obama Aides Debate Role Of Proposed Cyber Czar

The nation's top military, intelligence and homeland security officials are recommending that President Obama establish a new White House cyber czar under the National Security Council with broad policy-setting authority for protecting both public- and private-sector computer networks, according to sources familiar with the discussions.

05.11.09

Network World: Teenager pleads guilty to Scientology Web attack

Dmitriy Guzner, of Verona, New Jersey, was part of an underground hacking group called Anonymous that has made the church a target of several attacks. He had been expected to enter a guilty plea when he was charged last October, but it was not formally entered until Monday, the U.S. Department of Justice said in a statement.

WTOP: Cyber-warfare: Cadets train to fight hackers

In addition to firepower, U.S. forces looking to secure a town in Afghanistan need a beachhead on the Internet. That is why cadets at the nation's military academies are increasingly trained in cybersecurity.

05.08.09

Computer World: Heartland breach has cost company $12.6 million -- so far

Heartland Payment Systems Inc. last week disclosed that it has so far spent or set aside more than $12.6 million to cover costs related to a major data breach that the credit card payment processor disclosed in January.

Wired: UC Berkeley Suffers Breach of Student Health Data

The University of California at Berkeley sent an e-mail to students on Friday disclosing that hackers had obtained access to secured databases belonging to the university’s health services. The databases contained information about current students and alumni as well as spouses of students and, in some cases, parents or guardians whose health insurance information was linked to a student’s file.

05.07.09

CNET: Cybercriminals use fake search engines to spread malware

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

CNET: Prediction: Apple will recommend security software

As an analyst, it is my job to follow the industry, internalize trends, and then use this information to make predictions. OK, here goes: Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems.

CNET: Q&A: FBI agent looks back on time posing as a cybercriminal

In September 2008 police began arresting alleged members of Dark Market, an underground Internet forum for buying and selling credit card data used for identity fraud. The sting wouldn't have been possible without the work of FBI agent J. Keith Mularski who spent two years infiltrating the group.

GCN: Government networks still have weak links

House lawmakers who held a hearing on threats to the country’s information infrastructure May 5 heard a familiar tale of inadequately protected government systems facing a growing array of increasingly sophisticated threats.

Tech Herald: LexisNexis reports data breach - USPIS investigating

According to a letter obtained by CBS News, LexisNexis is sending out thousands of letters warning of potential identity and credit fraud. The United States Postal Inspection Service (USPIS) said that up to 40,000 letters are being sent to individuals who had their information accessed, of which 300 identities were used to open credit card accounts.

05.06.09

AP: Audit: air traffic systems vulnerable to attack

The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a government audit.

NetworkWorld: Post-breach, Heartland plans aggressive encryption project

Heartland Payment Systems plans to protect its credit- and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.

Nextgov: House Internet privacy, data breach bills could merge

Consumer privacy bills championed by two House Energy and Commerce subcommittee chairmen that are now progressing on parallel tracks could merge to become a sweeping measure with implications for information brokers, broadband service providers, Internet companies and other technology stakeholders.

Swede Indicted for NASA, Cisco Hacks

A Swedish man was indicted Tuesday in California on allegations of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division — and seizing computer code that controls internet traffic. He was convicted in 2007 of hacking into three of his country’s university computers as a teenager.

05.05.09

Dark Reading: Researchers Take Over Dangerous Botnet

A group of researchers at the University of California-Santa Barbara boldly hijacked a notorious botnet known for stealing financial information and discovered that the botnet is even more dangerous than had been thought.

The Hill: Cybersecurity strategy for nation: urgent need (Op-Ed by Sen. Lieberman)

For years, an ever-changing cast of worms, viruses and malicious software has infected and disabled computers around the world and put sensitive data at risk aof loss, theft, or improper disclosure. Privacy breaches are a regular occurrence, with identity theft, stolen credit cards, and exposure of financial information.

Threat Post: North Korea upgrading cyberattack capabilities

The North Korean regime is in the process of building up its capabilities to launch offensive computer attacks, according to news reports out of South Korea. The reports say that North Korea is specifically strengthening its information warfare program with the intention of targeting its two traditional antagonists, the United States and South Korea, AFP reports.

Washington Post: Hackers Break Into Virginia Health Professions Database, Demand Ransom

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

Wired: Botnets Took Control of 12 Million New IPs this Year

Botnet criminals have taken control of almost 12 million new IP addresses since January, according to a quarterly report (.pdf) from anti-virus firm, McAfee. The United States has the largest number of botnet-controlled machines, with 18 percent of them based here.

05.04.09

Network World: IT faces possible pandemic amid budget cutbacks

Many IT executives could be facing an uphill battle in moving to deal with a possible swine flu pandemic as they cope with a flagging economy that has caused layoffs and budget cutbacks in a number of companies.

SF Chronicle: Consumer Reports: Boomtime for cybercrime

The magazine's annual "State of the Net" survey finds that cybercrime has held steady since 2004, with one out of five consumers becoming victims in the last two years at a cost to the economy of $8 billion.

05.02.09

CNET: Feds' red tape left medical devices infected with computer virus

The Conficker Internet virus has infected important computerized medical devices, but governmental red tape interfered with their repair, an organizer of an antivirus working group told Congress on Friday.

05.01.09

CBS News: USPS Probes Possible Mass Security Breach

CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have notified up to 40,000 people whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access.

FCW: Lawmakers attack cybersecurity on multiple fronts

In recent weeks, a flurry of bills have been introduced in the House and the Senate, tackling topics such as the security of the power grid, the management of the government’s information technology investments and the White House’s approach for dealing with cyber threats.

US cyber-security 'embarrassing'

America's cyber-security has been described as "broken" by one industry expert and as "childlike" by another.

USPS Probes Security Breach

04.30.09

Twitter breach gives behind-the-scenes Obama peek

Twitter still hasn't come clean, but it appears yet another administrative account on the micro-blogging site has been breached, giving world+dog an inside peek at the accounts of Barack Obama, Ashton Kutcher, and other celebrities. Screenshots posted on French blog Korben show more than a dozen images purporting to be taken by a hacker who gained inside access to Twitter. They provide a behind-the-scenes glimpse into the account activities of some of the most exclusive Twitterati.

04.29.09

Critics say bill to protect electric grid from cyberattacks lacks teeth

A bill expected to be introduced in the House and Senate this week would help protect the computers that control the country's power grid, but it does not go far enough, security experts said on Wednesday. The legislation would give federal regulatory agencies more power, but would not prompt owners and operators of electrical facilities to do their part to enhance cybersecurity, critics said. The bill also should be expanded to address other components of the nation's critical infrastructure, such as transportation and water, they added.

Facebook Among Top Phished Web Sites

A washingtonpost.com colleague today called my attention to a phishing scam targeting Facebook users that is apparently getting some digital ink from Twitter users and various blogs. I figured this was as good a time as any to note that Facebook is and has been for some time one of the brands most frequently targeted by scam artists, right up there with some of the world's largest banks.

04.28.09

Chairmen to seek greater cybersecurity role for FERC

Senate Homeland Security and Governmental Affairs Chairman Joseph Lieberman and House Homeland Security Chairman Bennie Thompson will introduce legislation this week to address what they call unacceptable security vulnerabilities of information networks at the nation's electrical power plants. The bill would give the Federal Energy Regulatory Commission increased authority to regulate cybersecurity at electrical power generation facilities, Lieberman said.

Exploit posted for brand-new Adobe PDF zero-day

Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe’s widely deployed PDF Reader software.

Jim Lewis of CSIS: Cybersecurity trends to watch over the next 12 months

Well before “cybersecurity” became the topic of the day on a national scale, Jim Lewis was tracking it. Since coming on board the Center for Strategic and International Studies in 2001, Lewis has made cybersecurity his main focus. So, with all the talk — and unanswered questions — about the 60-day cybersecurity review upon us, what will the next 12 months bring? Here Lewis offers his take on the administration’s current and future response to cybersecurity, legislatiive initiatives in the works, and what private industry needs to do — now — to be part of the cybersecurity solution.

New cybersecurity bill for electric grid readied

The Critical Electric Infrastructure Protection Act is scheduled to be introduced on Thursday by Sen. Joseph Lieberman (I-Conn.), chairman of the U.S. Senate Committee on Homeland Security and Governmental Affairs, and Rep. Bennie Thompson (D-Miss.), chairman of the U.S. House Committee on Homeland Security.

SANS Tells Congress: Feds' Checkbook Is Cyberdefense 'Weapon'

Whether the White House or the Department of Homeland Security should have the lead role in coordinating U.S. cybersecurity operations was the hot-button question during a Senate hearing today, but securing the nation's infrastructure must start by harnessing the federal government's massive IT buying power, according to the testimony.

04.27.09

Obama’s Tech Agenda Put On Hold

When times are hard, people adjust their priorities - even the president. When an unexpected economic disaster imploded as Barack Obama was entering office, some of his technology agenda was put on hold. ??Almost one hundred days into his presidency, Mr. Obama has yet to advance most of the strong technology policies he promised during the campaign.

Proposal Would Shore Up Govt. Cyber Defenses

While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance.

Scammers, Spammers Embrace Swine Flu News

There's something vaguely diabolical about a form of unwanted communication named after a brand of canned, chopped pork that piggybacks on a public health scare involving a flu strain derived from swine.

04.25.09

Langevin Determined To Prevent A 'Cyber 9/11'

Rep. Jim Langevin, D-R.I., co-founded and co-chairs the House Cybersecurity Caucus, and he recently co-chaired a cybersecurity report from the Center for Strategic and International Studies for the 44th presidency. In a recent interview with National Journal's Winter Casey, Langevin discussed the importance of a national cyberspace office in the White House and a comprehensive security effort throughout not just the government, but the private sector as well.

04.24.09

Conficker virus begins to attack PCs: experts

A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.

Gates to Nominate NSA Chief to Head New Cyber Command

Defense Secretary Robert Gates plans to nominate the director of the National Security Agency to head a new Pentagon Cyber Command, which will coordinate computer-network defense and direct U.S. cyber-attack operations, according to a draft memo by Mr. Gates.

Hackers: the China Syndrome

For years, the U.S. intelligence community worried that China’s government was attacking our cyber-infrastructure. Now one man has discovered it’s worse: It’s hundreds of thousands of everyday civilians. And they’ve only just begun.

Typical lost or stolen laptop costs companies nearly $50,000, study finds

A typical lost or stolen laptop costs employers $49,246, mostly due to the value of the missing intellectual property or other sensitive data, according to an Intel-commissioned study made public Wednesday.

04.23.09

Cyber Criminals Industrialize to Increase Effectiveness

Cybercriminals have become industrialized to increase their effectiveness. They are increasingly using encryption to cover their tracks and prevent forensic investigators from recovering evidence, according to Joe Stewart, security researcher for SecureWorks.

Government, military officials at RSA warn of cyber-threats

The U.S. government faces huge challenges both combating cybercrime and improving military cyber-defense capabilities, but progress is being made, according to officials speaking at the RSA Conference.

International hackers, many from China, are attacking NYPD computers

A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD's computer system, the city's top cop revealed Wednesday. Commissioner Raymond Kelly said the perpetrators have yet to succeed, but their relentless activities have prompted the force to raise its guard against high-tech crime.

Obama’s Cyber Czar Offers Few Details on Govt. Strategy

In a much-anticipated speech at the RSA security conference in San Francisco today, Melissa Hathaway, the White House’s top cyber official, instead highlighted all of the meetings, studies, and recommendations that have informed the administration's 60-day cyberspace policy review, which was completed last week. But details about how the administration might seek to organize and streamline the government's cyber efforts were lacking.

Security Pro to Companies: Assume You’re Owned

Major companies should assume the bad guys have already broken into their network, and are better off diverting some resources from attack prevention to ferreting out existing invasions, says one prominent security expert.

04.22.09

Congress Investigating P2P Data Breaches

A key oversight panel in the House of Representatives said this week that it is re-opening an investigation into the “indavertent sharing” of sensitive government and consumer data through popular peer-to-peer file swapping programs such as BearShare and Limewire.

Cybersecurity Review: A Preview

The government top cybersecurity official offered a preview today of the government’s plan to dramatically restructure how it handles the Internet and security. Speaking to a top conference of security technogeeks in California, acting NSC senior director Melissa Hathaway said she could only only offer a “trailer” of the results of her review -- something the tech-savvy, Trek-hungry audience must have appreciated. Sorry about the Trek jokes, guys. I’m excited too. Anyway: read the speech here: http://politics.theatlantic.com/Melissa%20Hathaway%20Speech%20at%20RSA.doc

New Military Command to Focus on Cybersecurity

he Obama administration plans to create a new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to current and former officials familiar with the plans.

Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs

Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S.

The Cold War Moves To Cyberspace

Somewhere deep in Washington's national security apparatus, more than a few old-timers surely pine for the clarity of the Cold War. Black versus white, American versus Russian, spy versus spy - the good old days. Now, however, they face more ephemeral threats from shadowy foes that prefer to cloak their identities.

The FBI as an ethical hacker?

More details are emerging about how the FBI engages in hacking and the planting of spyware. This story goes back to at least 2001 when Bob Sullivan of MSNBC and Ted Birdis of AP broke the story of Magic Lantern. At the time the FBI did not want to say much, but now there is real information that clears up some things and reinforces real concerns over this approach.

04.21.09

Computer Spies Breach Fighter-Jet Project

Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

Cyber Secure Institute on the Conficker Controversy

Since October of 2008, the Conficker worm has been the subject of a great deal of attention and debate. To date, the Conficker worm has infected countless computers—estimates range wildly from 200,000 to more than 10 million. And it has demonstrated the ability to both end run security measures and establish communications with controlled computers despite major efforts. It has also consumed an extraordinary amount of time and energy by CIOs and cybersecurity experts from around the world.

Did the Pentagon Warn of Stealth Jet Security Breach?

Back in May of 2008, a Pentagon’s Inspector General Report surfaced, alleging that the Defense Department wasn’t keeping close enough watch over the contractors working on its most important aircraft program. In particular, defense contractor BAE Systems wasn’t letting the Pentagon in on its security records about the $337 billion Joint Strike Fighter program. And as a result, the Inspector General said, "the advanced aviation and weapons technology" for the fighter "may have been compromised by unauthorized access at facilities and in computers at BAE Systems."

Hackers Swipe Terabytes of Sensitive Pentagon Data

Computer spies again hit the U.S., this time targeting sensitive data involving the $300 billion Joint Strike Fighter project. The most expensive Pentagon weapons system ever developed, the program involves 7.5 million lines of code, of which hackers made off with several terabytes.

NSA Chief: ‘We Do Not Want to Run Cyber Security’

NSA Director Lt. Gen. Keith Alexander, speaking at the RSA Security Conference in San Francisco, told the audience of security professionals on Tuesday that the NSA does “not want to run cyber security for the United States government.”

Somber year for RSA Conference on cybersecurity

However, although cybersecurity appears to be worse than ever, with attacks on companies and consumers growing more targeted and clever, attendance at the conference is expected to be down this year because of tight travel budgets.

Tech observers praise Obama’s top IT choice

The appointment of Aneesh Chopra as the government's first chief technology officer signals that the administration is serious about updating the nation's technology infrastructure, said former federal officials, industry leaders and open government advocates.

04.20.09

Federal IT Dream Team Faces Hard Realities

With President Obama's appointments of Aneesh Chopra as federal CTO and Jeffrey Zients as chief performance officer, and with Vivek Kundra in office as federal CIO, the pieces are in place for the United States to raise the bar on IT strategy and implementation in government. The trio represent a dream team of IT innovators, but it's solving the tough challenges of the here and now by which they must also be judged.

Oracle to buy Sun in $7.4 billion deal

Oracle and Sun announced Monday that they have entered into a definitive agreement under which Oracle will acquire Sun common stock for $9.50 per share in cash. That puts the value of the transaction at about $7.4 billion, or $5.6 billion net of Sun's cash and debt.

The Fog of Cyberwar

Ghostnet sounds like something John le Carré would invent. This vast cyber-espionage operation spanned 1,295 computers worldwide, a third of them located in ministries of foreign affairs, embassies, international organizations and news media, some holding classified data. According to a report by three Canadian security think tanks in March, it included at least one unclassified computer at NATO headquarters in Mons, Belgium. Although the culprit is unidentified, some experts suspect China. Whether it exploited any of the data is hard to say. That it could obtain it so easily has raised eyebrows in the world's mightiest military alliance.

Va.’s Chopra to be chief technology officer for Obama

Virginia Secretary of Technology Aneesh Chopra has been tapped by President Barack Obama to serve as the nation's first chief technology officer. The appointment was announced yesterday during the president's radio and Internet address to the nation. Obama also announced the appointment of Jeffrey Zients, a longtime management consultant, as chief performance officer to lead an effort to streamline government and cut costs.

04.17.09

High tech group: Cybersecurity efforts gaining steam

While Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, were first out of the gate with legislation this month, multiple committees share jurisdiction over the issue and are expected to offer ideas on how to improve the nation's cybersecurity. Center for Democracy and Technology CEO Leslie Harris said the Rockefeller-Snowe bill, which among other things would establish a White House cybersecurity czar reporting to the president, is "an opening salvo" in the congressional debate.

04.16.09

Control of Cybersecurity Becomes Divisive Issue

The National Security Agency has been campaigning to lead the government’s rapidly growing cybersecurity programs, raising privacy and civil liberties concerns among some officials who fear that the move could give the spy agency too much control over government computer networks.

Don’t Blame Spies And Hackers

Here is a limb I am happy to climb out on. Remember those reports of Chinese and Russian attacks on the U.S. electrical grid? I say they never happened--nothing, nada, zip. What's more, the real threats to the U.S. power grid aren't spies and hackers, but a combination of decades of post-deregulation underinvestment and legions of "nimbys" who block attempts to upgrade the aging system.

Hackers Test Limits of Credit Card Security Standards

The number, scale and sophistication of data breaches fueled by hackers last year is rekindling the debate over the efficacy of the credit card industry's security standards for safeguarding customer data. All merchants that handle credit and debit card data are required to show that they have met the payment card industry data security standards (PCI DSS), a set of technical and operational requirements designed to safeguard cardholder information from theft or unauthorized access.

How Vulnerable Is the Power Grid? Less Than Some Fear, Experts Say

The attack could come when we're most vulnerable — a blistering hot July afternoon or a freezing cold January night. Suddenly, vast sections of the U.S. power grid go black. The lights go out, air-conditioning (or heating) shuts down. Once it becomes clear that this is no temporary brownout, the public begins to panic. At the power utilities, engineers can't understand why the network shut off, and can't get it to start up again. It's hours before the truth emerges: a terrorist group (or a hostile country, or some evil-genius hacker) has broken into the computer networks that control the power grid, bringing the U.S. to its knees.

Opinion: Private sector must be partners in national cybersecurity

A debate that could have far-reaching effects on our cybersecurity will begin next week in the U.S. Senate. Just two weeks ago, Sen. Jay Rockefeller, D-W.V., and Sen. Olympia Snowe, R-Maine, introduced a brief but potentially far-reaching draft bill to establish "within the Executive Office of the President, the Office of the National Cybersecurity Adviser." This provides a compelling opportunity for our political and business leaders to jointly develop a comprehensive, coordinated national cybersecurity plan.

04.15.09

Deflating The Cloud

"The cloud" has come to represent the bright future of computing, a world where processing and storage become as ubiquitous, cheap and accessible as electricity. But for big business, one researcher argues that "cloud" metaphor may be economically apt: The closer you look at the much-hyped technology's price advantages, the fuzzier they seem.

Obama vs. the hackers

The Obama administration is reviewing the cyber security posture of the United States, a process that Europe is keeping a close eye on as the world's economic powers become increasingly concerned about threats to their vital electronic networks.

Organized crime caused big data breach spike, says Verizon

A new study from Verizon Business claims that organized crime is responsible for a large increase in the number of breached corporate electronic records, which totaled roughly 285 million last year.

Researchers say social media essential for national security

Two researchers at the National Defense University plan to release a paper that concludes the Defense Department must adopt a comprehensive strategy for using social media to improve national security.

04.02.09

FBI: Internet Fraud Rates Rose 33% Last Year

Internet fraud complaints to the FBI by consumers increased more than 33 percent in 2008 over the previous year, according to figures released this week.

04.01.09

Conficker activation passes quietly, but threat isn’t over

An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users aren’t out of the woods yet.

Senate Legislation Would Federalize Cybersecurity

Key lawmakers are pushing to dramatically escalate U.S. defenses against cyberattacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.

03.31.09

Who Should Be in Charge of Cybersecurity?

U.S. government cybersecurity is an insecure mess, and fixing it is going to take considerable attention and resources. Trying to make sense of this, President Barack Obama ordered a 60-day review of government cybersecurity initiatives. Meanwhile, the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology is holding hearings on the same topic.

03.30.09

60 Minutes: The Internet Is Infected

Lesley Stahl reports on computer viruses that propagate on the Internet and infect PCs, which enable their creators, often called “cyber gangs”, to learn the information they need to electronically rob bank accounts.

Flaw in Conficker Worm May Aid Cleanup Effort

Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected systems, it could also give criminals a way to quietly hijack millions of systems.

Former Teen Stock Swindler Hit With New Hacking Charges

A former teenage hacker who served prison time for an online stock-trading scheme is back in jail again, after allegedly gaining administrative access to a New York-based currency exchange service and gifting himself more than $100,000.

03.29.09

Conficker worm might originate in China

There’s been a lot of fuss about theConficker worm. However, there is a $250,000 question: the origin of the virus.

03.28.09

Electronic Spy Network Focused on Dalai Lama and Embassy Computers

An electronic spy network that has infiltrated the computers of government offices, NGOs and activist groups in more than 100 countries has been surreptitiously stealing documents and eavesdropping on electronic correspondence, say a group of researchers at the University of Toronto.

03.27.09

Barton wants answers from NNSA about lab computers

The ranking members of two congressional committees sent a letter Friday to the National Nuclear Security Administration, demanding answers about the theft of three computers from the home a Los Alamos National Laboratory employee.

Conficker: Doomsday, or the World’s Longest Rickroll?

When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn’t so obviously connected to a financial scheme.

Conficker: Doomsday, or the World’s Longest Rickroll?

Cybersecurity review is putting emphasis on privacy

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday.

Cybersecurity review is putting emphasis on privacy

Firefox Patches Zero-day, Hacking Contest Bugs

Just days after a hacker released code that could be used to attack the Firefox browser, Mozilla developers have a fix.

Langevin says cyberthreat taken seriously by Obama

U.S. Rep. James R. Langevin said yesterday that the Obama administration may shift the leadership of the nation’s cybersecurity efforts from a cabinet agency to an office in the White House.

Langevin says cyberthreat taken seriously by Obama

U.S. Rep. James R. Langevin said yesterday that the Obama administration may shift the leadership of the nation’s cybersecurity efforts from a cabinet agency to an office in the White House.

03.26.09

After several setbacks, FBI sees progress in high-tech

The agency is more than halfway through the six-year, $451 million Sentinel project to replace its paper-based systems for supporting intelligence analysis and case management activities. The long-promised program is “on time and on target,” FBI Director Robert Mueller said, and top brass meet every two weeks to discuss it. Mueller thinks 2009 is “the year we get over the mountain.”

Dan Mintz: A recovering CIO’s view of the new security initiatives

As debate continues over the value the Consensus Audit Guidelines have for securing government systems, I’d like to put my chief information officer’s hat back on for a moment and explain how I see the comparison between the CAG and the current security advice from the National Institute of Standards and Technology (NIST) in its Special Publication 800-53.

Hacked File-Upload Accounts Prized by E-Jihadis

Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests.

Hacked File-Upload Accounts Prized by E-Jihadis

White House cyber adviser--more questions than answers

The comprehensive cybersecurity legislation currently in development in the Senate aims to bring high-level government attention to the serious problem of cybersecurity by giving one White House official oversight of critical network infrastructure.

White House cyber adviser--more questions than answers

03.25.09

‘The Analyzer’ Hack Probe Widens; $10 Million Allegedly Stolen From U.S. Banks

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global “cashout” conspiracy.

Senate committee demands DHS explain alleged lack of support for cybersecurity office

The Senate Homeland Security Committee’s senior-most Republican is asking DHS Secretary Janet Napolitano to explain why the National Cyber Security Center (NCSC), set up within the department last year, has seemingly been marginalized by the agency.

Senator asks DHS for cybersecurity documents

The top Republican on the Senate Homeland Security Committee is requesting detailed information, including financial figures, from the U.S. Department of Homeland Security to explain why the department has been seemingly unable to fulfill its cybersecurity responsibilities.

03.24.09

How Vulnerable is U.S. Infrastructure to a Major Cyber Attack?

Could hackers take down key parts of our infrastructure? Experts say yes. They could use the very computer systems that keep America’s infrastructure running to bring down key utilities and industries, from railroads to natural gas pipelines. How worried should we be about hacking, the new weapon of mass disruption?

Mac OS X Top Target in Browser Beatdown

Legendary bank robber Willie Sutton was made famous for allegedly explaining why he robbed banks with the answer: “Because that’s where the money is.” So why do cyber crooks attack Web browsers? Because that’s where the user is.

PC security forces face April 1 showdown with Conficker worm

In the brief, tumultuous history of cybercrime, there has never been anything quite like the Conficker worm.

Smart Grid Lacks Smart Security

Smart Grid technology, which aims to make the nation’s power grid more efficient and interactive, may not be the bright idea its backers suggest unless it can be made more secure.

03.23.09

Number of infected Web sites sharply increases in 2008

The number of seemingly legitimate Web sites infected with malicious code that enables hackers to steal passwords to access computer networks is increasing, with one organization reporting an 827 percent jump in compromised sites in 2008.

Pentagon should establish fourth military service to wage cyberwars

The United States, engaged in a cyberspace Cold War in which government networks are under constant attack, must establish a fourth military service to conduct cyberwarfare, according to an article in the most recent issue of a Defense newsletter.

Report: Rogue antivirus software pays off for scammers

Online scammers are making a lucrative business out of redirecting visitors from legitimate Web sites to sites that try install rogue antivirus software, according to a report due to be released by security firm Finjan on Monday.

Senator says his office computers were hacked

Three lawmakers are writing a bill designed to expand the cybersecurity workforce and bolster collaboration between the public and private sectors. Authors include Sen. Bill Nelson (D-Fla.), who said his office’s computers have been hacked on several occasions.

03.10.09

Lawmaker: New cybersecurity regulations needed

“The U.S. government needs to create new regulations and incentives to get private companies to protect important cyber infrastructure including the electricity grid, water facilities and financial systems, said the new chairwoman of a U.S. House of Representatives cybersecurity subcommittee.”

03.09.09

10 IT agenda items for the first U.S. CIO

“Last week, President Barack Obama made good on his promise to appoint a national tech leader for the United States. As the country’s first-ever CIO, Vivek Kundra faces significant challenges modernizing the nation’s IT infrastructure and will be charged to do so at a time when self-interests and a lack of industry oversight threaten not only our freedoms and privacy but also the long-term innovation potential of IT.”

Government Cyber Security Chief Resigns Amid Turf War

“The federal government’s director for cyber security has resigned after less than a year on the job, citing a lack of support and funding, and an over-reliance on the National Security Agency for combating threats to the nation’s computer systems.”

Massive Botnet DDoS Attack Hits Mininova.org

“One of the leading BitTorrent sites, Mininova, has been suffering from a massive DDoS attack over the past few days. Originating from a botnet spanning three continents, the attacks vary in strength and are causing the site to be completely inaccessible at times.”

More charges filed in Palin e-mail hacking case

“Three more federal charges have been filed against a University of Tennessee student charged with hacking into the personal e-mail account of Sarah Palin, the Alaska governor and former Republican vice presidential nominee.

New DHS Cyber-Security Working Group Links Agencies

“The U.S. Department of Homeland Security has created a collaborative venture for public- and private-sector organizations in order to nip problems in the bud that are associated with industrial control systems -- at least the ones that can be nipped by computer.”

NSA Chief Continues Bid to Take Over Cybersecurity

“In the wake of the resignation on Friday of National Cyber Security Center (NCSC) Director Rod Beckstrom over concerns that the National Security Agency plans to take over government cybersecurity efforts, comes an announcement that NSA Director Lt. Gen. Keith Alexander will be giving the keynote address at this year’s RSA security conference.”

Outgoing DHS Cyber Chief Expands on Why He Resigned

“Rod Beckstrom, who resigned as head of the National Cyber Security Center (NCSC) under concerns that the National Security Agency is pushing to take control of the government’s cybersecurity efforts, says private companies that are meant to partner with the government in securing the nation’s critical infrastructures likely won’t be comfortable working with an agency known for its secrecy.”

Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website

“Twitter users were hit by a new series of attacks on Friday. The subscribers received malicious messages from compromised accounts inviting them to visit a pornographic website. The messages, which posed as tweets, tried to tempt users into visiting a site called chatwebcamfree.com.”

Tension mounts between agencies over cybersecurity oversight

“An independent agency that reports directly to the White House should oversee federal cybersecurity efforts, said former government officials, a move that could relieve growing tension between the intelligence community and the Homeland Security Department over who leads such initiatives.”

03.08.09

SMITH: Winning the hidden war

“Unfortunately, this interconnectedness also has led to an increased dependence on the Internet, and thus, increased vulnerability for individuals and for our country’s cyber-security. This increased exposure has been accompanied by real and growing threats from basement hackers stealing credit card and Social Security numbers to cyber-terrorists shutting down our nation’s power grid, to hostile foreign governments invading our military’s defense networks.”

03.07.09

Heartland Breach Bad As Tylenol Poisonings?

Heartland Payment Systems stock (HPY) was hit hard in the wake of what is being described as the biggest single breach of consumer and financial data security ever. The company issued statements Friday (1/23) in an effort at damage control in which the CEO compares the potential industry-wide impact of the breach to none other than that of the Tylenol poisonings of some twenty-five years ago that nearly brought down the drug maker.

03.06.09

California Looks to Expand Data Breach Notification Law

“California State Senator Joe Simitian, the man responsible in large part for the nation’s first data-breach notification law, said he’s working on legislation, already introduced, that would require companies that do business in California to provide more information in their breach notification letters to consumers and send simultaneous notification to state authorities.”

Cyber-Security Czar Quits Amid Fears of NSA Takeover

“Rod Beckström, the Department of Homeland Security’s controversial cyber-security chief, has suddenly resigned amid allegations of power grabs and bureaucratic infighting.

FEMA laptop with flood victim info stolen

“A laptop containing Social Security numbers and other personal information from dozens of victims of last September’s floods was reported stolen from a housing inspector’s car, federal officials acknowledged Thursday.”

03.05.09

D.C. Tech Chief Tapped for White House Slot

“President Obama today announced that Vivek Kundra, chief technology officer for the District, will be the federal chief information officer.

German Authorities Shut Down Cybercrime Ring’s Web Forum

“Law enforcement officers in Germany have pulled the plug on a notorious Web forum where cybercriminals exchanged malware and password-stealing tools.

Government implements DNSSEC on the .gov domain

“The government has digitally signed the .gov top-level domain, effectively implementing the Domain Name System Security Extensions (DNSSEC) protocols throughout the top tier of the federal Internet space.”

NYPD Suffers Massive Data Breach

“The New York Police Department (NYPD) is sending out letters to nearly 80,000 current and retired police officers after a civilian employee allegedly stole their personal information from a secure police back office located in a warehouse on Staten Island, New York.”

03.04.09

White House Issues Interim Statement On Cybersecurity Review

“Will the Obama administration appoint a cybersecurity czar or leave things status quo? Will there be a new push to protect computer systems that operate the country’s critical infrastructure? Your guess is as good as ours, but a 60-day review of the situation is under way and scheduled to be completed in late April”

03.03.09

More Visa and MasterCard accounts breached

“Visa and MasterCard are being circumspect about another breach of credit and debit card transaction data from yet another payment card processor.

03.02.09

Banks, credit unions begin to sue Heartland over data breach

“In an indication of the legal troubles that companies can find themselves in over data breaches these days, several banks and credit unions have begun suing Heartland Payment Systems Inc. over its recently disclosed data breach.”

Feds look for advanced security tools to thwart hackers

“Faced with hackers who are steps ahead of the latest cybersecurity tools meant to block them from breaking into networks, the federal government on Monday called on the information technology industry to provide it with cutting-edge security concepts that will give agencies the means to thwart attacks.”

Obama’s cybersecurity budget gains solid support

“The $355 million for cybersecurity that President Obama wedged into his proposed $800 billion fiscal 2010 budget has solid backing.

Why The Hell Was Secret White House Helicopter Data Found On A Computer In Iran?

“It is a case of perverse but predictable irony that the first administration to truly harness the Internet’s full power likewise faces the greatest threat from it. Nothing underscores this reality more acutely than a report this week that confidential mechanical data regarding the VH-60 presidential helicopter were found on a computer in Iran.”

02.28.09

Banking ID theft reaching epidemic proportions

The amount of malware aimed at financial identity theft is bigger than ever, Sean-Paul Correll, a threat researcher at PandaLabs, wrote Friday in a post on the PandaLabs blog of Panda Security.

Kaiser: ID Breach Came From Another Office

“Kaiser Permanente said Friday it was not the source of personal employee data breach that affected 29,500 people.

02.27.09

Law requires health data breach notifications

“The recently enacted economic stimulus law includes new requirements for how companies must notify people of breaches to their protected health information. Some experts say the rules could lead to federal breach notification requirements for other types of data.”

Obama directive expands national security team

“President Barack Obama is expanding the membership and reach of his top national security team, in recognition of the increasing role energy, climate and economic issues now play in keeping America safe.

Obama’s budget blueprint enhances cybersecurity

“President Obama’s proposed 2010 budget includes hundreds of millions of dollars for the Department of Homeland Security’s cybersecurity division, programs that have faced significant criticism over the past year.

02.26.09

Cyber Secure Institute Praises Action by Director of National Intelligence to Increase NSA Cybersecurity Responsibilities

Institute’s January 6, 2009 Report Called for Precisely This Action

Experts Push Guidelines to Halt Data Breaches

“Amid increasing scrutiny over U.S. cybersecurity, experts from both the private and public sectors are pushing a set of recommendations they say are sorely needed to help shore up the nation’s defenses against data breaches.

NSA Should Oversee Cybersecurity, Intel Chief Says

“Despite the fact that many Americans distrust the National Security Agency for its role in the Bush Administration’s warrantless wiretapping program, the agency should be entrusted with securing the nation’s telecommunications networks and other cyber infrastructures, President Obama’s director of national intelligence told Congress on Wednesday.”

Study: Hackers Still Enjoy Vandalizing Web Sites

“A study of 57 Web site hacks from last year showed that 24 percent were aimed at defacing a site rather than financial gain.

02.25.09

DHS secretary promises more information sharing

“The Homeland Security Department plans to improve how it shares intelligence information with federal, state and local government agencies, including working with state centers that collect terrorist and crime information, Secretary Janet Napolitano told the House Committee on Homeland Security on Wednesday.”

Heartland CEO Provides More Details On Big Data Breach

“Heartland Payment Systems’ top executives on Tuesday shed more light on the firm’s massive data breach, and said that Heartland would fight ensuing lawsuits stemming from the incident.”

U.S. spy agency may get more cybersecurity duties

“The spy agency that ran the Bush administration’s warrantless eavesdropping program may get more responsibility for securing U.S. computer networks, President Barack Obama’s intelligence chief told Congress on Wednesday.”

02.24.09

Gov’t CIO Survey: Cybersecurity Still Needs Work

“Cybersecurity continues to be a top concern among U.S. government CIOs, but agencies are still falling short of achieving good security results, according to a new survey of top government IT officials.”

Pentagon Funds Cyber Range For Web Warriors

“Just as foot soldiers need to practice their skills before heading into combat, America’s cyber warriors need space in the virtual world to hone their skills as well. That place will be the National Cyber Range, a virtual proving ground to simulate battles and develop virtual weapons to fight our nation’s enemies.”

02.23.09

Cybersecurity audit guidelines recommended

“A group of cybersecurity experts today recommended twenty specific security controls that the government and industry should deploy to block or lessen the consequences of cyberattacks that come from inside and outside threats. The recommended controls are meant to provide a standard baseline for measuring computer security.”

Lee Holcomb of Lockheed: Three Must-Dos for CTOs

“What makes a good CTO? With all the buzz about a first-ever federal CTO, more attention is being paid to that question. Whether on a national scale or at a company with ties to federal customers, the need for CTOs to bring the best in IT solutions and cybersecurity to the table is essential. Few understand this better than Lee Holcomb, director of the Center for Cyber Security Innovation at Lockheed Martin, and former CTO for the Department of Homeland Security. Recently, Holcomb spoke with ExecutiveBiz, and offered best practices for CTOs to manage talent, processes, and technology. Here’s his rundown.”

Starbucks Sued After Laptop Data Breach

“A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

02.20.09

Agencies should evaluate contractors for security readiness

“The Federal Aviation Administration isn’t the only recent victim of a data breach. Hackers recently broke into USAJobs.com, which houses personal information on thousands of federal job seekers.

Policy needed for data breach response

“The lack of consistent national requirements for data breach notifications has prompted more than 40 states to enact their own laws, which vary widely, said Lisa Sotto, head of the privacy and information management practice at law firm Hunton and Williams and an expert on privacy and data security.”

Senate report calls for new U.S. cybersecurity effort

The report, called “National Cyber Security: Research and Development Challenges Related to Economics, Physical Infrastructure and Human Behavior,” asserts that critical national infrastructure, such as telecommunications and power distribution, oil and gas production, and water purification and distribution systems, are increasingly connected to the internet and therefore vulnerable to “new and unforeseen types of cyber disruption.”

Sketching Obama’s Cyberplans

“But Paul Kurtz, a consultant with Good Harbor LLC who led Obama’s transition team group on cybersecurity, has high expectations--and high demands--for the new administration. We caught up with Kurtz following his keynote at the Black Hat security conference, where he called for a “Federal Emergency Management Agency for the Internet”--a central cybersecurity agency built on the model of the Counter-Terrorism Center. He spoke with Forbes about where he sees Obama’s plans for the CNCI heading, why the National Security Agency (NSA) needs to be a part of the program despite its controversial reputation and who he envisions for the so-called “cyberczar” spot--a post that many have speculated Kurtz himself would take.”

Three data breaches hit Florida, one hits the feds

“If you bought something at a Best Buy store in West Palm Beach, Fla., late last year, or stayed at a Wyndham hotel in Florida last summer, or use a U.S. government travel Web site you might want to check your credit card statements closely.

UF data breach exposes names, SSNs of 97,000+

“A hacker gained access to a University of Florida computer system containing the personal information of more than 97,200 students, faculty and staff, UF announced Thursday.

02.19.09

Romanian Hacker Cracks Symantec, International Herald Tribune

“The Romanian hacker who penetrated the Websites of three security vendors last week is now claiming two new victims: Symantec and The New York Times.

02.18.09

Hackers Make Short Work of “Super-Secure” Facial Biometrics

“The problem with any hot technology in the security world is that the desire to raise a product above the competition seems to invariably lead to boastful claims. Such claims make the technology a high profile target for hackers, and with the bright minds in the field, it takes little time to take many supposedly “unbeatable” countermeasures down. Thus was the case with RFID, recently shown to be extremely insecure, and now it appears that at least some types of biometrics are headed down the same path.”

02.17.09

Black Hat DC: U.S. Must Consider Impact Of ’Militarization’ Of Cyberspace

“The United States is unprepared to respond to a cyber-Katrina or cyberwarfare attack and must consider three hot-button issues as the new administration formulates its cybersecurity strategy: the role of the intelligence community, cyberweapons deployment, and who should be in charge of the nation’s response to a cyberattack, said cybersecurity and homeland security expert Paul Kurtz today during his keynote address here at Black Hat DC.”

Experts eager to hear Hathaway’s advice for Obama on cybersecurity

“All eyes in the Washington D.C. security and intelligence communities are riveted on Melissa Hathaway. Tech company executives, military leaders, lawmakers and senior White House officials who track cybersecurity matters are anxious to find out what the bright, young management consultant will advise President Obama to do about making the Internet safer.”

Feds Fight to Plug Security Holes

President Obama’s recent order of an immediate two-month review of the federal government’s cybersecurity plans apparently can’t come fast enough. The federal government, dogged by computer security issues over the years, was hit by two more incidents this week.

Thwarting an Internal Hacker

“Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On Oct. 24, he was fired. Before he left, he slipped a logic bomb into the organization’s network. The bomb would have “detonated” on Jan. 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything â€“and then replicate itself on all 4,000 Fannie Mae servers.”

02.16.09

Cyber Secure Institute Launches CIO Blog

Today the Cyber Secure Institute launched a new CIO Blog, which will focus on more technical aspects in developing and deploying inherently secure technologies.

Government Hack Attacks Prompt Scrutiny

In the wake of the Obama administration’s announcement of a 60-day federal review of the government’s initiatives on cyber security, an e-mail obtained by the Project on Government Oversight reveals another embarrassing security breach, this time involving missing computers from the Los Alamos nuclear weapons laboratory in New Mexico, and “the loss of a Blackberry in a sensitive foreign country.”

Reported raids on federal computer data soar

“Reported cyberattacks on U.S. government computer networks climbed 40% last year, federal records show, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.”

02.14.09

DOE slams Los Alamos on lax cybersecurity

“At the nation’s premier nuclear reseach site - Los Alamos National Laboratory - security is famously tight, so much so that one imagines the Lab knows the whereabouts of every computer. But, of course, one would be wrong. According to a stern letter from the Department of Energy (PDF), Los Alamos has seen…”

02.13.09

First arrests made in Heartland data breach case

“Three men have been arrested in Tallahassee, Fla.,Â in connection with the Heartland Payment SystemsÂ data breach, authorities said.

Intelligence community assesses cyber threat

“This year’s annual threat assessment from the Director of National Intelligence (DNI) found that malicious cyber activity grew more sophisticated, targeted and serious during the past year and that trend is expected to continue during the next year. The assessment also said the intelligence community expects disruptive cyber activities to be part of future political or military conflicts.”

World’s Greatest Hacker Says Obama’s BlackBerry Can Be Breached

“There’s a new “holy grail” for hackers -- President Obama’s super-secure BlackBerry.

02.10.09

Analysis: Stimulus package ripe with IT opportunities

“Government contractors are anxiously watching the economic stimulus package as it makes its way through Congress.

FAA says info on 45,000 workers stolen in data breach

“The Federal Aviation Administration disclosed yesterday that it is investigating a data breach in which the personal data of about 45,000 employees and retirees was apparently stolen from a server at the agency.”

Obama orders 60-day cybersecurity review

“President Barack Obama on Monday ordered an immediate 60-day review of federal cyber security efforts and named Melissa Hathaway, a top U.S. intelligence official, to oversee the effort, according to a White House statement.”

Public Greets Massive Data Breach with Collective Yawn

“On January 20, as most of the nation focused on an historic inauguration, Heartland Payment Systems, a credit card payment processing company, acknowledged that data thieves had installed spyware on its network to steal credit card details throughout 2008. The company says it handles about 100 million payments a month, and doesn’t yet know how much information was stolen; the theft might be the biggest data breach ever”

02.09.09

Turf wars biggest challenge for CTO

“During his campaign, President Barack Obama highlighted several roles a chief technology officer could play in his administration. They range from focusing on federal infrastructure initiatives to cybersecurity to transparency and openness across government. John Sargent, a specialist in science and technology policy with the Congressional Research Service, says any and all of these potential CTO roles would face several challenges to success.”

02.08.09

Hathaway to Head Cybersecurity Post

President Barack Obama will tap a top aide to President George W. Bush’s intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday.

02.06.09

Geeks.com agrees to security audits in wake of data breach

“The operator of the Geeks.com Web site will submit to five outside security audits over the next 10 years as part of a data-breach settlement deal with the Federal Trade Commission, which found that the online retailer had failed to adequately protect its customer data prior to the breach.”

Kaiser: Worker data breached, identity fraud reported

“Kaiser Permanente is notifying its 29,500 Northern California employees that their data may have been exposed in a breach, the company said on Friday. It is unknown exactly how many workers have been affected, but a handful of workers have reported identity fraud as a result of the breach, Kaiser said.”

ODNI’s Hathaway expected to be named cyber czar

“The White House plans to announce as early as Monday that Meli

TECHNICAL

NEWS