Cybercrime fact or fiction

Charles Jeter

http://www.scmagazineus.com/cybercrime-fact-or-fiction-part-1-banking-trojans-and-fincen-reporting/article/175364/

Excerpt:

'.....IT experts have rightfully been skeptical of malware / antivirus industry claims that malware driven thefts are on the massive increase. After all the banks are telling us that it is safe and getting safer and I've recently posted about the ABA's viewpoint shifting from 2005 to 2010......'

 


 

Mozilla warns of malicious add-ons that send passwords to a third party and execute remote JavaScript code

Dan Raywood

http://www.scmagazineuk.com/mozilla-warns-of-malicious-add-ons-that-send-passwords-to-a-third-party-and-execute-remote-javascript-code/article/175674/

Excerpt:

'.....Mozilla said that version 3.0.1 and all older versions have been disabled on addons.mozilla.org and a fixed version was uploaded and reviewed within a day of the developer being notified. It also said that proof of concept code for this vulnerability was posted, but no known malicious exploits have been reported so far.....'

 


 

 

Poor SCADA systems security 'like a ticking time bomb'

 

Robert Westervelt

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1517544,00.html

Excerpt:

'....While companies that run supervisory control and data acquisition systems (SCADA) often claim those systems are secure because they are disconnected from the outside world and surrounded by a myriad of physical and technical security controls, Pollet's analysis of the assessments found just the opposite to be true......'

 


 

Data breaches exploit configuration errors, not software vulnerabilities

Jeremy Kirk

http://www.infoworld.com/d/security-central/data-breaches-exploit-configuration-errors-not-software-vulnerabilities-128

Excerpt:

 

'.....In other findings, some 97 percent of the malicious software found to have stolen data in 2009 was customized in some way. For example, the malware was tweaked to evade detection by security software or new features were added, such as encryption for stolen information. That doesn't bode well for companies, Verizon said.....'

 


 

Android Wallpaper App Stole Scores of Users' Data, Sent it to China

DailyTech

http://www.dailytech.com/Android+Wallpaper+App+Stole+Scores+of+Users+Data+Sent+it+to+China/article19200.htm

 

Excerpt:

 

 

'....Wallpaper was downloaded millions of times (between 1.1 million and 4.6 million to be precise).  It offers popular wallpapers, such as My Little Pony and Star Wars.  Other apps by developer iceskysl@1sters are also collecting similar info.The app collects your phone’s SIM card number, subscriber identification, and even your voicemail password and sends it to www.imnet.us -- a website owned by someone in Shenzhen, China.......'

 


 

Hackers fool world's largest companies using smooth talk

The Age

http://www.theage.com.au/technology/technology-news/hackers-fool-worlds-largest-companies-using-smooth-talk-20100802-112f4.html

Excerpt:

 

'....Workers that unknowingly ended up on calls with hackers ranged from a chief technical officer to IT support personnel and sales people......'

 


 

BlackBerry encryption 'too secure': National security vs. consumer privacy

Zack Whittaker

http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732?

Excerpt:

'....Update (1st August 2010, 12:55 GMT): The BBC confirmed via the UAE’s state media that come October, all half a million BlackBerry users in the region will have some services suspended unless a “solution compatible with local laws is reached”, amid national security concerns.......'

 


 

Botnet with 60GB of stolen data cracked wide open

Dan Goodin

http://www.theregister.co.uk/2010/08/02/mumba_botnet_infiltrated/

Excerpt:

'....“These criminals are some of the most sophisticated on the internet, and have perfected a mass-production system for deploying phishing sites and 'crimeware,'” AVG wrote in a report issued Monday. “This means that mitigating the threat by going after the servers hosting the data using the 'Mumba' botnet is now much harder than before.”......'

 


 

DeepWater Horizon (BP oil spill) appears to be a control system cyber incident!

Joe Weiss

http://community.controlglobal.com/content/deepwater-horizon-bp-oil-spill-appears-be-control-system-cyber-incident

Excerpt:

'....In the control systems community, the primary focus is on safety and reliability while the most frequent cyber risks are unintentional.  As Walt Boyes phrases it, the control systems community needs to focus on functional security. Functional security addresses the ability of systems to perform their functions in the face of intentional or unintentional cyber threats while assuring fail-safe operation. Functional security requires not just control systems domain expertise, but looking at system design and policies from a different perspective.  The lack of functional security has led to control system cyber incidents in electric, water, oil/gas, chemicals, and transportation including several with fatalities. Air France (aircraft) and the Washington DC Metro (rail rapid transit) apparently involved cyber control system failures; the Olympic Pipeline Company – Bellingham (gasoline pipeline) did suffer from cyber control system failures; and now the Deepwater Horizon oil platform suffered from known computer failures affecting the control systems. .....'

 


 

Who really sets global cybersecurity standards?

Michael Cooney

http://www.networkworld.com/community/node/64514

http://www.gao.gov/new.items/d10606.pdf

Excerpt:

 

'....This week in a report that was critical about how the US will face global cybersecurity events, the Government Accountability Office identified 19 global organizations" whose international activities significantly influence the security and governance of cyberspace."

 

So who are they?

 

>From the GAO report:

 

* Asia-Pacific Economic Cooperation (APEC)

 

* Association of Southeast Asian Nations (ASEAN)

 

* The Council of Europe

 

* The European Union

 

* Forum of Incident Response and Security Teams (FIRST)

 

* The Group of Eight (G8)

 

* The Institute of Electrical and Electronic Engineers (IEEE)

 

* The International Electrotechnical Commission (IEC)

 

* ISO

 

* The International Telecommunication Union (ITU)

 

* The Internet Corporation for Assigned Names and Numbers (ICANN)

 

* The Internet Engineering Task Force (IETF)

 

* Internet Governance Forum (IGF)

 

* INTERPOL,

 

* Meridian Conference and Process

 

* The North Atlantic Treaty Organization (NATO)

 

* The Organization of American States (OAS)

 

* The Organization for Economic Cooperation and Development (OECD)

 

* The UN.....'

 


 

 

Many Corrupt Ukrainian Bank Workers Assist Cyber Criminals

 

Lucian Constantin

http://news.softpedia.com/news/Many-Corrupt-Ukrainian-Bank-Workers-Assist-Cyber-Criminals-146529.shtml

 

Excerpt:

 

'.....Kyiv Post reports that the National Bank of Ukraine (NBU) has sent a letter informing local banks of an increase in the number of financial cyber crime incidents in the country. "SBU registered a stable trend of the increase in the number of computer criminality in the banking sphere in 2009-2010.......'

 

 


 

 

ENISA's General Report 2009 is online

ENISA

http://www.enisa.europa.eu/about-enisa/activities/programmes-reports/general-report-2009

 

Excerpt:

 

'....As every year, ENISA publishes its General Report. It is asummary of the Agency’s operations, studies and reports......'

 

 


 

 

Incentives & barriers to Information Sharing

ENISA

http://www.enisa.europa.eu/media/news-items/enisa-analyses-the-incentives-and-challenges-to-public-2013-private-information-sharing

 

Excerpt:

 

'.....The overall purpose of this workshop is to arrive at a robust, tested and prioritised list of the most important incentives and barriers to information sharing.....'

 

 


 


IBM employee sparks massive bank outage

 

Rik Myslewski

 

http://www.theregister.co.uk/2010/07/13/ibm_cops_to_massive_bank_failure/

 

Excerpt:

 

 

'....."We take full responsibility for this incident," wrote DBS Group Holdings CEO Piyush Gupta in a statement. A laudably mature response, to be sure, but his communiqué went on to explain that the blame for the outage, which lasted from 3am to 10am on Monday July 5, is to be borne by IBM......'

 

 


 

 

15 Countries Outline Principles on Cyber Security

Voice of America

http://www1.voanews.com/english/news/science-technology/15-Countries-Outline-Principles-on-Cyber-Security-98661289.html

 

Excerpt:

 

'....With computer networks increasingly viewed as a realm for spying and warfare, the U.S., China, Russia and a dozen other countries have outlined principles on how to improve so-called "cybersecurity."......'

 

 


 

 

Malware targeting Siemens SCADA

Auscert

http://www.auscert.org.au/render.html?it=13084

 

Excerpt:

 

'.....

 

The full impact of this malware is not clear and will continue to be assessed as new information becomes available. While it is concerning that the malware reportedly targets specific Siemens SCADA products, the real impact depends on the criticality and nature of the infected systems deployed......'

 

 


 

 

NY man said to use computer skills to aid al Qaeda

Reuters

http://www.reuters.com/article/idUSTRE64G6IY20100518

 

Excerpt:

 

'.....Another New York man, Wesam El-Hanafi, was arrested and charged in the same indictment, and is currently detained pending an appearance in Manhattan federal court later this week. Both men are accused of pledging allegiance to al Qaeda and using their computer expertise to aid the group.....'

 

 


 

 

Hackers With Enigmatic Motives Vex Companies

Nick Bilton

http://www.nytimes.com/2010/07/26/technology/26security.html

 

Excerpt:

 

'.....The world of hackers can be roughly divided into three groups. “Black hats” break into corporate computer systems for fun and profit, taking credit card numbers and e-mail addresses to sell and trade with other hackers, while the “white hats” help companies stop their disruptive counterparts.

 

 


 

 

Who controls the off switch?

Ross Anderson, Shailendra Fuloria

http://www.cl.cam.ac.uk/~rja14/Papers/meters-offswitch.pdf

 

Excerpt:

 

'.....From the viewpoint of a cyber attacker – whether a hostile government agency, a terrorist organisation or even a militant environmental group – the ideal attack on a target country is to interrupt its citizens’ electricity supply........'

 

 


 

 

Verizon’s 2010 Data Breach Investigations Report Released

Verizon RISK Team and the United States Secret Service.

http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

 

Excerpt:

 

 

'.....Including the USSS cases in this year’s report shook things up a bit but didn’t shake our worldview. Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the  victim organization.

 

......'

 


 

Cybersecurity Expert Shortage Puts U.S. At Risk

Mathew J. Schwartz

http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=226100078&subSection=All+Stories

 

Excerpt:

 

'........."A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build, and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest............'

 


 

Homeland Security Bill Passes House

Jill R.Aitoro

http://cybersecurityreport.nextgov.com/2010/07/homeland_security_technology_bill_passes_house.php?oref=latest_posts

 

Excerpt:

 

 

'........This time, it's the 2010 Homeland Security Science and Technology Authorization Act, which among other things, would double the cybersecurity research and development budget to $75 million for each of the next two years and authorize ............'


 

DHS outlines cybersecurity planning

Max Cacas

http://www.federalnewsradio.com/?nid=35&sid=2007741

 

Excerpt:

 

'..........Right now, Rand Beers, the Undersecretary for the National Protection and Programs Directorate with the Department of Homeland Security has a lot on his mind..........'

 


 

Cybersecurity Action at the White House

Steven Song

http://blogs.csoonline.com/1241/cybersecurity_action_at_the_white_house

Excerpt:

'.........You’ll be happy to learn that many citizens and organizations around the world, including the United States federal government, are working towards a common goal to make cyberspace a safer place. ...........'

 


 

Federal cyber strategy gets modestly clearer

Chris Bronk

http://fcw.com/articles/2010/07/26/comment-chris-bronk-fisma-dhs-security.aspx

Excerpt:

'.......... the roughly eight years since it became law, the Federal Information Security Management Act has been buried with heaps of criticism from many groups, including the small legions of government employees and ..........'

 


 

Poof! Eye-Popping $45MM for Cyber Contests Vanish

Eric Chabrow

http://blogs.govinfosecurity.com/posts.php?postID=632

Excerpt:

'........The version of the America Competes Reauthorization Act circulating in the Senate Commerce, Science and Transportation Committee this past week had an eye-popping figure: $45 million to fund cybersecurity competitions over the next three years.............'

 


 

NIST recommends new approach to cybersecurity

Meg Beasley

http://www.federalnewsradio.com/?nid=35&sid=2009243

Excerpt:

'.........The document, 800-39, will integrate security and risk management from the strategic level at the top of the organization down all the way to the lowest level systems. It is currently in draft form and Ross expects it to be released in about two months............'

 


 

 

The quiet threat: Cyber spies are already in your systems

Bob Violino

http://www.networkworld.com/news/2010/072610-the-quiet-threat-cyber-spies.html?hpg1=bn

 

Excerpt:

 

'.........As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat -- and putting in place adequate technology and procedural safeguards -- should be a high priority............'

 

 


 

UK launches Cyber Security Challenge

Warwick Ashford

http://www.computerweekly.com/Articles/2010/07/26/242092/UK-launches-Cyber-Security-Challenge.htm

 

Excerpt:

 

'...........The UK has officially launched its Cyber Security Challenge to find and attract new talent to the IT security industry. "We need to excite, inspire and stimulate fresh interest in a career as a cyber security specialist," said Judy Baker, director of Cyber Security Challenge UK.............'

 


 

Cyber risks place new demands on public/private partnership

Amber Corrin

http://webcache.googleusercontent.com/search?q=cache:http://fcw.com/articles/2010/07/26/feat-cybersecurity-requires-new-cooperation-with-industry.aspx

 

Excerpt:

 

'............On a sweltering July day at a hotel in Washington, D.C., a room full of cybersecurity experts from government and industry watched a video simulation of an America in panic amid widespread cell phone and power outages that expanded from the Northeast across the country and eventually around the world............'

 

 


 

 

Cybersecurity R&D Bill Passes through House

Molly Mulrain

http://www.executivegov.com/2010/07/cybersecurity-rd-bill-passes-through-house/

 

Excerpt:

 

'..........The U.S. House of Representatives yesterday passed the Cybersecurity Enhancement Act of 2009 with a vote of 422-5.

The bill reauthorizes computer and network research and development programs to the National Science Foundation and the National Institute of Standards and Technology...............'

 


 

Black Hat: U.S. Infrastructure Vulnerable To Cyber Attack

Elizabeth Montalbano

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=226300202&cid=RSSfeed_IWK_News

 

Excerpt:

 

'.............Cyber terrorists have a number of ways to mount a major cyber attack on U.S. Internet infrastructure due to the general instability of its base, the director of the agency in charge of protecting the federal government's IT network said Wednesday............'

 


 

Cyber Security Company Lunarline, Inc. Wins Multiple ISO 27001 Implementation Contracts

Bobbie Lawson

http://www.prnewswire.com/news-releases/cyber-security-company-lunarline-inc-wins-multiple-iso-27001-implementation-contracts-99564794.html

 

Excerpt:

 

'............Cyber security company, Lunarline, Inc., has recently been awarded multiple contracts to provide ISO 27001 implementation services.  The ISO 27001 certification affirms that the company's information security management system meets the criteria from the globally accepted International Organization for Standardization.............'

 

 


 

 

Former NSA Director Calls for Clear Understanding of Cyber-war

Brian Prince

http://www.eweek.com/c/a/Security/Former-NSA-Director-US-Needs-Clear-Understanding-of-Cyber-War-155354/

 

Excerpt:

 

'............As a former National Security Agency director, retired Gen. Michael Hayden has seen firsthand the sometimes nebulous realities of cyber-warfare.............'

 


 

Ranum: Be Serious about Cybersecurity

Marcus Ranum

http://www.govinfosecurity.com/articles.php?art_id=2800

 

Excerpt:

 

'...........This is a huge problem, and this is something that I first started talking about how this was going to play itself out as soon as people started talking about electronic commerce. The issue really is that the endpoints that people are using are just simply not good enough...............'

 


 

NSA Cyber Security Effort Critical to U.S. Business

Wayne Rash

http://www.ctoedge.com/content/nsa-cyber-security-effort-critical-us-business

 

Excerpt:

 

'............A little while ago, The Wall Street Journal ran an article that detailed a massive effort by the National Security Agency to monitor high-risk targets in the U.S. against the possibility of attack by foreign interests or by terrorists. .............'

 


 

U.S. military cyberwar: What's off-limits?

Declan McCullagh

http://news.cnet.com/military-tech/8300-13639_3-42.html?keyword=Cyber+Command

 

Excerpt:

 

'............LAS VEGAS--The United States should decide on rules for attacking other nations' networks in advance of an actual cyberwar, which could include an international agreement not to disable banks and electrical grids, the former head of the CIA and National Security Agency said Thursday..............'

 


 

We need to win the Cyber War: Hayden

Gen. Michael Hayden

http://abh-news.com/we-need-to-win-the-cyber-war-hayden-3899.html

 

style="display: inline !important;">Excerpt:

 

'............uring the Obama administration, the issue of Cyber war and how exactly it should be handled was an open topic of discussion. It declared cyber security a National security priority in 2009..............'

 


 

 

 

Government, Private Sector Work On Cybersecurity

 

Carolyn Beeler

 

 

http://www.wbur.org/npr/128815027

 

 

Excerpt:

 

'...........The government is ramping up efforts to fight cyberterrorism, saying it wants to train thousands of "cyberwarriors" to protect government networks and infrastructure.............'

 

 


 

 

 

Cyberwar Is Hell

 

Andrew nagorski

 

http://www.newsweek.com/2010/07/28/cyberwar-is-hell.html

 

Excerpt:

 

'...........While we obsessed over Russian spies, top diplomats were working to stop a greater espionage problem: the threat of cyberwarfare..............'

 

 


 

Tighter cybersecurity, innovation on Commerce wish list

Ben Bain

http://fcw.com/articles/2010/07/28/web-commerce-cybersecurity-innovation.aspx

 

Excerpt:

 

'...........The Commerce Department wants suggestions on how to bolster two cornerstones of the information economy: cybersecurity and innovation..............'

 

 


 

 

Cyber security challenge of the future: Governor

 

Express News Service

http://expressbuzz.com/cities/hyderabad/cyber-security-challenge-of-the-future-governor/191197.html

 


 

Fighting Wars in Cyberspace

Sir Robert Fry

http://online.wsj.com/article/SB10001424052748703724104575379343636553602.html

 


 

9 Key Cybersecurity Roles for Government

Eric Chabrow

 

http://www.govinfosecurity.com/articles.php?art_id=2768