According to reports today, hackers have attacked Palestinian servers, cutting off phone and Internet service across the West Bank and Gaza. Foreign governments are accused to be behind the attack. "Since this morning all Palestinian IP addresses have come under attack from places across the world," said the Palestinian communications minister today. Reneys reports these outages are the largest observed all year for this country, which normally has a fairly stable Internet. more»
The latest issue of Policy Review from the Hoover Institution, a public policy research center -- focused on advanced study of politics, economics, and political economy -- has an essay titled eWMDs – electronic weapons of mass destruction. The Policiy Review readers are warned that botnets should be considered a serious security problem and that "cyber attacks present a grave new security vulnerability for all nations and must be urgently addressed." more»
Just days before the Conficker worm is set to contact its controllers for new instructions, security researchers have discovered a flaw in the worm that makes it much easier for users to detect infected PCs. Tillmann Werner and Felix Leder, members of the Honeynet Project, an all-volunteer organization that monitors Internet threats, have discovered that Conficker-infected PCs return unusual errors when sent specially crafted Remote Procedure Call (RPC) messages, according to preliminary information they have posted on the Web. more»
Cybercrime is likely to wreak as much havoc as the credit crisis in the coming years if international regulation is not improved, some of the world's top crime experts said on Wednesday. Damage caused by cybercrime is estimated at $100 billion annually, said Kilian Strauss, of the Organization for Security and Cooperation in Europe (OSCE). more»
A lot of pixels have been spilled in the last few years about "advanced persistent threats" (APT); if nothing else, any high-end company that has been penetrated wants to blame the attack on an APT. But what is an APT, other than (as best I can tell) an apparent codename for China? Do they exist? After thinking about it for a while, I came up with the following representation... more»
Internet attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday. Experts with Boston-based Core Security Technologies, who discovered the deficiency, said there's no evidence anyone else found or exploited the flaw. Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem. more»
A committee of cybersecurity experts today released a 96-page report detailing recommendations for the next administration on how to combat the growing number of criminal attacks aimed at government networks. Creating a National Office for Cybersecurity within the White House is chief among the report's recommendations. A top cybersecurity official would help coordinate a national strategy among agencies, and would also work with the private sector to boost defenses against hackers, according to the report. more»
Today X-Force, IBM's security research and development arm, released its 2008 Midyear Trend Statistics report that indicates cyber-criminals are adopting new automation techniques and strategies that allow them to exploit vulnerabilities much faster than ever before. The new tools are being implemented on the Internet by organized criminal elements, and at the same time public exploit code published by researchers are putting more systems, databases and ultimately, people at risk of compromise. more»
I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more»
A Romanian hacker site said on Wednesday it was able to breach the website of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week. F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity." more»
ICANN has appointed IID President and CTO Rod Rasmussen to its Security and Stability Advisory Committee (SSAC). An area that Rasmussen's work and recent SSAC reports have both covered in-depth is domain name hijacking. Recent hijackings against UFC.com and Coach.com, and similar past attacks against CheckFree, Comcast and Twitter have heightened awareness about the security dangers with the Internet's infrastructure. more»
China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission. "China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report recently delivered to Congress. more»
Small- and medium-sized businesses are in denial about the threat posed by cyberattacks, security software firm McAfee concluded in a study published this week. While most small- and medium-sized companies believe that they operate under cybercriminals' radar, the study found that one-in-five firms have been attacked. The survey -- which polled 500 companies with 1,000 employees or less -- found that for every eight firms, only ten employees were dedicated to managing the businesses' information-technology systems. more»
The NATO Consultation, Command and Control Agency (NC3A) has announced the award of a contract for upgrading the NATO cyber defence capabilities. The award to private industrial companies will enable the already operating NATO Computer Incident Response Capability (NCIRC) to achieve full operational capability by the end of 2012. At approximately 58 million Euro, it represents NATO's largest investment to date in cyber defence. more»
Iran's nuclear facilities are immune to cyber attack a senior Iranian military official has claimed today according to various reports. "Gholam Reza Jalali, who heads an Iranian military unit in charge of combatting sabotage, was quoted Monday by the official IRNA news agency as saying that Iran and its nuclear facilities possess the technology and knowledge to deal with malicious software." more»
