Cyberattack / Most Viewed

SEC Asks Companies to Disclose Cyberattacks

I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more»

CIRA Launches Strategy to Block Conficker Worm from Canada's .ca Domain

The group that manages Canada's .ca internet domain is working to foil an internet worm set to attack starting April Fool's Day. "We're going to do everything possible to make this extremely inhospitable terrain for any worm, this one in particular," said Byron Holland, CEO of the Canadian Internet Registration Authority, a non-profit organization that represents those who hold a .ca domain... more»

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Usernames/email addresses and encrypted passwords for profile accounts created on the public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more»

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms?

In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more»

Summary Report Now Posted of W3C/IAB "Strengthening The Internet (STRINT)" Workshop

Given that I've written here about the original call for papers for the W3C/IAB "Strengthening The Internet Against Pervasive Monitoring (STRINT)" Workshop and then subsequently that the STRINT submitted papers were publicly available, I feel compelled to close the loop and note that a report about the STRINT workshop has been publicly published as an Internet-draft. more»

Cyberattack Causes Power Blackout in Multiple Cities

A cyberattack has caused a power blackout in multiple cities outside the United States, the CIA has warned. The SANS Institute, a computer-security training body, reported the CIA's disclosure on Friday. CIA senior analyst Tom Donahue told a SANS Institute conference on Wednesday in New Orleans that the CIA had evidence of successful cyberattacks against critical national infrastructures outside the United States. more»

Experts Propose Plan for More Secure Wi-Fi Devices

Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission's authority. more»

A US Military-Funded Program Now Seeking High School and College Hackers

As part of a government information security review released as early as Friday, White House interim cybersecurity chief Melissa Hathaway likely will mention a new military-funded program aimed at leveraging an untapped resource: the U.S.' population of geeky high school and college students. The so-called Cyber Challenge, which will be officially announced later this month, will create three new national competitions for high school and college students intended to foster a young generation of cybersecurity researchers. more»

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

At a speech during the Security and Defense Agenda meeting on 30 January Vice-President of the European Commission, Neelie Kroes, showed how the Commission envisions public-private cooperation on cyber security. more»

April 8 2014: A World Less Secure

Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more»

U.S. Cybersecurity Faces Challenges, Says GAO

The U.S. federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise is facing challenges, according to a draft Government Accountability Office (GAO). Keith Epstein, a correspondent in BusinessWeek's Washington bureau reports: "...GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers." more»

UK Teams Up With Defence and Telecom Companies to Counter Cyber Attacks

Nine of the world's biggest weapon makers and telecoms providers are teaming up with Britain to bolster the country's cyber security, aiming to tackle the increasing threat of hacking and other such attacks... The so-called Defence Cyber Protection Partnership will look to implement controls and share threat intelligence to increase the security of the defence supply chain. more»

Criminals Breach Online Booking System of Best Western Hotel Chain, 8 Million Customer Data Stolen

An exclusive report from Scotland's Sunday Herald newspaper says that an international criminal gang has managed to steal the identities of an estimated eight million guests of the Best Western hotel chain in a hacking raid that could ultimately net billions of dollars in illegal funds. According to the report, late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007. more»

FBI's Chabinsky Defines and Describes Cybercriminal Operations at FOSE

Neil Schwartzman writes: Steven R. Chabinsky, Deputy Assistant Director, Cyber Division of the Federal Bureau of Investigation gave a keynote at the GovSec/FOSE Conference in Washington, D.C., March 23, 2010. Full text of the speech heremore»

Significant Uptick Reported in Targeted Internet Traffic Misdirection

Jim Cowie of Renesys reports: Traffic interception has certainly been a hot topic in 2013. The world has been focused on interception carried out the old fashioned way, by getting into the right buildings and listening to the right cables. But there's actually been a significant uptick this year in a completely different kind of attack. more»