-
Blogs
-
News
-
Industry
-
Community
-
Topics
More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows," reports Brian Krebs. more»
At a speech during the Security and Defense Agenda meeting on 30 January Vice-President of the European Commission, Neelie Kroes, showed how the Commission envisions public-private cooperation on cyber security. more»
The Japanese Defense Ministry is creating a computer virus capable of tracking, identifying and disabling sources of cyberattacks, according to reports. The development of the virtual cyberweapon was launched in 2008. Since then, the weapon has been tested in a closed network environment. "The most distinctive feature of the new virus is its ability to trace cyber-attack sources. It can identify not only the immediate source of attack, but also all "springboard" computers used to transmit the virus." more»
The United States White House Office of Science and Technology Policy (OSTP) has released a new report titled, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, specifying an agenda for "game-changing" cybersecurity R&D according to an official announcement today. The report is described as "a roadmap to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness." more»
The FBI is warning that computer crooks have begun launching debilitating cyber attacks against banks and their customers as part of a smoke screen to prevent victims from noticing simultaneous high-dollar cyber heists. The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan called 'Gameover.'" more»
With the new strategy, the government is aiming to make the UK one of the safest places in the world to do business, as well as tackling cybercrime and cyber-espionage in general, according to Maude. The document, the release of which has been delayed twice, replaces a two-year-old strategy and allocates £650m in funding to set up a National Cyber Security Programme. more»
Security analysis suggest troubling and escalating trends in the development of malware that exploits vulnerabilities on mobile devices. "From turning mobile devices into bots, to infiltration of mobile applications, driven by the use of personal devices in the workplace, cybercriminals are taking full advantage of this market," reports M86 Security Labs in its just released Threat Predictions Report. more»
FBI today announced six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised -- or that the malicious software rendered their machines vulnerable to a host of other viruses. more»
New security report has revealed at least 48 companies involved in research, development, manufacturing of chemicals and advanced materials have been victims of a coordinated cyberattack traced to a source in China. The purpose of the attacks, code named Nitro, appear to be industrial espionage, collecting intellectual property for competitive advantage, according to Symantec. more»
Shawn Henry, FBI's executive assistant director says computer networks that control power plants and financial systems will never be secure enough, so government and corporate leaders should consider developing a new, highly secure alternative Internet, according to an AP report. "We can't tech our way out of the cyberthreat. The challenge with the Internet is you don't know who's launching the attack." A key step, he said, would be to develop networks where anonymity is not an option and only known and trusted employees have access. more»
Virus researchers at Symantec Corp. have revealed a variant of the Stuxnet worm, named Duqu, that is found to be stealing information about industrial control systems. Symantec reports: "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility... Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose." more»
SSL replacement proposal made by security expert Moxie Marlinspike, last August at the Black Hat Conference (called 'Convergence'), is gaining some momentum, particularly after the recent hacker attacks on DigiNotar, GlobalSign, Comodo and other SSL certificate authorities that have resulted in fake certificates coming into use on the web, including a fake Google certificate, since revoked. more»
The U.S. departments of Commerce and Homeland Security (DHS) has met with other agencies and private-sector leaders in the information technology industry discussing the need to create a voluntary industry code of conduct to address the detection and mitigation of botnets. The meeting, hosted by the Center for Strategic and International Studies (CSIS), included topics such as the problematic and at time controversial issue of notifying individuals whose computers have been infected with malware and are part of a botnet. more»
Robert McMillan reporting in InfoWorld: "Microsoft has opened a front in its ongoing battle against Internet scammers, using the power of a U.S. court to deal a knockout blow to an emerging botnet and taking offline a provider of free Internet domains. Microsoft used the same technique that worked in its earlier takedowns of the Rustock and Waledac botnets, asking a U.S. court to order Verisign to shut down 21 Internet domains associated with the command-and-control servers that form the brains of the Kelihos botnet." more»
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more»
