Cyber Security Institute

Sunday, March 31, 2013

Assurance Doesn’t Come In A Box

My colleague’s talk revolved around the need for the project to provide a suitable level of assurance; the audience sat and listened in attentive silence, seemingly fully engaged.   A lone voice called out, “This assurance, is it software we can go out and buy?” But I think the fact the question was asked reveals a lot about how cyber security is seen in many organizations. You buy a software or hardware solution to address a potential problem and that’s all there is to it. ... That idea is akin to saying windscreen wipers on your car makes it safe to drive in all weathers, then never worrying about when to use them, when to have them go back and forth intermittently or continuously, when to replace the wiper-blades or whether you can still drive at 70mph down the motorway in torrential rain and blizzards.


MORE... (0) Comments

7 Duties for CISOs under FISMA Reform

A House panel approved and sent to the entire House of Representatives legislation to reform the Federal Information Security Management Act, the 11-year-old law that governs IT security in the federal government. The bipartisan Federal Information Security Amendments Act of 2013 unanimously passed the House Oversight and Government Reform Committee by a voice vote on March 20. The legislation, if enacted, would usurp the current FISMA law that heavily relies on a check-list approach to IT security that many people in government contend doesn’t truly show how secure agencies’ IT systems are. An agency’s chief information officer could serve simultaneously as CISO; however, the bill would require that information security be the CISO’s main focus.


MORE... (0) Comments

Saturday, March 30, 2013

US Companies In China Distrust Cybersecurity Efforts And Claim Data Breaches

MORE...

Top 10 Security Challenges for 2013

We expect 2013 to be even more exciting based on the following Top 10 security challenges identified by AT&T Information security researchers and engineers. Let’s review this list of challenges and evaluate how to reduce risks and protect the critical information that manages our business.

MORE...

Friday, March 29, 2013

Critical denial-of-service flaw in BIND software puts DNS servers at risk

MORE...

Wednesday, March 27, 2013

Java-based attacks remain at large, researchers say

A new Websense report suggests that approximately 94 percent of endpoints which run Oracle’s Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril.  With so many vulnerabilities, keeping browsers up-to-date can become an issue — especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely.  Keeping this in mind, the security team used their Advanced Classification Engine (ACE) and ThreatSeeker Network to both detect and analyze in real-time which versions of Java are currently in use across “tens of millions” of endpoints. The researchers found that the latest version of Java, version 1.7.17, is only in use by a dismal five percent of users, and many versions are months or years out of date — just begging to be exploited.

MORE...

Antivirus apps knocked in malware report

The Palto Alto report examined malware samples collected by the company’s WildFire platform against fully updated antivirus products from six top enterprise antivirus vendors. (pdf) It found web-based malware remained hidden for an average of 20 days before being detected, as opposed to five days for email-based malware, while 94 per cent of the undetected malware was delivered via web browsing or web proxies.

MORE...

Antivirus apps knocked in malware report

The Palto Alto report examined malware samples collected by the company’s WildFire platform against fully updated antivirus products from six top enterprise antivirus vendors. (pdf). It found web-based malware remained hidden for an average of 20 days before being detected, as opposed to five days for email-based malware, while 94 per cent of the undetected malware was delivered via web browsing or web proxies.


MORE... (0) Comments

BIGGEST DDoS ATTACK IN HISTORY hammers Spamhaus

A massive 300Gbps was thrown against Spamhaus’ website but the anti-spam organisation was able to recover from the attack and get its core services back up and running.  CloudFlare, the content delivery firm hired by Spamhaus last week to guard against an earlier run of DDoS attacks, was also hit, forcing it into taking the highly unusual step of dropping London as a hub in its network - as a Twitter update by CloudFlare on Monday explained. The blacklists supplied by the not-for-profit organisation are used by ISPs, large corporations and spam filtering vendors to block the worst sources of junk mail before other spam filtering measures are brought into play. Spamhaus turned to CloudFlare for help and the content delivery firm was able to mitigate attacks that reached a peak of 75Gbps, as explained in a blog post here.

MORE...

AWS Launches CloudHSM App To Bolster Data Security In The Cloud

In an effort to boost data security in the cloud, Amazon Web Services (AWS) has just launched a new service called AWS CloudHSM, designed to help its customers meet strict regulatory requirements without sacrificing their cloud application’s performance. AWS says that the new security feature is aimed at customers whose regulatory requirements prevent them from running apps on shared infrastructure, which has been one of the key hurdles in the way of its efforts to win over the enterprise.

MORE... (0) Comments

Tuesday, March 26, 2013

Wells Fargo says cyber attack disrupting website

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack. “The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets.  Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

MORE...

Preparing major Israeli companies against Anonymous attacks on the 7th of April

What distinguishes this plan when compared to previous attacks is that it really seems to be organized by Anonymous-affiliated groups from around the world in what looks like a joining of forces. It was reported that as part of this “operation,” details of some 600,000 users of Walla’s email were exposed in addition according to the then finance Minister Yuval Steinitz “Israel deflected 44 million cyber-attacks on government websites. On Wednesday 20 March 2013, cyber-attack crippled TV stations and banks in South Korea, some for a few hours and some are still trying to come back from this attack. As many as 30,000 PCs in Shinhan Bank, Jeju Bank, Nonghyup Bank, the Munhwa Broadcasting Corporation, YTN and the Korea Broadcasting System (KBS) had their hard drives wiped when a virus was activated at 14.00 local time on Wednesday 20 March.


MORE... (0) Comments

Tuesday, March 19, 2013

The CIA Is About To Sign A Game-Changing $600 Million Deal With Amazon

The CIA is on the verge of signing a cloud computing contract with Amazon, worth up to $600 million over 10 years, reports Frank Konkel at Federal Computer Week. If the details about this deal are true, it could be a game-changer for the enterprise cloud market. That’s because Amazon Web Services will help the CIA build a “private cloud” filled with technologies like big data, reports Konkel, citing unnamed sources.

MORE...

‘Anonymous’ hackers plan to shut down the Internet this Saturday

Notorious hacker group Anonymous has previously stated its intentions to shutdown the Internet on Saturday, March 31st, as a form of protest.  “To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, on March 31, anonymous will shut the Internet down,” the group stated last month.  “Remember, this is a protest, we are not trying to ‘kill’ the Internet we are only temporarily shutting it down where it hurts the most.”  Operation Global Blackout 2012 looks to shut down the Internet by disabling its core DNS servers, thus making websites inaccessible.  Cyber security experts claim that it is unlikely that such an attack would be effective, however, and there is really no need to fear.

MORE...

Monday, March 18, 2013

Security Think Tank: Context-aware security saves time

Context-aware computing is not a new idea; everything from the search engine you are probably sitting in front of to the mobile phone in your pocket uses it at its most basic level. The origin of the phrase comes from the human idea of studying a piece of text and bringing to bear the other things that you know about the words on paper; from the author’s life story to the facts about its setting. In fact, security teams are overworked generally and even very large companies are seeking to outsource some elements of the process. By embracing context-aware security devices, operational savings can be made through a reduction in response times and an increased likelihood of the correct decision being made during an incident.

MORE...

Malwarebytes uncovers AV-dodging ransomware in Java exploit kit

Security firm Malwarebytes has discovered new ransomware being spread by the Neutrino exploit kit, targeting Java with a fake Skype file. Malwarebytes security researchers Jerome Segura and Joshua Cannell reported discovering Neutrino on Monday, warning the ransomware can bypass all major antivirus products.

MORE...

Internal-use SSL certificates pose security risk for upcoming domain extensions

The practice of issuing SSL certificates for internal domain names with unqualified extensions could endanger the privacy and integrity of HTTPS communications for upcoming generic top-level domains (gTLDs), according to a security advisory from the Internet Corporation for Assigned Names and Numbers (ICANN). The advisory was finalized by ICANN’s Security and Stability Advisory Committee (SSAC) last week and warns that existing SSL certificates which have been issued for non-public domain names like those used to identify servers inside private networks, could be used to hijack HTTPS traffic for real domain names as new gTLDs become operational.

MORE...

Wednesday, March 13, 2013

Cyber attacks on banks resume, targeting Chase

A wave of bank cyber attacks has resumed, with many JPMorgan Chase & Co. customers unable to access their Internet banking accounts.

MORE...

Monday, March 11, 2013

Australian central bank computers hacked

Computer networks at the Reserve Bank of Australia have been hacked, some reportedly by Chinese-developed malware searching for sensitive information, officials said Monday. The central bank revealed the attacks after investigations by The Australian Financial Review found multiple computers had been compromised by malicious software seeking intelligence. The newspaper said in one attack a Chinese-developed malware spy programme was searching in 2011 for information on sensitive G20 negotiations, where Beijing’s exchange rate and currency reserves were on the agenda.

MORE...

Sunday, March 10, 2013

Microsoft Patch Tuesday targets Internet Explorer drive-by attacks - Sharepoint, Microsoft, security

Internet Explorer vulnerabilities warrant notice in this month’s set of Microsoft Patch Tuesday bulletins and need to be fixed quickly even though the sheer number of patches may seem daunting. Not patching them because they are time-consuming will just widen the window of opportunity hackers have to exploit them, says Alex Horan, a senior product manager at CORE Security. “Preventing future drive-by style attacks and protecting end-users appear to be the theme of this month’s Patch Tuesday,” Horan says.

MORE...

Does your Incident Response Plan include “The Dark Side of the Internet”?

Integral to this effort is the process of each client learning from the incident and updating their security incident response plans accordingly. One thing that you generally don’t yet find in most such plans is crossing over to the “dark” side of the internet – but moving forward I think it’s likely you may.

MORE...

Canadian businesses are resigning themselves to being hacked: study - Canadian Business

Canadian businesses have set themselves up to be hacked, and a new study has found that some companies believe that it’s almost inevitable they’ll fall victim to a security breach. Telus and the Rotman School of Management at the University of Toronto says its annual study on IT security found a “pervasive sense of vulnerability” at many corporations. “Security managers are not very confident that they can identify whether a breach actually occurred or whether they’re actually in the midst of a current breach,” said Walid Hejazi, a professor of business economics at Rotman.

MORE...

Wednesday, March 06, 2013

This Research Paper Explains How to Predict the Next Arab Spring and Cyber Attacks

James Clapper, director of national intelligence, explaining to a congressional committee in February 2011 that he believed U.S. intelligence agencies had done the best they could to track the Arab Spring protests. Here’s what we do know: Some incidents will incite violent protest, political and social upheaval, or set off a barrage of cyber attacks. Researchers at Sandia National Laboratories have developed an early warning system that will alert officials to politically motivated cyber attacks or other threatening activities around the world.

MORE...

Hackers Hit Czech Central Bank, Stock Exchange, Commercial Banks | Fox Business

“It’s only the web page that isn’t working, the hacking does not impact trading as the stock exchange’s web page is not connected to trading platform,” said Jiri Kovarik, spokesman for the Prague Stock Exchange, which is owned by the Vienna Stock Exchange-controlled CEE Stock Exchange Group. The hackers appear to using a distributed denial of service (DDoS) attack which inundates servers with digital requests, said Marek Petrus, central bank spokesman. According to available information, the attacks didn’t jeopardizing financial accounts at any of the banks or the stock exchange, Mr.

MORE...

Microsoft Establishes Cybercrime Center to Combat Piracy, Malware

(MSFT) is consolidating its digital crimes and software piracy teams into a single Cybercrime Center in an effort to confront new ploys by Web criminals with bolder initiatives of its own. Now research shows counterfeit software and malware are arriving together on personal computers in emerging markets world-wide, creating a larger pool of victims for criminal enterprises and a more pressing need to address the threat. A study to be released Wednesday by market researchers IDC concludes that about one-third of the software installed on PCs world-wide in 2011 was counterfeit and at least 20% of Microsoft Office software installed by businesses was counterfeit as well.

MORE...

Hot security skills of 2013 - security

Most successful CSOs will tell you it was a unique mix of skills that propelled them to their current position. Technical background is important, certainly, but practice in the business and excellence in communication are paramount for any CSO truly worthy of a place in the C-suite. We don’t expect that to change any time soon. But every few years, a few super-hot skills get added to the mix, ones that will make you even more attractive (to your company and to future employers) and keep you on top of your game. Familiarity with both information and physical-security technologies is important at the highest rung of the security ladder, according to Carl Young, CSO of Stroz Friedberg, a global digital-risk-management and investigations firm.

MORE...

Cybercriminals Likely To Expand Use Of Browser Proxies

A technique for controlling a compromised system’s browser, widely used in Brazilian banking schemes, will likely become more widespread worldwide in the next few years, say security experts. The technique abuses a legitimate way to control where a browser sends its requests, known as proxy auto-configuration or PAC, to take over a victim’s browser and send traffic—say, requests to a bank—to an attacker-controlled server instead.  While the attackers still have to find a way to execute code on a victim’s system, once that is done, they can set a proxy for the browser, capture selected traffic, and re-route it invisibly.

MORE...

Cybercriminals Likely To Expand Use Of Browser Proxies

A technique for controlling a compromised system’s browser, widely used in Brazilian banking schemes, will likely become more widespread worldwide in the next few years, say security experts. The technique abuses a legitimate way to control where a browser sends its requests, known as proxy auto-configuration or PAC, to take over a victim’s browser and send traffic—say, requests to a bank—to an attacker-controlled server instead.  While the attackers still have to find a way to execute code on a victim’s system, once that is done, they can set a proxy for the browser, capture selected traffic, and re-route it invisibly.

MORE...

Monday, March 04, 2013

Bank of America says hackers lifted its data from a partner

Bank of America blames a data breach on another company that revealed internal emails related to monitoring of hacktivist groups including Anonymous. A group affiliated with Anonymous that calls itself the “Anonymous Intelligence Agency: Par:AnoIA” released what it claims is 14GB of data belonging to the bank and other organizations, including Thomson Reuters, Bloomberg, and TEKsystems. Email correspondence in the data suggests that TEKsystems was a contractor working for Bank of America and charged with monitoring public activity by hacker networks targeting the bank.

MORE...

Emerging threats include kinetic attack, offensive forensics

CEO of Counter Hack and SANS instructor Ed Skoudis may have been playful with his Lord of the Rings reference during his 2013 RSA Conference presentation, but the attack techniques that he and Johannes Ullrich, chief research officer at the SANS Internet Storm Center, discussed are anything but a joking matter. During a joint presentation last week, the duo detailed how everything from industrial control systems to SCADA equipment to big financial institutions is vulnerable to society-shaking attacks. He pointed to recent attacks, including Stuxnet, Flame and Shamoon, to show that nation-states and criminal organizations are increasingly looking at hacking via cyberattacks as a way to break physical systems that are vital to the way society functions.

MORE...