Security News Curated from across the world
The victims would be taken to the compromised web site if they clicked on links contained in bogus spam emails such as this one: The majority of computers enslaved in the Cutwail botnet are at this time located in the U.S., India, the Russian Federation and Mexico.
As always, users are advised to keep their OS and software updated, as well as avoid clicking on links contained in unsolicited emails.
Link: http://www.net-security.org/malware_news.php?id=2386
Second on the list is, surprisingly, the British Virgin Islands in the Caribbean. Third on the list is The Netherlands with 154, which contributes to a hotspot of botnet command servers in that region of Europe amounting to 270 servers; the most dense of any region in the world.
http://www.neowin.net/news/the-united-states-is-a-hive-for-botnets?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+neowin-main+%28Neowin+News%29
US Representatives Mike Rogers (R-Mich) and Dutch Ruppersberge (D-Md) took the Cyber Intelligence Sharing and Protection Act (CISPA) to the floor last year, despite the threats that President Obama would veto the Bill on the version that it was then. “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security.”
The two Bills are controversial because on one hand, they address an important aspect of security and it is critical that countries work towards securing cyber space through having relevant legislative framework in place but what is also equally important is that considerations such as human rights provisions such as rights to privacy and other issues such as data protection rights be a part of the equation. It is also important that lawmakers remember that the foundation of freedoms and rights is also based on the notion that individuals are protected from arbitrariness otherwise there is a devolution to a Police State. Given the interdependencies of the Internet through its architecture and the series of relationships and transactions, the enforcement of US control over other states through these two Bills means that every Policy made by the global community within Multistakeholder organizations’ like Internet Corporation for Assigned Names and Numbers (ICANN) will be subject to these laws if passed.
Last year the US Government decided to return two domain names, namely Rojadirecta.com and Rojadirecta.org which it improperly seized and held in its possession for well over a year, without so much as an explanation. … The courts in the US disagreed holding that the US government did not have to return the domains and Puerto 80 appealed and then late last year the US Government mysteriously dropped the matter without an explanation.
Even if the Bills were to contain provisions to protect the privacy rights and civil liberties of Americans, there is no guarantee that the rights and protections would extend to non-Americans.
Link: http://www.circleid.com/posts/20130126_pandoras_box_new_us_cyber_security_bills_worm_hole_internet/
“Cyberspace must be secure and reliable so that it is trusted as a medium for doing business but at the same time free and open to evolve and innovate naturally,” he added.
Cabinet Office minister for cyber security, Francis Maude, commented that by sharing the UK’s expertise with other nations all organisations will benefit from greater protection from cyber attacks. Maude has previously earmarked £650 million for the UK’s fight against cyber crime, and last month heralded the success of the UK’s Cyber Security Strategy, claiming that “a great deal has already been accomplished”.
The EU also made moves to create a more cohesive strategy to combat the “borderless” nature of cyber criminals, announcing the opening of a European Cybercrime Centre earlier this month, enabling greater colloboration between authorities in member states. However, the discovery of the Red October threat by Kaspersky Lab last week highlighted the extent of the challenge that faces businesses and government authorities in stemming the tide of increasingly sophisticated cyber attacks.
Link: http://www.cso.com.au/article/452001/uk_signs_up_world_economic_forum_cyber_crime_initiative/
[An] open lettered issued to Skype is requesting that the IP-based communications company re-affirm and better explain its commitment to privacy, particularly when it comes to chat logs, eavesdropping and local data retention.
Once an Estonian-based company before it was courted by eBay and changed hands to Microsoft, Skype is now thought to be subject to U.S-based telecommunications laws. Regulations like the Communications Assistance for Law Enforcement Act (CALEA) impose certain requirements which essentially guarantee that Skype is capable of eavesdropping — something the company explicitly denied was possible before its Microsoft acquisition in 2008.
The letter also asks that Skype periodically publish a “transparency report” — a common way of sharing who’s requesting what data and how often a company complies, along with other usage details and statistics.
Just a week ago, it was discovered that a trojan-banker malware named “Shylock” has been updated to infect users through Skype by exploiting a security flaw in the software. The malware essentially gives attackers full access to a PC, allowing them to upload and execute files, set up remote viewing programs like VNC and inject custom HTML into websites.
Link: http://www.techspot.com/news/51435-skype-calls-purportedly-being-tapped-skype-based-malware-spreads.html
“Really in the cyber world, myself, Bob Mueller — the head of the FBI, and Keith Alexander — General Alexander — the head of the NSA, have worked very closely together to develop playbooks and to really ascertain who has what roles and what responsibilities in different types of scenarios,” Napolitano said.
In “civilian space” — described as the dot-coms and dot-orgs of the internet — she said “our ability to detect, prevent, and mitigate is materially based on whether we know something has occurred.”
According to the Associated Press, President Obama wrote an executive order that would allow DHS to share cyber-threat information, gathered by the government, with businesses involved in critical infrastructure.
NBC News reported that President Obama is expected to sign the order and that it “would set up a voluntary system to help protect some critical infrastructure and offer incentives to companies that participate. But without a new law, companies cannot be granted any kind of legal immunity for sharing information with the government and within the industry about potential threats.”
Link:http://www.examiner.com/article/cyber-attack-is-imminent-says-dhs-secretary-napolitano