Cybersecurity

  • Cyber criminals --what's their M.O.? USCERT says Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information.

    August 13, 2013
  • To promote cyber security practices and develop these core capabilities, DHS says it is working with critical infrastructure owners and operators to create a Cyber security Framework - a set of core practices to develop capabilities to manage cyber security risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October.

    August 13, 2013
  • How strong is your password? Cyber criminals are running a wide-ranging password-guessing attack against some of the most popular blogging and content management systems on the net. The Fort Disco cracking campaign began in late May this year and is still going on. The UK based Register reports Four strains of Windows malware are associated with the campaign, each of which caused infected machines to phone home to a hard-coded command and control domain

    August 13, 2013
  • Techweek has been reporting that two large botnets have targeted various content management systems, including WordPress and Joomla. The most recent attacks were labeled as Fort Disco, which began in late May 2013, according to Arbor Networks. Arbor has found six command and control servers, running over 25,000 infected Windows machines that were used to attack CMS systems using brute force or basically running through large lists of possible passwords.

    August 13, 2013
  • Web page addresses can be disguised or take you to an unexpected site. Many web browsers are configured to provide increased functionality at the cost of decreased security. New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer. Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.

    August 13, 2013
  • The U.S. government says there is an increasing threat from software attacks that take advantage of vulnerable web browsers. USCERT says we have observed a trend whereby new software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious websites. This problem is made worse by a number of factors, including the fact that many users have a tendency to click on links without considering the risks of their actions.

    August 13, 2013
  • Your web browser. No matter which one you use, it's vulnerable. The U.S. Computer Emergency Readiness Team (USCERT) says it is vital to configure them securely. USCERT says often the operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.

    August 13, 2013
  • Not only are Americans suspicious of NSA, but according to bizjournal.com Washington bureau, Foreign competitors are looking to aggressively grow their market share in cloud computing because of concerns raised by the National Security Agency's PRISM program. Bizjournals.com reports U.S. cloud computing companies could lose $22 billion to $35 billion in revenue over the next three years because of foreign customers' concerns about the privacy of their data.

    August 13, 2013
  • The U.S. government's efforts to recruit talented hackers could suffer from the recent revelations about its vast domestic surveillance programs, as many private researchers express disillusionment with the National Security Agency. Experts say much of the goodwill that existed has been erased after the NSA's classified programs to monitor phone records and Internet activity were exposed by former NSA contractor Edward Snowden.

    August 13, 2013
  • The chief scientist with Berlin's Security Research Labs, revealed recently that he led a research team at the German firm that figured out a way to remotely gain control of and also clone some mobile SIM cards. Karsten Nohl, a well-known security expert said mobile carriers have quickly protected customers from that security bug that he revealed 10 days ago and that he estimated had put more than 500 million phones at risk of cyber-attacks.

    August 13, 2013
  • On August 6, 2013 - 10:24 AM, a critical day a what was called the biggest Al Qaida threat since 9/11 was unfolding, the US Secret Service tweeted "Contact your nearest field office with time-sensitive or critical info or to report a tweet." While some question the solicitation, there is merit, as the very next day Wikileaks posted a tweet warning former NSA Director Mike Hayden that if NSA leaker Edward Snowden is extradited Cyber terrorist would destroy Hayden.

    August 13, 2013
  • Researchers at mobile security firm Lookout discovered a security flaw in Google Glass which allowed them to capture data without the user's knowledge, when the user merely took a photo that captured a malicious QR code. Lookout was able to force Google Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability, the hack apparently gave researchers full control of the Glass headset.

    August 13, 2013
  • DHS awards 17 vendors a spot on the continuous diagnostics and mitigation contract. Agencies can now access a common set of tools and services to improve how they monitor and secure their computer networks.

    August 13, 2013
  • The FRTIB awarded Science Applications International Corporation (SAIC) a five-year, $224.5 million contract. SAIC beat out several competitors including incumbent Serco.

    August 12, 2013
  • Building off a project to assess the nation's overall cyber capabilities, the Department of Homeland Security has begun drawing up plans for how it would respond in the event of a range of cyber emergencies affecting critical infrastructure.

    August 08, 2013