DOJ Won't Ask Supreme Court to Review Hacking Case | Threat Level. The Justice Department has decided not to ask the Supreme Court to review a controversial federal appeals court decision that said employees may not be prosecuted under a federal anti-hacking statute for simply violating their employer’s computer use policy. The 9-2 decision in April by the 9th U.S. Circuit Court of Appeals dealt a blow to the Obama administration, which is invoking the same theory to prosecute alleged WikiLeaks leaker Bradley Manning.
The case concerns the Computer Fraud and Abuse Act, which was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality. At least, that’s what the San Francisco-based appeals court said was the act’s purpose. Orin Kerr, a George Washington University Law School scholar and considered one of the leading experts on the topic, suggested the government did not appeal because it “may have been scared off by Judge Kozinski’s opinion.” Lieberman not giving up on cyber security bill. MELODIKA.net. "Search Diggity" Project Brings Informative and Creative Hacking Tools.
Project leverages popular search engines to identify vulnerable systems and sensitive data in corporate networks. Information is the key; hackers on both side of the law know this. Thus the tools recently released by security consulting firm Stach & Liu, and the DEF CON presentation given by Francis Brown and Rob Ragan, offer InfoSec teams a chance to win the information race. During DEF CON, Francis Brown and Rob Ragan, both researchers for Stach & Liu, presented the Diggity Project’s inventions, including those that can be used to defend or attack, in a demo-based presentation. Last year during Black Hat, they presented a Google Hacking tool that earned them no small amount of props from the security community.
The tool was used during their presentation to show how Google Hacking was used to expose a mistake made by Groupon's Indian subsidiary, Sosasta.com, as well as tracking the spread of the Liza Moon attack. This year, the duo discussed nine tools, two of which stand out. Cyberattack on Lebanese Banks —Are Iran, Syria Finances the Target? Author: Mustapha Hamoui Posted August 10, 2012 Summary⎙ Print A sophisticated virus has been spying on Lebanese bank accounts for months. Mustapha Hamoui gives context for understanding what may be part of a campaign to use Lebanese banks to pressure the Iranian nuclear program, and might also target the finances of the Syrian regime and Hezbollah's money-laundering operations. Author Mustapha Hamoui Posted August 10, 2012 This is the latest manifestation of what Mohammad Chattah, the ex-finance minister, once called a "deliberate, sinister and multi-pronged campaign" against Lebanese banks to use them as pressure tools against the Iranian nuclear program.
In his blog, Chatah wrote that Lebanon needed a national strategy against attacks on Lebanese banks. Don't feed the Assad Back in November 2011 (we now know that this was around the same time the Gauss virus was deployed), the American treasury department dispatched Assistant Secretary for Terrorist Financing Daniel L. Five Must-Have Skills for IT Departments. Kerry Doyle, MA, ZDNet/CNet.com Associate Editor Today, users are more technologically savvy than ever.
Moreover, the democratization of technology has resulted in end users having very different expectations of their IT departments than in the past. Usage and tastes have been influenced by dramatic developments in networking capacity, media streaming, data processing, and the Internet, to name a few. Along with these developments, IT faced its own set of challenges and obstacles that it has had to overcome. For example, the consumerization of IT is just one model where IT departments are at the forefront of creating a bridge between mobile device usage and the corporate business world. In many respects, the door has already been opened, and mobile device use is effectively a factor in many of today's business environments. The challenge for IT has been how to become a multi-pronged technology enabler instead of simply a restrictive support service. 1. 2. 3. 4. 5. FBI warns about Reveton ransomware scam. The Reveton ransomware, used in conjunction with the Citidel malware, is considered drive-by because it can infect the computer simply by the victim visiting a compromised website – no opening of files or attachments required, according to an FBI advisory.
Once the computer has been infected and locked, a bogus message says that the user's internet address has been identified by the FBI as having downloaded child pornography or engaged in other illegal online activity. To unlock their machines, victims are required to pay a “fine” using a prepared money card service. “Some people have actually paid the so-called fine”, said Donna Gregory, with the Internet Crime Complaint Center (IC3). Established in 2000 as a partnership between the FBI and the National White Collar Crime Center, IC3 gives victims a way to report cybercrimes and provides law enforcement and regulatory agencies with a central referral system for complaints. “We are getting dozens of complaints every day. Comments. Information Security #Infosec daily. Anatomy of an Attack. Today, the sophisticated attacks on the internet target a combination of vulnerabilities.
Consequently, the one-on-one protection approach based on a combination of security technology and threat is not enough. To effectively counter the current attacks posed by the internet, it is essential that a multi-vector security strategy is in place. To understand it better, let us consider the example of a wide-scale SQL injection attack which harassed websites early in the month of May 2012. Deciphering the attack In the first step, an attacker checks the trustworthy websites for vulnerabilities, for instance, SQL injection or XSS vulnerability. In this incident, the attackers added an iframe to trustworthy, but vulnerable, websites via SQL injection. This served to redirect visitors of the website to one of the following domains: hgbyju.com, hnjhkm.com, nikjju.com, or njukol.com. Source code review and binary analysis (static, non-runtime) Web application scanner (dynamic, runtime)
Hackers Encrypt Health Records and Hold Data for Ransom. As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files. The Surgeons of Lake County, a medical facility in the northern Illinois suburb of Libertyville, revealed last month that hackers had burrowed deeply into its computer network, infiltrating a server where e-mails and electronic medical records were stored, Bloomberg.com reported on its Tech Blog. Unlike many other data breaches, the hackers made no attempt to keep their presence a secret. In fact, they all but fired a flare to announce the break-in, taking the extreme step of encrypting their illicit haul and posting a digital ransom note demanding payment for the password. The doctors turned the server off and notified the authorities, refusing to pay. The Surgeons of Lake County isn’t the first health care provider to be targeted by extortionists.
Data Breach Patient Confidentiality “This is a warning bell,” she said. Cat Out of Bag on Infosec Regulation? President's Counterterrorism Adviser Defines Who's at Risk Who knows how best to safeguard the nation's critical IT infrastructure: the federal government, the mostly private owners of those vital systems or both? The Obama administration and its supporters on Capitol Hill would say both, and the Cybersecurity Act of 2012 would have established a framework to have the government and private sector collaborate to create security standards to safeguard the infrastructure. The bill, when introduced, would have allowed the government to implement those standards as regulations, but Republican lawmakers balked at that idea.
So, the sponsors, with the White House blessing, rewrote the Cybersecurity Act to make adoption of the standards voluntary by business. Supporters of the Cybersecurity Act maintain the excising of any regulations from the bill was sincere, and not a ruse to sneak in regulation. Elsewhere in the interview, Brennan said: |DarkReading. Scaling the Twin Peaks of Identity and Access Management.
Dorifel is much bigger than expected and it’s still active and growing! Yesterday it was a dark day for many companies in Europe, but especially in the Netherlands. A piece of malware known as Worm.Win32.Dorifel infected over 3000 machines globally, and 90% of infected users were both from public and business sector organizations based in the Netherlands. We have seen government departments and hospitals being victims.
The other countries with a large amount of infections were detected in Denmark, the Philippines, Germany, the United States and Spain. All users running Kaspersky Lab’s Products are protected from this threat. The malware is initially distributed via email to victims. When I was sitting down and investigating the Dorifel malware I noticed that the servers hosting the Dorifel malware was not configured properly and allowed for example directory listing in certain directories. This is a very strong indication that the gang behind the Dorifel malware was also doing some other really nasty scams.