background preloader

HTTB Morning Ed. Direct Distributions (V2)

Facebook Twitter

Pentagon proposes more robust role for its cyber-specialists. “Without a doubt it would be a very big and significant step forward,” said a senior defense official, speaking on the condition of anonymity to discuss a sensitive topic. “It would account for changes in technology that will give more flexibility in defending the nation from cyberattack.” Currently, the military is permitted to take defensive actions or to block malicious software — such as code that can sabotage another computer — only inside or at the boundaries of its own networks.

But advances in technology and mounting concern about the potential for a cyberattack to damage power stations, water-treatment plants and other critical systems have prompted senior officials to seek a more robust role for the department’s Cyber Command. The proposed rules would open the door for U.S. defense officials to act outside the confines of military-related computer networks to try to combat cyberattacks on private computers, including those in foreign countries. Researchers Release Detection Tool For Gauss Malware's Palida Narrow Font. Mark Collins - Cyber Security Update. Lots going on: 1) Canada (but not our government): Towards stewardship in cyberspace … Ron Deibert (PhD, University of British Columbia) is Professor of Political Science, and Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto.

The Citizen Lab is an interdisciplinary research and development hothouse working at the intersection of the Internet, global security, and human rights. He is a co-founder and a principal investigator of the OpenNet Initiative and Information Warfare Monitor (2003-2012) projects… In 2009 and 2010, as part of our Information Warfare Monitor (with the SecDev Group and then Shadowserver Foundation), we released two explosive reports on cyber espionage: Ghostnet and Shadows in the Cloud. Pentagon proposes more robust role for its cyber-specialists 3) US and Israel ? Mark Collins is a prolific Ottawa blogger. Issues Briefing: Reporting on Cyber-Security | Programs | National Press Foundation. American companies large and small are being targeted by cyber-criminals looking to empty bank accounts, steal manufacturing plans or hijack valuable intellectual property.

Government and academia are increasingly valuable targets for foreign intelligence collectors. State actors, cyber-terrorists and hacktivists put our networks at risk. From the U.S. national counter-intelligence strategy: “It is imperative that the American public understand that the cyber networks that businesses, universities, and ordinary citizens use every day are the object of systematic hostile activities by adversarial intelligence organizations, and that these activities threaten the integrity and safety of the nation’s infrastructure and electronic networks.”

Journalists learned to understand the risks and their implications in this workshop. Understanding the Invisible Internet ( Video Below) Speaker: Chase Cunningham, Chief of Cyber Analytics Decisive Analytics Corporation. Facebook 'like' leads to a lawsuit, sparks free speech debate. It started in 2009 when Daniel Ray Carter, a deputy sheriff in Hampton, Va., pushed the little thumbs up button on his Facebook page. Carter's problem: He "liked" his boss's political opponent and he claims he was fired because of it.

Carter and five of his coworkers were subsequently released of their duties in the Hampton, Va. Sheriff's office after his boss won re-election. Sheriff B.J. Roberts says Carter's release was not politically motivated. Carter challenged his firing in court and the issue has created a whole new debate: Is pushing the "like" button on Facebook an act of free speech protected by the First Amendment? RELATED: 7 steps to social media stardom To continue reading, register here to become an Insider It's FREE to join. Addressing Cyber Instability Executive Summary. After two years of intensive study and research, the Cyber Conflict Studies Association is preparing to release their book-length monograph on “Addressing Cyber Instability.” Last month, the CCSA released an executive summary previewing the work, which is available for download.

The impetus for “Addressing Cyber Instability” is that, though cyberspace has become indispensable and irreplaceable for people, companies, and nations, it remains insecure due to technical and policy challenges. On the technical side, the Internet was not designed with security in mind, and as for policy, the new technology evolves faster than the legal, doctrinal, organizational, and conceptual framework around it. As a result, the CCSA concludes that cyberspace in its current form is inherently insecure and needs to be handled accordingly. The monograph begins by defining its key terms. The first vector is strategic level issues.

The second research vector is military and operational. Financial malware 'related to Stuxnet' uncovered by Kaspersky Labs - 09 Aug 2012. A new virus potentially from the same group that developed Stuxnet, Duqu and Flame has been uncovered by anti-virus software vendor Kaspersky Labs. Called 'Gauss', the malware 'spies' on financial transactions, according to the company, and has been found in the wild in the Middle East, including Lebanon, Israel and the Palestinian Territories. Some 2,500 infections have so far been uncovered. Kaspersky links Gauss to Stuxnet, Duqu and Flame - which has been attributed to US intelligence - because it shares many of the same characteristics with them. These previous items of malware were targeted against Iran's burgeoning nuclear research infrastructure. "Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program," said Alexander Gostev, chief security expert at Kaspersky Lab, in a statement.

Kaspersky claims that Gauss was 'launched' in September 2011, and was uncovered by Kaspersky in June 2012. The College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks. Risks Higher Education Institutions Face Student Internet use is nothing short of the Wild West. Malicious software (malware), phishing, infrastructure attacks, social network targeting, and peer-to-peer (P2P) information leakage are not potential threats; they’re actual, daily issues. And here’s the scary part: when a student’s computer on a college network is compromised, it’s not just the student who pays the price—legally, so does the institution. Most universities’ financial, administrative, research, and clinical systems are accessible through a campus network.

Similarly, medical records, student records, many employment-related records, library use records, attorney-client communications, and certain research and other intellectual property-related records are housed on campus servers. As such, they are vulnerable to security breaches that may compromise confidential information and expose the university to losses and other risks. 1. 2. 3. 4. 5. 6. Students and Faculty as Targets. Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel. Google fixes two holes in Chrome, ships Flash sandbox for Windows.

The two bugs plugged in the latest version of Chrome are a use-after-free in PDF viewer and out-of-bounds writes in PDF viewer. No bug bounties were doled out because both were identified by the Google Security Team. For Flash, Chrome is switching to Google’s own platform PPAPI from the old NPAPI architecture, which Google software engineer Justin Schuh describes as a “thin layer of glue” between the web browser and a native application. “By porting Flash to PPAPI we’ve been able to achieve what was previously impossible with NPAPI for the 99.9% of Chrome users that rely on Flash. Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available.

And for the first time ever, Windows XP users (specifically, over 100 million Chrome users) have a sandboxed Flash—which is critical given the absence of OS support for security features like ASLR and integrity levels”, Shuh wrote this week in a blog. Blizzard Confirms Passwords Stolen in Data Breach. Diablo 3, Starcraft II, and World of Warcraft players: Changed your password lately? Battle.net's internal systems were illegally accessed on Aug. 4 and player account information was stolen, Blizzard co-founder Mike Morhaime said in a statement posted on the company website earlier today. Encrypted passwords and answers to the security questions were among the data stolen, along with email addresses for players outside of China, according to the statement. Blizzard uses Battle.net for authenticating users, matching players with other likeminded players, and processing payments.

Battle.net's North American servers, which actually hosts accounts from North America, Latin America, Australia, New Zealand, and Southeast Asia were the most significantly impacted in this breach, Blizzard said. "Even when you are in the business of fun, not every week ends up being fun," said Morhaime. Are User Accounts Safe? Blizzard is working on a software update to address the situation. Gauss Espionage Malware: 7 Key Facts - Security - Attacks/breaches. From targeting Lebanese banking customers to installing a font, security researchers seem to be unearthing as many questions as answers in their teardown of the surveillance malware. What secrets does the newly discovered Gauss malware hide? At a high level, Moscow-based Kaspersky Lab, which Thursday announced its discovery of Gauss, believes it "is a nation state sponsored banking Trojan," built using a code base that's related to Flame, and by extension Duqu and Stuxnet.

But the ongoing analysis of Gauss has yet to uncover the answers to numerous questions. For starters, as noted by Symantec, banking credentials are "not a typical target for cyber espionage malware of this complexity. " With that in mind, here are seven oddities and unanswered questions surrounding Gauss: 1. Malware Eavesdropped On Lebanon Whoever heard of malware that came gunning for residents of Lebanon? 2. 3. 4. 5. 6. "The spy module that works on USB drives uses an .LNK exploit ... 7. More Insights. How a social engineer tricked Wal-Mart into handing over sensitive information – Naked Security. North Island-Based Identity Theft Scheme Affects Over 100 Victims … NIST updates guide for dealing with computer security incidents …

The National Institute of Standards and Technology (NIST) has published the final version of its guide for managing computer security incidents. Based. See on www.vistaheads.com. Is Spyware infected Your Computer? ? Remove Security Toolbar …