| |
U.S. Lifts Ban on Carriers Flying Into Tel Aviv
Wall Street Journal (07/24/14) Mitnick, Joshua; Stub, Sara Toth
The Federal Aviation Administration (FAA) on Wednesday lifted its ban on U.S. carriers flying to Israel's Ben Gurion International Airport in Tel Aviv after reviewing measures taken by Israel to reduce risks posed to passenger planes by rocket strikes. The FAA announced the ban on Tuesday after a rocket strike from the Gaza Strip hit a mile away from the airport. Meanwhile, the German airlines Lufthansa and Air Berlin said Wednesday that they would continue suspending flights to Ben Gurion International through at least Thursday, while Air Canada indicated that it had canceled flights to and from Tel Aviv for Thursday. British Airways was one of the few European airlines to continue flying to Tel Aviv on Tuesday and Wednesday.
Senate Hearing Focuses on Safety, Security Issues in Cruise Industry
Associated Press (07/24/14) Radnovich, Connor
Senate Commerce Committee Chairman Sen. Jay Rockefeller (D-W.Va.) on July 23 convened a hearing on the topic of safety and security issues affecting the cruise line industry. Rockefeller, who has held previous hearings on the issue and last year sponsored legislation that would have improved passenger protections, said that "In spite of the evidence that crimes, fires, mechanical failures, drownings and mishandled medical emergencies occur with disturbing regularity on cruise ships, the industry continues to deny that it has a problem." One witness who testified at the hearing recounted her experience of being assaulted and raped by a staff member on a Royal Caribbean cruise, and a civil rights attorney told the story of a teenage girl who was assaulted during cruise activities that were improperly supervised by staff. "If you think that young women are safe on cruise ships, think again," said the attorney, Philip Gerson. Another witness described her experience in 2013 aboard a Carnival Cruise ship that had an engine fire in the Gulf of Mexico that resulted in power, water, and sewage systems being shut down. She said it was clear that the company "had no plan in place for such a disaster." The industry has resisted calls for reform and none of its representatives attended the hearing.
Contextual Analytics Help Retailers Harness the Power of Big Data
SecurityInfoWatch.com (07/21/14) Matta, Mike
Retailers have begun making use of contextual analytics programs to help them synthesize and make use of the enormous quantities of video, transactional, and other data they collect on a daily basis to help improve security and craft new business strategies. Video has long been used to catch and document thefts and other security incidents, but contextual analytics allows retail managers to obtain deeper insights into what is happening at a store. For example, combining transaction data and video footage can uncover employee frauds like ringing up refunds when no customer is at the register. It can also augment analysis of customer flow and buying patterns. Data from other sources, such as access control devices, security and emergency sensors, inventory tracking systems, facial recognition software, and inferred monitoring, can also be used. Contextual analytics has found success in the retail space, but it also holds promise in industries like transportation, healthcare, manufacturing, and food services that collect a great deal of data from different sources that can be combined to provide businesses with greater insight into their operations.
Illinois Governor Signs 'Ban the Box' Hiring Legislation
Progress Illinois (07/21/2014)
Illinois Gov. Pat Quinn has signed a law requiring employers to evaluate a job applicant's skills before inquiring about criminal history. The legislation, which goes into effect Jan. 1, applies to employers with 15 or more workers. Illinois already bans state agencies from asking about criminal records early in the interview process and is now the fifth state in the country to extend the law to private employers. Jobs that are legally required to disqualify candidates with certain convictions are exempt, as are certain construction jobs and positions under the Emergency Medical Systems Act and the Private Detective, Private Alarm, Private Security, Fingerprint Vendor, and Locksmith Act.
Downing of Malaysia Airlines Jet Sparks Questions Over Flight Bans
Wall Street Journal (07/20/14) Wall, Robert; Jones, Rory; Coker, Margaret
In the wake of the downing of Malaysia Airlines Flight 17 over Eastern Ukraine, aviation officials are asking why the Ukrainian government failed to close the airspace over that contested part of the country to commercial air travel. Ukrainian and American officials say that by July 14 they were aware that separatists had in their possession as many as three of the Buk-M1 medium-range antiaircraft missile systems that were used to shoot down Flight 17. Ukrainian officials that same day raised a ban on commercial flying in the Donetsk region from 26,000 feet to 32,000 after a military cargo plane was shot down flying at 21,000 feet. An adviser to Ukraine's interior minister said the government failed to completely close the airspace over Donetsk because it did not know the rebels' missile systems were operational until after Flight 17 came down. Some airlines, including British Airways, Qantas Airways, and Emirates Airline, had already begun flying alternate routes around Eastern Ukraine, but some 400 flights a day from 75 airlines were still flying through the airspace in the days before Flight 17 was shot down. Emirates CEO Tim Clark has said the tragedy will change the way airlines asses the risk of flying over contested territory.
Shrapnel Damage is Found on Debris From Malaysia Airlines Flight 17
Wall Street Journal (07/25/14) Stevis, Matina; Kolyandr, Alexander; Van Daalen, Robin
Investigators probing the crash of Malaysia Airlines Flight 17, which is believed to have been shot down over eastern Ukraine, have found "shrapnel-like" holes in parts of the plane. This is the first concrete evidence that the plane was in fact targeted by some sort of missile. The Organization for Security and Cooperation in Europe, which has sent officials to the crash site to examine the wreckage, said the holes are "almost machine gun-like" and were found in two places in the plane's fuselage. That said, this evidence does not confirm U.S. officials' suspicions that the plane was shot down with the SA-11 surface-to-air missile, nor does it indicate who targeted the plane. The Ukrainian government says that it did not fire any of its surface-to-air missiles at the plane, a claim which the U.S. says it believes. Instead, U.S. officials say they suspect pro-Russian rebels operating in the area.
Norwegian Police Warn of Syria-Linked Terror Attack
Wall Street Journal (07/24/14) Hovland, Kjetil Malkenes
The Norwegian Police Security Service has obtained intelligence that militants who have fought in the Syrian civil war and have ties to an extremist Islamist group in that country may be planning a terrorist attack in Norway. Norwegian Police Security Service Director Benedicte Bjørnland said Thursday that police do not have many details about the plot that is believed to be in the works, including the exact target and the timing of the attack. That has made it difficult to give Norwegians instructions on how to respond to the threat, Bjørnland said. However, Bjørnland said that there is only cause for concern over the next several days. Security at Norwegian airports and along the country's borders is being increased in response to the threat. The additional security is being provided by Norwegian police, though the country's military could also be called in to provide additional help.
U.S. Faces Growing Threats, 9/11 Commission Cautions
Wall Street Journal (07/22/14) Gorman, Siobhan
The former members of the Sept. 11 commission will release a report on Tuesday warning that the situation in Iraq and Syria represents a threat to the security of the U.S. The report, which is based on interviews with current and former intelligence officials and was released to mark the tenth anniversary of the commission's report on the Sept. 11 attacks, noted that Iraq could be on the verge of becoming a terrorist haven from which terrorist groups will plan attacks against the U.S. homeland. The warnings about the situation in Iraq and Syria were so dire that they came as a surprise to former Sept. 11 commission Chairman Tom Kean, who said that he had not "heard this much concern since 9/11." Despite the threat posed by the violence in Iraq and Syria, the report noted, the American public lacks a sufficient understanding of the threats from terrorist groups and has become too complacent. The report noted that the public also sees terrorism as a less urgent problem, and that this attitude could result in counterterrorism efforts not having the resources or attention they need to be successful. In addition to discussing the threat from terrorism, the report also noted that President Obama needs to sell the public on the usefulness of the nation's surveillance programs in order to ensure that they are seen as being legitimate.
Police Probing Switch of Flags on Brooklyn Bridge
Associated Press (07/22/14)
New York City police are searching for a group of people who scaled the Brooklyn Bridge's two towers and replaced the American flags atop them with bleached white flags. The group of four or five people can be seen on security camera footage entering the bridge's footpath at 3:10 a.m. Tuesday, but other security cameras that monitor key structural areas of the bridge did not capture the climbers, who appear to have scaled locked gates that sit midway up the cables leading to the top of the suspension bridge's towers. The climbers disabled the lights illuminating the flags before replacing them with the white ones. John Miller, the New York Police Department's deputy commissioner for counterterrorism and intelligence, said the department takes the incident very seriously, and that the climbers had put themselves and others in danger. He adds that the security breach was not committed by terrorists, nor was it committed by individuals trying to make some type of political statement.
U.S. Says Evidence Ties Crash to Rebels
Washington Post (07/21/14) Whitlock, Craig; Birnbaum, Michael
Secretary of State John Kerry said Sunday that the Obama administration has evidence that pro-Russian rebels in Ukraine were responsible for shooting down Malaysia Airlines Flight 17 on July 17, and that Russia provided assistance that enabled them to do so. According to Kerry, the Russian government provided the rebels with SA-11 anti-aircraft missiles, which was the type of missile used to shoot down the airliner. Russia also provided the rebels with training on how to use the missile system, Kerry said. The nation's top diplomat also noted that American intelligence agencies have images showing a missile being fired from rebel-held territory in Eastern Ukraine on July 17 and taking a trajectory that would have put it on course to hit the plane. However, Kerry also noted that the U.S. has not obtained any evidence so far that suggests that the Russian government was directly involved in the attack. Meanwhile, American intelligence analysts have verified the authenticity of recordings of conversations in which rebel leaders bragged about shooting down what they thought was a Ukrainian military plane in the immediate aftermath of the missile attack against Flight 17. The rebels are still denying any involvement in the attack, saying that the Ukrainian government was actually responsible. Russian officials have not responded to Kerry's latest allegations.
Hackers Exploiting Internet Explorer to Expose Security Flaws on a Huge Scale
The Guardian (07/25/14) Gibbs, Samuel
Cybersecurity researchers say Internet Explorer (IE) contains vulnerabilities that malicious hackers can exploit to facilitate additional attacks against their victims. For example, hackers can take advantage of the security flaws in IE to determine what type of security software a user is running, according to AlienVault Labs' Jamie Blasco. Such reconnaissance can even be performed across entire networks and on Web servers. Blasco says hackers can use this capability to identify vulnerable computers so they can focus on attacking only those machines in order to limit the possibility that their attacks will be discovered. Hackers also can exploit security flaws in IE to identify other vulnerable programs, which can subsequently be attacked in order to take control of the victim's machine, Blasco says. He reports that the flaws in IE have already been exploited by a variety of Chinese hacker groups in attacks against the U.S. Defense Department and individual government employees. Blasco also notes organizations can protect themselves from this threat by having their employees use a browser other than IE, since such browsers are not as tightly integrated into Windows and thus do not have the same level of access to other software features. Microsoft, for its part, says it is aware of the vulnerabilities and that it has patched some but not all of them.
Report: US Needs to Adopt Minimal National Security Standard for Cybersecurity
Fierce Homeland Security (07/24/14) Sarkar, Dibya
A new report from the Center for a New American Security has called on the U.S. government to create a new national security standard for cybersecurity. The report, written by former Secretary of the Navy Richard Danzig, outlines vulnerabilities in national cybersecurity and recommends changes, including the creation of a standard that includes basic cybersecurity measures that organizations should implement. "A more stringent standard may later be in order, but this standard can now secure a consensus, illuminate the minimum that the United States needs to do and therefore provide an anvil against which the nation can hammer out programs and priorities," Danzig maintains. He also adds that the U.S. may need to be prepared to give up some cyber benefits to improve security. This may include "stripping down systems so they do less but have fewer vulnerabilities," he writes.
Understanding Vulnerabilities Key to Improving U.S. Cybersecurity Posture
Homeland Security Today (07/23/14) Vicinanzo, Amanda
A new report from the Center for a New American Security diagnoses some of the cybersecurity challenges facing the U.S. government and offers possible ways of addressing those challenges. Richard J. Danzig, member of the Defense Policy Board and the President's Intelligence Advisory Board, writes in the report that the heart of the matter is the "Faustian bargain" "inherent in the technology," namely the very features that make computer technology attractive also make them risky and create potential vulnerabilities. Another challenge is the fact that security measures and cyberthreats develop in virtual lock step with each other. The best solutions to these problems seek to strike a balance between utility and security, sacrificing some functionality in order to achieve an acceptable level of security. The report suggests U.S. policy makers should work to initiate discussions with other nations, namely Russia and China, to create mutually agreed upon red lines in regards to cyberactivity as a way to curb some amount of malicious activity by all parties. It concludes with the recommendation that a research and development center be established and funded at the federal level with the specific goal or recruiting, training, and retaining cybersecurity experts for the civilian side of the federal government.
Modern Electric Grid Fighting Cyber Vulnerabilities
Pittsburgh Post-Gazette (07/23/14) Sanserino, Michael
Efforts to modernize the electric grid around the country have led to increased communication between utilities and customers, better reliability, and more open doors for renewable energy producers. However, the risk of cyber attacks has also increased. Experts say widespread blackouts, brownouts, communication failures, and data theft are among the risks facing the industry. Most of the threats are a result of the increase number of access points for renewable energy producers that can be exploited by hackers. All the technology being installed has also forced utilities to spend millions on cyber security. That spending is expected to continue as more smart meters and other technological advancements improve power grids. Annabelle Lee, senior technical executive at the nonprofit Electric Power Research Institute, says work to improve the power grid is worth the risk, as it will ultimately make power grids more efficient. To bolster security the Federal Energy Regulatory Commission has approved several rules that are designed to protect infrastructure and reliability. Those rules will go into effect in 2016. Those rules require utilities that handle more than 100 kilovolts of electricity to determine what assets are high, medium, and low. Further, the utilities must develop a security plan for each category.
Stealthy Ransomware 'Critroni' Uses Tor, Could Replace Cryptolocker
IDG News Service (07/21/14) Constantin, Lucian
A new ransomware threat known as Critroni or Curve-Tor-Bitcoin (CTB)-Locker could prove harder to eradicate than Cryptolocker, another ransomware whose distribution infrastructure and command-and-control servers were recently shut down by law enforcement agencies. One important difference between Critroni and Cryptolocker is the former uses a file encryption algorithm based on elliptic curve cryptography, which is significantly faster than other encryption schemes and also is impossible to crack. That means users whose machines are infected with Critroni will have to pay the requested ransom in Bitcoins in order to unlock their files. In addition, the command-and-control servers used by Critroni to store the private encryption key can only be accessed via the Tor network. The use of Tor could make it more difficult for law enforcement agencies and security researchers to identify and shut down those servers. Finally, Critroni completes the file encryption process on victims' machines before connecting to command-and-control servers, a feature that could make it more difficult for network security tools to detect the ransomware and block its network traffic. In fact, blocking traffic Critroni sends over Tor only prevents victims from paying the ransom. There are concerns Critroni can be used to target English-speaking users, as it now displays ransom messages in both English and Russian instead of only Russian as it previously did.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment