Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
U.S. Panel Aims to Shield Planes From Cyberattack Wall Street Journal (06/29/15) Pasztor, Andy
The FAA this month set up a high-level advisory committee discussion to examine the rising concern over potential industry vulnerability to computer hackers. The FAA initiative aims to identify the seven or eight most important risk areas and reach consensus on international design and testing standards to guard against possible cyberattacks. The committee includes representatives of plane makers, pilots, and parts suppliers from around the globe. On June 21, operations were disrupted at Warsaw Chopin Airport by what LOT Polish Airlines said was a cyberattack on flight-planning computers. Ten LOT flights were canceled and some 15 others were grounded for several hours, affecting roughly 1,400 passengers. Though airline officials said safety was never affected, LOT’s chief executive was quoted saying that such a cyberattack z'can happen to anyone, anytime." The overall level of concern is reflected in Boeing Co.'s decision to pay outside experts dubbed "red hat testers"—essentially authorized hackers—to see if built-in protections for onboard software can be defeated. Mike Sinnett, vice president of product development for Boeing’s commercial-airplane unit, said certification of the flagship 787 Dreamliner required Boeing to purposely allow such teams inside the first layer of protection to demonstrate resilience.
Theft Cost Retailers $44 Billion Last Year, Report Finds Los Angeles Times (06/24/15) Shively, Nick
Businesses lost an estimated $44 billion in 2014 because of shoplifting, fraud, or administrative error, according to a report from the National Retail Federation. Shoplifting accounted for 38 percent of the losses, while employee theft followed at 34.5 percent. The average shoplifting incident cost retailers $317.84, according to the report. Department stores suffered the highest average losses and grocery stores had the lowest average losses. Despite the high number, 62.7 percent of retailers surveyed said their losses either decreased or remained steady compared with previous years. Bob Moraca, the retail federation's vice president of loss prevention, said shoplifters look for physically small, but higher-end items, including razor blades, teeth whitening strips, or other expensive beauty products.
Denver Broncos Employ Technology, Security Policies to Avoid Potential Data Breach Denver Post (06/28/15) Jhabvala, Nicki
The Denver Broncos of the National Football League have long been aware of the threat of hacking in sports. Over the years, the team has taken steps to try to close as many of those loopholes as possible to secure proprietary information. The Broncos recently went all digital with their playbooks, using PlayerLync's tablet-based application that automatically pushes a digital version of the playbook, as well as game and practice film and coaches' comments, to the players' iPads. "The technical staff really like the digital format better," says Tony Lazzaro, the Broncos' director of football information systems. "It gives us more control. You can't copy the stuff off of there. You can't take the playbook out and e-mail it to yourself or print it or do anything else with it. It really keeps it more secure, whereas someone with a binder, you really have no control over it once it leaves your sight." The digital versions have security controls that paper playbooks could never offer. "What we built in are little time bombs that require that person's application check in with the server every so often," says PlayerLync chief executive officer Bob Paulsen. "If it doesn't, we'll automatically lock the device down or wipe the content." The playbook, the videos, the player-to-coach interactions — all are updated remotely and all can be stripped away instantly if the iPad is lost or if a player is released or traded.
Internet Companies Urged to Respond to Extremist Exploitation Associated Press (06/24/15) Lederer, Edith M.
A UN panel is calling for Internet and social media companies to fight back against the extremist groups who advertise propaganda on popular websites. ISIS and al-Qaida are well-documented as being very social media-savvy. In ISIS's case especially, Twitter has become a critical and very successful recruiting tool. The Security Council's report noted that "a worrisome trend over the past year has been the growth of high-definition digital terror: the use of propaganda, primarily by (the Islamic State group) and its sympathizers, to spread fear and promote their distorted ideology." In addition, the Council said that al-Qaida remains a critical threat despite being overshadowed by the extreme actions of ISIS. Both are using the Internet to their advantage to perpetuate global terrorism. Groups like Boko Haram and Jemaah Islamiyah are also finding success utilizing social media. The Security Council issued requests to Internet companies to step up their fight.
Gap in Cybersecurity Knowledge Creates Challenges for Organizations CSO Online (06/23/15) Bradley, Tony
There is a disturbing rift in cybersecurity knowledge between those who make decisions and manage the budgets and those who have to implement and manage the security measures, according to a new Ponemon Institute/Fidelis Cybersecurity survey of more than 650 board members and IT security professionals. Board members lack the necessary knowledge to properly address cybersecurity challenges, and IT security pros lack confidence in the board's understanding of cyber risks the organizations face, the report found. Seventy-six percent of respondents indicated boards review or approve security strategy and incident response plans, but only 41 percent of board members claimed to have expertise in cybersecurity. In addition, 59 percent of board members surveyed believe their organizations' cybersecurity governance practices are very effective but only 18 percent of IT security professionals agree, according to the report. "Without an understanding of the issues, it's impossible to reasonably evaluate if strategies and response plans are effectively addressing the problem," says Ponemon Institute chairman Larry Ponemon.
Greece Faces Import Shortages, Terror Risk: Experts CNBC.com (07/01/15) DiChristopher, Tom
Analysts say failure to reach an agreement on Greece's bailout could result in rapid economic deterioration, geopolitical disruption and increased risk of terrorism in Europe and the United States. Greece went into arrears Tuesday after failing to make a 1.6 billion-euro debt payment to the International Monetary Fund. The country has limited the amount of money Greeks can withdraw from banks as the country's financial institutions run dangerously low on cash. Daniel Speckhard, former U.S. ambassador to Greece and Belarus, notes that Greece is a member of the European Union and NATO, both consensus-based organizations. "If things fall apart and they are angry and upset, they can play a real spoiler in both those institutions" on issues including Russian and Iranian sanctions, he says. A destabilized Greece also raises the risk that terrorism will spread due to its geographic location. "It's basically the back door for people from the Middle East and refugees from around the world into the European Union, and if they don't monitor that, you could have some nefarious characters working their way into a free European travel zone to the rest of Europe and eventually to the United States," Speckhard warns. If Greece falls apart, it would not be hard for someone to obtain a Greek passport even if he or she is not a true Greek, he said.
House Leaders Warn Americans of July 4 Terror Threats USA Today (06/29/15) Kelly, Erin
House Homeland Security Committee Chairman Michael McCaul (R-Texas) warned Sunday that Americans should be vigilant to the threat of a terrorist attack around July 4. Chatter on social media indicates that terrorists may be planning to strike sometime during Independence Day celebrations, such as those held at military installations or parades, he said. A spokesman for Islamic State (ISIS) reportedly called for terrorist acts during the Islamic holy month of Ramadan, the one-year anniversary of the creation of ISIS, and July 4. Federal authorities have warned law-enforcement officials across the country of the heightened concern, although there is no specific or credible threat of attack. Rep. Peter King (R-N.Y.), a senior member of the House Intelligence Committee, told ABC's This Week that concerns included both "lone wolf" terrorists and coordinated attacks. He pointed out recent arrests of suspected terrorists in New York, including three men accused of being involved with an alleged plot to set off pressure-cooker explosives in New York City.
Jihadist Attacks on Egypt Grow Fiercer New York Times (07/02/15) P. A1 Fahim, Kareem; Kirkpatrick, David D.
Egyptian President Abdel Fattah el-Sisi is facing a growing jihadist insurgency that threatens the nation's stability. Militants on Monday assassinated Egypt's top prosecutor, Hisham Barakat, in Cairo, using a remote-controlled car bomb placed along his convoy's usual route. No one has claimed responsibility for the bombing yet, but analysts said it may have been one of the new Islamist militant groups that stage attacks in retaliation for arrests and prosecutions by the government. On Wednesday, the Egyptian military used F-16 war planes and helicopters to fight a coordinated assault in Northern Sinai by a jihadist group affiliated with Islamic State (ISIS). This attack was bigger and more complex than the group's previous strikes in Sinai, which indicates closer coordination with ISIS leadership based in Syria, experts suggest. Sisi has called for a campaign to marginalize mainstream Islamists like the Muslim Brotherhood, using tactics such as outlawing the group and even using lethal force against protests, but he is facing increased opposition from more violent Islamists who want to retaliate against the crackdown. Sisi's inability to reduce violence and restore order in Egypt has undercut his ability to encourage the economy, which relies heavily on the tourism industry.
Assad Chemical Threat Mounts Wall Street Journal (06/29/15) Entous, Adam
American intelligence officials say they are concerned that the regime of Syrian President Bashar al-Assad might escalate its use of chemical weapons if Islamist and other rebel fighters start to seriously threaten the regime's remaining strongholds. Syria was supposed to have given up its chemical arsenal last year as part of a deal brokered by Russia. That deal was a result of an August 2013 sarin gas attack by the regime that caused the Obama administration to threaten airstrikes against Syria, saying the Assad regime had crossed a red line. However, after having turned over what was supposed to be the entirety of its chemical arsenal, the Assad regime turned to using crude chlorine bombs and officials worry that the use of these bombs will escalate if the regime feels its remaining strongholds are under threat. Intelligence officials also worry that the Assad regime may have secretly retained some of its more deadly chemical weapons, or hidden the chemical precursors that would allow it to manufacture weapons like sarin or VX nerve gas on short notice. Officials worry because the regime's power is clearly slipping: it controls only a fourth of Syria and many of its bases in the northeast of the country have become isolated and cut off.
Tunisia Struggles to Find Balanced Response to Terror Associated Press (06/29/15) Schemm, Paul; Bouazza, Ben
Tunisia, the only democracy that emerged from the turmoil of the 2011 Arab Spring, has seen more of its young men join the Islamic State group than any other nation, and many have returned, battle-hardened, to spread radical ideologies back home. It is also a country full of vulnerable targets, with an economy that depends on welcoming European tourists. Despite having so much at stake, the slayings of 22 tourists at the national museum in March failed to persuade lawmakers to resolve their debate over an anti-terror strategy. Only now — after a single jihadi was able to kill 38 tourists at a seaside resort — does the government appear ready to launch a comprehensive response. "We decided today to pass the counter-terrorism law before Republic Day on July 25," Parliament President Mohamed Ennaceur said while visiting survivors of Friday's attack at a hospital. "We will be after the government to take the necessary measures in all areas to fight against terrorism." The new anti-terrorism law would increase police powers and provide for harsher penalties. It also would create "de-radicalization" centers to change minds through persuasion. With technical help from the United States and other countries, Tunisia's security forces have slowly been rebuilt and are becoming more effective in hunting down terror cells and increasing arrests of alleged extremists. But none of this stopped 24-year-old Seifeddine Rezgui from pulling an assault rifle and three grenades out of a beach umbrella and hunting down tourists at a resort hotel.
Security Concerns Continue to Dog the Cloud Industry Help Net Security (06/30/15)
A CloudPassage survey found 80 percent of high-level U.S. security professionals do not believe traditional network security tools can sufficiently protect cloud infrastructure. Within 18 months, 58 percent of IT services will be cloud-based, marking a significant rise over 43 percent today. According to two-thirds of survey respondents, it takes three months or longer to deploy a new security solution for their cloud infrastructure environment. This lag time leaves enterprises vulnerable to new threats that may emerge during deployment. In addition, close to three-quarters of respondents reported that traditional security is difficult to scale in a cloud environment. The top three concerns about customer data residing in the public cloud are data ownership, location of data and shared technology. More than one-third of respondents are concerned about their ability to meet compliance requirements. Companies clearly see the economic benefits of cloud technology, but concerns about security continue to dog the industry," said Mitch Bishop, chief market officer at CloudPassage.
Although cryptography increasingly is being used by developers to secure their apps, these efforts are often flawed, incomplete, or compromised, leaving sensitive data just as vulnerable as it was before, according to a new Veracode report. The report is based on an analysis of vulnerabilities affecting more than 200,000 commercial and self-developed applications that are used in enterprise environments. Cryptographic issues were the second most common flaws affecting applications, across all industries, ranking higher than vulnerabilities such as cross-site scripting, SQL injections, and directory traversal. Cryptographic issues involved improper TLS certificate validation, storing sensitive information and cleartext to improper verification of cryptographic signatures, and insufficient entropy. The issues have several causes, one of the main ones being that many developers lack the training to know how to properly implement encryption, according to Veracode CTO Chris Wysopal. Johns Hopkins University professor Matthew Green says another problem is many encryption libraries and APIs are poorly designed and immature compared to other mainstays of modern code like Internet protocols. Another shockingly common issue is developers deactivating encryption during testing and then forgetting to reactivate it when the product moves into production.
What the Houston Astros Hack Can Teach You About Cybersecurity CBS News (06/24/15) Schupak, Amanda
FBI investigators have been looking into a hack of the Houston Astros' internal database and have focused on a group of employees from the St. Louis Cardinals front office. The New York Times reported that whoever accessed the network appeared to have done so by logging in as either Astros general manager Jeff Luhnow or one of his top advisers, Sig Mejdal, both of whom were previously with the Cardinals. The Times stated that the intruder or intruders "examined the Cardinals' network and determined the passwords that Luhnow and Mejdal had used when they were with the Cardinals. Using those passwords, they gained access to the Astros' network." Using the same password to log into different sites means that a hacker only has to guess a password once to gain access to multiple accounts. Michael DeCesare, president and CEO of ForeScout Technologies, said consumers must understand that hackers that try "to steal our identity are looking for the weakest link." He added that if you are on a public Wi-Fi, do not go onto your bank account, check Facebook or Twitter, but stay away from sensitive accounts.
Click Fraud an Entry to Ransomware, Warns Security Firm Damballa ComputerWeekly.com (06/26/15) Ashford, Warwick
Devices hijacked for the purpose of conducting click-fraud can become a conduit for more serious malware such as ransomware, according to Damballa's latest infection report. Devices compromised with click-fraud are now being used as the initial step in a series of infections that lead to infections by CryptoWall ransomware. The report highlights the importance for organizations to identify low-level threats before they lead to more serious and damaging infections. According to Damballa, click-fraud steals millions of dollars from advertisers and costs businesses about $6.3 billion a year. The researchers focused on the RuthlessTreeMafa click-fraud malware, through which operators were able to sell access to compromised devices. As the click-fraud infection chain continued, the devices were infected with the CryptoWall ransomware, which is the biggest ransomware threat to business and has been responsible for 992 ransomware attacks reported to the U.S. Federal Bureau of Investigation since it first appeared in April 2014, resulting in losses of more than $18 million to U.S. businesses. "As this report highlights, advanced malware can quickly mutate and it's not just the initial infection vector that matters—it's about understanding the chain of activity over time," says Damballa's Stephen Newman.
DHS Group Wants Homeland Security to Share Database of Cyber Incidents With Private Sector NextGov.com (06/29/15) Ravindranath, Mohana
A Department of Homeland Security (DHS) working group is mulling the benefits of a "cyber incident data repository" in which federal agencies and industries could anonymously share information about cyber risks. The DHS' National Protection and Programs Directorate established the "Cyber Incident Data and Analysis Working Group" to determine the value of such a repository and how to incentivize participation in it. The group includes chief information security officers, academic experts, and cyber professionals, whose opinions are outlined in the white paper. Potential benefits of a cyber repository include helping companies assess how their cyber precautions measure up to their peers, which could "help propel internal discussions about an organization's cyber risk." Although "different industries tend to experience different cyber incidents and risks—for example, routine credit card hacks or hacktivist denial-of-service attacks for some and sophisticated attacks aimed at sabotage, large-scale theft, or espionage for others," participants noted that "particular attack vectors often are used during cyber incidents against multiple industry sectors." As a result, participants said it is vital for companies know what is happening to peers in addition to companies "across the entire cybersecurity ecosystem." The working group plans to continue discussing repository issues, such as whether specific cyber incident data points should be shared and the privacy standards a "trusted" repository must meet, according to DHS.