• Researchers use SMS to take control of a car remotely

    Researchers have discovered a serious flaw in vehicle security, which allowed them to hack a car, remotely activating its windscreen wipers, applying its brakes, and even disabling them – and do all this by using simple text messages. The vulnerability was found in small black dongles which are connected to the vehicles’ diagnostic ports. The dongles are used by insurance companies and fleet operators and are plugged into the car’s onboard diagnostics port (OBD-II).

  • Fusion Centers important in promoting cybersecurity

    Fusion centers were created after 9/11 to serve as primary focal points for state, local, federal, tribal, and territorial partners to receive, analyze, and share threat-related information. States can promote cybersecurity and enhance their capabilities by heightening the importance of cybersecurity as a mission of fusion centers, according to a paper released the other day by the National Governors Association (NGA).

  • Government credentials found on the open Web

    Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

  • Criminals receive 1,425 percent return on investment from malware attacks: Report

    Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

  • U.S. adopts a more assertive cyber defense posture

    Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.

  • Cybersecurity firms hire former military, intelligence cyber experts

    Over the past two years, U.S. cybersecurity firms have brought in several former military and intelligence community computer experts to help combat hackers targeting the U.S. private sector. For the new private sector employees, the wages are higher and opportunities are endless. Hundreds of ex-government cybersecurity workers represent the competitive advantage of a cybersecurity services industry expected to bring in more than $48 billion in revenue next year, up 41 percent from 2012. “The people coming out of the military and the intelligence community are really, really good,” says a cyber startup founder. “They know the attackers. They know how they work.”

  • Do you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • Police department pays ransom after hackers encrypt department’s data

    Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files. The attack is known as the CryptoLocker ransomware virus, and it points to a new frontier in cyberterrorism.

  • New technology combats mobile malware attacks

    As mobile phones increase in functionality, they are becoming increasingly ubiquitous in everyday life. At the same time, these devices also are becoming easy targets for malicious activities.One of the primary reasons for such malware explosion is user willingness to download applications from untrusted sources that may host apps with hidden malicious codes. Once installed on a smartphone, such malware can exploit it in various ways. Researchers have developed simple but effective techniques to prevent sophisticated malware from secretly attacking smartphones.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • Cyber researchers need to predict, not merely respond to, cyberattacks: U.S. intelligence

    The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

  • Aviation industry under-prepared to deal with cyber risk: Expert

    The aviation industry is behind the curve in terms of its response and readiness to the insidious threat posed by cyber criminality whether from criminals, terrorists, nation states, or hackers, according to Peter Armstrong, head of Cyber Strategy for Willis Group Holdings, the global risk adviser, insurance and reinsurance broker. Armstrong explained that the aviation industry’s under-preparedness is noteworthy in a sector that abhors uncertainty and works tirelessly to eradicate it.

  • DHS S&T announces licensing of cyber security technology

    The other day, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced that technology from its Cyber Security Division Transition to Practice (TTP) program has been licensed for market commercialization. This is S&T’s second technology that has successfully gone through the program to the commercial market. The technology, Hyperion, developed by Oak Ridge National Laboratory, is a malware forensics detection and software assurance technology which has been licensed to R&K Cyber Solutions LLC, a Manassas, Virginia-based application development and cyber solution company.

  • Grants competition to improve security, privacy of online identity verification systems

    The National Institute of Standards and Technology (NIST) is launching a competition for a fourth round of grants to pilot online identity verification systems that help improve the privacy, security, and convenience of online transactions. The pilot grants support the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative launched in 2011. NSTIC’s goal is to improve trust online through the creation of a vibrant “Identity Ecosystem,” in which individuals and organizations are able to better trust one another because they follow agreed-upon standards and processes for secure, privacy-enhancing and interoperable identity solutions online.

  • Idaho bolsters the state’s cyber defenses

    Idaho’s director of the Bureau of Homeland Security says that cyber threats remain the most important yet least understood risk to government and the private sector. He has announced plans to tackle that vulnerability in the state. The director of the Bureau says that cybersecurity will never be perfect, which makes it imperative for organizations like the Idaho Bureau of Homeland Security to focus on planning that incorporates not just defense, but also detection and the mitigation of damage that has already occurred.