-
House sponsors of the Cybersecurity Enhancement Act hopes for quick Senate approval
The The U.S. House of Representatives has passed the Cybersecurity Enhancement Act by an overwhelming majority; Rep. Michael McCaul (R-Texas) says: “When you’re talking about science and technology and national security….those are elements we should all be able to work together (on); Democrat, Republican, and that’s what we saw on the House floor”
-
-
Hackers to compete for $100,000 for smartphone, browser hacks
Hackers will compete for a $100,000 in prizes for exploits that successfully penetrate Apple’s iPhone 3GS, Research in Motion’s Blackberry Bold 9700, a Nokia device running the most recent version of Symbian, and a Motorola phone running Google’s Android
-
-
U.S. cyberattack drill exposes unsettling vulnerabilities
Experts, including current and former officials, conduct a cyberattack-on-the-U.S. drill; the results show that the peril is real and growing; no grand plan emerged, but the group did agree to advise the president to federalize the National Guard, even if governors objected, and deploy the troops — perhaps backed by the U.S. military — to guard power lines and prevent unrest
-
-
LGS on Lockheed Martin team for $31 million DARPA cyber assurance contract
LGS selected by Lockheed Martin as a subcontractor for a 31 milllion dollar DARPA-funded contract to develop cyber procedures which will provide military untis with dynamic bandwidth allocation
-
-
New group calls for holding vendors liable for buggy software
The group released draft language it advises companies to incorporate into procurement contracts between user organizations and software development firms; SANS Institute, Mitre also release 2010 list of Top 25 programming errors
-
-
Critical infrastructure companies targeted by malware
Companies in the critical infrastructure sector, such as oil, energy, and chemical industries, experienced a higher percentage of malware in 2009 than organizations in other sectors – much, much higher: more than 350 percent more than other industries
-
-
McAfee: China leads world in hacked computers
A new study finds that more personal computers in China — about 1,095,000 computers — than in any other country have been hacked to make them zombies, then grouped into botnets to engage in massive e-mail attacks on Web sites; the prevalence of botnets is a sign of how vulnerable computer networks are to infiltration
-
-
ShockWave cyberdrill will see former officials manage cyberattack on U.S.
Simulated cyberattack to test government response to nation-wide cyberattack on the United States; the purpose of the drill is to see how officials in key government positions would react to a real-time cyberattack, and to evaluate the split-second decisions they may be required to take to deal with it
-
-
NIST issues expanded draft of its smart grid cyber security Strategy for public review
The coming Smart Grid will offer efficiency and savings, but also new cybervulnerabilities; NIST has issued the second draft proposal of its smart grid cybersecurity requirements; the document identifies more than 120 interfaces that will link diverse devices, systems, and organizations engaged in two-way flows of electricity and information and classifies these connections according to the risks posed by a potential security breach
-
-
Oak Ridge develops powerful intrusion detection systems
The attack analysis program uses machine learning to increase effectiveness; ORCA effectively sits on top of off-the-shelf intrusion detection systems, and its correlation engine processes information and learns as cyberevents arrive; the correlation engine supplements or replaces the preset rules used by most intrusion detection systems to detect attacks or other malicious events
-
-
Group aims to set standard for cloud security
A new consortium aims to provide a Common Assurance Metric (CAM) that will consist of objective, quantifiable measurements; it will draw from existing standards, which are often industry specific, to provide an international, cross-sector approach
-
-
FBI wants two year retention for ISP data
Since 1986 U.S. phone companies have been obliged to keep records of who makes calls, who they call, when they call, and how long the call lasts; Now, the Feds want to include Web activity tools; it is not clear is whether the FBI means which Web sites are visited or the specific URLs
-
-
U.S. scientists get free cloud free access
Microsoft and the U.S. National Science Foundation (NSF) will provide free access to cloud computing resources for select NSF-funded researchers for the next three years; those selected will get to use remote Microsoft Azure data centers full of Windows/Dell servers and storage so that they can run compute-intensive algorithms on masses of data
-
-
U.K. police looking for PC crime breathalyser
U.K. e-crime cops turn to technology to boost frontline forensics; the Police Central e-Crime Unit (PCeU) is looking for “digital triage” tools that would give frontline police with little training in digital forensics the ability to search for anything from text in e-mails relating to stolen goods to illegal images
-
-
Terrorists hack gambling Web sites to finance operations
Terrorists hack gambling Web sites to finance terrorist operations; one group of al Qaeda sympathizers made more than $3.5 million in fraudulent charges using credit card accounts stolen via online phishing scams and the distribution of Trojans; the group conducted 350 transactions at 43 different online gambling sites, using more than 130 compromised credit cards
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.