-
U.S. Army working to encrypt UAV video feeds
The Army is scrambling to secure the live video feeds from its UAVs from being intercepted by insurgents in Iraq and Afghanistan; Raven drones will be retrofitted with encryption technology as early as this month; the U.S. Air Force has known for more than a decade that the live video feeds from its unmanned aerial vehicles can be intercepted by the enemy but opted not to do anything about it until this year.
-
-
Pentagon says U.S. fixed drones hacked by Iraqi insurgents
Iraqi insurgents, using a $25.95 off-the-shelf commercial application, were able to intercept communication between U.S. surveillance UAVs and the UAVs’ command center; the hacking was discovered when the U.S. military found files of intercepted drone video feeds on laptops of captured militants; U.S. soldiers discovered “days and days and hours and hours of proof,” one U.S. officer said; the same hacking technique is known to have been employed in Afghanistan; the U.S. government has known about the UAV communication flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it.
-
-
Adobe to patch zero-day Reader, Acrobat hole
On 12 January Adobe will release patches to fix zero-day vulnerabilities in Reader and Acrobat; malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec; the rate of infection is extremely limited and the risk assessment level is very low, the company said.
-
-
Prediction for 2010: The coming cloud crash
Technology maven Mark Anderson predicts a big remote-computing service disaster; “My hunch is that there will never really be a secure cloud,” he says; businesses will view cloud services more suspiciously and consumers will refuse to use them for anything important, he says
-
-
Michigan in cyber-security partnership with DHS
Michigan will deploy EINSTEIN 1, the DHS-run cyber security system which all federal agencies are required to use; EINSTEIN 1 automates the collection and analysis of computer network security information from participating agency and government networks to help analysts identify and combat malicious cyber-activity
-
-
DHS launches virtual cyber job fair
In October DHS announced it was given the authority to hire 1,000 cyber security professionals during the next three years; late last week the department launched a virtual job fair to begin and recruit these cyber specialists; DHS is looking for applicants with experience in cyber risk and strategic analysis, malware/vulnerability analysis, incident response, exercise and facilitation management, vulnerability detection and assessment, intelligence analysis, and cyber-related infrastructure inderdependency analysis
-
-
US, Russia begin talks on cyberspace security
U.S. officials say the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race; the United States also hope to enlist the Russians in the war against cybercrime
-
-
Cybercriminals begin to exploit the cloud for hacking
Cloud password cracker is a sign of things to come: cloud computing offers advantages of scale and cost, but its reliance on the Internet makes it vulnerable to hacking; “The cloud is going to offer the serious criminal huge computing resources on tap, which has lots of interesting applications,” says one security expert; “If nothing else, it should change a few threat models”
-
-
House of Lords hears evidence on risk of cyberterattacks
The House of Lords hears evidence that the U.K. communication system is vulnerable to cyberattacks; experts advised the Lords that since up to 90 percent of the critical infrastructure on which Europe depends is privately owned and crosses international boundaries, then only co-operative planning between public and private sectors, as well as EU member states, can hope to deal with the risks.
-
-
Cisco annual information security report highlights risks of social media
Cisco has released its annual information security report for 2009 and the year-end analysis; the report highlights the impact of social media on network security and the critical role that people — not technology — play in creating opportunities for cybercriminals.
-
-
New NIST director says U.S. faces "critical time in cybersecurity"
Patrick Gallagher, the new director of the U.S. National Institute of Standards and Technology, sees NIST’s role as a catalyst for the application of technology to pressing environmental, economic, and social concerns
-
-
Cyberattacks on U.S. military systems rise
In 2000, there were 1,415 cyber attacks on U.S. military networks; in all of 2008 there were 54,640 malicious cyber incidents targeting DoD systems; in the first six months of 2009 tThere were 43,785 such incidents.
-
-
How vulnerable is the smart grid?
The smart grid is a theoretically closed network, but one with an access point at every home, business, and other electrical power user where a smart-grid device is installed; those devices, which essentially put the smarts into the grid, are computers with access to the network; in the same way attackers have found vulnerabilities in every other computer and software system, they will find vulnerabilities in smart-grid devices
-
-
Cyber security certification is not a panacea for cybersecurity woes
The U.S. Congress is deliberating proposals to require cybersecurity certification for cyber security professionals; although a good certification standard might be a measure of a baseline level of competence, it is not an indicator of job performance; having certified employees does not mean firewalls will be configured securely, computers will have up-to-date patches, and employees won’t write passwords on the backs of keyboards
-
-
Industry, academia join hands to solve U.S. most pressing cyber threats
Northrop Grumman forms cybersecurity research consortium to help secure the U.S. critical infrastructure and counter growing threats; consortium’s members include MIT, Carnegie Mellon, and Purdue
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.