• FIDO 1.0 specifications published aiming to promote stronger authentication

    The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

  • McAfee Labs report previews 2015 cyber threats, exploits, evasions

    McAfee Labs November 2014 Threats Report offers an analysis of threat activity in the third quarter of 2014, and the organization’s annual 2015 Threats Predictions for the coming year. The report details a third quarter filled with threat development milestones and cyber events exploiting long-established Internet trust standards. McAfee Labs forecasts a 2015 threat landscape shaped by more attacks exploiting these standards, new attack surfaces in mobile and Internet of Things (IoT), and increasingly sophisticated cyber espionage capabilities, including techniques capable of evading sandboxing detection technologies.

  • Improving defense of the U.S. cyber infrastructure

    Florida Institute of Technology Associate Professor Marco Carvalho has been awarded a $730,000, two-year contract by DHS Science and Technology Directorate (S&T) to design a cyberdefense framework that will allow multiple organizations in both civilian and government sectors unprecedented levels of coordination in their efforts to protect the nation’s cyber infrastructure.

  • Coordinated cyberattacks by Iran-based hackers on global critical infrastructure

    Irvine, California-based cybersecurity firm Cylance last week released a report detailing coordinated attacks by hackers with ties to Iran on more than fifty targets in sixteen countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities.

  • Growing cybersecurity threats offer opportunities for cybersecurity businesses

    A 2013 report from the U.S. Computer Emergency Readiness Team(US-CERT) noted that the number of cyberattacks reported by federal agencies had skyrocketed 782 percent since 2006, to nearly 49,000, in 2012. Today, the figure is much higher. The increasing threat of cyberattacks from domestic and foreign actors has opened up opportunities for cybersecurity professionals, many of whom held positions with the U.S. military or intelligence agencies. For the private sector, cybersecurity spending is expected to reach $71.1 billion this year, and expected to grow about 9 percent annually through 2016.

  • DOJ’s new cyber unit to provide legal guidance on electronic surveillance

    The Justice Department is creating a cybersecurity unit within its Computer Crime & Intellectual Property Section (CCIPS) to provide legal guidance on electronic surveillance investigations.The unit will also work with Congress on cybersecurity legislation and focus on cybercrime prevention.

  • view counter
  • China says U.S. does not appreciate China’s own vulnerability to cyberattacks

    At the seventh annual China-U.S. Internet Industry Forum held on 2-3 December, Lu Wei, minister of China’s Cyberspace Affairs Administration, which manages Internet information in China, urged U.S. officials and the private sector to stop claiming Chinese cyberespionage against U.S. systems and instead understand China’s Internet information policies. China has become the world’s largest Internet market with over four million websites, 600 million Web users, and four of the world’s top ten Internet firms.

  • FBI cautions U.S. firms of hackers trying to overwrite companies’ data files

    On Monday, several cybersecurity officers of U.S. businesses received a five-page “flash” warning from the FBI to be cautious of hackers that may use malware to override all data on hard drives of computers, including the master boot record, which prevents them from booting up. “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the warning read.

  • Hackers well-versed in Wall Street vernacular hack publicly traded companies

    Security firm FireEye’s recent reporton a group of hackers who have been infiltrating e-mail correspondence from more than 100 organizations, differs from the company’s previous reportson cyber criminals operating from China or Russia. This time, the hackers are based in North America or Western Europe, and are well-versed in Wall Street vernacular. The hackers, who FireEye named “FIN4” because they are one of many groups that hack for financial gain, targeted mostly publicly traded healthcare or pharmaceutical companies, along with their advisory firms, in pursuit of information that could affect global financial markets.

  • Online tools help users adopt better privacy practices

    Research shows a growing concern for online privacy, but Internet users give up personal information every day in exchange for the convenience and functionality of a variety of online services. Online privacy is distinct from online security, which encompasses efforts to mitigate the theft of personal information. Most violations of online privacy are not illegal but rather the results of tacit consumer consent. The new Privacy Helper mobile app teaches users about the features on their phones that can affect privacy. The key to Privacy Helper, its developers say, is its flexibility in giving users better control over how they share personal information.

  • Internet security market to reach $42.8 billion globally by 2020

    According to a new report by Allied Market Research, the global Internet security market is expected to reach $42.8 billion by 2020, registering a CAGR of 8.1 percent during 2014-2020. The market, driven by demand for software solutions, would experience a shift toward the adoption of cloud-based systems. About 80 percent of the top companies today identify with cloud-based security services which have become a prominent market trend.

  • A malware more sophisticated than Stuxnet discovered

    Security experts at Symantechave discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said one security expert.

  • Iran may resume cyberattacks on U.S. if nuclear deal is not reached

    A failure for the United States to reach a nuclear deal with Iran could result in more cyberattacks against U.S. companies, House Intelligence Committeechairman Mike Rogers (R-Michigan) said. Cyberattacks by Tehran declined dramatically after the United States, other permanent members of the Security Council, and Germany agreed to an interim nuclear deal with Iran in 2013, but should the parties fail to reach a permanent nuclear deal by the newly set March 2015 and July 2015 deadlines, financial firms, oil and gas companies, and water filtration systems could be targets of malware from Iran’s cyber army.

  • Cyber experts divided over the scope of damage of a cyberattack on U.S.

    Citing the risks of lack of preparation against future cyberattacks and the absence of security infrastructure, a new report urges across the board updates in the domain of cybersecurity. Most of the experts interviewed for the report pointed to the Stuxnet malware, which damaged Iranian nuclear-enrichment centrifuges and other nuclear-related machinery in 2010, as an example of the sort of future attacks that could disable and destroy vital infrastructure such as power grids, air-traffic controls, and banking institutions.

  • NSA director: China and “one or two” other nations can damage U.S. critical infrastructure

    Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command, told lawmakers yesterday that China and “one or two” other countries are capable of mounting cyberattacks which would paralyze the U.S electric grid and other critical infrastructure systems across the country. A cyberattacks of such scope has been discussed in the past – it was even dubbed a “cyber Pearl Harbor” – but Rogers was the first high official to confirm that such a crippling attack on the United States was not a mere speculation. Rogers said U.S. adversaries are conducting electronic “reconnaissance” on a regular basis so that they will be well-positioned to damage and disrupt the industrial control systems which run chemical facilities, nuclear power plants, water treatment facilities, dams, and much more.