• A small industry emerges to support would-be credit card thieves, malware writers

    There is money to be made in credit card theft, so a small industry has emerged to help commercialize the business; a software kit, known as Zeus, epitomizes the commercialization of the malware services industry: as is the case with other malicious software, Zeus can easily be bought online, in this case for between $400 and $700; detailed instructions on how to use it are readily available, too; to check whether a piece of malware is on the security companies’ blacklists, hackers can send their creations to Web sites such as virtest.com, which for just $1 will try the code out on more than twenty antivirus products; if the malware fails the test, would-be criminals can simply upload their malware to another site that will tweak it to render it unrecognizable

  • Delay in start date for U.K. cyberdefense center

    The U.K. government’s Cyber Security Operations Center, charged with protecting Britain’s critical IT infrastructure, was supposed to become operational yesterday; the government said it would become operational by the end of the month

  • GAO: U.S. government not properly coordinating cybersecurity efforts

    The U.S. Government Accountability Office, in addressing the Obama administration’s Comprehensive National Cyber Security Initiative (CNCI), a secretive initiative inherited from the Bush administration, warned that “Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where the full responsibility for coordination lies”

  • Private industry sees opportunities in cybersecurity

    Nadia Short, director of Strategic Planning and Business Development Information Assurance Division at General Dynamics: “The release of the [DHS] budgets earlier this month indicate a growth in cyberspending across all the services…. With that, as well as continuing the natural evolution of what cyber will mean for dot-gov and dot-mil, it will mean nothing but opportunity for private industry”

  • Smart grid attack likely

    The smart grid’s distributed approach exposes these networks and systems, especially in the early phases of deployment; the communication among these networks and systems will be predominantly wireless and it is assumed they will be sniffed, penetrated, hacked, and service will be denied

  • U.K. government: even modest cyber attacks will have "catastrophic" impact on public confidence

    U.K. cybersecurity agency says that cyberattack do not have to be massively severe to undermine the public confidence in the government; agency says that government eavesdroppers also face a secret “cyber arms race” to develop quantum cryptography technology

  • New security threat against smart phone users

    Researchers demonstrate how a software attack could cause a smart phone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless; these actions could happen without the owner being aware of what happened or what caused them

  • Deadline for Massachusetts' “Written Information Security Program” looms

    As of 1 March 2010, Massachusetts will require that all Massachusetts companies — and even companies operating outside the Commonwealth, but which do business in Massachusetts — to implement stringent personal data privacy law, the data protections pertain to not just electronically stored and transmitted information but also hard copy formats

  • Hackers to compete for $100,000 for smartphone, browser hacks

    Hackers will compete for a $100,000 in prizes for exploits that successfully penetrate Apple’s iPhone 3GS, Research in Motion’s Blackberry Bold 9700, a Nokia device running the most recent version of Symbian, and a Motorola phone running Google’s Android

  • New group calls for holding vendors liable for buggy software

    The group released draft language it advises companies to incorporate into procurement contracts between user organizations and software development firms; SANS Institute, Mitre also release 2010 list of Top 25 programming errors

  • Critical infrastructure companies targeted by malware

    Companies in the critical infrastructure sector, such as oil, energy, and chemical industries, experienced a higher percentage of malware in 2009 than organizations in other sectors – much, much higher: more than 350 percent more than other industries

  • McAfee: China leads world in hacked computers

    A new study finds that more personal computers in China — about 1,095,000 computers — than in any other country have been hacked to make them zombies, then grouped into botnets to engage in massive e-mail attacks on Web sites; the prevalence of botnets is a sign of how vulnerable computer networks are to infiltration

  • Google turns to NSA for assistance in thwarting Chinese cyberattacks

    Google has developed a reputation as a company that likes to keep its distance from government agencies; the cyberattacks on Google by the Chinese intelligence services has caused Google to reconsider; it is now finalizing a new deal with the NSA to share data – the company’s first formal agreement with the NSA; the spy agency will help Google develop better defenses against Chinese encroachment

  • Security experts worry over iPad security risks

    Security experts that the fact that the iPad will be locked down as the iPhone is, will not prevent hackers using phishing attacks and browser exploits from attacking to new device; while the iPad uses the same OS as the iPhone, it is more powerful; this means attacks based on doctored PDF files may potentially become a risk

  • Critical infrastructure executives fear China

    Operators of electrical grids, telecommunications networks, and other critical infrastructure say their systems are under constant cyber attack; more than 54 percent of the respondents said their critical systems have already suffered large-scale attacks or stealthy infiltrations