• Keeping digital data safe

    The recent Epsilon data leak incident was serious, as it exposed a large number of people to an attack called “spear phishing,” in which an attacker targets specific users or organizations with attempts to steal personal information; this incident could have been much worse: many third-party organizations have aggregated large amounts of our personal information in one place, making us increasingly vulnerable to the type of attack we saw with Epsilon — and attack in which a single breach can result in the compromise of a large amount of user data

  • Internet threat landscape offers a grim picture

    A new Symantec report paints a grim picture of the Internet threat landscape; Symantec detected more than three billion malware attacks from 286 million malware variants in 2010 — up 93 percent on 2009; 49 percent of malicious sites found through Web searches were pornographic; in 2010, 6,253 software vulnerabilities were reported, higher than in any previous year; fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack; the bad guys also demonstrated a firm grasp of new technology: social networking sites are a huge target, and hackers are exploiting the boom in URL shortening services such as bit.ly; smartphones are also beginning to attract malware

  • RSA explains how hackers stole critical SecurID data

    Cyber security giant RSA detailed how hackers recently infiltrated its systems and stole critical data related to its SecurID two factor authentication products which are used by the Department of Defense, major banks, and other government agencies around the world; hackers used a “spear-phishing attack,” fake emails containing malicious code, to first gain access to its networks; once inside the network, hackers were able to target high-level RSA employees with access to sensitive information and copy their data; experts warn that these types of attacks primarily exploit people, so educating employees to not open these types emails that may contain malicious code is critical

  • U.S. industrial processes vulnerable to Stuxnet-like attack

    Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

  • OMB reports on 2010 cybersecurity attacks

    A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall

  • Android and Windows 7 phone confound hackers in competition

    Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into; the results do not necessarily mean that Android and Windows 7 phones are more secure; several factors determine the relative protection a device has against hackers including the security of the software itself and the amount of research that has already been conducted on the device’s weakness; observers were surprised to see the Android repel attacks, but were not shocked when the iPhone was hacked

  • Cyber security firm victim of cyber attacks, Pentagon networks potentially compromised

    RSA, a major cyber security firm that helps defend the Pentagon’s networks as well as thousands of others around the world, has been the subject of a cyber attack; valuable information was stolen that could comprise the Department of Defense’s networks as well as Lockheed Martin’s; the attack has been identified as an advanced persistent threat; hackers stole information related to the company’s SecurID two factor authentication products; RSA’s SecureID customers include major banks, healthcare providers, and even state governments; RSA has been working with the U.S. government to secure networks against any potential security breaches

  • Major increase in cyber attacks on China's government

    China recently reported that last year its government websites experienced a 68 percent increase in cyber attacks; a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010; attacks on non-government websites decreased 22 percent in 2010, while attacks on government websites had increased; in response to the increased number of cyber attacks, the report urged local regulators to step up efforts to police the Internet and deter these hackers by imposing stricter penalties; five million Chinese IP addresses had been infected with a trojan horse or corpse virus

  • Paris G20 files stolen in cyber attack

    The French government recently confirmed that hackers have stolen sensitive files from the February G20 summit in Paris; in targeted attacks aimed at stealing specific files, more than 150 of the French Budget Ministry’s 170,000 computers were affected; officials say this was the first attack of this size and scale against the French government; circumstantial evidence points to China, but there is no clear indication to suggest the attacks were government sponsored; the most recent attack against the French government is the latest in a string of cyber attacks on companies and governments around the world with evidence pointing to China

  • Smartphones makes military networks vulnerable

    The U.S. military has increasingly integrated smartphones into combat operations, but cyber security experts warn that these devices could also pose a major security challenge to military networks; smartphones are fast becoming the target of choice for hackers; Android phone applications have no security screening procedures before they are released, while iPhone apps are only loosely screened; to secure these devices, the military can encrypt all data, turn off voice capabilities, and lock the phone to only allow the use of approved apps; the Army is considering issuing every soldier a smartphone

  • Wisconsin introduces law to ban fake caller IDs

    Republican legislators in Wisconsin have introduced a bill that would make it illegal to use a fake caller ID number to “defraud, cause harm, or gain anything of value”; last year Congress passed a similar bill that banned the use of “phone spoofing” technologies — technology that allow an individual to choose what number they wish to appear on another person’s caller ID; the new bill would allow law enforcement officials to target individuals making prank calls in addition to prosecuting companies that provide spoofing technology; critics question the timing of the bill as it comes after a high-profile prank call to Wisconsin governor Scott Walker

  • Smartphones are now audio bugs of choice

    In an increasing trend, cell phones have become the tool of choice for eavesdroppers; with new smartphones, spies can easily plant a tracking device that can follow a user’s every move including their location, calls, text messages, emails, and even video; with the proliferation of smartphones, thousands of sites are now selling spy software; for as little as $25, someone can tap into all the features of Blackberries, iPhones, and Google Android phones; the software takes minutes to install and can be disguised as an email link; it can take days of searching through thousands of lines of code to discover the spy software

  • Tainted apps make their way into official Android store

    More than fifty applications have been found to be infected with a new type of Android malware called DroidDream, an information stealer; fraudsters repackaged legitimate apps (mostly games) so that they included malicious code before uploading them to the marketplace; the tactic has been seen in mobile marketplaces in China and elsewhere but this is the first time the approach has been successfully applied in the United States

  • Are your phones really secure?

    Breakthroughs in technology have enabled malicious actors to listen in on any conversation using your phone even when not in use; eavesdroppers have circumvented encrypted audio channels by relying on a relatively simple principle in physics — resonance; by tapping into an object’s natural resonance, spies have turned phones and phone cables into listening devices even when they are not in use; researchers at Teo, a manufacturer of secure telecommunications equipment, were able to capture human voices using standard phones, unplugged Ethernet cables, or even a rock; to address this security gap, Teo has designed its IP TSG-6 phones with special vibration dampening circuitry and materials that render them impervious to these types of listening devices

  • Android apps send private data in the clear

    Cell phones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users’ privacy; Facebook’s recently unveiled always-on SSL encryption setting to prevent snooping over insecure networks — but the encryption is no good, meaning that all private messages, photo uploads, and other transactions are visible to eavesdroppers