Hackers

  • NERC drill finds U.S. grid preparedness insufficient

    The North American Electric Reliability Corporation (NERC) reported that its recent GridEx II exercise has highlighted the fact that nearly all the utilities which took part in the two-day drill last November – a drill aiming to test the preparedness of the U.S. power grid to withstand cyber and physical attacks – admitted that their planning for such attacks was insufficient. NERC’s president, Gerry Cauley, said that protecting utilities against cyber and physical attacks should be considered in the context of measures taken to protect the grid from other threats. He noted that utilities are already hardening their systems against storms like Hurricane Sandy, while working to determine their vulnerability to solar activity that changes the earth’s magnetic field.

  • Hacking prof’s computer to change a grade is easier than studying

    Academic institutions are easy targets since many do not invest in sophisticated IT personnel or employ the latest cybersecurity programs. Some students have noticed this, and more and more universities are facing a new hacking problem: students hacking their professors’ computers in order to improve their grades. “It became so much easier to change my grades than going to class and working real hard,” a Purdie University student told an Indiana court.

  • Cyber war in Ukraine – business as usual for the Russian bear

    In a war — declared or otherwise — bravery and perseverance are not enough. Communications are important. Effectiveness means being able to command your troops and gather information. It also means being able to trust your communications. Disrupting and distorting communications is a dark art, the “new black” in overt and covert conflict. This is what we are seeing in Ukraine. Russia appears to be having a fine time covertly sabotaging Ukrainian networks.

  • Iona College to Launch BS, BA, MS concentrations in cybersecurity

    Iona College announced the launch in fall 2014 of undergraduate and graduate programs in computer science with a concentration in cyber security. The concentration will be offered for the Bachelor of Science, Bachelor of Arts, and the Master of Science degrees. The programs will provide students with fundamental cyber security skills, theoretical as well as hands-on experience. Students are exposed to new research ideas across many cyber security areas including software security, Web application security, mobile security, networking security, database security, and cryptography.

  • TECHEXPO - Exclusive Security-Cleared Hiring Events - Register Now!
    view counter
  • Ukrainian computer systems attacked by sophisticated malware with "Russian roots"

    Ukrainian computer systems and networks have been targeted by at least twenty-two attacks launched by “committed and well-funded professionals” since January 2013, defense contractor BAE Systems found. BAE declined to identify the source of the attacks, but a German company said the espionage software has “Russian roots.” The malware design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” the BAE report said.

  • FERC orders development of physical security standards for transmission grid

    The Federal Energy Regulatory Commission (FERC) on Friday directed the North American Electric Reliability Corporation (NERC) to develop reliability standards requiring owners and operators of the Bulk-Power System to address risks due to physical security threats and vulnerabilities.

  • Software spots malicious behavior by apps

    Last year at the end of July the Russian software company Doctor Web detected several malicious apps in the app store Google Play. Downloaded on a smartphone, the malware installed — without the permission of the user — additional programs which sent expensive text messages to premium services. German computer scientists have now developed software which can discover such malicious apps already in the app store. The software detects pieces of code where the app accesses sensitive data and where data is sent from the mobile device.

  • Biometric security for mobile devices becoming mainstream

    Biometric security such as fingerprint, face, and voice recognition is set to hit the mainstream as global technology companies market the systems as convenient and easy to use. The latest biometric technologies are not without their security issues, but they are marketed as more convenient than traditional methods rather than more secure, and encourage adoption by people who currently do not have any security on their phone at all.

  • Platform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • Collecting digital user data without compromising privacy

    The statistical evaluation of digital user data is of vital importance for analyzing trends. It can also undermine users’ privacy. Computer scientists have now developed a novel cryptographic method that makes it possible to collect data and protect the privacy of the user at the same time.

  • U.S. Army releases first field manual for war in the electromagnetic spectrum

    Sergei Gorshkov, former Admiral of the Fleet of the Soviet Union, once remarked that “the next war will be won by the side that best exploits the electromagnetic spectrum.” The U.S. Army agrees, releasing its first field manualfor Cyber Electromagnetic Activities (CEMA). The Pentagon defines cyber electromagnetic activities as activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy the use of such capabilities, and protecting the mission command system.

  • Pro-regime Syrian hackers threaten cyberattacks on CENTCOM

    Last Friday, the Syrian Electronic Army (SEA) threatened to launch a cyberattack on U.S. Central Command (CENTCOM) if the United States would conducts cyberwarfare operations against Syria.

    The SEA is a group of Syrian computer hackers who support Syrian President Bashar al-Assad. Cyber experts say the group’s threat should not be dismissed. “This is a very capable group that has done some very significant things against well-defended targets,” says Bob Gourley, a former Chief Technology Officer for the Defense Intelligence Agency (DIA).

  • Securing Industry 4.0

    An increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield the sensitive data that is kept there.

  • Experts call for a new organization to oversee grid’s cybersecurity

    In 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector. A new report proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

  • NIST’s voluntary cybersecurity framework may be regarded as de facto mandatory

    The National Institute of Standards and Technology’s (NIST) voluntary cybersecurity frameworkissued in February establishes best practices for companies that support critical infrastructure such as banking and energy. Experts now warn that recommendations included in the framework may be used by courts, regulators, and even consumers to hold institutions accountable for failures that could have been prevented if the cybersecurity framework had been fully implemented by the respective institution.