• Israel bolsters cyber defenses to cope with an escalating number of cyberattacks

    In 2013, Israel’s grid was cyberattacked, on average, a few hundred times per hour. Last year the average hourly attacks on Israel’s grid was 20,000.The number of detected cyberattacks on Israel reached two million a day during the war with Hamas last summer. The Israeli government decided there was a need to reorganize and improve the cyberdefense systems protecting Israel’s critical infrastructure.

  • Cellphones can steal data from isolated “air-gapped” computers

    Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

  • view counter
  • Russia offers safe haven for a major botnet operator

    Recently the FBI offered a reward of $3 million for any useful information which will lead to the apprehension of Evgeniy Mikhailovich Bogachev. Bogachev is notorious for creating the Gameover Zeus botnet, which the FBI had successfully shut down in mid-2014, but the agency failed to capture Bogachev himself. In early 2015 Bogachev managed to restore Zeus.The hackers behind Zeus are believed to have stolen more than $100 million since3 2011. Experts worry that botnet may be used for more than stealing money, and may become a weapon of cyber warfare.

  • DHS S&T Awards $2.9 million for mobile app security research

    DHS S& T last week announced a $2.9 million cybersecurity mobile app security (MAS) research and development (R&D) award which will help identify mobile app vulnerabilities. The MAS R&D project aims to establish continuous automated assurance of mobile apps for the federal government.

  • Proposed bill would formalize DHS role in securing government networks

    The hacking of the federal Office of Personnel Management (OPM), which resulted in the theft of records of twenty-two million federal employees and their families, has prompted a Senate response. A bipartisan group of U.S. senators has introduced a bill on the heels of that event, updating the original Federal Information Security Management Act (FISMA) and formalizing the role of DHS in securing government networks and Web sites.

  • Journalists’ computer security tools lacking in a post-Snowden world

    Edward Snowden’s leak of classified documents to journalists around the world about massive government surveillance programs and threats to personal privacy ultimately resulted in a Pulitzer Prize for public service. Though Snowden had no intention of hiding his identity, the disclosures also raised new questions about how effectively news organizations can protect anonymous sources and sensitive information in an era of constant data collection and tracking. Researchers found a number of security weaknesses in journalists’ and news organizations’ technological tools and ad-hoc workarounds.

  • view counter
  • North Wales wants to be “one of the most secure places in the world to do business”

    Glyndŵr University is to play a leading role in the fight against cybercrime. The Wrexham, Wales-based university hosted the first meeting of the North Wales Cyber Security Cluster on Thursday (23 July). The institution and North Wales Police saw experts in online security and e-crime join the forum, and also invited members of the public and business owners who have been targeted in the past to attend and share information and advice, in a bid, the organizers say, “to make North Wales one of the most secure places in the world to do business.”

  • Hackers take remote control of a Jeep, forcing it into a ditch

    Security experts have called on owners of Fiat Chrysler Automobiles vehicles to update their onboard software to make their vehicles better protected against hackers. The call comes after researchers demonstrated they could hack and take control of a Jeep over the Internet. The researchers disabled the engine and brakes and crashed the Jeep into a ditch – while the driver was sill behind the wheel.

  • Fusion Centers important in promoting cybersecurity

    Fusion centers were created after 9/11 to serve as primary focal points for state, local, federal, tribal, and territorial partners to receive, analyze, and share threat-related information. States can promote cybersecurity and enhance their capabilities by heightening the importance of cybersecurity as a mission of fusion centers, according to a paper released the other day by the National Governors Association (NGA).

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • DHS S&T licenses third cybersecurity innovation for commercialization

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) yesterday announced that another cybersecurity technology has been licensed for commercialization. This is S&T’s third technology that has successfully gone through the Transition to Practice (TTP) program and into the commercial market. The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

  • Cyberjacking may be the new threat to air travel

    We accept lengthy queues in airport security as a small price to pay for a couple of weeks in the sun. Could the latest threat to air travel, however, be something that cannot be picked up by metal detectors and X-ray machines? Is cyberjacking — hacking into a plane’s computer systems — a possibility? Researchers warn that it is possible. There is no need to cancel that holiday just yet, however.

  • Teams chosen for the 2016 DARPA Cyber Grand Challenge final competition

    Seven teams from around the country have earned the right to play in the final competition of DARPA’s Cyber Grand Challenge (CGC), a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. The CGC winners will be handsomely rewarded, but DARPA says that more important than the prize money is the fact that it ignites the cybersecurity community’s belief that automated cybersecurity analysis and remediation are finally within reach.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Adobe deals with yet another flaw

    On the heels of the discovery of a zero-day defect, a vulnerability not known to the software developer, Adobe is scrambling to develop yet another patch for another vulnerability. The vulnerability, labeled CVE-2015-5119, causes a system to crash and allows a remote computer take control of the target machine. According to the United States Computer Emergency Readiness Team(US-CERT,) ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.