• Platform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • University of Texas at San Antonio ranked top U.S. cybersecurity school

    The University of Texas at San Antonio (UTSA) ranks as the top school for cybersecurity courses and degree programs according to a Hewlett-Packard (HP)-sponsored surveyof 1,958 certified IT security professionals. The schools undergraduate and graduate programs received top marks for academic excellence and practical relevance.

  • The “Mask": Kaspersky Lab discovers advanced global cyber-espionage operation

    Kaspersky Lab’s security researchers have announced the discovery of the Mask (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes the Mask special is the complexity of the toolset used by the attackers. This includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions, and possibly versions for Android and iOS (iPad/iPhone). The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in thirty-one countries around the world.

  • New state-of-the-art cybersecurity resource available to software developers

    Cybercrime is booming; it is an estimated $100 billion industry in the United States and shows no signs of slowing down. Attackers have an arsenal of weapons at their disposal, including social engineering — or phishing — penetrating weak security protocols and exploiting software vulnerabilities that can serve as an “open window” into an organization’s IT environment. Closing those windows requires effective and accessible tools to identify and root out software vulnerabilities. Supported by a $23.4 million grant from DHS’s Science and Technology Directorate (S&T), the Software Assurance Marketplace, or SWAMP, provides a state-of-the-art facility that serves as an open resource for software developers, software assurance tool developers, and software researchers who wish to collaborate and improve software assurance activities in a safe, secure environment.

  • Chemical, defense companies subject to Chinese Nitro attacks

    More and more chemical and defense companies around the world are victims of Nitro attacks. These attacks, launched by government-backed Chinese hackers, install PoisonIvy, a Remote Access Tool (RAT) stealthily placed on computer systems to steal information. The majority of the computers infected belong to firms in the United States, Bangladesh, and the United Kingdom.

  • National Guard units help states ward off cyberattacks

    Governors across the United States are mobilizing their states’ National Guard units to combat threats from cyberattacks. The state of Washington was the first state to assign the state’s National Guard cybersecurity responsibilities. The state recognized the potential of its National Guard as a cyberforce when it realized that many of its soldiers, who are full-time employees and part-time soldiers, worked for tech employers such as Google, Boeing, Cisco, Verizon, and Microsoft.

  • Two Israeli startups with innovative cybersecurity solutions raise combined $25 million

    Two Israeli cybersecurity startups, launched by veterans of the IDF technology units, announced that, separately, they had raised a combined $25 million from investors. Adallom’s solution accumulates users’ behavioral data in order to protect databases. It monitors how software applications like the customer relationship management program Salesforce, Google apps, and Microsoft Office 360 are used, and protects data security. Aorato’s solution watches for suspicious usage of employee credentials – for example, multiple guessing attempts. “2013 showed the world the risks of advanced threats in parallel to the implications of insiders’ access to sensitive corporate data,” Aorato’s CEO Idan Plotnik noted, referring to the Edward Snowden’s leaks of secret government information.

  • Lawmaker wants to know how cyber-safe vehicles are

    Senator Ed Markey (D-Massachusetts) has asked twenty automobile manufacturers to submit details of their plans to prevent vehicles from wireless hacking attempts, as well as plans to prevent violations of driver privacy. Markey wants automobile manufacturers to apply computer-industry security processes and technology — including anti-virus software, incident logging, incident-response planning, software vulnerability patching, and third-party penetrating testing — to mass produced vehicles.

  • Cybersecurity giants adapt to changing cyberthreat landscape

    McAfee and Symantec, the two technology giants of traditional firewall and antivirus protection software, are shifting their attention to focus more on cybersecurity challenges. A rapidly changing landscape for computer networks, in which data is transmitted and stored via mobile devices and cloud computing, has created demand for products and services that can secure information against state-sponsored or organized cyber terrorism.

  • New Silicon Valley focus on cybersecurity

    The last time Silicon Valley focused on cybersecurity was in the 1990s. That focus saw the emergence of two giants: McAfee and Symantec. The two companies remain the most recognizable household names, thanks to their traditional firewall and anti-virus products. Now they find the arena which they thought was their own encroached from two sides. On one side there are tech giants like Hewlett-Packard and Cisco Systems, which see new revenue opportunity in cybersecurity. On the other side there is a rush of start-ups backed by large investments of venture capital.

  • Digital privacy services enjoying a surge in demand

    Digital privacy services such as encrypted e-mail, secure instant messaging, and services that provide hard-to-track IP addresses are enjoying a surge in demand as individuals and businesses seek to protect information from spies and hackers in the wake of the National Security Agency’s (NSA) surveillance program revelations. These services promise security, but may also slow down computer performance. Moreover, they are not likely to deter those who are determined to hack into a particular computer network.

  • Government, private sector prioritize cybersecurity education

    As government and private sector organizations transmit and store more information electronically, the need for professionals with skills to protect and evaluate sensitive information is increasing. American companies and government agencies are expanding various initiatives aimed at increasing the number of cybersecurity professionals in the country.

  • Using keyboard, mouse, and mobile device “fingerprints” to protect data

    Passwords are not secure because they can be hacked or hijacked to get at sensitive personal, corporate, or even national security data. Researchers suggest a more secure way to verify computer users and protect data: tracking individual typing patterns. The researchers are now working on developing ways to identify and track individual patterns of using a mobile device or a computer mouse.

  • Cyberdeviance, cybercrime start and peak in the teen years

    A snapshot survey indicates that cyberdeviance and cybercrime start among teens at about age 15 and peak at about age 18. This is in line with the traditional onset and peak ages for other types of misdemeanor and criminal offenses.

  • Coordinating responses to cloud, infrastructure vulnerabilities

    Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies. Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.