• Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • DHS S&T licenses third cybersecurity innovation for commercialization

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) yesterday announced that another cybersecurity technology has been licensed for commercialization. This is S&T’s third technology that has successfully gone through the Transition to Practice (TTP) program and into the commercial market. The Network Mapping System (NeMS), developed by Lawrence Livermore National Laboratory, is a software-based tool that tells users what is connected to their network so that they know what needs to be protected.

  • Cyberjacking may be the new threat to air travel

    We accept lengthy queues in airport security as a small price to pay for a couple of weeks in the sun. Could the latest threat to air travel, however, be something that cannot be picked up by metal detectors and X-ray machines? Is cyberjacking — hacking into a plane’s computer systems — a possibility? Researchers warn that it is possible. There is no need to cancel that holiday just yet, however.

  • Teams chosen for the 2016 DARPA Cyber Grand Challenge final competition

    Seven teams from around the country have earned the right to play in the final competition of DARPA’s Cyber Grand Challenge (CGC), a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. The CGC winners will be handsomely rewarded, but DARPA says that more important than the prize money is the fact that it ignites the cybersecurity community’s belief that automated cybersecurity analysis and remediation are finally within reach.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Adobe deals with yet another flaw

    On the heels of the discovery of a zero-day defect, a vulnerability not known to the software developer, Adobe is scrambling to develop yet another patch for another vulnerability. The vulnerability, labeled CVE-2015-5119, causes a system to crash and allows a remote computer take control of the target machine. According to the United States Computer Emergency Readiness Team(US-CERT,) ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

  • Mercenary hackers get hacked

    In an ironic turn of events, a group of mercenary hackers were themselves hacked. The group of Italy-based hackers, known as Hacking Team, has been selling its software and services to government and corporate entities in order to test their security fitness. The hackers were able to gain access to the company’s client list, which shows that the company sold surveillance software to authoritarian regimes so they could spy on political dissidents.

  • Illinois’s cybersecurity talent to participate in USCC camp & competition

    Next week, Illinois’s top cybersecurity talent, including veterans, will gather at Moraine Valley Community College in Palos Hills, Illinois, to participate in the annual U.S. Cyber Challenge (USCC) Cyber Camp. Throughout the week-long camp, individuals will participate in a variety of classes that cover such subjects as packet crafting and pen testing, and compete in a virtual “Capture the Flag” competition to demonstrate their cybersecurity abilities in a free-form environment.

  • New NCCoE building blocks for e-mail security and PIV credentials

    NIST’s National Cybersecurity Center of Excellence (NCCoE) has proposed two new building blocks, one to help organizations improve the security of e-mail, the other to enable mobile devices to provide security services based on personal identity verification (PIV) credentials. NIST invites the public to comment on the draft documents, and the comment period ends 14 August 2015.

  • Duqu 2.0: New, menacing programming concept

    In 2011, the security world was rocked by the announcement of a newly discovered virus named Stuxnet. This malware, unlike previous viruses, was targeted at one particular victim. That target was Iran’s nuclear program.Following on the heels of Stuxnet was a variant named Duqu.Duqu is different from Stuxnet, however, in that it was designed to gather information for future attacks, rather than perform the attack itself.There is evidence that the malware was used to gather information on the U.S. talks with Iran over the Iranian nuclear program.Since this worm is able to move laterally, and runs only in system memory, a given computer can be easily re-infected from elsewhere in the home network, without using any mechanisms that would provide persistence. Duqu 2.0 represents programming concepts never used before that make it extremely dangerous.

  • Abu Dhabi’s power system to be used for critical infrastructure cybersecurity study

    Abu Dhabi, UAE-based Masdar Institute of Science and Technology and MIT will use Abu Dhabi’s power system as a case study for developing a knowledge map of the power system and its cybersecurity shortcomings. The project is due to run for two years. At the end of this two year period, the collaborating institutions hope that data from the analysis of Abu Dhabi’s power system could be compared against data from the projects running concurrently in New York and Singapore to develop a comprehensive knowledge map, capable of being applied to critical infrastructure worldwide.

  • U.S. Cyber Challenge Eastern Regional Competition announces winner

    On Friday, participants of the annual U.S. Cyber Challenge (USCC) Eastern Regional Cyber Camp competed in a “Capture-the-Flag” competition to demonstrate their knowledge and skill of cybersecurity and compete to win one of a limited number of (ISC)2 scholarships. Participants of Eastern Regional Cyber Camp were selected based in part on their scores from Cyber Quests, an online competition offered through USCC in April, which drew more than 1,300 registrants from over 600 schools nationwide.

  • Government credentials found on the open Web

    Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

  • State Department stays away from Chinese-owned Waldorf Astoria

    The U.S. State Department said American diplomats and State Department officials, for the first time in decades, would not be staying at New York’s Waldorf-Astoria hotel during this year’s UN general assembly. Worldwide last year sold the high-end Midtown hotel for $1.95 billion to the Chinese group Anbang Insurance Group. The sales contract allowed for “a major renovation” by the Chinese, and American security experts had no doubt as to the purpose of these “renovations”: As is the practice in China, the Chinese owners, working on behalf of China’s intelligence services, were going to plant listening devices in every room and ball room, and wire every phone, Wi-Fi hot spot, and restaurant table in order to eavesdrop on hotel guests.

  • Latest massive data breach highlights federal government cyber vulnerability

    The latest hacking of federal government records has resulted in the theft of personal files for as many as fourteen million people, and is yet another sign of systemic security breaches within government. The Office of Personnel Management (OPM) is an agency notorious for its lax cybersecurity, but experts say that the OPM incident is indicative of a greater need across the country to better defend governmental infrastructure with updated methodologies.