bnv.fnr.news/sponspanels;microsite=cyberreport;tile=1;pos=top;sz=728x90,970x90;ord=
8:34 pm, November 22, 2014

Cyber Security Report

National Security Correspondent J.J. Green has traveled three continents covering intelligence, terrorism, and security issues. From Afghanistan to Africa, Iraq to Ireland, there isn't anywhere J.J. won't go, nor anyone he won't talk with, to get the stories affecting the cyber security community.

Secret Service solicits tweets

On August 6, 2013 - 10:24 AM, a critical day a what was called the biggest Al Qaida threat since 9/11 was unfolding, the US Secret Service tweeted "Contact your nearest field office with time-sensitive or critical info or to report a tweet." While some question the solicitation, there is merit, as the very next day Wikileaks posted a tweet warning former NSA Director Mike Hayden that if NSA leaker Edward Snowden is extradited Cyber terrorist would destroy Hayden.

Google Glass vulnerable

Researchers at mobile security firm Lookout discovered a security flaw in Google Glass which allowed them to capture data without the user's knowledge, when the user merely took a photo that captured a malicious QR code. Lookout was able to force Google Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability, the hack apparently gave researchers full control of the Glass headset.

Jurors held in contempt

Two London men have each been sentenced to two months in jail following contempt of court convictions for misusing the Internet while serving on a jury. One of them posted a Facebook message while the other used Google to search for extra information about the victims of a fraud case and later shared the information with other jurors. A 2010 UK survey by the Guardian found that about 12 percent of jurors involved in high-profile cases had supplemented courtroom evidence with Web searches.

U.S. Cyber Industry takes lead

Both the White House and Congress have asserted that protecting the nation's resources from cyber-attacks is a top priority. Techworld is reporting enacting legislation designed to enhance security for critical infrastructure components such as water, power, telecom and transport facilities that is acceptable to both political parties has been a struggle. The problem political differences. But Cyber industry leaders have started to work on a voluntary standards and best practices platform to provide some level of security.

Wall Street Conducts cyber drill

Cyber-attacks on banks are growing more frequent. Wall Street has just conducted a cyber-defense exercise called "Quantum Dawn 2,". During the drill, bank employees were stationed at their normal offices, and were emailed throughout the day with bits of information that could indicate an encroaching hacker attack. They monitored a simulated stock exchange for irregular trading and were pressed to figure out what was going on and how to react while sharing information with regulators and each other.

Center watches cyber threats

Ever hear of the Multi-State Information Security and Analysis Center? It's a division of the Center for Internet Security. Their focus is cyber threat prevention, protection, response and recovery for state, local territory and tribal governments. Their objectives iclude providing two-way sharing of information and early warnings on cyber security threats, dissemination of information on cyber security incidents, to promote awareness and coordinate training.

Cyber warriors are targets

Will exploit developers become potential targets of state-sponsored assassinations in the future -like the nuclear scientists in recent times? There's been some discussion in the "Tech" community regarding the legitimacy of using lethal force against civilian hackers. As a result some are wondering what the future might hold for exploit developers and other members of the cyber supply chain who are facilitating state-funded, offensive cyber operations.

What are hackers after

We hear a lot about zero-day attacks and system vulnerabilities, but most hackers look for easier enterprises like the application used to access the Web. That's the one most online attackers will target. Why? Because most attackers and online exploit kit designers realize that the common browser is usually an endpoint's weakest link. Not only are enterprises generally slow to keep up with browser patching, they're downright sluggish at updating plug-ins and extensions.

Chinese hackers identified

Earlier this year information security firm Mandiant identified a previously unknown group hackers thought to be in China. "People referred to China or Chinese hackers, but there was plenty of wiggle room there to assume it could be a collection of guys working in someone's basement without a tie to the government," Richard Behtlich chief security officer for Mandiant. The group the identified is called Unit 61398. Bejtlich says, "we showed pretty conclusively that at least this one group is part of the PLA" AKA The Chinese People's Liberation Army.

Police warned about hackers

Law enforcement and first responders have been put on notice --their mobile phones are targets for hackers. They've been informed in roll call bulletins that hackers, by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.

  •  
  • 4