Friday, April 24, 2015

Insider Threats Force Balance Between Security and Access

Insider Threats - Security Access Balance

Security experts caution that non-malicious actors within the enterprise are the more challenging aspect of the insider threat, calling for rethinking policies to better tailor employee and vendor access.

There may be no single solution to the complex challenge of protecting against insider threats within the enterprise, but IT leaders can help their cause with prudent policies that put limits on who can access what kinds of data, and working to boost awareness of security issues throughout the organization.  
So argues Michael Dent, CISO of Fairfax County, Va., who spoke at a panel discussion on insider threats along with other security experts at a recent government IT conference hosted by Symantec.

Thursday, April 23, 2015

Nasty hack could render all nearby iOS devices useless

Mobile security company Skycure revealed details about an iOS vulnerability that could potentially allow an attacker to put all nearby iOS devices in an unusable state.

The company calls this bug the "No iOS Zone."
To exploit the vulnerability, an attacker would have to configure a wireless router in a specific way, and then use it to start an unprotected wireless network. Once an iOS device connects to the network, it crashes and — under certain conditions — keeps on crashing after rebooting (as seen in the video, below). Once under attack, the only way to fix the issue is to physically move away from the location of the offending wireless network. 
Watch the video to see the behavior of a compromised device:


=

Wednesday, April 22, 2015

Kaspersky uncovers cyber espionage APT targeting the White House



A CYBER ESPIONAGE THREAT attacking the White House and US State Department has been discovered by Russian security firm Kaspersky Lab.

The 'CozyDuke' advanced persistent threat (APT) was uncovered by Kaspersky's Global Research and Analysis Team, and is described as worrying owing to its ability to spearphish targets with emails containing a link to a hacked website.

"Sometimes it is a high-profile, legitimate site such as 'diplomacy.pl' hosting a Zip archive," explained Kaspersky researchers Kurt Baumgartner and Costin Raiu in a SecureList blog post.

"The Zip archive contains a RAR SFX which installs the malware and shows an empty PDF decoy."

Read more:  http://goo.gl/8rh84k

Tuesday, April 21, 2015

FBI wants to help local businesses keep their secrets

FBI counterintelligence agents plan to visit about 250 local (Hampton Roads Virginia) businesses over the next month.
But the visits - which will start this week - won't be to serve subpoenas or lock anyone up. The agents will actually be offering their help.
Officials with the FBI's Norfolk Field Office in Chesapeake announced a new outreach effort last week to help identify local businesses with trade secrets that could be targeted by foreign powers. They want to make sure those secrets are safe and powering the U.S. economy, not China's or Russia's. 

Saturday, April 18, 2015

Security expert pulled off flight by FBI after exposing airline tech vulnerabilities

One of the world’s foremost experts on counter-threat intelligence within the cybersecurity industry, who blew the whistle on vulnerabilities in airplane technology systems in a series of recent Fox News reports, has become the target of an FBI investigation himself.

Chris Roberts of the Colorado-based One World Labs, a security intelligence firm that identifies risks before they're exploited, said two FBI agents and two uniformed police officers pulled him off a United Airlines Boeing 737-800 commercial flight Wednesday night just after it landed in Syracuse, and spent the next four hours questioning him about cyberhacking of planes.

The FBI interrogation came just hours after Fox News published a report on Roberts’ research, in which he said: “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems. Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”

His findings, along with those of another security expert quoted in the Fox News reports, were backed up a GAO report released Tuesday.

Friday, April 10, 2015

We Want Virginia to Stop Spying

Photo Credit: (Joe Fudge/ASSOCIATED PRESS) 

We Want Virginia to Stop Spying

Should government spy on its citizens without a warrant or reason? If you think so, you need read no further. If you think not, then you support bipartisan legislation in the Virginia General Assembly that would strictly limit the ability of government to collect information through “mass surveillance technology,” defined as the means to observe ordinary citizens without their knowledge or consent.

The legislation was spurred by the use of license-plate readers (LPRs), which allow law enforcement agencies to scan and register thousands of license plates in a matter of hours. Introduced in Northern Virginia in 2012, LPRs immediately drew the concern of civil libertarians because of their ability to vacuum up and hold data, including the identity and location of vehicles on roadways and in private parking lots.

Thursday, April 9, 2015

LOBBYISTS FOR SPIES APPOINTED TO OVERSEE SPYING

LOBBYISTS FOR SPIES APPOINTED TO OVERSEE SPYING

Who’s keeping watch of the National Security Agency? In Congress, the answer in more and more cases is that the job is going to former lobbyists for NSA contractors and other intelligence community insiders.

A wave of recent appointments has placed intelligence industry insiders into key Congressional roles overseeing intelligence gathering. The influx of insiders is particularly alarming because lawmakers in Washington are set to take up a series of sensitive surveillance and intelligence issues this year, from reform of the Patriot Act to far-reaching “information sharing” legislation.