Thursday, April 30, 2015

Airbus to sue in US, German spying row

Aviation giant Airbus says it will file a criminal complaint over allegations that German intelligence helped the US carry out industrial espionage.

German media reports suggest the country's spy agency BND collected data on European firms at the behest of the US National Security Agency.

An Airbus statement quoted by AFP news agency said it was "alarmed" by the reports but did not want to speculate.

The company said it had asked for more information from the German government.

"We are aware that large companies in the sector, like ours, are targets of espionage," read the statement. "However, in this case we are alarmed because there is concrete suspicion."

Photo: "Airbus A380 blue sky" by Flickr user Axwel - Licensed under CC BY 2.0 via Wikimedia Commons -

Wednesday, April 29, 2015


The good news is that Internet users are getting smarter. Compared to 2013, individuals today are less likely to fall for common phishing scams—from unsolicited emails to social media invites. The bad news: attackers have also become more sophisticated, and they have shifted their focus to businesses. POS system breaches dominate the headlines, but new research shows the weakest point of most organizations’ IT security is human, not mechanical.
As found in a new report conducted by Proofpoint, titled “The Human Factor 2015,” while every department is a target, the supply chain is among the most vulnerable. Sales, finance and procurement departments are the most likely to fall victim to email scams, clicking on 50 to 80 percent more malicious links than other departments. 

Tuesday, April 28, 2015

Smart Devices Make Everything Easier – Like Spying On Users

By all indications, the Internet of Things (IoT) – a world where everyday devices, machines, and appliances collect and transmit data about their use and surroundings – is well on its way to becoming a reality.

Ubiquitous broadband access, advances in computing, and cheap sensors allow for everything from cars to kitchen gadgets to eyeglasses to deliver information to us, and to collect data from us. Industry experts estimate that 50 billion devices will be connected to the Internet by 2020.

In recent years, consumers have become wise to the privacy practices of popular Internet companies. Informed by revelations of mass surveillance and reports of everything from covert location tracking to the unconsented sale of personal information, consumers today are wary of efforts to capitalize on personal data, scrutinize privacy practices and expect transparency reports. Yet, even as consumer privacy awareness is at an all-time high for websites and apps, the privacy issues are only beginning to come into focus for the IoT.

Companies and regulators have the responsibility to create and communicate new privacy practices to consumers in this new world. Read more:

Friday, April 24, 2015

Insider Threats Force Balance Between Security and Access

Insider Threats - Security Access Balance

Security experts caution that non-malicious actors within the enterprise are the more challenging aspect of the insider threat, calling for rethinking policies to better tailor employee and vendor access.

There may be no single solution to the complex challenge of protecting against insider threats within the enterprise, but IT leaders can help their cause with prudent policies that put limits on who can access what kinds of data, and working to boost awareness of security issues throughout the organization.  
So argues Michael Dent, CISO of Fairfax County, Va., who spoke at a panel discussion on insider threats along with other security experts at a recent government IT conference hosted by Symantec.

Thursday, April 23, 2015

Nasty hack could render all nearby iOS devices useless

Mobile security company Skycure revealed details about an iOS vulnerability that could potentially allow an attacker to put all nearby iOS devices in an unusable state.

The company calls this bug the "No iOS Zone."
To exploit the vulnerability, an attacker would have to configure a wireless router in a specific way, and then use it to start an unprotected wireless network. Once an iOS device connects to the network, it crashes and — under certain conditions — keeps on crashing after rebooting (as seen in the video, below). Once under attack, the only way to fix the issue is to physically move away from the location of the offending wireless network. 
Watch the video to see the behavior of a compromised device:


Wednesday, April 22, 2015

Kaspersky uncovers cyber espionage APT targeting the White House

A CYBER ESPIONAGE THREAT attacking the White House and US State Department has been discovered by Russian security firm Kaspersky Lab.

The 'CozyDuke' advanced persistent threat (APT) was uncovered by Kaspersky's Global Research and Analysis Team, and is described as worrying owing to its ability to spearphish targets with emails containing a link to a hacked website.

"Sometimes it is a high-profile, legitimate site such as '' hosting a Zip archive," explained Kaspersky researchers Kurt Baumgartner and Costin Raiu in a SecureList blog post.

"The Zip archive contains a RAR SFX which installs the malware and shows an empty PDF decoy."

Read more:

Tuesday, April 21, 2015

FBI wants to help local businesses keep their secrets

FBI counterintelligence agents plan to visit about 250 local (Hampton Roads Virginia) businesses over the next month.
But the visits - which will start this week - won't be to serve subpoenas or lock anyone up. The agents will actually be offering their help.
Officials with the FBI's Norfolk Field Office in Chesapeake announced a new outreach effort last week to help identify local businesses with trade secrets that could be targeted by foreign powers. They want to make sure those secrets are safe and powering the U.S. economy, not China's or Russia's. 

Saturday, April 18, 2015

Security expert pulled off flight by FBI after exposing airline tech vulnerabilities

One of the world’s foremost experts on counter-threat intelligence within the cybersecurity industry, who blew the whistle on vulnerabilities in airplane technology systems in a series of recent Fox News reports, has become the target of an FBI investigation himself.

Chris Roberts of the Colorado-based One World Labs, a security intelligence firm that identifies risks before they're exploited, said two FBI agents and two uniformed police officers pulled him off a United Airlines Boeing 737-800 commercial flight Wednesday night just after it landed in Syracuse, and spent the next four hours questioning him about cyberhacking of planes.

The FBI interrogation came just hours after Fox News published a report on Roberts’ research, in which he said: “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems. Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”

His findings, along with those of another security expert quoted in the Fox News reports, were backed up a GAO report released Tuesday.

Friday, April 10, 2015

We Want Virginia to Stop Spying

Photo Credit: (Joe Fudge/ASSOCIATED PRESS) 

We Want Virginia to Stop Spying

Should government spy on its citizens without a warrant or reason? If you think so, you need read no further. If you think not, then you support bipartisan legislation in the Virginia General Assembly that would strictly limit the ability of government to collect information through “mass surveillance technology,” defined as the means to observe ordinary citizens without their knowledge or consent.

The legislation was spurred by the use of license-plate readers (LPRs), which allow law enforcement agencies to scan and register thousands of license plates in a matter of hours. Introduced in Northern Virginia in 2012, LPRs immediately drew the concern of civil libertarians because of their ability to vacuum up and hold data, including the identity and location of vehicles on roadways and in private parking lots.

Thursday, April 9, 2015



Who’s keeping watch of the National Security Agency? In Congress, the answer in more and more cases is that the job is going to former lobbyists for NSA contractors and other intelligence community insiders.

A wave of recent appointments has placed intelligence industry insiders into key Congressional roles overseeing intelligence gathering. The influx of insiders is particularly alarming because lawmakers in Washington are set to take up a series of sensitive surveillance and intelligence issues this year, from reform of the Patriot Act to far-reaching “information sharing” legislation.

Tuesday, April 7, 2015

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only ever affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president's schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

Read more:

Monday, April 6, 2015

How B.C. district officials bugged their mayor’s computer

How B.C. district officials bugged their mayor’s computer

He was ridiculed and dismissed as paranoid for claiming that district employees have installed a surveillance software in his office computer to spy on his online activities. In the end, Richard Atwell, mayor of the District of Saanich in British Columbia, is vindicated and gets to say “I told you so.”
Last week Elizabeth Denham’s, the Information and Privacy Commissioner of B.C., released a report castigating the district for installing monitoring software on employees’ computers with little regard for the people’s privacy rights covered by privacy laws that have been in place for 20 years. 

Friday, April 3, 2015

British Student Ordered to Leave Russia as Media Speculate She Was Spying

British Student Ordered to Leave Russia as Media Speculate She Was Spying

A British student has become the latest foreign researcher to be deported from Russia as media speculated that she was spying.
Laura Sumner, a history graduate from the University of Nottingham, has been ordered to leave Russia within 10 days for a visa violation, reported LifeNews, a site known for its close ties to the authorities.
According to Pavel Titov, a migration service official, Sumner had travelled to Russia to research archives in Nizhny Novgorod, but had received a commercial rather than an academic visa.

Thursday, April 2, 2015

Turkish beauty queen’s bedroom ‘bugged by in-laws’

Turkish beauty queen’s bedroom ‘bugged by in-laws’

A former Turkish beauty queen has sued her former in-laws for bugging her bedroom with the help of her ex-husband, according to a local media report.

Sinem Sülün, who was crowned Miss Model Turkey in 2005 and was runner-up at Miss Turkey-Universe in2007, divorced her husband Mustafa Yüksel last month. She was awarded 200,000 Turkish Liras in compensation and 2,500 liras as a monthly alimony after the divorce.

Read more:

Wednesday, April 1, 2015

Researchers Discover Global Lebanese Cyber Espionage Campaign

Researchers Discover Global Lebanese Cyber Espionage Campaign

A nation-state group originating from Lebanon is likely behind a global cyber espionage campaign targeting defense contractor firms, telecommunications and media companies, and educational institutions in the US, Canada, UK, Turkey, Lebanon, and Israel, among others.

A recent report by Israeli-based software provider Check Point Software Technologies, LTD. revealed a carefully orchestrated advanced persistent threat (APT) campaign dubbed “Volatile Cedar” has successfully penetrated a large number of sensitive targets worldwide using various attack techniques, and specifically, a custom-made malware implant codenamed "Explosive."

Read more: