Daily CyberSecurity News For 31st October 2016

  1. The next president will face a cybercrisis within 100 days, predicts reportFrom CNBC.com. 

    The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report.

     The crisis could come as a result of hostile actions from another country or internal conflict over privacy and security legislation, said Forrester analyst Amy DeMartine, lead author of the firm’s top cybersecurity risks for 2017 report, due to be made public Tuesday.

Top CyberSecurity News For 10th September 2016

  1. Missed Opportunities Detailed Ahead of Personnel Agency HackFrom ABC.com. 

    t was time to purge the hacker from the U.S. government’s computers.

    After secretly monitoring the hacker’s online movements for months, officials worried he was getting too close to critical information, so they devised a plan, called the “Big Bang,” to expel him.

    Trouble was, with all their attention focused in that case, they missed the other hacker entirely.

    A congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States. It lays out missed opportunities before the break-in at the Office of Personnel Management exposed security clearances, background checks and fingerprint records. That intrusion — widely blamed on China’s government — compromised personal information of more than 21 million current, former and prospective federal employees; led to the resignation of the OPM director; and drew outrage over changing explanations about its severity.

Top CyberSecurity News For 27th July 2016

  1. How the Chinese Government Became the World’s Hacking Superpower. From Motherboard. In January of 2010, Google made a shocking announcement: The Chinese government had broken into its systems to steal sensitive data. This was the first time an American company had the guts to publicly stand up and point the finger at the government of China. “We detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” the company wrote in a boringly titled blog post.

Top CyberSecurity News For 14th July 2016

  1.  Chinese Man to Serve U.S. Prison Term for Military HackingFrom NBCNews. 

    A Chinese businessman who pleaded guilty in March to conspiring to hack into the computer networks of Boeing and other major U.S. defense contractors was sentenced on Wednesday to nearly four years in prison, prosecutors said. Su Bin, 51, was charged with taking part in a years-long scheme by Chinese military officers to obtain sensitive military information. In addition to the 46-month prison term, a judge in U.S. District Court in Los Angeles ordered Su to pay a $10,000 fine.

Top CyberSecurity News For 13th July 2016

  1. Chinese Hackers Breached US FDIC, and Officials Covered It Up for YearsFrom Softpedia.  Chinese hackers are likely behind cyber-attacks against the US Federal Deposit Insurance Corporation (FDIC), a government agency that supervises the country’s banks, but the most worrisome detail is that US FDIC officials hid the attacks from Congress for years. These are the conclusions of a report released today by US House Committee on Science, Space, and Technology, which said that multiple FDIC officials “engaged in mismanagement, misled Congress, and retaliated against whistleblowers.”

Top CyberSecurity News For 6th July 2016

  1. A Chinese Ad Firm Is Using Malware to Get More ClicksFrom Motherboard. Advertising agencies go to great lengths to spread their clients’ messages. Now, researchers have uncovered a new approach: malware.This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business.

Top CyberSecurity News For 16th June 2016

  1. Revealed: Yet Another Group Hacking For China’s Bottom LineFrom Wired. In the world of cyberespionage, the Chinese are king. More nation-state attacks are attributed to it than any other country. Though the assumption has been that the motive behind most of this spying was to gain a competitive advantage for Chinese companies, there had not been much proof. Until now. A new espionage campaign attributed to China shows an almost one-to-one correlation between the breaches and China’s economic interests.

Top CyberSecurity News For 18th May 2016

  1. German Intelligence blames Russia for Parliament hackFrom SC Magazine. Germany’s chief internal intelligence agency has blamed the Russian state for an attack on the German parliament. The Bundesamt für Verfassungsschutz (BfV), which oversees domestic security, has pointed the finger of blame at PawnStorm, an infamous APT group believed to work directly for the Russian state.

  2. GSA says cyber ‘mistake’ was ‘no breach’; others investigateFrom Washington Post. A Government Services Administration office known as 18F functions as a computer consultancy for federal agencies and says it was “built in the spirit of America’s top tech startups.” But this government tech start-up had a technical slip-up of its own. “Over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information,” according to a “management alert” issued by GSA’s inspector general’s office.
  3. Manufacturers beef up cybersecurityFrom Crain’s Cleveland Business. One thing that helps modern manufacturers stand out in the marketplace — their intellectual property — also makes them an attractive target for hackers. Take United States Steel Corp., for example. The steelmaker last month filed a formal complaint with the U.S. International Trade Commission, asking the organization to investigate China’s biggest steel producers for unfair trade practices. One that stands out? The allegation that China hacked into U.S. Steel’s systems and stole information on how to make advanced, high-strength steel.

Top Cybersecurity News For 25th April 2016

  1. How an email sparked a squabble over Chinese-owned Lenovo’s role at Pentagon. From Washington Post. Ever since Chinese computer maker Lenovo spent billions of dollars to acquire IBM’s personal-computer and server businesses, some lawmakers have called on federal agencies to stop using the company’s equipment out of concerns over Chinese spying. But an email circulated within the Air Force appeared to indicate Lenovo being kicked out.
  2. A Brief History Of Ransomware. From DarkReading. The rise in ransomware extortion as a reliable weapon for cybercriminals to make the most of victims’ system vulnerabilities has now spanned the better part of a decade. But the last year has seen hockey stick growth as attackers perfected their methods and targeted victims. At this point ransomware has established itself as $60 million a year criminal enterprise, with that number sure to rise as the income is funneled into improving the next ransomware generation.

  3. FireEye Threat Intelligence Review. From SC Magazine (2015). This is an extremely powerful system for gathering, analyzing and acting on cyberthreat intelligence. The wealth of available data is impressive and FireEye is an experienced player with a heavy recorded history of data going back 10 years or more. We do wish, however, that this wealth of analytical power was readily available as a standalone service for threat analysts who are not necessarily part of a network defense team.
  4. Interview: Security and scalability of the IoT in business. From ITProPortal.
    We spoke to Klaus Gheri, VP and GM of Network Security at Barracuda Networks about the challenge of securing IoT devices in industry and the tools being developed to overcome IoT barriers to adoption.
  5. Transportation Official: Cybersecurity Rules May Be Needed for Cars.  From MorningConsult. The head of the National Highway Traffic Safety Administration told a House panel Thursday that his agency may need to craft rules to enhance cybersecurity as more vehicles are connected to the internet. “You need some best practices, and potentially rules, to establish certain kinds of hard protections in things,” NHTSA Administrator Michael Rosekind said.