Report: Global Critical Infrastructure at Risk as Cyber Threats Rise
A new report out today from McAfee and the Center for Strategic and International Studies (CSIS) found that global critical infrastructure is ill-prepared for cyber attacks, at a time when threats continue to rise.
Focusing on the power, oil, gas and water sectors, the report, “In the Dark: Crucial Industries Confront Cyberattacks,” surveyed 200 executives from the critical electricity infrastructure industry in 14 countries regarding practices and policies surrounding IT security.
According to the findings, 40 percent of the executives said that cyber vulnerabilities within their industry had grown over the past year, with almost 30 percent asserting that their organization would not be prepared in the event of a cyber attack.
“What we are learning is the smart grid is not so smart,” Dr. Phyllis Schneck, vice president and chief technology officer for McAfee’s public sector, said in a statement.
Read more…
WordPress, LiveJournal Blog Beaches Effect Millions Across Globe
Millions of bloggers worldwide were put at risk yesterday when blogging platform WordPress.com announced that hackers broke into several of its servers, potentially gaining access to the source code and other sensitive information on the site.
Alerting its 19 million users of the breach, WordPress called the incident a “low-level (root) break-in” in a blog post, adding, “We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied.”
And while the company continues its investigation, it advised its users to take preventative precautions, including strong password usage and varying passwords for the different sites and accounts its users inhabit.
Meanwhile, password protection was no safeguard for Russian bloggers using LiveJournal last week. According to the Moscow Times, LiveJournal Russia, the country’s main blogging platform, fell victim to a DDoS cyber attack, flooding servers and crippling the system for seven hours.
Read more…
Epsilon Cyber Hit Puts Banking and Retail Customers at Risk
As budget talks continue to hog headlines in Washington this week, elsewhere in the world, hackers are busy working on their own financial plans.
According to a press release, email marketing firm Epsilon is the latest organization to take a cyber hit, compromising clients’ customer data and causing big headaches for the big-name corporations involved.
Among the list of companies alerting customers of the breach are financial giants Citibank, Capital One and JP Morgan, as well as the Home Shopping Network, Walgreens, Brookstone, Kroger, New York & Company and TiVo.
Read more…
Cybersecurity: Mission Impossible?
As March Madness nears its end, it seems there are a few more notable names to add to the bracket of organizations exploited by cyber attacks this month.
With a recent attack on security giant RSA, the AFP reported that hackers were able to access information and steal data from the organization’s SecurID two-factor authentication products that could potentially lead to breaches against RSA’s clients, including the US government and defense contractor Lockheed Martin.
Meanwhile, across the pond last week, we learned of a cyber attack on the European Union (EU) just one day before an international leaders’ summit on economic reform was scheduled to begin in Brussels.
Read more…
Beyond the Budget, Democrats Back Cyber Bills
With another government shutdown averted, and a new deadline set for April 8, it seems many on the Hill are looking to make a foray on federal funding as the budget belt-tightening continues.
But as the cuts come, Democrats in both the House and Senate aren’t scaling back on cybersecurity, with a steady roll-out of cyber bills building up in 2011.
The latest to layout his cyber plans this week was Rep. Jim Langevin (D-RI), who, on Wednesday, introduced the Executive Cyberspace Coordination Act, a bill that intends “to significantly strengthen protections against dangerous cyber threats.”
Read more…
Ethical vs Unethical: Hackers Reaping Monetary Rewards This Week
With the fifth annual Pwn2Own hacking contest underway this week at the 2011 CanSecWest conference in Vancouver, professional hackers took to reaping the monetary rewards of breaking into smartphones, web browsers and operating systems.
With $125,000 in total prize money up for grabs, Apple Safari 5 and Microsoft Internet Explorer 8 were the first browsers to shutter to the exploits of the researchers in the contest.
Meanwhile, Computerworld reports that the Pwn2Own hackers skipped out on Google’s $20,000 reward for cracking the web browser Chrome on day one of the challenge. Remaining untouched in the contest, Computerworld reports that this will be Chrome’s third consecutive year of success at Pwn2Own.
But just as easily as the professional hackers assembled at CanSecWest this week to benefit tech giants and their consumers, the US Computer Emergency Response Team (US-CERT) is warning of another group of computer exploiters that may be planning to take advantage of a serious situation.
Read more…
Attacks Abroad Raise Cyber Debate At Home
As tensions in the Middle East and North Africa remain on high, governments in Europe and Asia have also been handed their own form of opposition over the past few days.
Rocked by a series of distributed denial-of-service (DDoS) cyber attacks this week, both France and South Korea have launched investigations into attacks made on the nations’ government websites.
According to the AFP, the French finance ministry had to shut down 10,000 of its computers Monday, following word that hackers attacked government networks, enabling access to private Group of 20 (G20) documents, relating to the international financial system.
Read more…
Senators Kill the ‘Kill Switch’ with Call for Cyber Transparency
Welcome back, Cybersecurity News readers, with an extra welcome extended out to new readers gained from the 2011 RSA Conference.
As the hype surrounding the potential government shutdown continues, one small piece of Capitol Hill has already closed its doors for good.
According to Senator Joe Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee (HSGAC), the long-debated idea of the Internet ‘kill switch’ is dead.
Lieberman, who last year rolled out a comprehensive cybersecurity bill alongside Sens. Collins (R-Maine) and Carper (D-Del.), said in a statement that the legislation has been updated to include that “neither the President, the Director of the National Center for Cybersecurity and Communications or any officer or employee of the United States Government shall have the authority to shut down the Internet.”
Read more…
White House Cybersecurity Team Pushes for Private Sector Support
“Last month, during the State of the Union address, the President laid out all the big visions for the future of the American economy,” White House Cybersecurity Coordinator Howard Schmidt recalled in his opening remarks of a cybersecurity town hall meeting at the annual RSA Conference underway in San Francisco.
Reflecting on President Obama’s push for innovation in the digital age, Schmidt advised that it is “critical” for the government to collaborate with the private sector to carry out future accomplishments.
But the cyber czar said that in working with industry, the government must first “lead by example,” calling for more transparency, accountability and international engagement in issues surrounding security and the Internet.
Read more…
US Deputy Defense Secretary Reveals ‘Cyber 3.0’ Details
Addressing what he called “the most technically sophisticated audience,” US Deputy Secretary of Defense William Lynn III took the RSA Conference stage on Tuesday to discuss the Armed Forces’ role in defending a new domain: cyberspace.
“Information technology is at the core of our most important military capabilities,” Lynn told the crowd of thousands of security experts. “It gives us the ability to navigate with accuracy, to communicate with certainty, to see the battlefield with clarity, and to strike with precision. But for all the wonderful capabilities technology enables in our military, it also introduces enormous vulnerabilities.”
Referencing one major vulnerability in particular, Lynn said the 2008 breach of US military networks by a foreign intelligence agency’s corrupt thumb drive caused a change in demeanor on how the Defense Department approaches its take on cybersecurity.
Read more…
Cybersecurity News 