• DOJ’s new cyber unit to provide legal guidance on electronic surveillance

    The Justice Department is creating a cybersecurity unit within its Computer Crime & Intellectual Property Section (CCIPS) to provide legal guidance on electronic surveillance investigations.The unit will also work with Congress on cybersecurity legislation and focus on cybercrime prevention.

  • China says U.S. does not appreciate China’s own vulnerability to cyberattacks

    At the seventh annual China-U.S. Internet Industry Forum held on 2-3 December, Lu Wei, minister of China’s Cyberspace Affairs Administration, which manages Internet information in China, urged U.S. officials and the private sector to stop claiming Chinese cyberespionage against U.S. systems and instead understand China’s Internet information policies. China has become the world’s largest Internet market with over four million websites, 600 million Web users, and four of the world’s top ten Internet firms.

  • FBI cautions U.S. firms of hackers trying to overwrite companies’ data files

    On Monday, several cybersecurity officers of U.S. businesses received a five-page “flash” warning from the FBI to be cautious of hackers that may use malware to override all data on hard drives of computers, including the master boot record, which prevents them from booting up. “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the warning read.

  • Hackers well-versed in Wall Street vernacular hack publicly traded companies

    Security firm FireEye’s recent reporton a group of hackers who have been infiltrating e-mail correspondence from more than 100 organizations, differs from the company’s previous reportson cyber criminals operating from China or Russia. This time, the hackers are based in North America or Western Europe, and are well-versed in Wall Street vernacular. The hackers, who FireEye named “FIN4” because they are one of many groups that hack for financial gain, targeted mostly publicly traded healthcare or pharmaceutical companies, along with their advisory firms, in pursuit of information that could affect global financial markets.

    • view counter

  • Online tools help users adopt better privacy practices

    Research shows a growing concern for online privacy, but Internet users give up personal information every day in exchange for the convenience and functionality of a variety of online services. Online privacy is distinct from online security, which encompasses efforts to mitigate the theft of personal information. Most violations of online privacy are not illegal but rather the results of tacit consumer consent. The new Privacy Helper mobile app teaches users about the features on their phones that can affect privacy. The key to Privacy Helper, its developers say, is its flexibility in giving users better control over how they share personal information.

  • Internet security market to reach $42.8 billion globally by 2020

    According to a new report by Allied Market Research, the global Internet security market is expected to reach $42.8 billion by 2020, registering a CAGR of 8.1 percent during 2014-2020. The market, driven by demand for software solutions, would experience a shift toward the adoption of cloud-based systems. About 80 percent of the top companies today identify with cloud-based security services which have become a prominent market trend.

    • view counter

  • A malware more sophisticated than Stuxnet discovered

    Security experts at Symantechave discovered the world’s most sophisticated computer malware, Regin. Thought to have been created by a Western intelligence agency, and in many respects more advanced than Stuxnet — which was developed by the U.S. and Israeli government in 2010 to hack the Iranian nuclear program — Regin has targeted Russian, Saudi Arabian, Mexican, Irish, and Iranian Internet service providers and telecoms companies. “Nothing else comes close to this … nothing else we look at compares,” said one security expert.

  • Iran may resume cyberattacks on U.S. if nuclear deal is not reached

    A failure for the United States to reach a nuclear deal with Iran could result in more cyberattacks against U.S. companies, House Intelligence Committeechairman Mike Rogers (R-Michigan) said. Cyberattacks by Tehran declined dramatically after the United States, other permanent members of the Security Council, and Germany agreed to an interim nuclear deal with Iran in 2013, but should the parties fail to reach a permanent nuclear deal by the newly set March 2015 and July 2015 deadlines, financial firms, oil and gas companies, and water filtration systems could be targets of malware from Iran’s cyber army.

  • Cyber experts divided over the scope of damage of a cyberattack on U.S.

    Citing the risks of lack of preparation against future cyberattacks and the absence of security infrastructure, a new report urges across the board updates in the domain of cybersecurity. Most of the experts interviewed for the report pointed to the Stuxnet malware, which damaged Iranian nuclear-enrichment centrifuges and other nuclear-related machinery in 2010, as an example of the sort of future attacks that could disable and destroy vital infrastructure such as power grids, air-traffic controls, and banking institutions.

  • NSA director: China and “one or two” other nations can damage U.S. critical infrastructure

    Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command, told lawmakers yesterday that China and “one or two” other countries are capable of mounting cyberattacks which would paralyze the U.S electric grid and other critical infrastructure systems across the country. A cyberattacks of such scope has been discussed in the past – it was even dubbed a “cyber Pearl Harbor” – but Rogers was the first high official to confirm that such a crippling attack on the United States was not a mere speculation. Rogers said U.S. adversaries are conducting electronic “reconnaissance” on a regular basis so that they will be well-positioned to damage and disrupt the industrial control systems which run chemical facilities, nuclear power plants, water treatment facilities, dams, and much more.

  • New study shows people ignore online warnings

    You are your own worst enemy when it comes to online security. Say you ignored one of those “this Web site is not trusted” warnings and it led to your computer being hacked. How would you react? Would you: (A) Quickly shut down your computer? (B) Yank out the cables? (C) Scream in cyber terror? Researchers report that that for a group of college students participating in a research experiment, all of the above were true. These gut reactions (and more) happened when a trio of researchers simulated hacking into study participants’ personal laptops.

  • U.S. spends about $10 billion a year to protect the nation's digital infrastructure

    U.S. intelligence agencies have designated cyberattacks as the most alarming threat to national security. The federal government is spending roughly $10 billion a year to protect the nation’s digital infrastructure, but hackers, some sponsored by nation-states, are successfully infiltrating civilian and military networks.Professionals from DHS, the Pentagon, and private contractors all work together in U.S. cyber centers to detect, prevent, respond, and mitigate incoming and existing cyberattacks. Several of the U.S. top cybersecurity labs are housed in nondescript office buildings with no government seals or signs.

  • More companies adopt active defense to thwart hackers

    Some U.S. companies are beginningto counter-hack cybercriminals by using intelligence shared within industry circles. Federal officials have not openly endorsed active defense, but measures like tricking hackers into stealing fake sensitive data, then tracking its movements through the Web, are gaining support. Some firms have gone as far as hacking alleged criminals’ servers. “The government is giving ground silently and bit by bit on this [active defense] by being more open,” said former National Security Agencygeneral counsel Stewart Baker. “I have a strong sense from everything I’ve heard. . . that they’re much more willing to help companies that want to do this.”

  • Software detects, eradicates viruses, other malware – and repairs the damage they caused

    University of Utah computer scientists have developed software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from ever infecting the computer again. A3, for Advanced Adaptive Applications, is a software suite that works with a virtual machine — a virtual computer which emulates the operations of a computer without dedicated hardware. The A3 software is designed to watch over the virtual machine’s operating system and applications.

  • Security experts worry BlackEnergy technology could soon be available to bad non-state actors

    DHS a few days ago has issued a cyberthreat alert to critical infrastructure firms warning of the malicious software called BlackEnergy, a variant of a Trojan horse believed to have originated from Russian government-sponsored hackers. BlackEnergy is similar to another Russian issued malware called Sandworm, which was used in a 2013 Russian cyber-espionage campaign against NATO, the European Union, and overseas telecommunication and energy assets. DHS believes the attack on U.S. critical systems is “part of a broader campaign by the same threat actor.”