This section is devoted to featuring late-breaking cyber security news stories.
C Y B E R I S E C U R I T Y I N E W S
Late-breaking cyber security news stories:
See also: Articles and White Papers
All text displayed in connection with these stories is quoted directly from the source.
Jan. 5, 2010 - Daphne Larkin
NORTHFIELD, Vt. – Norwich University officials announced today a program of collaboration with Adaptive Cyber Security Instruments, Inc. (ACSI) to provide real-world educational opportunities for NU students and resources to develop and test ACSI’s cyber situational awareness products.
NU also intends to create new courses in the emerging field of cyber conflict, information warfare and information operations. ACSI’s products were conceived to meet the challenges of this field including cyber intelligence, and the theory behind them will form the core of this curriculum.
Mar. 8, 2010 - Robert McMillan, IDG News Service
Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.
Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.
Mar. 8, 2010 - Elinor Mills
Software that can be downloaded for use with the Energizer Duo USB battery charger contains a backdoor that could allow an attacker to remotely take control of a Windows-based PC, Energizer and US-CERT is warning.
"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday. "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."
Mar. 8, 2010 - Kelly Jackson Higgins
Automobile giant Ford Motor this year will debut vehicles with built-in WiFi -- along with enhanced security features to prevent data breaches via its new cars.
Ford has offered the so-called Sync technology service it co-developed with Microsoft in most of its Ford, Lincoln, and Mercury vehicles since 2008. The technology lets drivers run their Bluetooth-enabled mobile phones and digital media players via their vehicles and use voice commands to operate them, for instance.
The automaker announced today that the second generation of its Sync technology -- due out later this year and to include a full Windows CE operating system with a new driver interface called MyFordTouch -- will come with a built-in browser and secured WiFi access.
Mar. 8, 2010 - William Jackson
Implementing the Comprehensive National Cybersecurity Initiative, a broad program intended to protect the nation’s cyber infrastructure, has been hampered by a lack of coordination and transparency, according to the Government Accountability Office.
“CNCI is unlikely to fully achieve its goal of reducing potential vulnerabilities, protecting against intrusion attempts, and anticipating future threats to federal information systems unless roles and responsibilities for cybersecurity activities across the federal government are more clearly defined and coordinated,” the GAO concluded in a November briefing to the staff of the House Armed Services subcommittee on Terrorism, Unconventional Threats and Capabilities.
Mar. 8, 2010 - J. Nicholas Hoover
Government officials played a starring role at the annual RSA Conference last week, laying out their plans for government cybersecurity, particularly the need for increased cooperation with industry, in keynotes and panel sessions throughout the week.
White House cybersecurity coordinator Howard Schmidt set the tone in his Tuesday keynote address, focusing heavily on increasing partnerships and transparency when it comes to the federal government's role in cybersecurity.
Mar. 8, 2010 - Dan Goodin
A criminal court in Thailand has approved the extradition to the US of a Malaysian man suspected of participating in credit card thefts of more than $152m, according to a local news report.
Gooi Kokseng, 44, was arrested on January 30 after being accused of causing more than 5 billion baht, or $152.9m, in damage by accessing credit card information in the US and Southeast Asia, according to The Bangkok Post. He was charged with violating computer crime and credit card business laws.
Mar. 7, 2010 - Leo Lewis
Across one wall of a Thunderbirds-style command centre a huge map of the world keeps a running log of global cyber-attacks. Bloodcurdling names dart across the screen as thousands of computers are attacked in Houston or Hiroshima or Hampstead. This is Tokyo’s Cyber Emergency Centre.
Itsuro Nishimoto gives an order to one of his staff, who hacks a nearby laptop. In less than a minute he can observe the person working at that computer using the laptop’s webcam. The operating light has been disabled; the user has no idea he can be seen.
Mar. 7, 2010
You may have to monitor your credit card statements - and even place a fraud alert on your card - if you ate or parked your car at the Westin Bonaventure Hotel & Suites in Los Angeles between April 2009 and December 2009.
Why? The Westin Bonaventure became the latest example of a hotel whose computer systems are believed to have been breached by unidentified cybercriminals.
Mar. 6, 2010 - Mail Foreign Service
Facebook founder Mark Zuckerberg has been accused of hacking into the email accounts of rivals and journalists.
The CEO of the world's most successful social networking website was accused of at least two breaches of privacy in a series of articles run by BusinessInsider.com.
As part of a two-year investigation detailing the founding of Facebook, the magazine uncovered what it claimed was evidence of the hackings in 2004.
Mar. 5, 2010 - Gregg Keizer
Microsoft's idea that the fight against malware could be funded by an Internet tax is "horrible," an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief.
Earlier this week, Scott Charney, Microsoft's vice president for its Trustworthy Computing group, said that while there are plenty of ways to combat malware, scrub infected PCs and take down botnets, no one wanted to foot the bill.
Mar. 5, 2010 - Tim Wilson
RSA Conference 2010 -- You'd think the behavior of wireless users at one of the industry's biggest security conferences would be -- well, secure.
Not so, says a quick study from wireless security company Motorola AirDefense.
In a study during the first two days of the show, AirDefense identified 293 wireless access points -- but an alarming 315 ad-hoc networks were also discovered.
Mar. 4, 2010 - Bill Gertz
The Pentagon has ordered all troops and officials involved in protecting computer networks from enemy hackers to undergo training in computer hacking themselves.
A Feb. 25 update to a directive on information security from the office of the assistant defense secretary for networks and information integration requires workers involved in what the Pentagon calls computer-network defense to be certified in understanding as many as 150 hacking techniques.
Mar. 3, 2010 - Jaikumar Vijayan
The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.
Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests.
Such a strategy would need to clearly articulate possible U.S. responses to attacks, which could include diplomatic and other tools.
Mar. 3, 2010 - William Jackson
The lack of trust between the public and private sectors continues to inhibit the sharing of information needed for the nation to effectively defend against rapidly evolving cyberthreats, a panel of industry experts and former government officials said Tuesday.
“We need to have more transparency in the public-private partnership,” said Melissa Hathaway, former White House advisor who conducted last year’s comprehensive review of government cybersecurity. “The trust does not exist between the two parties.”
Mar. 3, 2010 - Linda McGlasson
A Colorado bank has come forward to reveal that as many as 5,000 of its customers were at risk because of new fraudulent transactions tied to the Heartland Payment Systems data breach.
First National Bank of Durango, a $399 million institution, went public with the news on March 1, after several customers reported that their debit cards had fraudulent transactions on them.
(Click here to read news) (Related story)
Mar. 3, 2010 - Jim Finkle
The hackers behind the attacks on Google Inc and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday.
The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc.
(Click here to read news) (Related story)
Mar. 2, 2010 - Elizabeth Montalbano
Official government cyber defenders are now required to have the skills of a hacker according to a mandatory certification approved this week by the Department of Defense.
The DoD now requires its computer network defenders (CNDs) pass Certified Ethical Hacker certification program from the International Council of E-Commerce Consultants (EC-Council) to fulfill baseline skills.
Mar. 2, 2010 - Elinor Mills
Authorities in Spain have arrested three men accused of operating a massive botnet composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1,000 companies and more than 40 banks, according to published reports.
The botnet "Mariposa," which means butterfly in Spanish, first appeared in December 2008 and grew to be one of the largest botnets ever, The Associated Press reported. It spread the Butterfly worm via removable drives, MSN Messenger, and peer-to-peer programs and targets Windows XP and older systems.
Mar. 2, 2010 - Kim Zetter
The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.
The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.
Mar. 2, 2010 - Henry K. Lee
An Alameda man is among four people indicted by a federal grand jury on charges of reaping $25 million reselling premium tickets to concerts and sporting events by hacking into online vendor systems such as Ticketmaster.com, prosecutors said Monday.
Joel Stevenson, 37, surrendered Monday to the FBI in Newark, N.J., where a 43-count indictment was issued Feb. 23 and unsealed Monday.
