In the News (2014-02)
  
 
	- "Facebook disrupts cryptocurrency-mining bonnet Lecpetex", SC Magazine, 09 July 2014. Facebook teamed up with law enforcement to disrupt the crypto-currency mining botnet "Lecpetex". The botnet had used Facebook spam messages to deliver malicious files to the victim's computer, which used the victim's computer to mine cryptocurrency and the victim's account to further propagate the malware via spam. (ID#: 14-50000) See http://www.scmagazine.com/facebook-disrupts-cryptocurrency-mining-botnet-lecpetex/article/360154/
	- "McAfee Plots Security Framework for Internet of Things", Infosecurity Magazine, 09 July 2014. McAfee has joined the Open Interconnect Consortium -- a project to "define and deliver device-to-device connectivity requirements for the internet of things (IoT)" -- to help improve security standards for the IoT. The sheer number and variety of devices to be on the IoT makes it a prime security risk. (ID#: 14-50009) See http://www.infosecurity-magazine.com/view/39236/mcafee-plots-security-framework-for-internet-of-things/
	- "IEEE Launches Two Anti-malware Services", Infosecurity Magazine, 09 July 2014. IEEE has launched two of its own anti-malware services as part of a new Anti-Malware Support Service (AMSS) project to "provide a place for collaboration on new technologies and standards-related offerings." Additional services are planned to be released in the future. (ID#: 14-50010) See http://www.infosecurity-magazine.com/view/39214/ieee-launches-two-antimalware-services/
	- "Microsoft Error Plunged Np-IP Punters Into Darkness", Infosecurity Magazine, 03 July 2014. Despite warnings from the cybersecuriy community about abuse of No-IP services for malicious purposes, Microsoft has been criticized for lack of response to the issue. In a recent attempt to snuff out a botnet, Microsoft's Digital Crimes Unit (DCU) ended up blocking No-IP services from legitimate users. (ID#: 14-50011) See http://www.infosecurity-magazine.com/view/39149/microsoft-error-plunged-noip-punters-into-darkness/
	- "CyberRX preps health care community for cyberattack", GCN, 01 July 2014. The Department of Health and Human Services and Health Information Trust Alliance (HITRUST) teamed up with ten private sector organizations to test the ability of healthcare providers to respond to and prevent cyber attack. The real-life nature of the exercises are invaluable for determining the state of healthcare security. (ID#: 14-50015) See http://gcn.com/articles/2014/07/01/cyberrx.aspx?admgarea=TC_SecCybersSec
	- "Isolate and conquer: Getting past a reliance of layered security", FCW, 09 July 2014. Most organizations rely on costly layers of protective measures to defend against cyber attack, but vulnerabilities deep within devices -- such as an operating system kernel -- can be used to simultaneously defeat these stacks of layered security. Over 80 Windows kernel vulnerabilities were discovered in 2013 alone. (ID#: 14-50016) See http://fcw.com/articles/2014/07/09/crosby--micro-virtualization.aspx 
	- "DOT CIO on cyber, shared services and 'technology that is changing constantly'", FCW, 08 July 2014. Interview with DOT CIO R. McKinney. In his first year as the DOT CIO, Richard McKinney has adopted a strong focus on cybersecurity, recognizing it as an integral part of keeping America's infrastructure safe. (ID#: 14-50017) See http://fcw.com/articles/2014/07/08/dot-mckinney-qanda.aspx 
	- "NIST goes global with cyber framework", FCW, 03 July 2014. In the interest of promoting international dialogue on cybersecurity, the NIST has been taking its new cyber framework, which is between critical infrastructure firms and government, overseas. The focus is not on showing off the framework itself, but the process by which it was developed, in the hopes that other nations can learn from it and produce their own versions. (ID#: 14-50018) See http://fcw.com/articles/2014/07/03/nist-global-cyber-framework.aspx
	- "Teaming up to train, recruit cyber specialists", FCW, 18 July 2014. Lawrence Livermore National Laboratory announced that it will be joining up with Betchel BNI and Los Alamos National Laboratory in their effort to train a new generation of cyber defense professionals to protect critical infrastructure. The program will prepare trainees to guard against cyber threats in government and private sector environments. (ID#: 14-50021) See http://fcw.com/articles/2014/07/18/national-labs-cyber-training.aspx
	- "Treasury Secretary warns of cyber threat to financial sector", FCW, 16 July 2014. In a recent speech in New York City, Treasury Secretary Jacob Lew highlighted the seriousness of the cyber risk to the financial sector. According to Lew, cyber crime "undercuts America's businesses and undermines U.S. competitiveness" and can "pose a threat to financial stability". (ID#: 14-50022) See http://fcw.com/articles/2014/07/16/treasury-warning-on-cyber.aspx 
	- "Data breach epidemic shines spotlight on shared secrets", GCN, 17 July 2014. No matter how good security measures may be, passwords are merely shared secrets that rely on both the end user and authenticating party. Human error and hardware/software vulnerabilities are always possible and can compromise even the most secure systems. Data breaches that reveal user's passwords have become a serious issue. (ID#: 14-50030) See http://gcn.com/articles/2014/07/17/isc2-shared-secrets-security.aspx?admgarea=TC_SecCybersSec
	- "New proactive approach unveiled to detect malicious software in networked computers and data", Virginia Tech News, 04 June 2014. Researchers at Virginia Tech have announced new research that helped develop use of causal relations and semantic reasoning to detect illegitimate network activities. This new method is proactive, as opposed to reactive, making it a powerful tool for preventing malware. (ID#:14-1893) See http://www.vtnews.vt.edu/articles/2014/06/060414-engineering-malware.html 
	- "Computer scientists develop tool to make the Internet of Things safer", UCSD Jacobs School of Engineering, 02 June 2014. Computer Scientists at UCSD developed a tool to test the security of hardware, based on Gate-level Information Flow Tracking (GLIFT) technology. This will help the "Internet of Things" -- a proposed network of smart devices such as cars, cell phones and medical devices -- stay secure. (ID#:14-1894) See http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=152
	- "Navy puzzle challenge blends social media, cryptography", GCN, 02 June 2014. The winners of the Navy's "Project Architeuthis", a cryptography puzzle game, were announced. Players had to solve "complex, story-like" puzzles based on clues posted to Facebook. By interacting with "people who enjoy complicated, story base puzzle solving", the Navy hopes to attract the interest of bright minds into their Information Dominance Corps. (ID#:14-1895) See http://gcn.com/articles/2014/06/02/project-architeuthis.aspx 
	- "Automating Cybersecurity", The New York Times, 04 June 2014. A competition held by DARPA is offering a $2-million prize to a programming team that is able to build software to automatically detect intruders, detect the security flaws that allow breaches, and fix those flaws automatically. The challenge is excepted to bring together hackers and academics to help automate cyber defense. (ID#:14-1897) See http://cacm.acm.org/news/175515-automating-cybersecurity/fulltext 
	- "Exclusive: U.S. companies seek cyber experts for top jobs, board seats", Reuters, 30 May 2014. Following an increase in high-profile security breaches, many large U.S. companies are seeking to increase the strength of their cyber defenses by hiring more cyber experts. Demand for chief information security officers (CISOs) and other security experts is increasing; those positions are being elevated in management hierarchies. (ID#:14-1899)See http://www.reuters.com/article/2014/05/30/us-usa-companies-cybersecurity-exclusive-idUSKBN0EA0BX20140530 
	- "Quantum Cryptography with ordinary equipment", IEEE Spectrum, 30 May 2014. Japanese researchers revealed a unique approach to quantum cryptography which incorporates phase shifting of optical signals in fiber-optic cable to transmit cipher keys. This easy-to-implement method does not require the same transmission measurements that are used by conventional quantum systems to detect key tampering. (ID#:14-1900) See http://cacm.acm.org/news/175390-quantum-cryptography-with-ordinary-equipment/fulltext 
	- "MINT Program Helps Pinpoint Threats Contained in Intelligence Data", Georgia Tech News Center, 28 May 2014. MINT, a system that looks for threats in incoming intelligence data, is being improved by researchers at the the Georgia Tech Research institute. By "bringing actionable intelligence to the attention of human analysts as quickly as possible", MINT will be able to help find high-priority items quicker. (ID#:14-1905) See http://cacm.acm.org/news/175323-mint-program-helps-pinpoint-threats-contained-in-intelligence-data/fulltext 
	- "Test to leverage cloud expansion", Evaluation Engineering, June 2014. Cisco Systems recently announced plans to, with its partners, invest over $1 billion toward expanding cloud technology to create an "intercloud", or network of clouds. Cloud computing and the "Internet of Everything" has been growing steadily in recent years and is excepted to provide an $19 trillion economic opportunity in the next decade, according to Cisco. (ID#:14-1906) See http://www.evaluationengineering.com/articles/201406/test-to-leverage-cloud-expansion.php 
	- "16-Year-Old OpenSSL Bug Detected", PC Magazine, 06 June 2014. A recently-discovered flaw, which took took 16 years to find due to insufficient code reviews, can be exploited to "eavesdrop and make falsifications on your communication when both a server and a client are vulnerable." OpenSSL server versions1.0.1h, 1.0.0m, and 0.9.8.za are unaffected. (ID#:14-1907) See http://www.pcmag.com/article2/0,2817,2459073,00.asp
	- "Mozilla pushes internet security reform through study", SC Magazine, 06 June 2014. Mozilla is awaiting the results of the Cyber Security Delphi research and recommendation initiative's effort to create a "concrete agenda" to help address threats to online security. Mozilla has already put together its own advisory board with experts from prestigious universities and the ACLU. (ID#:14-1915) See http://www.scmagazine.com/mozilla-pushes-internet-security-reform-through-study/article/351445/
	- "Cybersecurity a top priority in Senate appropriations bill", FCW, 09 June 2014. A 2015 Senate appropriations bill is giving cybersecurity provisions high priority. The bill will provide more funding to entities like the FBI's National Cyber Investigate Task Force, the NIST's planned national Cybersecurity Center of Excellence, and others. (ID#:14-1918) See http://fcw.com/articles/2014/06/09/cybersecurity-in-senate-cjs-bill.aspx 
	- "China making steady gains in cyber, military IT", FCW, 06 June 2014. On June 5th the Pentagon charged China with stealing U.S. intellectual property, amid rising tensions between China and the U.S. over Information Security and cyber-espionage. (ID#:14-1919) See http://fcw.com/articles/2014/06/06/china-cyber-report.aspx 
	- "NIST updates monitoring authorization process", FCW, 06 June 2014. The NIST sent out new guidance to federal agencies, proposing an information system continuous monitoring (ISCM) program to help make information system security authorization more secure. (ID#:14-1920) See http://fcw.com/articles/2014/06/06/nist-cdm-guidelines.aspx 
	- "White House looking to Capitol Hill on cyber", FCW, 05 June 2014. Though the executive branch has passed several executive orders to help bolster U.S. cybersecurity, the White House is looking to Congress to act on one of the few bipartisan issues left, namely, cybersecurity. With recent shortcomings in action by the Senate on cybersecurity due to a all-in-one approach to cyber issues, a "piecemeal" approach might be required to yield results. (ID#:14-1921) See http://fcw.com/articles/2014/06/05/cybersecurity-legislation.aspx 
	- "IEEE CEO Loeb Named ISACA CEO", Infosecurity Magazine, 06 June 2014. Matthew Loeb, a former IEEE CEO, will assume his role as the new CEO of Information Systems Audit and Control Association (ISACA) on Nov. 1st. Leob plans to increase ISACA's cybersecurity capabilities and raise awareness of the need for cybersecurity in businesses. (ID#:14-1925) See http://www.infosecurity-magazine.com/view/38748/ieee-ceo-loeb-named-isaca-ceo/ 
	- "Databases of personnel at US command In S Korea hacked", Cyber Defense Magazine, 09 June 2014. A cyber attack on United States intelligence has led to a data breach that compromised the personal information of around 16,000 American-employed workers and former workers in South Korea. The stolen details about U.S. activities in the area could be used for malicious purposes. (ID#:14-1928) See http://www.cyberdefensemagazine.com/databases-of-personnel-at-us-command-in-s-korea-hacked/ 
	- "Guarding against 'Carmageddon' cyberattacks", Vanderbilt News, 11 June 2014. As automated "smart transportation systems" -- a network of sensors, computers, and signals -- provide increasing potential for safer and more efficient transportation, the risk of those systems becoming victim to cyber attacks increases. Developing the ability to deter, detect, and respond to these attacks is a top priority for academic and government researchers. (ID#:14-1936) See http://news.vanderbilt.edu/2014/06/carmageddon-cyberattacks/ 
	- "Making a covert channel on the Internet", Cornell Chronicle, 03 June 2014. Researchers have discovered a new way to transmit data covertly over the internet through a method named "Chupja". In this technique, Binary data is represented by modulating the duration of idle characters in between packets of data by mere picoseconds, which is makes detection by monitoring software difficult. (ID#:14-1937) See http://www.news.cornell.edu/stories/2014/06/making-covert-channel-internet
	- "TSA looks to cloud providers for disaster recovery", FCW, 11 June 2014. The TSA is asking for advice from cloud service providers on how they can help back up the TSA's Technology Infrastructure Modernization (TIM) division in the case of emergencies. The TIM helps the TSA communicate with other homeland security-related entities to help recover from disasters. (ID#:14-1938) See http://fcw.com/articles/2014/06/11/tsa-cloud-rfi.aspx 
	- "The Internet of government things", FCW, 11 June 2014. As the government is recognizing the capability of the Internet of Things (IoT) to provide social-economic benefits, organizations like the GSA and NIST are promoting development of IoT systems through programs like the SmartAmerica Challenge. The cyber-physical systems that the IoT is comprised of show promise for improving numerous facets of life, including transportation, security, and healthcare. (ID#:14-1939) See http://fcw.com/articles/2014/06/11/internet-of-things-expo.aspx 
	- "Cyber Currencies Get Boost from High-Profile Endorsements", 06 June 2014. Bitcoin, despite facing serious trouble in early 2014, is having better luck as big names like TV provider Dish Network and rapper 50 Cent are set to start accepting the cyber currency. More importantly, the Apple Store, which has avoided any involvement with digital currencies in the past, is now preparing to allow iOS developers to support certain cyber currencies. (ID#:14-1940) See http://www.scientificamerican.com/podcast/episode/cyber-currencies-get-boost-from-high-profile-endorsements1/ 
	- "ICS_CERT: Federal Highway Signs Are Easily Hackable", Infosecurity Magazine, 11 June 2014. In the wake of numerous pranks on digital highway signs, the ICS-CERT is recommending mitigating their notorious lack of security through VPN's and better password management. The signs, upon which commuters rely for information, are important for the safety and efficiency of highways. (ID#:14-1948) See http://www.infosecurity-magazine.com/view/38794/icscert-federal-highway-signs-are-easily-hackable/ 
	- "Still (Heart)bleeding: New OpenSSl MiTM Vulnerability Surfaces", Infosecurity Magazine, 10 June 2014. Because of the constant scrutiny of the open-source OpenSSL code, new security flaws are constantly being unearthed and patched. For some, this system of disclosure and repair is evidence that the open-source collaboration model works, though others will point to the endless trickle of vulnerabilities as an indication that the code might never be perfected. (ID#:14-1951) See http://www.infosecurity-magazine.com/view/38727/still-heartbleeding-new-openssl-mitm-vulnerability-surfaces/ 
	- "Last call for comments on Keccak encryption", GCN, 13 June 2014. Before implementing its new Keccak family of hashing algorithms to improve from the long-lived SHA-2 federal standard, the NIST is giving the public a three-month period to voice their thoughts. This will allowing concerns about patent infringement and other issues to be brought up. (ID#:14-1953) See http://gcn.com/blogs/cybereye/2014/06/keccak-comments.aspx?admgarea=TC_SecCybersSec
	- "House Intel chairman upbeat on cyber legislation", FCW, 12 June 2014. Following the success of the House of Representatives' cybersecurity bill, the Senate is expected to pass its own information-sharing bill this year. The success of cyber legislation in the recent past is credited to cyber officials who have educated lawmakers on the importance of cybersecurity issues. (ID#:14-1954) See http://fcw.com/articles/2014/06/12/intelligence-chairman-optimistic-on-cyber.aspx 
	- "GCHQ Set to Share Threat Intelligence With CNI Firms", Infosecurity Magazine, 17 June 2014. The UK spy agency GCHQ is slated to start sharing intelligence with government CSPs and eventually CNI firms, which is intended to help protect the UK's cyber infrastructure. This move is seen as a result of the new CISP (Cyber Security Information Sharing Partnership) that was launched last year. (ID#:14-1955) See http://www.infosecurity-magazine.com/view/38896/gchq-set-to-share-threat-intelligence-with-cni-firms/ 
	- "IBM CISO: Company boards need big picture threat data", SC Magazine, 17 June 2014. According to IBM's CISO Joanne Martin, top-level employees and boards of directors need to be better informed on the details and context of information security to be able to better respond to cyber security issues. It is the responsibility of IT professionals, said Martin, to educate these business leaders. (ID#:14-1959) Seehttp://www.scmagazine.com/ibm-ciso-company-boards-need-big-picture-threat-data/article/356265/ 
	- "Agencies work to close mobile security, connectivity gaps", GCN, 16 June 2014. Though many workers like to bring their own mobile phones to work, doing so can create a security risk if proper security measures are not in place. New technologies are being researched to create a safer environment for mobile devices and mobile networks in the workplace. (ID#:14-1967) See http://gcn.com/articles/2014/06/16/byod-connectivity.aspx?admgarea=TC_SecCybersSec\ 
	- "DDoS Attack Puts Code Spaces Out of Business", PC Magazine, 19 June 2014. Code hosting service Code Space was forced to shut down after a DDoS attack and unauthorized access to Code Spaces's Amazon EC2 control panel caused the company to lose most of its data and backups. With the cost of recovery estimated to be too great, Code Spaces stated that they "will not be able to operate beyond this point". (ID#:14-1968) See http://www.pcmag.com/article2/0,2817,2459765,00.asp
	- "Ancestry.com Hit by 3-Day DDoS Attack", PC Magazine, 19 June 2014. After being forced offline by a three-day long DDoS attack, Ancestry.com is back up and running. According to Ancestry.com's CTO Scott Sorensen, no costumer data was stolen by the attackers. (ID#:14-1969) See http://www.pcmag.com/article2/0,2817,2459760,00.asp 
	- "Tools to tighten the Internet of Things", GCN, 20 June 2014. The Internet of Things promises to be a reliable way for technology to increase the productivity, connectivity, and well-being of society, but as the IoT grows, so do concerns over its security. It will be the job of the security industry, both civilian and government, to develop software and other methods for keeping it secure. (ID#:14-1970 ) See http://gcn.com/blogs/cybereye/2014/06/internet-of-things.aspx?admgarea=TC_SecCybersSec
	- "New NIST guidance planned as part of federal info policy", FCW, 12 June 2014. In order to standardize the management of information that is deemed sensitive, but not yet classified, the National Archives and Records Administration (NARA) and the NIST are taking steps towards normalizing handling of controlled unclassified information (CUI). (ID#:14-1971) See http://fcw.com/articles/2014/06/12/nist-guidance-as-federal-policy.aspx?admgarea=TC_Policy
	- "FBI, NYPD, and MTA Team on Cybersecurity Task Force", Infosecurity Magazine, 20 June 2014. The FBI, NYPD, and MTA are pooling their resources and capabilities in the new Financial Cyber Crimes Task Force, a joint effort to fight cyber attacks. The collaboration is based on a model that has been used successfully in the past for fighting terrorism and bank robbery, according to FBI assistant director George Venizelos. (ID#:14-1976) See http://www.infosecurity-magazine.com/view/38968/fbi-nypd-and-mta-team-on-cybersecurity-task-force/
	- "Talk stresses IoT concerns as today's problems", SC Magazine, 19 June 2014. The number of devices on the internet, which surpassed the number of humans on the planet in 2008 and is expected to reach 50 billion by 2020, is cause for concern from a cybersecurity standpoint. To protect this network of devices, including those on the upcoming IoT, new technologies like IPv6 will have to be implemented. (ID#:14-1980) See http://www.scmagazine.com/talk-stresses-iot-concerns-as-todays-problems/article/356777/
	- "SAIC looks to make cyber services easier to buy", FCW, 23 June 2014. The SAIC is rolling out with a new program to streamline the process of purchasing security services for government customers, which will allow government entities on tight budgets to purchase these services without the complicated, drawn-out process that they often must endure. (ID#:14-1987) See http://fcw.com/articles/2014/06/23/saic-cyber-services.aspx 
	- "Police turning to mobile malware for monitoring", Computerworld, 25 June 2014. Italian company Hacking Team is one of a few groups that makes malware for governments and law enforcement to intercept data and track internet users. The falling cost of these tools means that they can become more widespread, and may be used by the governments of developing nations to violate their citizens' rights. (ID#:14-1989) See http://www.computerworld.com/s/article/9249352/Police_turning_to_mobile_malware_for_monitoring
	- "Can telework improve cybersecurity?", GCN, 27 June 2014. At a time when cybersecurity professionals are needed most by the government, studies find that there is a potentially dangerous shortage. With cybersecurity experts generally making more money in the private sector, the government will have to make the jobs it offers appealing, and offering teleworking could be a crucial part of that effort. (ID#:14-1991) See http://gcn.com/blogs/cybereye/2014/06/telework.aspx?admgarea=TC_SecCybersSec
	- "NSA's Rogers: JIE crucial to cyber defense", FCW, 24 June 2014. NSA director Michael Rogers expresses his eagerness for the DoD's move towards a Joint Information Environment (JIE), which is set to replace the current network structure. According to Rogers, the old "service-centric approach to networks" has been costly to the DoD. (ID#:14-1993) See http://fcw.com/articles/2014/06/24/nsa-rogers-speech.aspx 
	- "Four to six teams expected to bid on Defense health record effort", FCW, 25 June 2014. Several teams are expected to compete for a DoD contract to provide a "commercial, off-the-shelf electronic records product" for the military. The project, which will cost around $11 billion, will improve integrate military health services. (ID#:14-1994) See http://fcw.com/articles/2014/06/25/defense-health-record-effort.aspx 
	- "DHS plans for cybersecurity in interconnected world", FCW, 27 June 2014. The Department of Homeland Security, which has just released its new Quadrennial Homeland Security Review (QHSR), is expressing increasing concern over the security of interconnected devices. This growing vulnerability of these devices is part of the dramatic change in cybersecurity threats that has occurred since the DHS last published a QHSR. (ID#: 14-1994b) See http://fcw.com/articles/2014/06/27/dhs-qhsr.aspx
	- "Next Generation Internet Will Arrive Without Fanfare, Says UMass Amherst Network Architect", University of Massachusetts Amherst, 24 June 2014. According to a UMass researcher, the next-generation internet -- one with "far better security, greater mobility and many other improved features" -- is not far away, but the transition will be gradual, seamless, and not noticeable to most internet users. (ID#:14-1995) See http://www.umass.edu/newsoffice/article/next-generation-internet-will-arrive
	- "Cracks emerge in the cloud", A*STAR Research, 18 June 2014. A Singapore-based research team has found numerous vulnerabilities in cloud service providers Dropbox, Google Drive, and Microsoft SkyDrive. Insecure URL storage, URL shortening, and other practices can leave a user's private data vulnerable. (ID#:14-1996) See http://www.research.a-star.edu.sg/research/6983 
	- "Long distance Glasshole Snoopers Can Spot User PINs", Infosecurity Magazine, 27 June 2014. Researchers at the University of Massachusetts, Lowell have created software that uses mobile camera devices -- such as the new Google Glass -- to detect pass codes as they are being typed. Though watching people type is nothing new, this kind of software could allow criminals to far exceed the capabilities of the human eye. (ID#:14-1999) See http://www.infosecurity-magazine.com/view/39052/long-distance-glasshole-snoopers-can-spot-user-pins/
	- "Cisco Open-sources Experimental Cipher", 24 June 2014. Though traditional block ciphers work very well on large blocks of data (128, 192, 256-bit), use of these encryption tools on smaller objects can lead to an enormous inflation of the size of the data. Cisco is working on a new encryption scheme to more efficiently manage these smaller objects. (ID#:14-2004) See http://www.infosecurity-magazine.com/view/38983/cisco-opensources-experimental-cipher/
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.