US News
SoS Newsletter- Advanced Book Block
"Drupal Admins:Assume Systems Have Been Compromised", Infosecurity Magazine, 30 October 2014. Content Management System (CMS) provider Drupal released a highly critical public service announcement warning that website admins that did install the patch for a SQLi flaw within 7 hours of its announcement should assume their site was compromised. Drupal warns that "applying the patch fixes the vulnerability but does not fix an already compromised website", and that attacks may not have left behind any evidence. (ID: 14-50176)
See http://www.infosecurity-magazine.com/news/drupal-assume-systems-compromised/
"Tor Node Red-Flagged for Slinging Malware", Infosecurity Magazine, 30 October 2014. The Tor Project announced the discovery of a malicious exit node, or "BadExit", that attempts to insert malware into binary files that TOR users download while using the anonymous browser. Though TOR guarantees anonymity, this event is seen by some, such as James Fox of KPMG, as an example that "anonymity online doesnit guarantee security". (ID: 14-50177)
See http://www.infosecurity-magazine.com/news/tor-node-red-flagged-for-malware/
"Microsoft Xbox Live back up, Sony PlayStation Network still down", Reuters, 26 December 2014. Hacking group "Lizard Squad" has claimed responsibility for interruptions of both Sony's PlayStation Network and Microsoft's Xbox Live. Though Xbox live was back up by Friday (with the exception of limited problems with third-party apps), the PlayStation Network remains down as of the 26th. The increase in business of the video game industry during the holiday season makes an interruption on Christmas day especially detrimental. (ID: 14-50179)
See http://www.reuters.com/article/2014/12/26/us-xbox-playstation-cybercrime-idUSKBN0K30RU20141226
"South Korea official says cannot rule out North's hand in hack of nuclear operator", Reuters, 23 December 2014. Following the hacking of and theft from Korea Hydro and Nuclear Power Co Ltd (KHNP), South Korean officials claim that North Korea has not been ruled out as a culprit. During the attack, which occurred on December 22nd, only non-critical data was stolen, and operations were not at risk. South Korea has requested the help of the U.S. in its investigation of the attacks, which "bore some similarities to previous cyberattacks in which North Korea has been involved." (ID: 14-50180)
See http://www.reuters.com/article/2014/12/23/us-southkorea-cybersecurity-usa-idUSKBN0K100D20141223
"Obama vows U.S. response to North Korea over Sony cyber attack", Reuters, 19 December 2014. President Obama has promised a U.S. response to the cyber attack of Sony Pictures over the movie "The Dictator", which depicts the assassination of Kim Jong Un. According to the President, Sony should not have given into the demands of the hackers in pulling the movie from theatres, calling it an instance of "a foreign dictator imposing censorship in America."(ID: 14-50181)
See http://www.reuters.com/article/2014/12/19/us-sony-cybersecurity-usa-idUSKBN0JX1MH20141219
"If South Koreais nuclear plant staff are vulnerable, then so are the reactors", Homeland Security News Wire, 24 December 2014. With increasing amounts of infrastructure connected to the internet, cyberattacks are shaping up to be an easy and cheap alternative to conventional ways of attacking enemies. When a South Korean nuclear plant was hacked (supposedly by North Korea), files were stolen that "reveal the role of the human operators in running the reactor", which is not good news considering that it is often the human factor that is often the weakest link in a cyber defense. (ID: 14-50182)
See http://www.homelandsecuritynewswire.com/dr20141224-if-south-korea-s-nuclear-plant-staff-are-vulnerable-then-so-are-the-reactors
"Obama signs five cybersecurity measures into law", Homeland Security Newswire, 23 December 2014. In the week leading up the Christmas, President Obama signed five pieces of cyber legislation: the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act, and the Federal Information Security Modernization Act (FISMA). A significant piece of cyber legislation has not become law since FISMA (Federal Information Security Management Act, at the time) in 2002 under President George Bush. (ID: 14-50183)
See http://www.homelandsecuritynewswire.com/dr20141223-obama-signs-five-cybersecurity-measures-into-law
"2008 Turkish oil pipeline explosion may have been Stuxnet precursor", Homeland Security Newswire, 17 December 2014. In 2008, an oil pipeline in Turkey exploded, and was later determined to be the result of human error and mechanical failure. However, Western intelligence services deduced that it was an early, Stuxnet-like cyber attack that caused the pipeline to build pressure and explode. Though the Kurdistan Workersi Party (PKK) claimed responsibility, experts doubt their technological capabilities and suspect that the sophisticated attack might have been state-sponsored. (ID: 14-50184)
See http://www.homelandsecuritynewswire.com/dr20141217-2008-turkish-oil-pipeline-explosion-may-have-been-stuxnet-precursor
"Quantum physics makes fraud-proof credit cards possible", Homeland Security Newswire, 16 December 2014. As financial transactions are becoming more common in the digital world, keeping sensitive personal data safe is becoming increasingly challenging. Dutch researchers have been able to create an unbreakable key and authentication system which is based on quantum physics. Quantum-Secure Authentication, as it is known, uses a kind of "question-and-answer" exchange that cannot be copied or replicated, thanks to the principle of quantum uncertainty, as displayed by photons. (ID: 14-50185)
See http://www.homelandsecuritynewswire.com/dr20141216-quantum-physics-makes-fraudproof-credit-cards-possible
"Turla Trojan Unearthed on Linux", TechNewsWorld, 09 December 2014. Kaspersky Labs has found new variants of Turla -- a Trojan that has been found exclusively in Windows machines in the past -- in Linux systems. As with its predecessors, Linux Turla is very stealthy, requiring no elevated privileges and being undetectable by the command-line tool "netstat". Turla is suspected to be Russian in origin, and has built-in protective measures that make it hard to reverse-engineer. (ID: 14-50186)
See http://www.technewsworld.com/story/81460.html
"The Sony Breach Carries Broad Implications Surrounding National Security", Forbes, 19 December 2014. The recent Sony breach carries hefty national security implications, considering the international level at which it took place. David Parnell interviews Roberta D. Anderson, co-founder of the K&L Gates LLP global Cyber Law and Cybersecurity practice group. (ID: 14-50187)
See http://www.forbes.com/sites/davidparnell/2014/12/19/the-sony-breach-carries-broad-implications-surrounding-national-security/?ss=Security
"What Do Security Professionals Think Sony Should Have Done Differently?", Forbes, 26 December 2014. In the wake of the most recent Sony cyber breach, many security professionals are questioning the competence of Sony's cyber defensive strategy, as well as an inability to learn from past mistakes. Sony is accused by some of not taking necessary precautions, such as proper password encryption, infrastructure defense tools, and of not having a strong response plan. (ID: 14-50188)
See http://www.forbes.com/sites/quora/2014/12/26/what-do-security-professionals-think-sony-should-have-done-differently/?ss=Security
"Backoff POS Malware Vets Targets via Surveillance Cameras", InfoSecurity Magazine, 23 December 2014. The notorious "Backoff" POS malware is not unusual in that it targets payment card information on point-of-sale devices, but RSA researchers have discovered that Backoff infections often correlate with attacks on security camera networks. The hackers use security cameras to determine if a machine that has been breached actually belongs to a business, or is just an RDP service on a personal computer. (ID: 14-50189)
See http://www.infosecurity-magazine.com/news/backoff-vets-targets-via/
"Staples Confirms Breach, 1.2Mn Cards Affected", InfoSecurity Magazine, 22 December 2014. Retail store Staples has confirmed that is was the victim of yet another high-profile data breach, with around 1.2 million payment card credentials stolen from 115 affected stores. Staples initially contacted law enforcement in October regarding a suspected breach. In the month or so that it was active, POS malware was able to steal "cardholder names, payment card numbers, expiration dates and card verification codesoeverything needed to carry out online fraud." (ID: 14-50190)
See http://www.infosecurity-magazine.com/news/staples-confirms-breach-12mn-cards/
"ISIS Likely Behind Cyber-attack Unmasking Syrian Rebels", InfoSecurity Magazine, 20 Dec 2014. ISIS is suspected to have been behind an "unmasking attack" on Raqqah is being Slaughtered Silently (RSS), a Syrian group that is advcating against human rights abuses in the ISIS-held town of Ar-Raqqah. The attackers used a "spearfishing" email, which provided a link that downloaded malware on to the victim's computer, and in turn emailed the victim's IP address to the attacker. (ID: 14-50191)
See http://www.infosecurity-magazine.com/news/isis-likely-behind-cyberattack/
"Garden-variety DDoS attack knocks North Korea off the Internet", Computerworld, 23 December 2014. The entirety of North Korea's internet went down on Monday the 22nd after a presumed DDoS attack. With a mere 1024 IP addresses, North Korea's "pipeline" to the internet is so small and weak that such an attack is not "difficult from a resource or technical standpoint", according to security researcher Ofer Gayer. Though it is possible for a DDoS attack to be carried out by an individual, many believe this attack may have been state-sponsored. (ID: 14-50192)
See http://www.computerworld.com/article/2862652/garden-variety-ddos-attack-knocks-north-korea-off-the-internet.html
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.