In the News

	In the News

This section features topical, current news items of interest to the international security community. These articles and highlights are selected from various popular science and security magazines, newspapers, and online sources.

US News     

“Hotline Bling: China, U.S. Work to Further Cybersecurity Pact,” US News, 3 December 2015. [Online]
President Obama and President Jinping have committed to the creation of a “hotline” between the two countries to “avoid escalation of issues that may arise in the course of responding to cybercrime and other malicious cyber activities.”
See: http://www.usnews.com/news/articles/2015/12/03/hotline-bling-china-us-work-to-further-cybersecurity-pact

“Pentagon Weighs Online War Against ISIS,” US News, 21 December 2015. [Online].
ISIS has been relying heavily on use of internet and social media as a way to both recruit members and spread their message. In response, Secretary of Defense Ashton Carter is meeting with officials to discuss retaliatory options. Some options reportedly being considered include malware and viruses to disrupt their servers, DDoS attacks, and shutting down internet and cell phone access to certain territories.
See: http://www.usnews.com/news/articles/2015-12-21/pentagon-weighs-online-war-against-isis

“Obama Signs Cybersecurity Law in Spending Package,” US News, 18 December 2015. [Online].
President Obama signed a spending bill to finance the government that contained the final revision of the Cybersecurity Information Sharing Act, or CISA. Critics of CISA have argued that the bill will be ineffective; however, the White House noted that they were “pleased” that Congress decided to include it. A spokesman for the White House added that CISA “will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality and civil liberties.”
See: http://www.usnews.com/news/articles/2015-12-18/obama-signs-cybersecurity-law-in-spending-package

“Time Warner Warns Customers Their Emails and Passwords May Have Been Stolen,” NBC News, 6 January 2016. [Online].
Time Warner announced that some 320,000 email accounts and passwords may have been compromised. The affected accounts were linked to the Roadrunner service (emails ending in “@rr.com”). Time Warner released a statement saying that its systems did not appear to have been breached, but rather, the accounts were stolen via phishing or malware. Time Warner is now working with the FBI.
See: http://www.nbcnews.com/tech/security/time-warner-warns-customers-their-emails-passwords-may-have-been-n491686

“Army Training Aims at Cybersecurity,” Army.mil, 21 January 2016. [Online].
The U.S. Army announced that they will begin to offer a graduate-level certificate in cybersecurity through the University of Delaware starting in February. The three-class course will be available to all APG engineers and scientists including contractors and military. This follows previous CERDEC efforts, including an undergraduate certificate through the University of Maryland as well as the promotion of a master’s degree through Johns Hopkins University.​See: http://www.army.mil/article/161219/Army_training_aims_at_cybersecurity/

“US Toughens Background Check Process After Major Hack,” Security Week, 22 January 2016. [Online].
The government plans on creating a new unit whose job it will be to conduct all background checks. The new agency is being created in direct response to a hack last year that left some 20 million employee records compromised. The “National Background Investigations Bureau” will be located within OPM, and the Department of Defense will be responsible for helping to keep the data secure.
See: http://www.securityweek.com/us-toughens-background-check-process-after-major-hack

“Help Wanted: 1,000 Cybersecurity Jobs at OPM, Post-Hack Hiring Approved by DHS,” Forbes, 31 January 2016. [Online].
Following the hack of the OPM last year, the office announced it will be hiring 1,000 cybersecurity professionals. The Department of Homeland Security has already approved the hiring. The new hires will help with analyzing cyber risk, incident handling, vulnerability detection, and more.
See: http://www.forbes.com/sites/stevemorgan/2016/01/31/help-wanted-1000-cybersecurity-jobs-at-opm-post-hack-hiring-approved-by-dhs/

International News 

“RCE, SQLi Flaws Found in Popular Web Apps,” Security Week, 22 December 2015. [Online].
Researchers from High-Tech Bridge announced their discovery of several major security flaws in some popular web applications including osCmax, osCommerce Online Merchant, Roundcube, Osclass, and SocialEngine. osCmax and Online Merchant are susceptible to CSRF attacks, while Osclass and SocialEngine are vulnerable to an SQL injection. Roundcube and Osclass said patches to address the flaws can be expected in the coming days. 
See: http://www.securityweek.com/rce-sqli-flaws-found-popular-web-apps

“Survey Reveals Challenges Facing Cybersecurity Profession,” Security Magazine, 17 December 2015. [Online].
A recent survey conducted by Cybrary revealed several problems that companies face in finding hirable cybersecurity talent. According to the survey, over 80% of companies struggle to find talented individuals. The main reasons given for their troubles were a lack of qualified professionals, lack of resources, and trouble with location.
See: http://www.securitymagazine.com/articles/86837-survey-reveals-challenges-facing-cybersecurity-profession

“Cyber Security Expert Warns German Banks of Retail Payment Risks,” Reuters, 22 December 2015. [Online].
Cybersecurity expert Karsten Nohl recently discovered serious security flaws in German payment systems. The exploits would allow attackers to steal PIN numbers, spoof transactions, and even use the payment systems to transfer money into another account. Thus far, there is little evidence that these threats have been exploited; however, Nohl said that the banks should update their software as quickly as possible.
See: http://www.reuters.com/article/us-cybersecurity-germany-payment-idUSKBN0U51QP20151223

“Cybercriminals Steal $54 Million from Aircraft Parts Maker,” Security Week, 22 January 2016. [Online].
Austrian aircraft part manufacturer, FACC AG, announced this week that hackers were successfully able to steal $54 million from their company’s finance department. FACC AG released few details about the crime, but did say that they believe the attack came from outside their company.
See: http://www.securityweek.com/cybercriminals-steal-54-million-aircraft-parts-maker

“Software Bug Leaves Several MediaTek-Powered Android Devices Vulnerable to Attack,” Gadgets360, 29 January 2016. [Online].
Android devices running on MediaTek processors were recently discovered to contain a software defect that allows a user or an app to enable root level access. From there, a malicious party would be able to steal almost anything as well as monitor all activity from the device. MediaTek released a statement saying that they are aware of the issue and their security team is working to patch it as soon as possible. 
See: http://gadgets.ndtv.com/mobiles/news/software-bug-leaves-several-mediatek-powered-android-devices-vulnerable-to-attack-795743

“Why J.P. Morgan Chase & Co. Is Spending a Half Billion Dollars on Cybersecurity,” Forbes, 30 January 2016. [Online].
J.P. Morgan Chase & Co. has doubled its cybersecurity budget up from a quarter billion dollars to, now, a half billion dollars. The firm’s 10-Q report for the quarter ending June 30, 2015 included two statements focusing directly on cybersecurity. The report pointed out the firm’s need to maintain the integrity of its financial systems, data, and facilities, as well as its ability to appropriately defend against a cyber attack.
See: http://www.forbes.com/sites/stevemorgan/2016/01/30/why-j-p-morgan-chase-co-is-spending-a-half-billion-dollars-on-cybersecurity/

(ID#: 16-8563)

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.