Cybersecurity

Two Years Later the Conficker Worm Not Entirely Disappeared

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared." more

Gas Pipeline Firms Under Targeted Phishing Attacks

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about an active "spear phishing" campaign targeting companies in the natural gas pipeline sector. In an advisory issued last week, ICS-CERT said it has received information about targeted attacks and intrusions into multiple organizations over the past several months. more

Approach IoT With Security in Mind, Says AT&T Chairman

By 2020, some 50 billion devices are expected to connect to the Internet and the economic value created by IoT could be worth as much as $11.1 trillion -- roughly 11% of the global economy by 2025, according to a new report released by AT&T. more

UK Announces Additional £1.9 Billion in Cyber Security Funding

Chancellor George Osborne announces government plan to almost double its investment in cyber security initiatives over the next five years, spending an additional £1.9 billion. more

Afilias and Neustar to Collaborate With ISC on DNS Security Initiative

Internet Systems Consortium (ISC) has announced that it is working with Afilias and Neustar, Inc. in the effort to support ISC's DNSSEC Look-aside Validation (DLV) registry by providing secondary DNS service for the DLV zone. DLV is a mechanism that provides many of the benefits of DNSSEC (short for DNS Security Extensions), enabling domain holders to secure their domain information today in advance of broader DNSSEC deployment and adoption. "Adding Afilias and Neustar as secondary DNS providers for the DLV zone demonstrates our collective understanding that DLV is a vitally important production service bigger than any single provider in the same way that there are 13 root server operators, not just one." more

Hackers Earned Over $100K in 20 Days Through Hack the Air Force 2.0

HackerOne has announced the results of the second Hack the Air Force bug bounty challenge which invited trusted hackers from all over the world to participate in its second bug bounty challenge in less than a year. more

MAAWG Overview of DNS Security - Port 53 Protection

J.D. Falk writes: Last week, MAAWG quietly published a new document titled "Overview of DNS Security - Port 53 Protection." [PDF] The paper discusses cache poisoning and other attacks on the local DNS, including likely effects of such a compromise and what access providers may be able to do to prevent it. more

APWG Releases 2008 First Quarter Phishing Activity Trends Report

The Anti-Phishing Working Group (APWG) has released its 2008 first quarter Phishing Activity Trends Report revealing that the Crimeware-Spreading URLs rose rapidly doubling previous high. More specifically, the report say that numbers of crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in Q1, 2008 to 6,500 sites, nearly double the previous high of November, 2007 -- and an increase of 337 percent from the number detected end of Q1, 2007. On the positive side, the number of phishing reports and new phishing websites decreased at the end of Q1 2008 period. more

Women in Security Organize New Conference in Reaction to RSA’s Lack of Female Speaker Inclusion

RSA, one of the largest cybersecurity conferences, has been criticized for booking only one female keynote speaker this year who is Monica Lewinsky. more

Google Limits Some Employees’ Access to the Internet

Google has launched a pilot program to bolster its cybersecurity defenses by limiting internet access for some employees. Initially, Google selected 2,500 participants, but after receiving feedback, it modified the program to allow employees to opt out and invite volunteers to join. more

Cyberhygiene Requires Critical Thinking

At his farewell speech in August outgoing, Telstra CEO Andy Penn mentioned that the cyber threat has never been as serious as the present. He mentioned the deteriorating geopolitical situation and the big shift in how criminals operate in the cyber domain. One thing is for sure is that in order to enjoy all the positives resulting from the digital economy, we need to be far more vigilant about the barrage of information that we are receiving and/or have access to. more

Millennials an Untapped Resource for Cybersecurity Skills but They Lack Awareness, Study Finds

A study was recently conducted by Enterprise Strategy Group (ESG) to find out where the potential answers to the cybersecurity skills shortage amongst technology-savvy millennials and post-millennials in the US. more

China, Russia Posing More Aligned Cyberattack Threats to the US, Says Chief of National Intelligence

Dan Coats, Director of US National Intelligence warns China and Russia are increasingly using cyber operations to steal information, influence citizens and to disrupt critical infrastructure. more

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

At a speech during the Security and Defense Agenda meeting on 30 January Vice-President of the European Commission, Neelie Kroes, showed how the Commission envisions public-private cooperation on cyber security. more

‘Not the Best Time’ for Proposed Russia-U.S. Cyber Unit, Says NSA Chief

NSA chief, Mike Rogers during the annual Aspen Security Forum on Saturday, shunned the proposed Russia-U.S. cyber unit, stating "I would argue now is probably not the best time to be doing this." more