Tag Archives: computing

[ISN] Hackers give up when they go up against this cybersecurity company

http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ By Robert Hackett @rhhackett Fortune.com July 29, 2015 It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year. CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled. CrowdStrike’s reputation precedes it. The company, founded in 2011 and based in Irvine, Calif., has gone toe-to-toe with some of the world’s most sophisticated state-sponsored hacking groups. The firm analyzed the data behind the breaches of millions of sensitive records at the Office of Personnel Management, the federal agency responsible for human resources, in what may have been the biggest act of cyberespionage the U.S. has ever seen. It has published threat reports on many of the more than 50 adversaries it tracks, which include the likes of Ghost Jackal (the Syrian Electronic Army), Viceroy Tiger (an Indian intruder), and Andromeda Spider (a criminal coterie). Between 2013 and 2014 its revenue grew 142% and its customer base more than tripled, two reasons Google Capital GOOG 0.63% , the tech giant’s growth equity arm, led a $100 million investment in CrowdStrike in July, its first ever for a computer security company. Kurtz used to travel hundreds of thousands of miles a year as CTO of McAfee, now called Intel Security INTC 0.17% , to meet with beleaguered customers. It struck him that they did not need more anti-malware and antivirus products, the traditional realm of information security, so much as software oriented toward tradecraft and technique, the domain of cyberspies. Co-founder and CTO Dmitri Alperovitch, then McAfee’s head of threat intelligence, agreed. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Security Experts Hack Teleoperated Surgical Robot

http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot/ MIT Technology Review Emerging Technology From the arXiv April 24, 2015 A crucial bottleneck that prevents life-saving surgery being performed in many parts of the world is the lack of trained surgeons. One way to get around this is to make better use of the ones that are available. Sending them over great distances to perform operations is clearly inefficient because of the time that has to be spent travelling. So an increasingly important alternative is the possibility of telesurgery with an expert in one place controlling a robot in another that physically performs the necessary cutting and dicing. Indeed, the sale of medical robots is increasing at a rate of 20 percent per year. But while the advantages are clear, the disadvantages have been less well explored. Telesurgery relies on cutting edge technologies in fields as diverse as computing, robotics, communications, ergonomics, and so on. And anybody familiar with these areas will tell you that they are far from failsafe. Today, Tamara Bonaci and pals at the University of Washington in Seattle examine the special pitfalls associated with the communications technology involved in telesurgery. In particular, they show how a malicious attacker can disrupt the behavior of a telerobot during surgery and even take over such a robot, the first time a medical robot has been hacked in this way. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker In Trouble With Feds After Tweeting About ‘Playing’ With Plane Comms Mid-Flight

http://www.forbes.com/sites/thomasbrewster/2015/04/17/hacker-tweets-about-hacking-plane-gets-computers-seized/ By Thomas Fox-Brewster Forbes Staff 4/17/2015 What’s the first rule of flight club? No, it’s not “don’t talk about flight club”. The first rule is: do not tweet about hacking flight systems when using the on-board Wi-Fi. But pro hacker and founder of One World Labs, Chris Roberts, did just that on a trip from Denver to Syracuse yesterday. His tweet wouldn’t have made much sense to the average Twitter https://twitter.com/Sidragon1/status/588433855184375808 Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? 🙂 — Chris Roberts (@Sidragon1) April 15, 2015 But it made sense to US government officials, who evidently picked up on the references to on-board communications systems (the tweets did not refer to compromising flight control technologies). Rogers said when the flight landed, he was grabbed by FBI agents, questioned for four hours and when Rogers declined to hand over his computing equipment, they seized it all, including an iPad, a MacBook Pro, three hard drives, a flash drive and some USB sticks. He got to keep his phone. All devices were encrypted, so the border control cops may have had a tough time getting anything useful from Roberts’ machines. He still hasn’t retrieved his toys and has not seen a warrant. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency

http://www.darkreading.com/risk/fbi-threat-intelligence-cyber-analysts-still-marginalized-in-agency/d/d-id/1319618 By Sara Peters Dark Reading 3/25/2015 Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents. FBI threat intelligence analysts, a position created post-9/11, have proven their worth to counter-terror operations, but their impact has been limited by a lack of domain awareness, insufficient computing technology, and a lack of status within the Bureau, according to a report released today by the FBI 9/11 Review Commission. While the analysts are providing agents with tactical input, they are not yet participating in any strategic way. Part of the intelligence analysts’ job description, as described by FBIAgentEdu.org, is cyber-forensics and cyber-surveillance


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The marriage between DevOps & SecOps

http://www.idgconnect.com/blog-abstract/9656/the-marriage-devops-secops By IDG Connect March 24 2015 This is a contributed article by Tim Prendergast, Founder & CEO of Evident.io The rise of cloud computing brings many exciting changes to the technology industry: elastic scalability of resources, commodity pricing, freedom to experiment, and a newfound love for agile philosophies. Thankfully, the cloud is leaving behind the constraints and practices of the legacy security industry. Here lies an exciting opportunity: with the rise of DevSecOps, we get to truly redefine how operations, engineering, and security can be brought together in harmony to achieve unparalleled success. In the past, organizations kept the domains of engineering, operations, and security separate for scalability and accountability reasons. Preventing engineering and operations from intermixing guaranteed that production environments were held to a higher standard of reliability, resiliency and consistency than that of engineering environments like those used for development and testing. However, in the last few years, the evolution of DevOps philosophies has really taken the industry by storm. DevOps is not exactly new


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Role of Ethical Hacking Stressed

http://www.newindianexpress.com/cities/thiruvananthapuram/Role-of-Ethical-Hacking-Stressed/2015/03/20/article2721810.ece By Express News Service 20th March 2015 THIRUVANANTHAPURAM: Underlining the importance of cyber security in the coming days, A S Kiran Kumar, chairman, Indian Space Research Organisation (ISRO), said here on Thursday that ethical hacking should be integrated to every organisation’s information system to counter security threats. Kiran Kumar was speaking after inaugurating a two-day seminar on ‘Computers and Information Technology (ISCIT-2015)’ organised by ISRO at the Vikram Sarabhai Space Centre (VSSC). While embracing latest technologies, the importance of cyber security increases manifold. The integration of ethical hacking into the system is essential to proactively counter security threats in the increasingly unsafe cyber world, he said. Guiding fishermen to better fishing grounds or issuing instructions to orbiting spacecraft, computers powered by the latest IT tools have proved to be the backbone of space research and application across the globe, Kiran Kumar said. Adopting latest technologies is the key to success. Sharing computing services through cloud computing and enhancing performance by quantum computing will get more thrust in the coming days, he said. Delivering the keynote address, R Narayanan, former vice- president of Tata Consultancy Services, lauded ISRO’s peer review mechanism, its way of looking at a problem from multiple angles, the preference of an optimal solution over the ideal one and the space organisation’s ability to analyse a problem. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NIST outlines guidance for security of copiers, scanners

http://gcn.com/articles/2015/02/25/nist-replication-device-security.aspx By GCN Staff Feb 25, 2015 The National Institute of Standards and Technology announced its internal report 8023: Risk Management for Replication Devices is now available. The guidance covers protecting the information processed, stored or transmitted on replication devices (RDs), which are devices that copy, print or scan documents, images or objects. Because today’s RDs have the characteristics of computing devices (storage, operating systems, CPUs and networking) they are vulnerable to a number of exploits, NIST said. Among the threats to RDs are: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail