Tag Archives: target

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Word up: BlackEnergy SCADA hackers change tactics

www.theregister.co.uk/2016/01/28/blackenergy_tv_station_attack/ By John Leyden The Register 28 Jan 2016 A new BlackEnergy spear-phishing campaign is targeting more Ukrainian firms, including a television channel. A spear-phishing document found by Kaspersky Lab analysts mentions the far-right Ukrainian nationalist political party “Right Sector” and appears to have been used in an attack against a popular television channel in Ukraine. Ukrainian TV station “STB” was previously named as a victim of the BlackEnergy Wiper attacks in October 2015. The Russian-speaking BlackEnergy APT group are notoriously blamed for malware-based attacks against utilities that led to short power outages in the days before Christmas. The BlackEnergy APT group has been actively using spear-phishing emails carrying malicious Excel documents with macros to infect computers in a targeted network since the middle of last year. However, in January this year, Kaspersky Lab researchers discovered a new malicious document which infects the system with a BlackEnergy Trojan. Unlike the Excel documents used in previous attacks, this was a Microsoft Word document. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israeli generals said among 1, 600 global targets of Iran cyber-attack

www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/ BY TIMES OF ISRAEL STAFF January 28, 2016 Iran launched a cyber-attack targeting Israeli army generals, human rights activists in the Persian Gulf and scientists, an Israeli cyber-security firm said Thursday. Gil Shwed, CEO of Check Point Software Technologies, said the attack began two months ago and was directed at some 1,600 people worldwide. They received email messages aimed at sending spyware into their computers, Shwed told Israel Radio. More than a quarter of the recipients opened the emails and thus unknowingly downloaded spyware, allowing the hackers to steal information from their hard drives. Over the last two years, Israel has been targeted by a number of cyber-attacks. Officials say hackers affiliated with Hezbollah and the Iranian government were behind some of the infiltration attempts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Flint hospital hit with cyber attack after hacker group Anonymous promises action on water crisis

www.healthcareitnews.com/news/flint-hospital-hit-cyber-attack-after-hacker-group-anonymous-promises-action-water-crisis By Mike Miliard Health Care IT News January 25, 2016 Flint, Michigan-based Hurley Medical Center was targeted with a cyber attack this past week, soon after the hacktivist group Anonymous released a video promising “justice” for the city’s ongoing water crisis. The attack was confirmed by the hospital on Jan. 21. “Hurley Medical Center has IT systems in place, which aid in detecting a virus or cyber attack,” spokeswoman Ilene Cantor said, according to MLive. “As such, all policies and protocols were followed in relation to the most-recent cyber attack on our system. Patient care was not compromised and we are closely monitoring all systems to ensure IT security is consistently maintained.” Anonymous’ posted a video online launching what it dubbed the #OpFlint campaign. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers Target U.S. Intelligence Director

www.pcmag.com/article2/0,2817,2497873,00.asp By Don Reisinger pcmag.com January 14, 2016 The so-called “teenage hackers” who last year found their way into the CIA director’s AOL email account are back at it, according to a report. A member of hacking group “Crackas with Attitude (CWA)” contacted Vice’s Motherboard to inform the publication that it hacked several accounts owned by James Clapper, U.S. director of national intelligence. According to Motherboard, hackers broke into Clapper’s FiOS account and forward all phone calls to the Free Palestine Movement. They also hacked his wife’s Yahoo account. Clapper’s office confirmed the breach to Motherboard, but declined to elaborate. CWA came on the hacking scene in a big way last year after hacking CIA Director John Brennan’s personal email account. Upon doing so, they claimed to have gained access to several tools and portals used by U.S. agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] Speak About Your Cyberwar at PHDays VI

Forwarded fFrom: Alexander Lashkov Positive Hack Days VI, the international forum on practical information security, opens Call for Papers. Our international program committee consisting of very competent and experienced experts will consider every application, whether from a novice or a recognized expert in information security, and select the best proposals. Now, more than ever before, cybersecurity specialists are being asked to stop sitting on the fence and choose a side — competitive intelligence vs DLP systems; security system developers vs targeted cyberattacks; cryptographers vs reverse engineers; hackers vs security operations centers. A new concept of PHDays VI is designed to show what the current vibe is in information security. We want researchers to speak about the real dangerous threats and possible consequences. We also expect developers and integrators to give real answers to these threats rather than to talk about empowering security technologies. Come and share your experience at PHDays VI in Moscow, May 17 and 18, 2016. Your topic can revolve around any modern infosec field: new targeted attacks against SCADA, new threats to medical equipment, vulnerabilities of online government services, unusual techniques to protect mobile apps, antisocial engineering in social networks, or what psychological constitution SOC experts have. In addition, this year, we are planning to discuss IS software design, development tools, and SSDL principles. Our key criteria is that your research should be unique and offer a fresh perspective on hacking, modern information technologies, and the role they play in our lives. If you have something interesting or surprising to share, but none of the formats are suitable for your participation, please apply anyway and be sure we will consider your work. The first stage of CFP ends on January 31, 2016. Apply now — the number of final reports is limited. In 2015, the forum brought together 3,500 participants. In 2016, it is expected to see 4,000 attendees: information security leaders, CIO and CISO of the world’s largest companies, top managers of giant banks, industrial and oil and gas producing enterprises, telecoms, and IT vendors, representatives from different government departments. Positive Hack Days featured a variety of distinguished participants including Bruce Schneier (the legendary cryptography expert), Whitfield Diffie (one of the inventors of asymmetric cryptography), Mohd Noor Amin (IMPACT, UN), Natalya Kasperskaya (CEO of InfoWatch), Travis Goodspeed (a reverse engineer and wireless enthusiast from the U.S.), Tao Wan (the founder of China Eagle Union), Nick Galbreath (Vice-President of IPONWEB), Mushtaq Ahmed (Emirates Airline), Marc Heuse (the developer of Hydra, Amap, and THC-IPV6), Karsten Nohl (a specialist in GSM engineering), Donato Ferrante and Luigi Auriemma (famous SCADA experts from Italy), and Alexander Peslyak (the creator of the password cracking tool John the Ripper). Find any details about the format, participation rules, and CFP instructions on the PHDays website: www.phdays.com/call_for_papers/


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] When a single e-mail gives hackers full access to your network

arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/ By Dan Goodin Ars Technica Dec 16, 2015 When you’re a Fortune 500 company that’s a favorite target of sophisticated hackers, it often makes sense to install security appliances at the outer edges of your network to stop attacks before they get far. Now, researchers say they have uncovered a vulnerability in such a product from security firm FireEye that can give attackers full network access. The vulnerability, which is on by default in the NX, EX, AX, FX series of FireEye products, was FireEye last week, after researchers from Google’s Project Zero privately reported it. It made it possible for attackers to penetrate a network by sending one of its members a single malicious e-mail, even if it’s never opened. It’s not uncommon for outsiders to find such critical flaws in a security product. Still, the proof-of-concept exploit underscores that such game-over threats often extend to some of a network’s most critical equipment. As Google employee Tavis Ormandy explained in a blog post published Tuesday: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail