[ISN] This Defense Contractor Is Repeatedly Spear-Phishing 68, 000 Innocent People

______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Lawmakers to amend cybersecurity bill behind closed doors

http://thehill.com/blogs/hillicon-valley/technology/291743-house-intel-panel-plans-closed-door-mark-up-of-cybersecurity-bill By Brendan Sasso Hillicon Valley 04/03/13 Members of the media and the public will not be able to watch the House Intelligence Committee’s markup next week of a controversial cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA). Lawmakers will be allowed to discuss what happened in the meeting afterward, and the committee plans to release information about what amendments were offered and how lawmakers voted. But the public will not be allowed in the room, and the meeting will not be streamed online. Susan Phalen, a spokeswoman for the committee, explained that the Intelligence Committee often restricts access to hearings and that it is possible that lawmakers will need to discuss classified information. “Sometimes they’ll need to bounce into classified information and go closed for a period of time to talk,” she said. “In order to keep the flow of the mark-up continuing forward, you can’t stop in the middle of an open hearing, move everyone to another location for a portion of it, and then move back.” She noted that the committee used the same procedure when it marked up CISPA last year. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Medical College of Wisconsin researcher charged with economic espionage

http://www.jsonline.com/news/crime/medical-college-researcher-charged-with-stealing-anticancer-compound-ls9cnn4-200958961.html By Bruce Vielmetti Journal Sentinel April 1, 2013 A researcher at the Medical College of Wisconsin has been charged with stealing a possible cancer-fighting compound and research data that led to its development, all to benefit a Chinese university. Huajun Zhao, 42, faces a single count of economic espionage, according to a federal criminal complaint, an offense punishable by up to 15 years in prison and a $500,000 fine. Zhao was arrested Saturday and held without bail over the weekend pending a detention hearing in Milwaukee federal court on Monday, when he was ordered detained until trial. No date has been set. John Raymond, president and CEO of the Medical College of Wisconsin in Wauwatosa, said the school is cooperating with the FBI, and directed all other questions to the FBI. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Exclusive: Ongoing malware attack targeting Apache hijacks 20, 000 sites

http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/ By Dan Goodin Ars Technica Apr 2 2013 Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of “Darkleech,” a mysterious exploitation toolkit that exposes visitors to potent malware attacks. The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet’s most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said. Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren’t ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes. Researchers also don’t know precisely how many sites have been infected by Darkleech. The server malware employs a sophisticated array of conditions to determine when to inject malicious links into the webpages shown to end users. Visitors using IP addresses belonging to security and hosting firms are passed over, as are people who have recently been attacked or who don’t access the pages from specific search queries. The ability of Darkleech to inject unique links on the fly is also hindering research into the elusive infection toolkit. “Given that these are dynamically generated, there would be no viable means to do a search to ferret them out on Google, etc.,” Mary Landesman a senior security researcher for Cisco Systems’ TRAC team, told Ars. “Unfortunately, the nature of the compromise coupled with the sophisticated conditional criteria presents several challenges.” […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] DHS, FBI warn over TDoS attacks on emergency centers

http://www.csoonline.com/article/731069/dhs-fbi-warn-over-tdos-attacks-on-emergency-centers By Antone Gonsalves csoonline.com April 01, 2013 Federal law enforcement officials are reporting a rise in attacks in which the telephone lines of emergency call centers are flooded with bogus calls by extortionists whose demands for cash are refused. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recently issued an alert on the bizarre scheme first reported by the blog KrebsonSecurity. Dozens of recent attacks have been reported against the call centers, which handle administrative and emergency calls for police, firefighting and ambulance services. Emergency 911 lines were not affected. So-called telephony denial-of-service (TDoS) attacks have been on the rise against public and private organizations, according to a recent report by SecureLogix, which provides TDoS mitigation services. Typically, the motivation is to extort money or to protest a particular political or social cause. “The entire number of attacks is rising,” said Rod Wallace, vice president of services for SecureLogix. The increase is seen across organizations, public and private. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail