[ISN] Data-leaked card firms may suffer some 100 bln won revenue loss on biz suspension

http://english.yonhapnews.co.kr/business/2014/02/20/60/0501000000AEN20140220002000320F.html Yonhap News Agency 2014/02/20 SEOUL, Feb. 20 (Yonhap)




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Beware of employees’ cheap Android phones

http://www.csoonline.com/article/748548/beware-of-employees-cheap-android-phones By Antone Gonsalves CSO Online February 20, 2014 An Android vulnerability known since 2012 has recently been found to be more serious than previously thought, particularly in phones that cost less than $150. When first discovered, the vulnerability in the WebView class used to embed a browser component to display online content in an app was thought to require an ongoing man-in-the-middle attack to be exploited. Security vendor Rapid 7 recently found that not to be the case. Researcher Joe Vennix found that the vulnerability in Android versions below 4.2, which is early Jelly Bean, could be exploited by clicking on a link in a text message, which would send the recipient to a malicious website. At that point, the attacker could throw up whatever Web page they like, while JavaScript is downloaded in the background to exploit the vulnerability. “In our exploit, it’s just a blank page. There’s nothing there,” Tod Beardsley, engineering manager at Rapid7, said. “But by the time you hit the blank page, the gears are in motion.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] S. Korea Seeks Cyber Weapons to Target North Korea’s Nukes

http://thediplomat.com/2014/02/s-korea-seeks-cyber-weapons-to-target-north-koreas-nukes/ By Zachary Keck The Diplomat February 21, 2014 South Korea is developing offensive cyber weapons to target North Korea’s nuclear weapons program, according to the country’s defense ministry said on Wednesday. According to Yonhap News Agency, South Korea’s Defense Ministry outlined its long-term cyberpolicy to the parliament’s defense committee on Wednesday. The report stated that, “A strategic plan for the second phase calls for developing cybertools for offense like Stuxnet, a computer virus that damaged Iran’s uranium enrichment facility, to cripple North Korea’s missile and atomic facilities.” Yonhap also quoted an anonymous senior defense official as saying: “Once the second phase plan is established, the cyber command will carry out comprehensive cyberwarfare missions.” These missions will be carried out under a new Cyber Defense Command that South Korea plans to establish in May. It will operate under the purview of the ROK Joint Chiefs of Staff, according to the report. South Korea first established a Cyber Command in 2010 to guard against the threat posed by North Korea’s elite unit of hackers. So far, its aims have primarily been to protect vulnerable national networks from cyber attacks originating from North Korea, as well as to wage psychological warfare campaigns against Pyongyang. The decision to equip South Korea’s cyber warriors with the capabilities to attack North Korea’s nuclear and missile facilities therefore represents a dramatic escalation. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] UMD security breach exposes personal info of students, faculty, staff

http://www.wjla.com/articles/2014/02/umd-cyber-attack-exposes-personal-info-of-students-faculty-staff-100387.html By Roz Plater WJLA.com February 19, 2014 (WJLA) – The University of Maryland says it had just recently doubled its number of IT security engineers, analysts, and security tools. But still, hackers somehow managed to carry out a sophisticated attack early Tuesday morning. “It’s scary,” says student Ricky Bailey. “I just got the email about an hour ago, and I don’t think people realize how serious it is just yet.” In a letter sent on Wednesday evening, President Wallace Loh said that the database that was breached contained more than 300,000 records of faculty, staff, students, and affiliated personnel from the College Park and Shady Grove campuses since 1998. Those records include name, social security number, date of birth, and university ID number. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] India not prepared to handle cyber terrorism threat: EC Council

http://articles.economictimes.indiatimes.com/2014-02-19/news/47489884_1_cyber-ddos-participants PTI Feb 19, 2014 NEW DELHI: India may have a burgeoning Internet population but when it comes to cyber attacks, it is ill-equipped to handle sophisticated intrusions as there is a “serious shortage” of skilled professionals, IT security training firm EC Council said. EC Council’s report, Talent Crisis in Indian Information Security, revealed major gaps in present day skill situation concerning IT security, which can impact handling of cyber threats in industries such as banking, defence, healthcare, information, energy, etc. “India’s response to cyber terrorism is dis-jointed. To begin with, there is no central cyber command and there is a non-existent cyber-security training programme,” EC Council President and CEO Jay Bavisi told PTI. Citing examples, Bavisi added the US Computer Emergency Readiness Team (CERT) alone spends over USD 100 million, which is huge compared to India’s about USD 7 million total spending on IT security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber Threats debut on the flightline at Nellis Air Force Base’s Red Flag

http://theaviationist.com/2014/02/17/cyber-war-at-red-flag/ By David Cenciotti The Aviationist Feb 17, 2014 “Train as you fight, fight as you train” has always been Red Flag’s motto. U.S. Air Force’s main exercise has to prepare aircrew and support personnel to fight modern war. In the air, on the ground, over the sea and in the cyberspace. For the first time, the recent Red Flag 14-1 at Nellis Air Force Base featured a “contested, degraded or operationally limited” environment, or CDO, for maintainers, who were trained to cope with cyber vulnerabilities in the systems they use on the flightline. Ground personnel are always using computers and brand new technologies that may be targeted by cyber attacks launched by tech-savvy adversaries: laptop used for aircraft maintainance and diagnosis, GPS systems, communication and network equipment are all high-value targets for enemy hacking teams. That’s why Red Flag maintainers receive academics on cyber vulnerabilities, information operations and other CDO-related threats. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israel Electric Opens Cyber-War Room to Defend Against Power-Grid Hacks

http://www.bloomberg.com/news/2014-02-19/israel-electric-opens-cyber-war-room-to-defend-against-power-grid-hacks.html By Gwen Ackerman Bloomberg Feb 19, 2014 Israel’s main power company opened a cyber “war room” this week to defend its systems around the clock from hackers. Technicians at Israel Electric will monitor as many as 400 million cyber-attacks and hacking attempts a day. “There are hundreds of thousands of attempts to infiltrate Israel Electric’s networks every day,” Israel Electric Chairman Yiftach Ron-Tal said in an e-mailed statement yesterday. “We are talking here about a threat on a national level.” Prime Minister Benjamin Netanyahu has said that one goal of his government is to turn Israel into a world leader in cyber-technologies. In 2012, Netanyahu formed the National Cyber Bureau, which said last month that it plans to establish an emergency-response team for cyber-attacks. President Shimon Peres has spent the last month making public appearances to promote Israeli technology, including cyber-security. In the past three years, the country’s cyber-security industry has grown from a few dozen companies to about 220 that have raised more than $400 million, according to the Tel Aviv-based IVC Research Center. Twenty multinational companies now operate online-security development centers in Israel. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Exclusive: France’s Snecma targeted by hackers – researcher

http://www.reuters.com/article/2014/02/18/us-hacking-snecma-idUSBREA1H1Z320140218 By JIM FINKLE Reuters Feb 18, 2014 French aerospace engine maker Snecma, a unit of Safran, was attacked by hackers who exploited a vulnerability in Microsoft Corp’s Internet Explorer, according to a computer security researcher. It was not clear how successful the hackers had been in their efforts to breach Snecma’s network, according to the researcher, who has studied malicious software and infrastructure used by the hackers. A spokeswoman for Snecma’s parent, Safran, said she had no immediate comment. The researcher said the malicious software used by the hackers contained code that identified Internet domain names belonging to Snecma. The researcher declined to be identified by name as he was not authorized to publicly discuss the matter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail