[ISN] Even Homeland Security Says Not to Use Internet Explorer

http://mashable.com/2014/04/28/homeland-security-internet-explorer/ By Christina Warren mashable.com 4/28/2014 How scary is the latest Internet Explorer security vulnerability? Even the U.S. government says not to use IE until the browser is fixed. The flaw, which affects Internet Explorer versions 6 and up, allows bad guys to gain complete access to a PC via a malicious website. Dubbed “Operation Clandestine Fox” by the security by the security firm FireEye, the threat is real. And dangerous. The U.S. Department of Homeland Security doesn’t issue security alerts for computer software very often, but this time, it made an exception. Many agencies within the U.S. government use versions of IE. Homeland Security recommends that users or administrators “enable Microsoft EMET where possible” and to “consider employing an alternative web browser until an official update is available.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Exclusive: Meet the Secret Fed Cybersecurity Unit Keeping Trillions of Dollars Safe From Hackers

http://www.foreignpolicy.com/articles/2014/04/28/exclusive_meet_the_secret_fed_cyber_security_unit_keeping_trillions_of_dollars_s By Shane Harris Foreign Policy April 28, 2014 If the U.S. central banking system is ever hit with a crippling cyber attack, a group of roughly 100 government employees working in a three-story fortress-like building next door to a Buick dealership in East Rutherford, N.J., will be among the first to know about it. That’s where, almost entirely out of sight, a team from the Federal Reserve System’s crack cyber security unit is constantly on watch for malicious hackers, criminals, and spies trying to breach the computer networks of the Fed, its regional banks, and some of the most critical financial infrastructure in America. The National Incident Response Team, or NIRT, as the group is called (pronounced “nert”) tries to prevent intruders from breaking into Fed computer networks and money transfer systems used by thousands of banks across the U.S every day. Among the team’s most important protectees is the Fedwire Funds Service, a real-time settlement system that banks use to transfer money between accounts. In 2013, Fedwire handled on average $2.8 trillion in transfers every day. For several years now, current and former U.S. officials, as well as bank executives, have warned that cyber attackers could sow mass panic by disrupting critical financial networks such as the ones NIRT protects, causing the systems to crash or manipulating information so that customers didn’t know how much money was in their accounts and financial institutions couldn’t square their ledgers. The nightmare scenario for NIRT members is a malicious hacker gaining access to Fedwire or to sensitive computers used by the Treasury Department, such as the International Treasury System, which the federal government uses to make payments directly to foreign individuals and companies around the world and is also monitored by the NIRT. The cyber security team is the first line of defense for the central banking system. “If there’s a breach of Fedwire or another critical system, they’re going to wake the [Federal Reserve] chairman up out of bed,” said one former NIRT member. “That’s a shit-your-pants type of emergency. Anything that compromises the faith and trust in the [government-backed] money system. And that’s all bound to the Fed and Treasury systems.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber Security: Why Nigeria Needs Computer Emergency Response Team

http://leadership.ng/news/368843/cyber-security-nigeria-needs-computer-emergency-response-team By Nkechi Isaac Leadership April 29, 2014 Cybercrime is one of the fastest growing areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that modern technologies offer in order to commit a diverse range of criminal activities. These include attacks against computer data and systems, identity theft, the distribution of child sexual abuse images, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, Botnets, and various email scams such as phishing. The global nature of the Internet has allowed criminals to commit almost any illegal activity anywhere in the world, making it essential for all countries to adapt their domestic offline controls to cover crimes carried out in cyberspace. The use of the Internet by terrorists, particularly for recruitment and the incitement of radicalization, poses a serious threat to national and international security. In addition, the threat of terrorism forces authorities to address security vulnerabilities related to information technology infrastructure such as power plants, electrical grids, information systems and the computer systems of government and major companies. Speaking at the handover and launching of the Computer Emergency Readiness and Response Team (CERTT.ng) Ecosystem by Consultancy Support Services (CS2) to the National Information Technology Development Agency (NITDA), the former acting director-general of the agency, Dr. Ashiru Daura, said the project marked a turning point in the fight against cyber crime in Nigeria. Daura said, “CERTT.ng is concerned with cyber crime which is crime committed on the cyber space, the internet. A lot of these crimes, which are of different kinds, happen every minute and every second, now even though we try as much as possible to provide protection for our systems, our networks some of these criminals penetrate or attack. So, there is need for us to do at least two things and these are to repel the attack and recover the systems, to make sure that we can come back to our original status as fast as we can and then also learn few lessons from the attack. That’s the purpose for this team which is to provide response to any threat or attack in the cyber space.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Europe Begins Its Largest-Ever Cyberwar Stress Test

http://blogs.wsj.com/digits/2014/04/28/europe-begins-its-largest-ever-cyberwar-stress-test/ By Frances Robinson The Wall Street Journal April 28, 2014 In a sign of just how seriously Europe is taking the cyber threat, more than 400 cyber security professionals from 29 countries and 200 organisations are today beginning a biannual cyber exercise coordinated by the European Union Agency for Network and Information Security (ENISA). It is not the first time ENISA has produced this event, but this year’s will be the largest such “stress test” of the continent’s ability to withstand massive cyber-attack. The online event brings together various Cyber Security Agencies, EU bodies, Telecoms operators, tech companies and energy providers. Those involved must detect and tackle various challenges based on 16 different cyber-security incidents. The technical part of the exercise takes places in a distributed manner across all of Europe. “The incidents in Cyber Europe 2014 are very realistic, mimicking unrest and political crisis at a pan-European level, disrupting services for millions of citizens across Europe,” The Executive Director of ENISA, Professor Udo Helmbrecht, said. “This improves the resilience of Europe’s critical information infrastructures”. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail