[ISN] DDoS attacks knock Feedly offline for second day running

http://www.computerworld.com/s/article/9249064/DDoS_attacks_knock_Feedly_offline_for_second_day_running By Gregg Keizer Computerworld June 12, 2014 RSS aggregator Feedly today went dark for the second time in two days as another wave of distributed-denial-of service (DDoS) attacks knocked it offline. At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it had again been targeted by cyber criminals, who seem bent on crippling the RSS provider. “The ops team has reviewed the attacks and is working on building a second line of defense to neutralize this second attack,” said company officials, including Edwin Khodabakchian, Feedly CEO, in a brief status update on the firm’s blog. After a four-hour outage, Feedly was restored at 2:30 p.m. ET, 11:30 a.m. PT. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FCC will push network providers on cybersecurity, Wheeler says

http://www.networkworld.com/article/2363025/security/fcc-will-push-network-providers-on-cybersecurity-wheeler-says.html By Grant Gross IDG News Service June 12, 2014 The U.S. Federal Communications Commission is threatening to step in with regulations if network providers don’t improve cybersecurity. The FCC will take steps to encourage cybersecurity in the coming months, acting first as a promotor of company-led initiatives instead of a regulator, in keeping with its congressionally defined mission to promote the national defense and public safety, FCC Chairman Tom Wheeler said. But if that doesn’t lead to improvements, the agency is prepared to act. “The challenge is that this private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said during a speech at the American Enterprise Institute for Public Policy Research. “We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.” Echoing the current debate over the FCC’s authority to enforce net neutrality rules, Wheeler promised that the agency will push network operators to improve cybersecurity even as those companies move more of their traffic from the more heavily regulated analog telephone network to more lightly regulated Internet Protocol-based networks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Bank of England receives ‘7 or 8 cyber attacks a week’, says CISO

http://www.computerworlduk.com/news/security/3524486/bank-of-england-receives-7-or-8-cyber-attacks-week-says-ciso/ By Matthew Finnegan Computerworld UK 12 June 14 The Bank of England is fending off regular attempts to hack its into systems each week, with hactivists and nation states the most common culprits. “We get on average around eight incidents a week, and we are a central bank that is pretty small in number – around 4,000 people,” said Don Randall MBE, chief information security officer at the Bank of England, speaking at the Institute of Risk Management’s Cyber Risk 2014 Summit. “To date, none of these have caused any major harm – but they [cyber criminals] are definitely looking at it.” The weekly attacks include two or three denial of service attempts on average, some of which go through a service provider, as well as malware attacks such as spearphishing. According to Randall, the majority of attacks are believed to be from hacktivists and nation states, rather than criminals attempting to hack systems for financial gain, which are more likely to target the UK’s retail banks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Fake Dot-Gov Webmail Used in Phishing Scam to Hack EPA and Census Staff

http://www.nextgov.com/cybersecurity/2014/06/fake-dot-gov-webmail-used-phishing-scam-hack-epa-and-census-staff/86374/?oref=ng-HPtopstory By Aliya Sternstein Nextgov.com June 12, 2014 A Nigerian man has admitted to compromising the email accounts of federal employees to order agency office products that he then sold on the black market, according to newly filed court papers. Abiodun Adejohn and conspirators cheated government supply vendors out of almost $1 million worth of goods through the scheme. The hackers broke into the accounts through a series of impersonations targeting Environmental Protection Agency and Census Bureau staff. First, they sent the employees “phishing” emails purporting to be from government agencies that contained links to seemingly legit agency webmail login pages. But the webpages actually stole usernames and passwords the employees entered. Many federal agencies are vulnerable to this type of mimicry because of poor cyber hygiene, according to a report released Wednesday. Analysts at the Online Trust Alliance found that many federal webpages and email addresses are missing encryption and verification protections that could prevent phishing scams. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How did the RCMP crack BlackBerry’s security?

http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security By Vito Pilieci ottawacitizen.com June 12, 2014 BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe. On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking. Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes. PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The $10 Million Deductible – Why the cyberinsurance industry is a mess.

http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html By Josephine Wolff Slate.com June 12, 2014 Do you still shop at Target? There’s been controversy over how much of an impact the massive breach of 40 million credit and debit card numbers in late 2013 had on the company’s shareholders and customers. And that controversy speaks to a larger cybersecurity problem plaguing industry today: the difficulty of assessing the impact and costs of these sorts of security breaches and the challenges that presents when it comes to trying to buy and sell cyberinsurance. Yes, that’s a real thing—and a great business to be in, at the moment, if you can figure out how to develop accurate actuarial models, that is. A recent New York Times article touted cyberinsurance as the “fastest-growing niche in the [insurance] industry today.” Nicole Perlroth and Elizabeth Harris report: “[A]fter the breach at Target, its profit was cut nearly in half—down 46 percent over the same period the year before—in large part because the breach scared away its customers.” These enormous costs to brand reputation make it difficult for companies to get as much cyber risk coverage as they want, and the demand is only growing. The Times cites statistics showing a 21 percent increase in demand for cyberinsurance policies from 2012 to 2013, with total premiums reaching $1.3 billion last year and individual companies able to acquire a maximum of roughly $300 million in coverage. At the time of its breach, Target had only $100 million in coverage, with a $10 million deductible, and had been turned away by at least one insurer when it tried to acquire more cyberinsurance, Perlroth and Harris report. They suggest that this coverage may fall well short of the massive losses incurred by the company when it saw its profits nearly halved. But their piece comes less than a month after Eric Chemi argued exactly the opposite about the impact of Target’s security breach in a piece for Bloomberg Businessweek titled “Investors Couldn’t Care Less About Data Breaches.” He wrote: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail