[ISN] Survey Roundup: Cybersecurity Complacency Threatens M&A

http://blogs.wsj.com/riskandcompliance/2014/07/11/survey-roundup-cybersecurity-complacency-threatens-ma-deals/ By BEN DIPIETRO Wall Street Journal July 11, 2014 Taking Risks for Granted: A global survey of 214 senior dealmakers by law firm Freshfields Bruckhaus Deringer found a worrying level of complacency toward the assessment of cyber risks during M&A deals. The survey found 90% of respondents said cyber breaches would result in a reduction in deal value, but 78% say cybersecurity isn’t a risk that is currently analyzed in-depth or dealt with in deal due diligence. On the bright side, awareness of the threat posed by cyberattacks is growing, with 82% saying the risk of cyberattacks will change deal processes over the next 18 months. “It’s surprising that dealmakers recognize the growing threat of cyberattacks to businesses, but generally aren’t addressing that risk during deals,” said Chris Forsyth, co-head of the firm’s international cybersecurity team. “You wouldn’t dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks it faces around data management and cybersecurity?” No Policy Required: Seven in 10 small-business owners and 30% of C-suite executives say their companies don’t have a cybersecurity policy, according to the Security Tracker survey from information security firm Shred-it. The survey found 38% of C-suite execs say they have an employee directly responsible for managing data security issues at the management level. Sharing is Not Caring: A survey from software security company IS Decisions of 1,000 U.S. and 1,000 U.K. desk-based workers found 23% of respondents said they have shared their password with one or more of their colleagues, and 22% saying they share their work logins more frequently now than they did two years ago. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CFP :: InfoSec2014 :: Malaysia

Forwarded from: “Jackie Blanco” The International Conference on Information Security and Cyber Forensics (InfoSec 2014) October 8-10, 2014 Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia http://goo.gl/y8LNrR All registered papers will be included in SDIWC Digital Library. The conference aims to enable researchers build connections between different digital applications. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures. TOPICS ARE NOT LIMITED TO: *Cyber Security *Digital Forensic *Information Assurance and Security Management *Cyber Peacefare and Physical Security Researchers are encouraged to submit their work electronically. All papers will be fully refereed by a minimum of two specialized referees. Before final acceptance, all referees comments must be considered. PAPER SUBMISSION GUIDELINES: – Researchers are encouraged to submit their work electronically. Full paper must be submitted (Abstracts are not acceptable). – Submitted paper should not exceed 15 pages, including illustrations. All papers must be without page numbers. – Papers should be submitted electronically as pdf format without author(s) name. – Paper submission link: http://goo.gl/p1cEwT IMPORTANT DATES: Submission Deadline: September 26, 2014 Notification of Acceptance: 2-4 weeks from the submission date Camera Ready Submission: October 2, 2014 Registration Deadline: October 2, 2014 Conference Dates: October 8-10, 2014 Address: Gong Badak, Kuala Terengganu, Terengganu, Malaysia 21300


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking a $100K Tesla Model S For Fun and $10K Profit

http://www.infosecnews.org/hacking-a-100k-tesla-model-s-for-fun-and-10k-profit/ By William Knowles Senior Editor InfoSec News July 14, 2014 At the 2014 SyScan 360 Conference, being held July 16th and 17th 2014 at the Beijing Marriott Hotel Northeast in Beijing China. Security professionals and hackers paying $319 to attend the conference will have the opportunity to win $10,000 if they can compromise the security of the Tesla Model S. While the official rules haven’t been released, one could surmise that this will involve remotely gaining control of the vehicle’s controls or physically via the 17 inch touchscreen in the Tesla. Back in March 2014, Nitesh Dhanjani detailed a cursory evaluation of the Tesla Model S, pointing out threats such as, Tesla’s six character password can lead to the Model S being remotely located and unlocked via social engineering, email account compromises, brute-force attacks, malware attacks, phishing attacks, and password leaks. Tesla REST API Implicitly Encourages Credential Sharing with Untrusted Third Parties. “The Tesla iOS App uses a REST API to communicate and send commands to the car. Tesla has not intended for this API to be directly invoked by 3rd parties. However, 3rd party apps have already started to leverage the Tesla REST API to build applications.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US firm helps Hamas, Netanyahu keep hackers at bay

http://www.timesofisrael.com/us-firm-helps-hamas-netanyahu-keep-hackers-at-bay/ By David Shamah The Times of Israel July 14, 2014 There isn’t much Prime Minister Benjamin Netanyahu and Hamas have in common — but one thing they do agree on is how to keep their websites safe from hackers. Both rely on a web service called CloudFlare, which helps customers avoid hacking and denial of service attacks. CloudFlare enables users to mask their location and Internet connection service providers. As a result, would-be hackers don’t which server to attack, so they can’t try to pull a site down by hacking into it or attempting a denial of service attack. Critics complain that CloudFlare provides protection equally to nations, legitimate concerns, criminals, and terrorists. As Hamas fires hundreds of rockets at Israel, and the Israeli air force hits back at Gaza, hackers sympathetic to Hamas have over the past several days hacked into numerous Israeli websites, as is common during periods of increased tension. Several days ago, for example, anti-Israel hackers defaced one of the most popular Israeli Facebook pages, StatusHunter, replacing the content with a slideshow purporting to show how the IDF was making Gazans suffer. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] USA Picks Up Computer Hacking Drama Pilot ‘Mr. Robot’

http://variety.com/2014/tv/news/mr-robot-usa-sam-esmail-1201262044/ By Whitney Friedlander News Editor Variety @loislane79 July 14, 2014 USA has given a pilot pickup to “Mr. Robot,” a drama about an anti-social computer programmer who finds he can only connect with other people by hacking into their personal lives. The Universal Cable Productions project from executive producers Sam Esmail (“Comet”) and Anonymous Content’s Steve Golin (“True Detective”) and Chad Hamilton (“Breakup at a Wedding”) follows a hacker named Elliot who wields his skills as a weapon to protect the people that he cares about — only to find himself in the intersection between the cybersecurity firm he works for and the underworld organizations that are recruiting him to bring down corporate America. Esmail penned the script. “‘Mr. Robot’ is a visionary drama.” said Chris McCumber, USA Network president. “It is a very timely and relatable story that captures both the excitement and danger of today’s digital world.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New alert system gives president special code for emergency messages

http://thehill.com/regulation/212134-fcc-mulls-emergency-alert-system-overhaul-for-broadcasters By Tim Devaney The Hill 07/14/14 The Federal Communications Commission (FCC) is looking to overhaul the Emergency Alert System so the president can speak to the country at the flip of a switch in the event of a nationwide emergency. The national Emergency Alert System broadcasts television alert messages to warn people about immediate dangers. The system is often used at the local level to warn people about weather conditions such as tornadoes or flash floods. The system is not capable of reaching the entire country all at once should the president need to warn the public of something like a terrorist attack or an act of war against the country. Instead, to reach the entire country, each local jurisdiction would have to broadcast the same message — a tedious process that could leave room for gaps if one station misses the broadcast. So the FCC is proposing a national location code that would give the president the ability to broadcast to the entire country with a single message in the event of a nationwide emergency. The proposal will be published in Tuesday’s edition of the Federal Register. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese Hacker Charged With Stealing U.S. Defense Contractor Secrets

http://www.eweek.com/security/chinese-hacker-charged-with-stealing-u.s.-defense-contractor-secrets.html By Sean Michael Kerner eWEEK.com 2014-07-14 The FBI gets Canadian authorities to hold a Canadian-Chinese resident on charges of stealing information from U.S. defense contractors, including Boeing and Lockheed Martin. Not all Chinese hackers are actually in China. Case in point is a newly revealed case against Su Bin, who is alleged to have been stealing secrets from U.S. defense contractors, including Boeing and Lockheed Martin. According to a Canadian media report in The Province, Su was arrested in Richmond, British Columbia, on June 28 and has a bail hearing set for July 18. Su was arrested after the U.S. government made a request to the Canadian government to apprehend Su on allegations of computer hacking. Su had been seeking to gain permanent resident status in Canada. According to the criminal complaint, Su is the owner of Lode-Tech, a China-based company that also has an office in Canada. The United States alleges that since at least August 2009, Su worked with a pair of unnamed hackers to collect data from U.S. companies. The targeted information includes data on the Boeing C-17 strategic transport aircraft as well as the Lockheed Martin F-22 and F-35 fighter jets. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Oracle to release 115 security patches

http://www.computerworld.com/s/article/9249690/Oracle_to_release_115_security_patches By Chris Kanaracus IDG News Service July 11, 2014 Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications. The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, Oracle said in an announcement prior to Tuesday’s patch release. Some 29 fixes are for Oracle’s Fusion Middleware suite, with 27 able to be exploited over a network without the need for authentication. Affected middleware components include BI Publisher, GlassFish Server, HTTP Server, JDeveloper, WebCenter Portal and WebLogic Server. Six other patches are for Oracle’s database. Two of the vulnerabilities can be exploited remotely without login credentials. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail