[ISN] Amazon Expands Its Cloud Services to the U.S. Military

http://www.defenseone.com/technology/2014/08/amazon-expands-its-cloud-services-us-military/92090/ By Frank Konkel Nextgov.com August 21, 2014 Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data. Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data. In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles. In layman’s terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Defense ministry finds hacking attempts against its reporters

http://www.koreaherald.com/view.php?ud=20140822000949 By koreaherald.com 2014-08-22 Unidentified hackers, suspected to be based in China, have been caught trying to steal data from media reporters covering South Korea’s Ministry of National Defense, ministry officials said Friday. “We’ve confirmed that a handful of reporters covering the ministry have received an e-mail which carries the malicious code this week,” a ministry official said, explaining that once the email is opened, it automatically imbeds the virus code into the computer. “The code embedded into the computer is meant to steal information in the receiver’s computer automatically. A notebook by one of the reporters was infected with the virus,” he said, noting that it is “yet to be known if any leakage took place.” While investigation into the incident is under way, ministry officials said retracing the IP of the code revealed that the hacker, or hackers, had used a server from Liaoning, China, referring to an Internet Protocol address, the online equivalent of a street address or a phone number. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sekurity is hard – technicaleducation.cisco.com vulnerable to XSS

http://www.infosecnews.org/sekurity-is-hard-technicaleducation-cisco-com-vulnerable-to-xss/ By William Knowles @c4i Senior Editor InfoSec News August 22, 2014 On 21 of August 2014 the security researcher E1337 reported to XSSposed (XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site Scripting) vulnerability which currently has 2 vulnerabilities in total reported by security researchers). Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013. XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Michael Daniel’s Path to the White House

http://www.govinfosecurity.com/interviews/michael-daniels-path-to-white-house-i-2422 By Eric Chabrow Gov Info Security August 21, 2014 Michael Daniel sees his lack of technical expertise in IT security as an asset in his job as White House cybersecurity coordinator. “Being too down in the weeds at the technical level could actually be a little bit of a distraction,” Daniel, a special assistant to the president, says in an interview with Information Security Media Group. “You can get enamored with the very detailed aspects of some of the technical solutions,” he says. “And, particularly here at the White House … the real issue is to look at the broad, strategic picture and the impact that technology will have.” Daniel came out of obscurity in the federal bureaucracy in May 2012 – he was serving as the intelligence branch chief at the White House Office of Management and Budget – when President Obama tapped him to replace the administration’s first cybersecurity coordinator, Howard Schmidt (see Who Is Michael Daniel?). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] U.S. venture firm Kleiner Perkins suffers security breach

http://www.reuters.com/article/2014/08/22/us-usa-crime-kleiner-idUSKBN0GM03J20140822 BY SARAH MCBRIDE SAN FRANCISCO Reuters.com Aug 21, 2014 California detectives are investigating a July computer theft at storied venture capital-firm Kleiner Perkins Caufield & Byers, a spokeswoman for the Menlo Park police said on Thursday. The theft may put Kleiner in jeopardy of losing valuable financial data and making the firm the latest in a long list of businesses that have lost sensitive information to thieves. In this case, the information was taken by physical, not electronic, means. Kleiner invests in Silicon Valley startups with highly competitive business plans, including payments startup Square, thermostat company Nest, and ride service Uber. Investors in its funds include endowments and foundations that keep their investment decisions private. The performance of those funds is a closely guarded secret. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail