The Hindu
January 17, 2010
Against the backdrop of concerns over hacking of crucial official websites, central security agencies have again warned the government about the use of multi-tasking blackberry instruments by some of the officials working in sensitive ministries including the Prime Minister.s office.
Agencies have also cautioned against the practice of connecting official computers and laptops with unsecured internet connections by some bureaucrats thus compromising security.
With hackers mainly from China very active and having penetrated deep into the cyber space, the security agencies had asked all ministries especially the Defence, External, Home and the PMO to separate their official computers with those used for internet connection.
The recommendations of the central security agencies seem to have gone unheeded. An official maintained that their suggestion was only recommendatory in nature. The National Technical and Research Organisation (NTRO) also circulated the Do.s and Don.ts to key ministries recently after attempts from hackers were noticed.
A quick random check was carried out during which it was found that some of the officials in the Prime Minister.s Office were using Blackberry services and had linked their official emails on the handset, which is not allowed.
Monday, 18 January 2010
Other Targets In Google Cyber Attack Surface
By Thomas Claburn
InformationWeek
January 15, 2010
The names of other companies targeted in the cyber attack disclosed by Google earlier this week have started to emerge.
Google reportedly asked the other 33 companies targeted in the attack to come forward.
A Google spokesperson said that while the company provided technical information, that was the extent of its communication to other affected organizations.
Adobe was the first company after Google to acknowledge that it had been targeted. It said on Tuesday that it had learned about "a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies" at the beginning of the month.
According to an Adobe spokesperson, Adobe decided to come forward on its own.
Web hosting provider Rackspace followed suit in a blog post.
Symantec and Juniper Networks have acknowledged being targeted.
Dow Chemical and Northrop Grumman were also among the targets, according to The Washington Post. Other reports say Yahoo was attacked as well.
InformationWeek
January 15, 2010
The names of other companies targeted in the cyber attack disclosed by Google earlier this week have started to emerge.
Google reportedly asked the other 33 companies targeted in the attack to come forward.
A Google spokesperson said that while the company provided technical information, that was the extent of its communication to other affected organizations.
Adobe was the first company after Google to acknowledge that it had been targeted. It said on Tuesday that it had learned about "a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies" at the beginning of the month.
According to an Adobe spokesperson, Adobe decided to come forward on its own.
Web hosting provider Rackspace followed suit in a blog post.
Symantec and Juniper Networks have acknowledged being targeted.
Dow Chemical and Northrop Grumman were also among the targets, according to The Washington Post. Other reports say Yahoo was attacked as well.
Army mulls realignment to fortify cyber command
By Amber Corrin
FCW.com
Jan 15, 2010
Army mulls realignment options to build cyber command
As the Army strengthens its military presence in the cyber realm, officials are planning for full operational capabilities by October 2010 for a unified Army cyber component that would report directly to the U.S. Cyber Command, according to a senior Defense Department official.
"We are excited to get all of the [Army] cyber forces under a single command," said Army Brig. Gen. (P) Steven Smith, chief cyber officer, Office of the Army CIO/G-6.
The Army cyber command would involve a hybrid approach, headed up by a three-star general and comprising elements of Army communications and intelligence communities, Smith said.
Smith stressed that all plans for an Army cyber command, currently known as ARFORCYBER, are pre-decisional and subject to change. And no timeline has been announced for organizing a cyber chain of command for the Army.
FCW.com
Jan 15, 2010
Army mulls realignment options to build cyber command
As the Army strengthens its military presence in the cyber realm, officials are planning for full operational capabilities by October 2010 for a unified Army cyber component that would report directly to the U.S. Cyber Command, according to a senior Defense Department official.
"We are excited to get all of the [Army] cyber forces under a single command," said Army Brig. Gen. (P) Steven Smith, chief cyber officer, Office of the Army CIO/G-6.
The Army cyber command would involve a hybrid approach, headed up by a three-star general and comprising elements of Army communications and intelligence communities, Smith said.
Smith stressed that all plans for an Army cyber command, currently known as ARFORCYBER, are pre-decisional and subject to change. And no timeline has been announced for organizing a cyber chain of command for the Army.
Defence repelled 2400 cyber attacks in 2009
[That number seems abnormally low and missing an extra 0! - WK]
By Nicola Berkovic
The Australian
January 15, 2010
DEFENCE department computers sustained about 2400 cyber attacks last year, Defence Minister John Faulkner revealed today.
Launching a new cyber warfare centre in Canberra, Senator Faulkner outlined the scale of electronic attacks against government operations.
He said Defence investigated about 200 “electronic security incidents” a month last year involving its own computers and networks.
Defence also responded to about 220 cyber attacks against other areas of the Australian government last year.
Warning there was a “dark side” to technology, Senator Faulkner said the new Cyber Security Operations Centre was a significant part of the government's response to cyber threats.
“The internet is not only a tool in this battle - cyberspace is a battlefield itself,” he said.
By Nicola Berkovic
The Australian
January 15, 2010
DEFENCE department computers sustained about 2400 cyber attacks last year, Defence Minister John Faulkner revealed today.
Launching a new cyber warfare centre in Canberra, Senator Faulkner outlined the scale of electronic attacks against government operations.
He said Defence investigated about 200 “electronic security incidents” a month last year involving its own computers and networks.
Defence also responded to about 220 cyber attacks against other areas of the Australian government last year.
Warning there was a “dark side” to technology, Senator Faulkner said the new Cyber Security Operations Centre was a significant part of the government's response to cyber threats.
“The internet is not only a tool in this battle - cyberspace is a battlefield itself,” he said.
McAfee Calls Operation Aurora A "Watershed Moment In Cybersecurity", Offers Guidance
By Robin Wauters
TechCrunch.com
January 17, 2010
Computer and software security company McAfee last week identified a vulnerability in Microsoft Internet Explorer as a key vector in the cyberattacks that hit Google and over 30 other companies in a high-profile, multi-staged and concentrated effort to hack into specific computer systems in order to obtain intellectual property.
Redmond has since issued a security advisory and later published its own risk assessment of the zero-day threat. This morning, McAfee announced that it is offering consumers and businesses further guidance on what it refers to as "Operation Aurora".
And it's bringing out the superlatives to describe the attacks.
George Kurtz, McAfee's worldwide chief technology officer, has been blogging about how the browser vulnerability was exploited for the cyberheist and is now quoted in this morning's press release as saying that it is the "largest and most sophisticated cyberattack we have seen in years targeted at specific corporations".
Kurtz stops short of saying that the planet nearly stopped spinning, but refers to the attack as a "watershed moment in cybersecurity" that has "changed the world".
TechCrunch.com
January 17, 2010
Computer and software security company McAfee last week identified a vulnerability in Microsoft Internet Explorer as a key vector in the cyberattacks that hit Google and over 30 other companies in a high-profile, multi-staged and concentrated effort to hack into specific computer systems in order to obtain intellectual property.
Redmond has since issued a security advisory and later published its own risk assessment of the zero-day threat. This morning, McAfee announced that it is offering consumers and businesses further guidance on what it refers to as "Operation Aurora".
And it's bringing out the superlatives to describe the attacks.
George Kurtz, McAfee's worldwide chief technology officer, has been blogging about how the browser vulnerability was exploited for the cyberheist and is now quoted in this morning's press release as saying that it is the "largest and most sophisticated cyberattack we have seen in years targeted at specific corporations".
Kurtz stops short of saying that the planet nearly stopped spinning, but refers to the attack as a "watershed moment in cybersecurity" that has "changed the world".
Google Hack Code Released, Metasploit Exploit Now Available
By Kelly Jackson Higgins
DarkReading
Jan 16, 2010
Internet Explorer exploit code used in the so-called Aurora attacks out of China against Google and other companies has been posted online -- and now the popular Metasploit hacking tool has released a working exploit of the attack as well.
The malware, which exploited a zero-day vulnerability in Internet Explorer in targeted attacks against Google and other companies'
networks, was used to go after IE6 browsers in the massive attacks, which ultimately resulted in the theft of intellectual property from Google and other as-yet unnamed organizations. Adobe and Rackspace are among the companies so far that say they were hit by the attacks that first came to light this week and were allegedly conducted by hackers in China.
With the IE exploit in the wild now, it could be used by other cybercriminals to go after other organizations or users. And while Metasploit's new exploit is meant for researchers and penetration testers to gauge their vulnerability to the attack, Metasploit is still an open-source tool that can be deployed for nefarious purposes as well.
"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," George Kurtz, McAfee's CTO, blogged late yesterday. "This attack is especially deadly on older systems that are running XP and Internet Explorer 6," he said.
DarkReading
Jan 16, 2010
Internet Explorer exploit code used in the so-called Aurora attacks out of China against Google and other companies has been posted online -- and now the popular Metasploit hacking tool has released a working exploit of the attack as well.
The malware, which exploited a zero-day vulnerability in Internet Explorer in targeted attacks against Google and other companies'
networks, was used to go after IE6 browsers in the massive attacks, which ultimately resulted in the theft of intellectual property from Google and other as-yet unnamed organizations. Adobe and Rackspace are among the companies so far that say they were hit by the attacks that first came to light this week and were allegedly conducted by hackers in China.
With the IE exploit in the wild now, it could be used by other cybercriminals to go after other organizations or users. And while Metasploit's new exploit is meant for researchers and penetration testers to gauge their vulnerability to the attack, Metasploit is still an open-source tool that can be deployed for nefarious purposes as well.
"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," George Kurtz, McAfee's CTO, blogged late yesterday. "This attack is especially deadly on older systems that are running XP and Internet Explorer 6," he said.
WinXP users, have you updated your flash?
Microsoft has published a security advisory, warning users of Windows XP that they must update their installations of Flash.
Windows XP came with version 6 of the Adobe Flash Player, and it has been discovered that that version contains a number of vulnerabilities that could be exploited if you visited a boobytrapped webpage.
The end result? Malicious code could run on your computer, opening a backdoor for hackers to gain access, potentially stealing your identity or turning your computer into part of a spam-spewing bonnet.
And you wouldn't want that would you?
So, double-check that your version of Adobe Flash is current. Visit this page on Adobe's website to run the test (it only takes a few seconds), and you'll quickly know if you're up-to-date or not.
If not, update Adobe Flash immediately from http://get.adobe.com/flashplayer/
Windows XP came with version 6 of the Adobe Flash Player, and it has been discovered that that version contains a number of vulnerabilities that could be exploited if you visited a boobytrapped webpage.
The end result? Malicious code could run on your computer, opening a backdoor for hackers to gain access, potentially stealing your identity or turning your computer into part of a spam-spewing bonnet.
And you wouldn't want that would you?
So, double-check that your version of Adobe Flash is current. Visit this page on Adobe's website to run the test (it only takes a few seconds), and you'll quickly know if you're up-to-date or not.
If not, update Adobe Flash immediately from http://get.adobe.com/flashplayer/
Subscribe to:
Posts (Atom)