Tag: critical infrastructure

Malware Supply Chain Links Eleven Attacks

Fresh off their discovery of a previously unknown (‘zero day’) security hole in Microsoft’s Internet Explorer web browser, researchers at the security firm Fireeye say that they have evidence that a string of sophisticated attacks have a common origin. In a report released on Monday (PDF), the firm said that many seemingly unrelated cyber attacks identified in the last year appear to be part of a “broader offensive fueled by a shared development and logistics infrastructure” — what Fireeye terms a ‘supply chain’ for advanced persistent threat (APT) attacks. At least 11 APT campaigns targeting “a wide swath of industries” in recent months were found to be built on a the same infrastructure of malicious applications and services, including shared malware tools and malicious binaries with the same timestamps and digital certificates. “Taken together, these commonalities point to centralized APT planning and development,” Fireeye wrote. The attacks link at least 11 separate […]

Continue Reading

Supply Chain Transparency Doesn’t Extend To Security

We live in an ever-more unstable world in which massive disruptions, whether natural or man-made, are a frequent occurrence. Companies that make everything from aircraft to mobile phones to cappuccino need to be nimble – sidestepping global calamities that might idle assembly lines or leave customers without their morning cup of coffee.  As in other areas, the benefits of technology advancements like cheap, cloud based computing, remote sensors and mobility are transforming the way that companies manage their vast, global network of suppliers. These days, supply chain transparency is all the rage – allowing companies to share information seamlessly and in realtime with their downstream business partners and suppliers. Firms like the start-ups Sourcemap, and LlamaSoft are offering “supply chain visualization” technology that leverages a familiar formula these days: mobility, social networking, crowd-sourced intelligence, and “Big Data” analytics. [There’s more to read about supply chain security on The Security Ledger.]  However, as […]

Continue Reading

Identity Management’s Next Frontier: The Interstate

Factory-installed and even aftermarket identity management applications may soon be standard components on automobiles, as the federal government looks for ways to leverage automation and collision avoidance technology to make the country’s highways and roadways safer.   That’s the conclusion of a new report from the Government Accountability Office (GAO), which finds that vehicle to vehicle communications are poised to take off, but that significant security and privacy challenges must first be met, identity management top among them. The report, GAO 14-13 (PDF available here) takes the measure of what the GAO calls “Intelligent Transportation Systems,” including vehicle-to-vehicle (or V2V) technology. The GAO found that V2V technology that allows automobiles to communicate with each other in ways that can prevent accidents has advanced considerably in recent years. Automakers, working with the Department of Transportation, are testing the technology in real-world scenarios. However, the deployment of V2V technologies faces a number […]

Continue Reading

Week In Security: NSA Spies on Yahoo & Google, Adobe Hack and Healthcare.gov

There’s nothing like a Sunday morning for looking back over the week’s events and trying to make sense of at all – or at least what sense there is to be had. This Sunday was no different – especially after a week that saw continued revelations stemming from Edward Snowden’s leak of classified intelligence on NSA spying, the massive hack of software maker Adobe. Then there was the botched rollout of the federal Healthcare.gov marketplace – which morphed into an even bigger, uglier problem as the week progressed. To help me sort it all out, I called on Nick Selby, the CEO of StreetCred Software and an authority on cyber security, law enforcement, government procurement, Russia, Germany, aviation, travel journalism and all manner of other topics. I love talking to Nick because his wealth of life and professional experience make him predictably unpredictable when it comes to interpreting current events. […]

Continue Reading

BlueTooth on Your Defibrillator? The Case Against Wi-Fi

As more and more devices become networked, the use cases for wireless communications protocols like Bluetooth and NFC (Near Field Communications) multiply. Hardly a week goes by where some company figures out a way to pair wireless communications with some inanimate object or another. (Bluetooth bike locks, anyone?) But what happens when those wireless devices run critical infrastructure or life-saving technology like implanted medical devices? We learned earlier this week that no less than Dick Cheney was concerned enough about wireless attacks on his implanted defibrillator that he had the wireless management features of the device disabled, for fear they could be used in an assassination attempt. Security experts, like Dr. Kevin Fu at The University of Michigan,  doubtful that such an attack was realistic, also refused to rule it out entirely. Given the many, proven tools and strategies for hacking wireless communications like Bluetooth, you might think that foregoing well […]

Continue Reading
1 86 87 88 89 90 97