Tag: Government

Podcast: The Art Of Hiring Hackers

The Black Hat and DEFCON security conferences wrapped up last week in Las Vegas. Most of the media attention was (naturally) focused on the content of the presentations – including talks on the security of consumer electronics, automobiles and, of course, on the privacy implications of the recently revealed NSA surveillance program PRISM. But for the companies that pay money to send staff to these shows, the content of the talks is only one draw. Black Hat and DEFCON also serve a lesser known, but equally important role as magnets for some of the world’s top talent in obscure disciplines like reverse engineering, vulnerability research, application security analysis and more. Come August, any organization with a dog in the cyber security fight (and these days, that’s a lot of organizations) is in Las Vegas for a chance of meeting and hiring that top cyber security talent. What do companies that […]

Continue Reading

Are Anti-Mule Ops Breaking The Bank Fraud Kill Chain?

Mules are the “last mile” in many online fraud operations: the unwitting dupes, or witting co-conspirators who lend their legitimate bank account (and reputation) to fraudsters who are looking for a way to cash out funds from a compromised account. Mules – often lured with promises of “work-from-home” riches receive fraudulent transactions, then immediately withdraw the funds and wire them to the fraudsters, minus a healthy “commission.”   In recent years, there has been ample coverage in the media of cyber crime and fraud and the role of money mules in scams. (I note Brian Krebs excellent reporting on the mule problem on his blog.)  And yet, the supply of mules seems to be endless. Or is it? According to researchers at the security firm RSA, bank account cash-out attacks are becoming less common online, and a sharp increase in busts on money mules may be the cause. Writing on […]

Continue Reading

PRISM Watch: US Cyber Command Chief Addresses Black Hat

I’m here at the Black Hat Briefings in Las Vegas, the U.S.’s most prominent “hacker con.” I’ll be bringing you news and updates from the show and (a bit) from DEFCON for the remainder of the week.   As for the Briefings – the long and short of things is that all the buzz right now is about General Keith Alexander’s keynote speech this morning. Of course, keynotes are always a big deal, but its not even 8:00 AM and there’s a bit of a crush in the press room, with TV crews from major media outlets setting up in the Augustus ballroom, where Alexander will speak. Why? This speech is big because its one of the first – if not the first – post-PRISM public address by Gen. Alexander, who is the Commander of U.S. Cyber Command (USCYBERCOM) since the leaks by former NSA contractor Edward Snowden burst into the […]

Continue Reading

Emergency Alert System: Vulnerable Systems Double, Despite Zombie Hoax

You’d think that the prospect of a zombie invasion would prompt our nation’s broadcasters and others who participate in the Emergency Alert System (EAS). Just the opposite is true. Months after a bogus EAS message warning about a zombie uprising startled residents in Michigan, Montana and New Mexico,  the number of vulnerable EAS devices accessible from the Internet has increased, rather than decreased, according to data from the security firm IOActive. In a blog post Thursday, Mike Davis, principal research scientist at IOActive said that a scan of the public Internet for systems running versions of the Monroe Electronics software  found almost double the number of vulnerable systems in July – 412 – as were found in April, when an IOActive scan of the public Internet using the Shodan search engine found only 222 vulnerable systems. IOActive first notified Monroe Electronics about vulnerabilities in its DASDECS product in January of […]

Continue Reading

NIST Cyber Security Draft Framework Puts Execs In Driver’s Seat

The U.S. government’s federal technology agency has published a draft version of a voluntary framework it hopes will guide the private sector in reducing the risk of cyber attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) published a draft of its Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure on Monday. The document provides a guide for critical infrastructure owners of different maturity levels to begin documenting and understanding their risk of cyber attack, and – eventually – to measure their performance in areas such as asset management, threat detection and incident response. The framework was called for by Executive Order 13636, signed by President Obama in February. In that order, NIST was charged with creating a framework for sharing cyber security threat information and information on successful approaches to reduce risks to critical infrastructure. The Framework is comprised of five major cybersecurity functions: Know […]

Continue Reading
1 85 86 87 88 89 98