Tag: reports

Top News Sites Hacked, Syrian Electronic Army Claims Responsibility

The hacktivist group the Syrian Electronic Army claimed responsibility yesterday for a series of hacks of high-profile news sites including CBC News and The New York Times. The group, which has targeted western news outlets in prior incidents, claimed responsibility for the attack, in which visitors reported seeing a pop-up message informing visitors of the compromise. Through a Twitter account group claimed to have used the domain Gigya.com, which sells identity management services to corporations. The attackers manipulated Gigya’s account at domain registrar GoDaddy. Gigya’s operations team released a statement Thursday morning saying that it identified an issue with its domain registrar at 6:45 a.m. ET. The breach “resulted in the redirect of the Gigya.com domain for a subset of users,” CBC reported. Read more via Syrian Electronic Army claims hack of news sites, including CBC – Technology & Science – CBC News.

Continue Reading

Surprise: Branding a Bug is just as Hard as Branding Anything Else!

ZDNet’s @violetblue has a nice piece on the new fad for naming vulnerabilities – seen most recently with the OpenSSL Heartbleed vulnerability and the “Shellshock” vulnerability in Linux’s common BASH  utility. As Blue notes, the desire to “brand” bugs “changes the way we talk about security” – in part by giving complex, technical flaws down a common referent. But does giving a bug a logo make it frivolous? As she notes: the penchant for naming vulnerabilities may stem not from a desire to trivialize them – but a very practical response to the need to keep track of so many security holes in software. Regardless, Heartbleed – and the marketing by the firm Codenomicon that surrounde it – was the bug that launched a thousand ships, including Shellshock, Sandworm, and more. Read more coverage of Heartbleed here. But, as with . As security research and incident response are becoming more lucrative, expect the masonry […]

Continue Reading

New ZigBee IoT Standard To Replace Six Others

One of the main players in the Internet of Things communications space, The ZigBee Alliance, announced that it has merged six existing standards covering everything from building automation to healthcare to form a single standard:ZigBee 3.0. The announcement, last week, comes as ZigBee looks to compete with other emerging IoT standards. It says ZigBee 3.0 will provide interoperability among a wide range of smart devices that communicate based on its technology, laying the ground work for an expansion of IoT technologies. The new standard is being tested. According to the Alliance, the initial release of ZigBee 3.0 includes ZigBee Home Automation, ZigBee Light Link, ZigBee Building Automation, ZigBee Retail Services, ZigBee Health Care, and ZigBee Telecommunication services. The switch will impact tens of millions of devices already using ZigBee standards. However, the transition to ZigBee 3.0 will be gradual, as devices designed to use some of its constituent standards eventually transition to the unified […]

Continue Reading

Regin Espionage Tool Active since 2008 | Symantec Connect

Symantec on Sunday published research describing a new family of malware that it claims has been circulating, quietly, for close to six years. (Gulp!) According to a post on Symantec’s Security Response blog, Regin infections have been observed as far back as 2008, but the malware went quiet after about 2011, only to resurface in 2013 in attacks on a wide range of targets including private and public entities and research institutes. Symantec also observed the malware used in attacks on telecommunications firms and say it appears the malware was being used “to gain access to calls being routed through their infrastructure.”   In a separate research paper, Symantec describes the malware, dubbed “Backdoor.Regin” as a multi-staged threat that uses encrypted components – installed in a series of stages – to escape detection. The key the malware’s stealth is compartmentalization, Symantec found: “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible […]

Continue Reading

Report: DHS and FBI Briefing Grid Operators on Sophisticated Cyber Attacks

A spate of reports in recent days has put the media’s attention back on the security of the energy sector and critical infrastructure more broadly. Notably: this CNN report that cites NSA director Admiral Mike Rogers telling the audience at a power grid security conference in San Antonio, Texas in October that “power… is one of the segments that concerns me the most.”   What’s changed? For one: the uptick in ICS-specific malware like BlackEnergy. A spate of attacks based on that malware and others have targeted critical infrastructure players in recent months. According to a confidential memo obtained by CNN, the FBI and DHS are now traveling the country to warn utilities and other critical infrastructure owners about targeted attacks on industrial control systems. Some of those attacks are exploiting previously unknown (or “zero day”)  vulnerabilities in ICS systems, CNN reported. The U.S. Government has been warning about the threat of cyber attacks on […]

Continue Reading
1 89 90 91 92 93 124