CloudCERT in the Critical Infraestructure Protection - Telecommunications event, in Italy
25 Jun 2013
Last June 18 was presented in Rome, Italy, the CloudCERT project in the event Critical Infrastructure Protection - Telecommunications. Italian IPC experts attended the event, that began with a presentation of how the European Community is addressing the cybersecurity issue, and explaining later the CloudCERT project in detail.
Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware.The affected devices have hard-coded passwords that can be used to permit privileged access to devices such as passwords that would normally be used only by a service technician. In some devices, this access could allow critical settings or the device firmware to be modified.
Wall Street sets example for testing security defenses
21 Jun 2013
Wall Street plans to hold a simulated cyberattack against equity markets this month that experts hope will set an example of how industries should test their defenses against assailants. Called Quantum Dawn 2, the drill will involve big Wall Street firms and government agencies, including the Federal Reserve, the Department of Homeland Security (DHS), the Treasury Department and the Securities and Exchange Commission (SEC). About 50 entities are participating in the June 28 exercise, organized by the Securities Industry and Financial Markets Association (SIFMA).
NATO agrees to boost cyber defenses, argues over how
21 Jun 2013
NATO may have agreed that cybersecurity needs to be ramped up the priority list, but the organization's leaders are not so sure about what and who needs defense the most. The organization's ministers agreed on Tuesday that cybersecurity measures need to be strengthened, but smaller allies less able to protect themselves remain of concern.
Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the grid's efficiency and reliability. The National Institute of Standards and Technology in the United States has produced a set of cybersecurity guidelines, called NISTIR 7628, for smart grid programmers across the globe.
New Regulation for EU cybersecurity agency ENISA, with new duties
21 Jun 2013
European Union (EU) cybersecurity agency, ENISA has received a new Regulation, granting it a seven year mandate with an expanded set of duties. The new Regulation means that ENISA now has the scope and authority to make an even bigger difference in protecting Europe's cyberspace.
The Obama's Executive Order directed NIST to work with stakeholders to develop a framework for reducing cyber risks to critical infrastructure. The Framework will consist of standards, guidelines, and best practices to promote the protection of critical infrastructure, and it is currently being updated. Throughout the development of the Framework, NIST will host a series of events and workshops to gather additional input and develop the Framework. The next workshop is scheduled for July 10-12 2013.
Raspberry Pi Converted Into a Handheld Malware Scanner
17 Jun 2013
Experts from IcarusLabs have developed a piece of software that turns any Raspberry Pi device into a handheld malware scanner. The device can be deployed at entrypoints where it will be used to scan the USBs that are allowed in. This will prevent malicious software from getting in. The program is also made in such a way that once it is started, no further maintenance would be necessary.
Guide for security operators to develop Critical Infrastructure Security and Protection Plans
17 Jun 2013
The Spanish Association AEI-Security presented in Madrid the Guide for developing Operator Security Plans and Specific Protection Plans, aimed at technical assistance providers of Critical Infrastructure Security (IICC). 48 Spanish experts from 13 leading institutions in security technologies have worked in the Guide for twelve months.
This malware is used by APT actors for basic surveillance of their victims. Earliest known samples have a timestamp of 2005, although references exist indicating activity as early as 2004. The largest number of samples we observed were created between 2010 and 2013. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.