Cyber criminals tying up emergency phone lines through TDoS attacks
19 Apr 2013
Emergency-service providers and other organizations are being targeted with TDoS (telephony denial of service) attacks, according to a security alert from the Department of Homeland Security (DHS) and the FBI obtained by security expert Brian Krebs. TDoS attacks use high volumes of automated calls to tie up target phone systems, halting incoming and outgoing calls.
The U.S. critical infrastructure Cyber emergency team said that critical infrastructure providers should be careful about posting industry event and business contact information on their Web pages because that data has been used to customize "spear fishing" attacks aimed at the larger critical infrastructure community.
EU Agency ENISA: Internet Service Providers fail to apply filters against big cyber attacks
12 Apr 2013
In its analysis of a recent massive cyber-attack, EU cyber-security agency ENISA today points out that Internet Service Providers (ISPs) have failed to apply well-known security measures which have been available for over a decade. The Flash Note focuses on the large-scale cyber-attack that was mounted in March against the Non-Profit Organisation Spamhaus, which is based in Geneva and London. The digital assault caused noticeable delays for internet users, primarily in the UK, Germany and other parts of Western Europe.
On the 11th April ENISA organises the 15th ENISA Workshop on Cyber Exercises in Brussels. The event will give the opportunity to EU Member States to discuss the implementation of the lessons learned from the Cyber Europe 2012 and plan the next EU cyber crisis cooperation exercises.
Celebrated on April 15-16 in New York, This workshop is an opportunity to provide EU national/governamental CERT teams technical specialists hands-on training, and additionally to offer a chance to exchange contacts. Participants get to know and meet again other CERT team members, and share their opinions about best practices and experiences. It will take place in Bucharest, on May 21st and 22nd.
ENISA 8th annual workshop CERTs in Europe - Part I
10 Apr 2013
This workshop is an opportunity to provide EU national/governamental CERT teams technical specialists hands-on training, and additionally to offer a chance to exchange contacts. Participants get to know and meet again other CERT team members, and share their opinions about best practices and experiences. It will take place in Bucharest, on May 21st and 22nd.
DHS List of Priority Assets Needs to Be Validated and Reported to Congress
5 Apr 2013
The Department of Homeland Security (DHS) has made several changes to its criteria for including assets on the National Critical Infrastructure Prioritization Program (NCIPP) list of the nation's highest-priority infrastructure, but has not identified the impact of these changes or validated its approach.
UK: MI5 and industry join forces to fight cybercrime
5 Apr 2013
The government is creating a cell where analysts from MI5 and GCHQ, the domestic eavesdropping agency, will work with private sector counterparts. What the fusion cell will be doing is pulling together a single, richer intelligence picture of what is going on in cyberspace and the threats attacking the UK.
An anonymous researcher published the results of an Internet Census, an internet-wide scan conducted using 420,000 insecure devices connected to the public internet and yielding data on used IP space, ports, device types, services and more. After scanning parts of the internet, the researcher found thousands of insecurely configured devices using insecure or default passwords on services and used this fact to make those devices into scanning nodes for his project.
Securmatica 2013, Spanish Congress of Information Security
1 Apr 2013
The main objective of this event, held between 23 and 25 April in Madrid, is to provide an overview of the current status of cyber security and information protection in terms of technical, organizational and legal, making special emphasis on exposure of reference projects in the field, exposed in tandem by cosponsoring companies and corporate users.