Social Network For Security Executives: Network, Learn & Collaborate
The Army CIO has failed so far to implement an effective cybersecurity program for commercial mobile devices (CMDs), and until the service does so its networks will remain vulnerable to cyberattack and possible leaks of sensitive data, according to a report from the Defense Department’s Inspector General.
The DOD IG study sought to determine whether the Army had an effective cybersecurity program that was capable of identifying and mitigating risks around CMDs and removable media. During site inspections, IG officials sought to verify whether Army officials were properly tracking, configuring and sanitizing CMDs.
Chpwn and other developers hit with iMessage DoS attack
Over the past few days, several well-known iOS and jailbreak developers have reported that they’ve been hit with an iMessage DoS, or denial of service, attack. The attacks feature a series of spam messages that end up crashing the iMessage app.
The list of affected developers include Sn0wBreeze creator iH8sn0w, Zephyr creator Chpwn, and others. And the perpetrator has been tracked to a Twitter account involved in selling things like provisioned UDIDs and Siri proxy servers…
Cybercriminals Use Evernote as C&C(Command & Control) Server
With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks.We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote via https://evernote.com/intl/zh-cn, which is a legitimate URL.
Spamhaus DDoS Attacks Triple Size of Attacks on US Banks
The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date, claims he is the victim of an establishment conspiracy.Investigators have accused Dutch internet operator Sven Kamphuis of unleashing DDoS attacks in support of web hosting company Cyberbunker after it was blacklisted by anti-spam website Spamhaus.But Kamphuis said the allegations against him were caused by the row between his company Cyberbunker and Spamhaus, according to the Telegraph.
An analysis by security risk management company Rapid7 found that one in six of the data storage buckets the company studied were incorrectly set as “public.”Bad system configurations are exposing countless pieces of data housed in Amazon Simple Storage Service (S3) "buckets" and leaving them open to prying eyes.
Amazon S3 is an online storage service offered by Amazon. The number of database objects users can store is unlimited. The objects are stored in buckets and users retrieve them with a unique, developer-assigned key. According to vulnerability management firm Rapid7, however, many businesses are not properly restricting access to those buckets. In an analysis, Rapid7 found 1,951—or approximately one in six—of the 12,328 buckets it analyzed were public.
A Spanish Linux software group has filed a complaint against Microsoft to the European Commission over its controversial implementation of UEFI Secure Boot for Windows 8 hardware.
The Linux group Hispalinux filed a complaint with the Madrid office of the European Commission on Tuesday morning,according to Reuters.
The complaint focuses on the Microsoft's Windows 8 "certified PC" feature UEFI (Unified Extensible Firmware Interface) Secure Boot, which the group has labelled an "obstruction mechanism".
In the US, it's spring, aka tax fraud season.To remind taxpayers to be on the lookout for scams ranging from identity theft to return-preparer fraud, the Internal Revenue Service (IRS) on Tuesday posted its Dirty Dozen list of tax scamsfor 2013.
The IRS compiles the list every year. It notes that taxpayers can expect the scams any time of year, but many of the schemes peak now, during filing season.
Using Customer Premise Eqipment to Take Over the Internet
It’s the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet?
The answer to those questions, and several related ones, appears to be yes. Two researchers took a stab at what would happen if enough home Internet connections were pieced together for such purposes and learned that a dangerous mix of lax security and insecure default configurations from ISPs and vendors alike are contributing to this risk.
(Reuters) - With its rare apology, Apple Inc went from pariah to praiseworthy in the eyes of China's state-controlled media, a lesson for other foreign firms not to underestimate the speed and power of the government press.
After coming under near-daily media assault for the past two weeks and facing the threat of penalties from two Chinese government bureaus, Apple apologized to Chinese consumers on Monday for poor communication over its warranty policy and said it will change the terms for some of its iPhones sold in China.