Tag Archives: virtualization

Human Rights organisation website Serves Gh0st RAT Trojan

According to the company’s Security Labs blog, Amnesty International’s United Kingdom website was compromised and hosting the potent Gh0st RAT Trojan earlier this week. Malicious Java code was planted on the site in a bid to push the Gh0st RAT Trojan onto vulnerable Windows machines. If successful, the attack plants malware onto machines that is capable of extracting the user’s files, email, passwords and other sensitive personal information. Continue reading Human Rights organisation website Serves Gh0st RAT Trojan

Windows Gets Privacy Boost For DNS

New open-source technology locks down the “last mile” traditionally exposed between a Windows computer and the Domain Name Service (DNS) provider, especially in public WiFi networks.

DNS provider OpenDNS today released a Windows version of its DNSCrypt tool for its customers, as well the open-source code for DNSCrypt. OpenDNS in December first rolled out DNSCrypt versions for the Macintosh and Linux operating systems. Continue reading Windows Gets Privacy Boost For DNS

FBI Warns Travelers Using Hotel Networks About New Attack

The FBI is warning travelers to be wary of attempts to infect their computers when they log on to hotel networks. In an intelligence note from the FBI’s Internet Crime Complaint Center (IC3), the agency says that attackers have been targeting travelers abroad when they use the Internet connection in their hotel rooms. According to the FBI, when the victims attempted to set up the hotel room Internet connection, they were presented with a pop-up window notifying them to update a “widely used software product.” Continue reading FBI Warns Travelers Using Hotel Networks About New Attack

Cyber Risks Economics 101

Are cyber-security risks:

  1. a genuine threat;
  2. the result of shoddy math; or
  3. a management consulting conspiracy?

Judging from recent articles, surveys and reports, the answer is “all of the above.” There is a lot of confusion and incomplete and/or inaccurate information regarding cyber-security circulating out there.

Investigative reporter Seymour Hersch has argued that national cyber-risk threats are overstated, perhaps intentionally, by firms that make good money bolstering the country’s cyber defenses: Continue reading Cyber Risks Economics 101

20 Critical Security Controls

Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines

The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. With the change in FISMA reporting implemented on June 1, the 20 Critical Controls become the centerpiece of effective security programs across government These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. Continue reading 20 Critical Security Controls

Slowing time as a way to counter cyberattacks

Researchers offer a new way to deal with cyberattacks on critical infrastructure like power and water utilities and banking networks: slow down Internet traffic, including the malicious code, when an attack is suspected; this would allow networks time to deal with the attacks

One of the striking special effects in the film The Matrix occurs during the scene in which Keanu Reeves’ character Neo, sways and bends to dodge bullets as time appears to slow to a crawl. Now, that scene has inspired researchers to develop a way to deal with cyberattacks on critical infrastructure, like power and water utilities and banking networks. Continue reading Slowing time as a way to counter cyberattacks

A New Cyber Security Model for SCADA

SCADA SystemsThere’s been a lot of discussion around SCADA and ICS cyber security—it impacts our critical infrastructures, which drive a number of key resources including energy, fuel, clean water, biotech and more. What’s more, it drives revenue, and so there’s been a mad rush to the well, a throng of enterprise technology vendors eager to drink deep from this new and lucrative market. Unfortunately, traditional cyber security models don’t always apply, and so the water’s getting muddy but nobody’s thirst is being slaked.

The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them. Because they’re specialized, traditional tools don’t always fit, and because they’re largely purpose built using embedded run time operating systems, man of those tools simply can’t accommodate them. We’ve all heard about the inherent vulnerabilities of SCADA and ICS systems, yet we continue to focus cyber security on the surrounding IT systems using these traditional IT tools. The solution requires a new security model that addresses the specific challenges of the industrial automated world. Continue reading A New Cyber Security Model for SCADA