Monthly Archives: May 2016

YORKTOWN HEIGHTS, NEW YORK––IBM has created a computer, called Watson, that will play against the best Jeopardy contestants for three nights, Feb. 14, 15, and 16. The host of Jeopardy, Alex Trebek, rehearses for the upcoming show. (Photo by Carolyn Cole/Los Angeles Times via Getty Images)

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats. IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity. The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks. IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Read more at
http://www.darkreading.com/threat-intelligence/ibm-watson-will-help-battle-cyberattacks/d/d-id/1325506?

Secretary of Defense Ash Carter met with Swiss Defense Minister Guy Parmelin in Davos, Switzerland at the World Economic Forum on Jan. 21, 2016.(DoD photo by U.S. Army Sgt. 1st Class Clydell Kinchen) (Released)

The annual World Economic Forum (WEF) in Davos, Switzerland in January drew a powerful cyber-attack, according to Swiss defense minister Guy Parmelin. Swiss newspaper Tages-Anzeiger is reporting that the attack was not successful, but it does indicate a pattern of high-level attempts. Parmelin said that he suspects economic espionage as the reason behind the attack, but added that a nation-state led offensive could be plausible as well. He also said that he suspects the attackers to be of Russian origin—though no official accusations have been made. “Significant events, like the World Economic Forum, serve as a hub for important conversations and attract high-profile visitors from all over the world,” Kaspersky Lab researchers said. “But a high concentration of important people in one place also attracts malicious cyber-attackers, who consider public events a good opportunity to gather intelligence with the help of targeted malware.”

Read more at
http://www.infosecurity-magazine.com/news/swiss-defense-minister-davos-was/

nist-cyber-security-framework-cybersecurity-controls-policy

Security frameworks continue to see adoption, with the CIS Critical Security Controls for Effective Cyber Defense (CIS Controls) ranked as a leading framework in use, along with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. An adoption survey from Dimensional Research concluded that 84% of respondents used some type of security framework, and most organizations surveyed used more than one.  “The…survey shows strong adoption of both the NIST Cybersecurity Framework [CSF] and the CIS Controls, and notes that this is not an ‘either-or’ situation. The CIS Controls complement the overarching NIST CSF with a specific action plan to focus on the most effective technical controls that stop cyber attacks,” said CIS SVP Tony Sager. “By aligning the CIS Controls with the NIST CSF, we provide an ‘on-ramp’ to rapid security improvements for enterprises in a way that can be sustained, explained, and made part of the larger corporate risk management process.”

Read more at
http://www.infosecurity-magazine.com/news/nist-cis-security-frameworks-see/

BiometricsFor organizations considering biometrics as they move away from reliance on usernames and passwords, it’s important to remember that regulation of the personal information that such systems collect (fingerprint patterns, for instance) is becoming front and center for many governments. Fortunately, device-side matching of biometric data is a compelling approach to satisfy key privacy requirements, according to a white paper from PwC Legal and Nok Nok Labs comparing key privacy implications of on-device and on-server matching of biometric data. The protection of personal information like retinal scan or fingerprint identifiers becomes especially important in cross-border personal data transfers, as are the benefits of individual choice and control around such personal data.

Read more at
http://www.infosecurity-magazine.com/news/pwc-deviceside-biometrics-a-key-to/

FBI-TOR-Firefox-HackMozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser.TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded.
 

 

Linux-KernelHow to Hack an Android device? It is possibly one of the most frequently asked questions on the Internet. Although it’s not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access. Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor. Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide.

Read more at
http://thehackernews.com/2016/05/android-kernal-exploit.html

 

Facebook-Capture-the-flag-ctfHacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment? Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised.

 

OpenSSL-Vulnerability
OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic. OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. One of the high-severity flaws, CVE-2016-2107, allows a man-in-the-middle attacker to initiate a “Padding Oracle Attack” that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. A Padding Oracle flaw weakens the encryption protection by allowing attackers to repeatedly request plaintext data about an encrypted payload content. The Padding Oracle flaw (exploit code) was discovered by Juraj Somorovsky using his own developed tool called TLS-Attacker, which allows developers to test their TLS servers with specific TLS messages.

Read more at
http://thehackernews.com/2016/05/openssl-vulnerability.html

Protecting-WiFi

Wireless Networking (Wi-Fi) has made it very convenient for anyone to access the Internet via a computer, mobile phone, tablet, or other wireless device anywhere within range of a network’s signal. Every day thousands of people purchase a wireless router and attach it to their home networks. Most wireless routers are shipped with a default network name, default username and password, and no security settings enabled. This allows almost anyone to configure and setup their network within a matter of minutes. However, before connecting to the wireless network, the wireless router needs to be made as secure as possible to prevent unauthorized access.

Read more at
http://bit.ly/1SYSVOo

EncryptionGoogle is boosting the security of its Gmail service in an effort to keep them protected from phishing attacks, malware, and other threats.

On Tuesday, the company announced that it would start informing users about potentially unsafe messages in their inbox, including emails that are not encrypted, Gerhard Eschelbeck, VP, Security and Privacy, Google, explains in a blog post. Additionally, Gmail will warn users when sending messages to recipients on email services that do not support TLS encryption. A warning will be displayed when the sender’s domain couldn’t be authenticated as well, the Internet giant explains. The warnings will appear in the form of a broken lock icon when sending or receiving a message to/from a service that doesn’t support TLS encryption, or as a question mark where a profile photo or logo should otherwise appear, when receiving a message that can’t be authenticated.

Read more at
http://www.securityweek.com/google-enhances-security-alerts-gmail

US-Military-Cyber-SecurityThe US military’s secretive Cyber Command (CYBERCOM) is working to destroy the Islamic State group’s Internet connections and leave the jihadists in a state of “virtual isolation,” Pentagon chiefs said Thursday.

In what he described as the command’s “first major combat operation,” Defense Secretary Ashton Carter said CYBERCOM is playing an important role in the US-led military operation against the IS group in Iraq and Syria. “The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population, interrupt its ability to recruit externally,” Carter told lawmakers at a Senate Armed Services Committee meeting, using an acronym for the IS group. “We’re bombing them, and we’re going to take out their Internet and so forth as well. Carter’s top military advisor General Joe Dunford, who is Chairman of the Joint Chiefs of Staff, said the goal was to cut off the jihadists’ lines of communication. “The overall effect we’re trying to achieve is virtual isolation. And this complements very much our physical actions on the ground, and the particular focus is external operations that might be conducted by ISIL,” Dunford said.

Read more at
http://www.securityweek.com/pentagon-working-take-out-islamic-states-internet

Ransomaware-virus-Shuts-Down-ElectricRansomware has become an albatross around the neck, targeting businesses, hospitals, and personal computers worldwide and extorting Millions of Dollars. Typical Ransomware targets victim’s computer encrypts files on it, and then demands a ransom — typically about $500 in Bitcoin — in exchange for a key that will decrypt the files. Guess what could be the next target of ransomware malware? Everything that is connected to the Internet.There is a huge range of potential targets, from the pacemaker to cars to Internet of the Things, that may provide an opportunity for cybercriminals to launch ransomware attacks. Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility’s internal computer systems offline.

Read more at
http://thehackernews.com/2016/04/power-ransomware-attack.html

FBI-Hack-any-Computer
The Federal Bureau of Investigation (FBI) can now Hack your computers anywhere, anytime.
The FBI appeared to have been granted powers to hack any computer legally across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any United States judge. The U.S. Supreme Court approved yesterday a change in Rule 41 of the Federal Rules of Criminal Procedure that would let U.S. judges issue warrants for remote access to electronic devices outside their jurisdiction.