Here are the top cyber news and stories of the day.
- Cyber Threats to Energy Sector Happening at ‘Alarming Rate’ – a recent report from DHS’s Industrial Control System’s CERT found that attacks on the energy sector are growing. Of the 198 incidents they had reported, over 40% were directed at the energy sector. These include USB infections at an electric utility and a power generation facility. Via WSJ, more here.
- Patient safety requires coordinated public-private strategy, says ONC plan – Promoting the healthcare industry’s use of health information technology to make care safer is the primary objective of a Dec. 21 plan from the Office of the National Coordinator for Health IT. The ONC is making a push for shared responsibility and partnership to protect the safety and security of patient information. Via FierceGovernment IT, more here.
- Hackers Secure F-35 Fighter Plans – recent attacks on US government contractors may have put the avionics of the F-35 fighter plane at risk. Apparently, the thought that China (or other nations) might be interested in the F-35 (after they did the same to the F-22) just never occurred to these people. BAE was the spot of the first intrusion, which included monitoring meetings and online data, for 18 months. Oops. Via ISS Source, more here.
- Chrome Clickjacking Vulnerability Could Expose User Information on Google, Amazon – An apparent clickjacking vulnerability in Chrome could lead attackers to get PII on users, according to research released this week. Apparnetly, there is a malicious page in Google’s support forums which offers a treasure trove of information about the users to the attackers. An additional attack vector is by using an Amazon.com comment to gain the same information. Via ThreatPost, more here.
- Growing confidence in cloud security – The CIO of Yale University, Len Peters, has undertaken a cost-savings analysis of many IT sectors and has found that not only do unit-cost decline, but he might be able to increase security compliance offerings. He found that while there are risks, if managed, they are no more or less than standard IT risks. Via CSO Online, more here.
- 7 deadly sins of cloud computing – David Geer, of CSO Online, outlined his 7 top failings of cloud users. They range from failing to secure identification and authentication to not understanding the costs associated with cloud. If you are considering a cloud architecture, it is a solid checklist to guide you. Via CSO Online, more here.