Here are the top cyber news and stories of the day.
- DISA awards $1.4 billion network support IDIQ – DISA has awarded 7 vendors spots on the Global Information Grid Services Management-Engineering, Transition and Implementation contract. The contract has a total value of $1.4B, and an initial period of two-years, followed by a two-year option and then possibly a one-year option. Via FedScoop, more here.
- Google Discovers Fraudulent Digital Certificate Issued for Its Domain – On Christmas Eve, a Turkish Trusted Root certificate authority was tricked into issuing a two entities intermediate Certificate Authority. An unauthorized Google.com certificate was issued and the entity participated in man-in-the-middle behavior. When Google realized this, their Chrome browser blocked the certificate from being recognized. Via Threat Level, more here.
- Symantec links latest Microsoft zero-day with skilled hacker gang – Symantec is attributing the recent Microsoft zero-day to a group they call Elderwood. They believe that the latest code has similarities to other coding attributed to the group. Symantec says the group may possess as many as 9 zero-day vulnerabilities since they have been tracking them. Via Computerworld, more here.
- DHS to pick up $6 billion tab for Cyber Surveillance systems at every department – The DHS is potentially paying the bill for a program that will provide civilian agencies with near real-time threat detection. This project, projected to run 5 years, requires DHS to take all of the responsibility for cyber surveillance. Via NextGov, more here.
- Secret US cybersecurity program to protect power grid confirmed – According to recently released reports, the NSA has been footing a progam, Perfect Citizen, to protect our power grid. This really makes me happy. So many people take the power grid for granted (even after superstorm Sandy last year) and the threats against it continue to grow. In the fourth year of a five-year program, the project is headed by Raytheon technicians. Via Yahoo!, more here.
- Microsoft to patch Windows 8, but stays mum on IE zero-day fix – Microsoft announced that they would be releasing multiple security patches next week, but made no mention of the IE zero-day attacks. News of these IE zero-day attacks has been floating around since December 7th, so it is high-time someone fixes the problem. Via Computerworld, more here.
- Park, Shah on open data and global development – US CTO and US Agency for International Development Administrator Raj Shah discussed their lessons learned in a blog post here. It seems like the event was a strong one, and will continue to be as our reliance on big data continues. FedScoop, more here.
- Killer Apps’ list of 5 things we learned about cyber in 2012 – This list by John Reed, highlights some of the key events of 2012, including Stuxnet, cyber deterrence, and cyber fire support on demand. It’s a short but extremely inteersting read.