Here are the top cyber news and stories of the day.
- Malware Infects Two Power Plants Lacking Basic Security Controls – The most recent DHS Industrial Control System (ICS) CERT report has knowledge of two infected power plants via USB drive vectors. Updated antivirus software did find the malware, but not for some time. Via ThreatPost, more here.
- Oracle says Java is fixed; feds maintain warning – Oracle said yesterday that they had fixed the vulnerabilities in the omnipresent Java code; however, DHS retorted that “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,” in an update on their website. Oracle claims that all these vulnerabilities (and more) will be fixed when Java 7u11 is installed. Via Daily Record, more here.
- NASA awards CSC $103 million contract – Computer Science Corporation has won a $103 million contract to provide support to NASA Goddard Space Flight Center’s Computational and Information Science Technology Office,according to the agency. Under the contract, CSC will provide high-end computing, data and general support services for CISTO, NASA said. CSC will also provide Goddard’s Sciences and Exploration Directorate with information technology and computational services. Via FedScoop, more here.
- DARPA’s New Mission: Cloud Security – DARPA has started a new program, Mission-oriented Resilient Clouds (MRC), which should work with the federal cloud strategy to provide cloud services to DoD organizations in need. MRC is looking to extend cloud capabilities and strengthen defenses, while complying with FedRAMP standards. DARPA is looking to create “shared situational awareness and dynamic trust models.” Via Internet Evolution, more here.
- $420 MILLION TSA PROGRAM DOESN’T WORK – The U.S. Department of the Army issued a Federal Register notice that the TWIC card will no longer be used to authenticate users for access to certain Department of Defense computer systems. Apparently, the PKIs used for the TWIC program cannot be used to authenticate. The TWIC program has been under fire since its inception, and this is nothing new. Via WND, more here.