By Ryan Kamauff
Here are the top cyber news and stories of the day.
- Medical devices vulnerable to hackers warns FDA – “In a recent safety alert, the FDA has officially outlined these potential vulnerabilities and incidents that could directly impact medical devices or hospital network operations[.]” Security is key in any device that touches the network. Medical security issues can allow fraudulent charges on Medicare and other insurance companies, causing billions of dollars in damages. Via Security InfoWatch, more here.
- The biggest security snafus of 2013 (so far) – This ComputerWorld article by Ellen Messmer, does a great job detailing some of the worst security foul-ups of the first half of 2013. These attacks include those on federal agencies (including key national security targets like DHS), pirated software, Java, and more. Check out the full list, here.
- Ubisoft breached, user account credentials compromised – The videogame company, Ubisoft, has suffered a massive security breach. “[E]mail addresses, usernames and (encrypted) passwords [have been] compromised.” This exploit came in through a website, reinforcing that notion that websites are one of the largest attack surfaces for firms. Via Help Net Security, more here.
- Nature, profile of cyber attackers known through digital forensics: report – A recent FireEye report, “Digital Bread Crumbs: Seven Clues to Identifying Who’s Behind Advanced Cyber Attacks.” has created profiling of cyber attackers based on over 1,500 attacks. This report uses forensic knowledge and study of the victim to come up with their assertions. Via ComputerWorld, more here.
- With a simulated attack, Wall Street gears up to combat virtual threats – Simulations are valuable training assets in any scenario, especially the cyber domain. Simulated attacks can help improve response times, standard operating procedures (SOPs) and coordination. Various members of major financial organizations are coordinating with the Securities Industry and Markets Association to simulate an attack on July 18th. This will provide valuable lessons learned and tips for a real attack. Via The Day, more here.
- Symbiotic malware work together to avoid anti-virus detection – “Malware known as Win32/Vobfus works in a symbiotic relationship with other malware, Microsoft security has uncovered.” If worms and viruses work together, we could all be in for a rough ride. The malware uses its access to install more malicious software on the machine, increasing the difficulty of remediation and cure. Via Info-Security, more here.
- Sourcefire upgrades security platform – Sourcefire, the open-source repository, is upgrading their security capabilities. A fair amount of software has been found on the site already possessing malware. “Sourcefire is touting its FirePOWER platform as the next-generation intrusion prevention system (IPS) and the next-generation firewall (NGFW).” We have seen the DoD is moving from “protecting packets” to a more encrypted data protection methodology, but it will be interesting to see how this works out for Sourcefire. Via ComputerWorld, more here.
Phishing surge shows human element weakest link in cyber-defense – “Kaspersky has identified an alarming rise in phishing attacks this year, with an average of 3,000 users being attacked in this manner every day in the UK (up three times from 2011-2012).” This trend is pointing to the increasing need for quality cyber education. If users can identify phishing attacks, they can avoid them. Via InfoSecurity, more here.