Sequester hasn’t hurt regulatory spending, Einstein 3 goes live and more

July 25, 2013
No Comment


DHSHere are the top cyber news and stories of the day.

  • Compromised websites at hosting companies more than doubling daily from a year ago, report finds – Cloudmark, a messaging security firm, has found that over 500 web servers are compromised daily, up from 200 a day last year. Cloudmark bases their analyses on spam filtering, which it provides for close to 2B mailboxes (yes billion). Hacking web servers is a recent change in TTPs for malicious actors, and is paying great dividends because each server touches more users than many other vectors. Via ComputerWorld, more here.
  • Federal data center consolidation still a futile effort – “Witnesses called to testify before the House Committee on Oversight and Government Reform on July 25 were grasping at straws in an effort to defend their agencies, after relentless berating by committee members.” The FDCCI has been plagued by FUD, to say the least. Recently, the Federal CIO has said he will be looking more to efficiency than numbers, looking to protect data centers providing shared services rather than worrying about hard numbers. It will be interesting to see how this (very necessary) effort plays out. Via FedScoop, more here.
  • New Trojan could create headaches for banks, customers – A new piece of malware, known as KINS, is retailing for $5,000 an instance, and is climbing in popularity. It has both plug-in capabilities and works with SQL injections. The malware has emerged at an opportune time for the developer, because many malware developers have fled the limelight due to increased scrutiny from security agencies. Via ComputerWorld, more here.
  • Mobile Dating App Tinder Says Security Breach Lasted Hours, But Two Weeks Is A Lot Of Hours – A hole in the Tinder dating app was discovered July 8th, but not fully patched until the 24th. Of course Tinder is claiming they fixed it in “hours,” but as the title of this article claims, we all know how to do the math to turn weeks into hours. Pretty much every dating or social networking site gets hit in its infancy, so hopefully this is just a rite of passage for the application. Via Consumerist, more here.
  • First agency set to use new DHS cybersecurity program – “Einstein 3, the latest version of a Department of Homeland Security program designed to protect agency computer systems from cyberattacks, is going live Wednesday evening.” DHS turned on the program at 7PM last night. Einstein 3 is said to have enhanced monitoring and defense capabilities (even the ability to “stop” attacks). Via Federal Times, more here.
  • Syrian Electronic Army hacks into Viber database – The SEA has hacked into the Israeli VoIP app Viber’s support systems, and posted a message. They are asserting that the app has ties to the Israeli government, and is being used to spy on user. I have used the Viber app in its infancy and was not too impressed with the app’s quality, but might have to check it out again. The app provides VoIP to VoIP to other users with the capability installed. Via CNet, more here.
  • Sequester hasn’t hurt regulatory spending – In an ironic twist of fate, the federal agencies responsible for regulation will be receiving as much, if not more, funding in the coming years, despite what was billed as a government-wide sequestration. Due to recent legislation, agencies such as FDA, the PTO and HHS will be receiving more dollars while belts tighten across (the rest) of the federal government. Via FedScoop, more here.
  • Tactical military satellite comms need hardening, says CSBA study – “Increasing military use of satellite communication for tactical operations means the Defense Department should create a new tier of protected space systems, says the Center for Strategic and Budgetary Assessments’s Todd Harrison.” As someone whose life may one day rely on the security of these networks (umm Blue Force Tracker anyone???), I hope they can figure out these details. Via FierceGovernmentIT, more here.
  • Good cyber security starts at board level, not IT – This article details something you hear in almost every high-level cybersecurity conversation. Buy-in at the “C” level is needed more than any investment at the lower levels. With a high percentage of breaches caused by human negligence, the human training, education and accountability angle is just as important as the technical side. Via the Guardian, more here.