By Ryan Kamauff
- Malware Expands to Instagram – A new variant of the ZeuS trojan is now searching for Instagram user names. The malware uses API calls to try to pull down this data, checking for usernames that are dictionary words, followed by up to 4 characters. The thought is that the malware producer is looking to create an army of Instagram followers for sale. This malware can also like other Instagram images. Via ISS Source, more here.
- Washington Post email system breached by Syrian Electronic Army phishing attack – “A raid by the Syrian Electronic Army (SEA) on the Washington Post this week was aided by a successful phishing attack on the one of its journalists, the newspaper has confirmed.” It appears they also took over one journalist’s Twitter account and posted a lot of pro-SEA tweets. It appears a phishing attack which spoofed Outlook Web made this possible. Via ComputerWorld, more here.
- GAO warns of redundant spending with new $7B surveillance crippler – “The Defense Department is significantly overhauling its approach to airborne electronic warfare, investing upward of $7 billion in a new system to jam enemy surveillance systems and hide U.S. planes, ships and troops from enemy radars.” The GAO believes that many of this money may be redundant spending. Via FedScoop, more here.
- Private, Hybrid Cloud Interest Spurred by Security and Control – “As the cloud model matures, organizations are beginning to pay more attention to private and hybrid cloud options, according to recent surveys. Security, control and application requirements are the driving forces behind this interest.” Many groups (including federal agencies), shy away from public clouds because they desire more control. A Rackspace survey identified that 52% of respondents moved to hybrid or private clouds from public just to increase security. The ability to use the economies of scale and technological advancements of clouds, while maintaining a high degree of security posture, makes private and hybrid clouds even more attractive. Via Network Computing, more here.
- Only 40% of Enterprises have Cloud Security Policy – “A new report from Jude Chao at Enterprise Networking Planet states that only 40% of enterprises have a formal cloud security policy, despite accountability for data and network security resting firmly within the company.” While the Feds have FedRAMP to guide their cloud actions, many organizations are also using the cloud, but just flying by wire. Strong cloud policies will help agencies meet demands safely and securely. Via One Stop Click, more here.
The real vulnerabilities lie in operation technology: Gartner – ‘Lax password implementation has meant that operational technology (OT) is now vulnerable to security attacks. Gartner managing VP, Christian Byrnes, made the observation during the Gartner Security Summit in Sydney, a topic he said is commonly dubbed in security literature as the “IT/OT problem.”‘ As we integrate more systems, unified security policies and procedures are necessary. Via ComputerWorld, more here.
DHS pitches federal cyber projects to Silicon Valley – “The Homeland Security Department is bringing eight cutting edge cyber technologies before the money people in Silicon Valley this week.” DHS is hoping that federally researched products can find commercial support and funding, bringing them to bear on consumer/corporate problems. It will be interesting to see what will come from these programs. Via Federal News Radio, more here.
- NIST Updates Patching and Malware Avoidance Guides – “The US National Institute of Standards and Technology (NIST) has updated two of its computer security guides to help system managers protect their systems from hackers and malware.” These guides can help inform how federal agencies deal with patching, an issue which plagues them to this day. Via InfoSecurity, more here.
- McAfee Executive Chosen To Lead Department Of Homeland Security Cybsersecurity Programs – “The U.S. Department of Homeland Security announced that Phyllis Schneck has been appointed as the new Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD). Schneck is currently Vice President and Chief Technology Officer for the Global Public Sector at McAfee, Inc, the company which is well known for its anti-virus software.” Via Forbes, more here.