Security updates could slow Navy’s computer network, Concerns around insider threats escalate and more

September 24, 2013
No Comment


NavyHere are the top cyber news and stories of the day.

  • Concerns around insider threats escalate – ‘Vormetric announced the results of its “Insider Threat” survey, which surveyed more than 700 IT decision-makers. The study of mid-market and enterprise organizations indicates that 54 percent believe it is more difficult to detect and prevent insider attacks today than it was in 2011. Additionally, 46 percent say they are vulnerable to an insider threat attack – in spite of their existing security skills, resources, processes, and technologies.’ We may also see a higher incidence of insider threats due to psychological, sociological and political issues. Via Help Net Security, more here.
  • How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA – In 2007, a young programmer identified that “ a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.”  Via Wired, more here.
  • Security updates could slow Navy’s computer network – ‘The fleet is “applying upgrades to enhance its network reliability and cybersecurity,” according to a news release issued late Friday night from Fleet Cyber Command — moves that will protect the network in the long run, but could create limited short-term network issues.’ Via Navy Times, more here.
  • Amazon S3 API for cloud storage leads pack, for now – “Even if it proves to be a temporary standard, the Amazon Simple Storage (S3) application programming interface (API) gives developers a robust and simple way to write storage applications for the cloud. However, it hasn’t ended the debate over what cloud storage API will ultimately win.” Via Search Cloud Storage, more here.
  • Twitter fixes Tweet button issue that downloaded a torrent file – “Some Twitter users were surprised Monday when they clicked a button to share content from third-party websites but instead downloaded a mysterious torrent file.” This is a potentially very damaging vulnerability, which also makes Twitter look extremely bad. Via ComputerWorld, more here.
  • A short overview of Android banking malware – Android is the mobile operating system most often compromised by malware. Most of this malware focuses on premium text messages and other activities, but some of it has started to focus on mobile banking. There are three key mobile banking malware capabilities, all which are  ”mobile cousins,” of Windows malware. Via Help Net Security, more here.
  • Q&A: Attackers target Internet Explorer zero-day flaw – “SEATTLE – The security community is on high alert for targeted attacks against a serious new vulnerability disclosed by Microsoft that exists in all supported versions of Internet Explorer. Attackers are using this zero day security hole to target IE 8 and IE9f. It’s called a zero day because there is no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it.” Via USA Today, more here.