Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage

Posted:

InfoSec News: Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage: http://www.wired.com/threatlevel/2010/11/stuxnet-clues/
By Kim Zetter Threat Level Wired.com November 15, 2010
New and important evidence found in the sophisticated “Stuxnet” malware targeting industrial control systems provides strong hints that the code [...]

Aussie forces ready, but cyberwar is chaff

Posted:

InfoSec News: Aussie forces ready, but cyberwar is chaff: http://www.zdnet.com.au/aussie-forces-ready-but-cyberwar-is-chaff-339307244.htm
By Darren Pauli ZDNet.com.au November 16th, 2010
Australia's military and defensive structures place it in a better shape to defend itself against cyber attacks than the United States, according to a senior analyst. [...]

'Super-secret' debugger discovered in AMD CPUs

Posted:

InfoSec News: 'Super-secret' debugger discovered in AMD CPUs: http://www.theregister.co.uk/2010/11/15/amd_secret_debugger/
By Dan Goodin in San Francisco The Register 15th November 2010
A hardware hacker has discovered a secret debugging feature hidden in all AMD chips made in the past decade.
The password-protected debugger came as a shock to reverse-engineers who have hungered for an on-chip mechanism for performing conditional and direct-hardware breakpoint operations. Although AMD has built the firmware-controlled feature into all chips since the Athlon XP, the company kept it a closely guarded secret that was only disclosed late last week by a hacker who goes by the name Czernobyl.
“AMD processors (Athlon XP and better) have included firmware-based debugging features that expand greatly over standard, architecturally defined capabilities of x86,” the hacker wrote. “For some reason, though, AMD has been tightly secretive about these features; hint of their existence was gained by glancing at CBID's page.”
To put a chip into developer mode, a user must first enter what amounts to a password -- 9C5A203A -- into the CPU's EDI register. Czernobyl was able to deduce the secret setting by brute forcing the key.
[...]

Cybercriminals, Insiders May Work Together To Attack Businesses

Posted:

InfoSec News: Cybercriminals, Insiders May Work Together To Attack Businesses: http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=228200983
By Robert Lemos Contributing Writer DarkReading Nov 15, 2010
For 19 months, an employee at Johns Hopkins Hospital allegedly stole patients' identities, feeding the information to four outsiders who used the data to charge more than $600,000 in goods on store credit. Jasmine Amber Smith, 25, has been charged with using her inside access to fuel the identity theft ring.
Employees working with cybercriminals might not be the norm for security breaches, but it's not a rare crime, either, experts say. It's not unusual for cybercriminals to gain inside access through bribery and solicitation -- two components of social engineering, according to Verizon Business' Data Breach Investigations Report. Social engineering accounted for 28 percent of breaches analyzed in the report, with solicitation and bribery leading to nearly a third of those breaches.
"These were scenarios in which someone outside the organization conspired with an insider to engage in illegal behavior," the report says. "They recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score."
While stolen data can cause public relations headaches and lose the goodwill of customers, a company's customer data may not be its most valuable asset. Companies' proprietary knowledge and corporate secrets [...]

Trade group wants Congress to focus on tax credit, security

Posted:

InfoSec News: Trade group wants Congress to focus on tax credit, security: http://www.computerworld.com/s/article/9196619/Trade_group_wants_Congress_to_focus_on_tax_credit_security
By Grant Gross IDG News Service November 15, 2010
The U.S. Congress should focus on extending a research and development tax credit and on passing data breach notification regulations and other cybersecurity legislation during a brief session this month, a large technology trade group recommended.
Congress returns to Washington, D.C., this week for a so-called lame-duck session lasting about three weeks, and TechAmerica wants lawmakers to focus on some technology issues, in addition to income-tax and budget issues, officials of the 1,200-member trade group said Monday.
There's broad agreement that the research and development tax credit needs to be extended, as well as strong support for a national data breach notification law and updates to the U.S. Federal Information Security Management Act (FISMA), said Phil Bond, TechAmerica's president and CEO.
"These are priorities that have been voiced and supported by the [congressional] leadership on all sides," Bond said. "There is no debate about the need for an R&D tax credit. Our hope is that we can get some of the consensus issues done."
[...]

[Dataloss Weekly Summary] Week of Sunday, November 7, 2010

Posted:

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, November 7, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, November 7, 2010
6 Incidents Added.
======================================================================== [...]

Institutions Reject Claims that Malware Shut Down ATMs, Sites

Posted:

InfoSec News: Institutions Reject Claims that Malware Shut Down ATMs, Sites: http://www.bankinfosecurity.com/articles.php?art_id=3096
By Tracy Kitten Managing Editor Bank Info Security November 15, 2010
The ATM and online banking outage that allegedly struck several of the nation's top financial institutions, including Bank of America, Chase, U.S. [...]

Career Bobs

Posted by Rohan ingale at 1:25 AM

0 comments:

Post a Comment