Entries with tag cybersecurity.

New Report Casts Blame for Widespread Cyberattacks on Iranian Hackers

A new report contends Iranian hackers stole confidential information from government agencies and major companies in 16 countries during at least the last two years. Security vendor Cylance says the ongoing attacks, which it calls  “Operation Cleaver," stole documents and wrested control of computer networks of organizations located in nations including Canada, China, India, Israel, Mexico, Pakistan, South Korea, Turkey, the United Arab Emirates, and the US. The organizations were in the military, energy, transportation, telecommunications, technology, and other industry sectors. Cylance says it has evidence these intrusions were made by the same Iran-based group responsible for a 2013 attack on the US Navy computer network. Hamid Babaei, spokesperson for Iran's mission to the United Nations, said these claims are “a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks.”. According to Cylance’s report, the hackers used a combination of off-the-shelf and custom tools to infiltrate target computer systems. “We discovered the scope and damage of these operations during investigations of what we thought were separate cases,” said company CEO Stuart McClure. “Due to the choice of critical infrastructure victims and the Iranian team’s quickly improving skillset, we are compelled to publish this report.” Although based in Tehran, the company said, the hackers receive help from people in Canada, the Netherlands, and the UK. Cylance said it has traced the attacks to June 2012, although they may have begun as early as 2010. Cylance shared its findings with the victims and the US Federal Bureau of Investigation. (PC Mag)(USA Today)(Reuters)

 

Security-Application Update Disables Computers Worldwide

A faulty update from security vendor Malwarebytes issued Tuesday afternoon reportedly left users worldwide without computer access after the software disabled essential, legitimate Windows components after identifying them as malware. The problem was created by a faulty update definition that marked Windows.dll and .exe files as malware. Malwarebytes said it took the update off its servers as soon as it realized there was a problem, which occurred within eight minutes of deployment. The company said in a blog post that it is re-evaluating its update policy to prevent this from occurring again. The ongoing fight against new and fast moving cyberthreats and the need to update applications makes faulty updates a “constant danger,”, said Rik Ferguson, global vice president of security research at security vendor Trend Micro. (SlashDot)(V3.co.uk)(Malwarebytes)
 

Once-Notorious US Hacker Aids Ecuador in Election Security

Kevin Mitnick, notorious in the 1990s for hundreds of Internet-based attacks, now runs Mitnick Security Consulting, which the government of Ecuador recently hired to provide cybersecurity for Ecuador’s recent presidential elections. Now 49, he posted to Twitter, “Eighteen years ago I was busted for hacking. I do the same thing today but with full authorization. How cool is that?” His attacks—against corporate, government and university targets including Apple Computer, Motorola, and the FBI—resulted in a conviction on cybercrime-related charges. He was sentenced to 15 years and was imprisoned between 1995 and 2000. (PhysOrg)(AFP @ GlobalPost)(Mitnick Global Security)
 

US Report Claims Too Many Cyberattacks Aren’t Reported


The Bipartisan Policy Center (BPC)—a US-based, nonprofit, public-policy think tank—has issued a report stating that too many cyberattacks in the United States go unreported. The lack of reporting causes a myriad of problems from the theft of intellectual property to compromised national security. The concerns that prevent organizations from divulging information about attacks range from reputation damage to loss of customers, as well as possible liabilities connected to divulging information, according to the BPC. The report found that the number of cyberattacks in the US is increasing along with financial losses resulting from them but that organizations openly sharing information about the incidents could improve the situation. Between October 2011 and February 2012, victims reported more than 50,000 cyberattacks on private and government networks to the US Department of Homeland Security. Of these, 86 targeted critical-infrastructure networks. (PhysOrg)(AFP)(The Bipartisan Policy Center)

Showing 4 results.