Entries with tag us cybersecurity.

Microsoft Zero-Day Vulnerability Targets US Nuclear Researchers

Microsoft has confirmed that a zero-day vulnerability exists in all versions of Internet Explorer 8, the company’s most popular browser. Security researchers say hackers have used the vulnerability in attacks against US Department of Energy nuclear-weapons scientists as well as US Department of Labor employees. The DoE’s Site Exposure Matrices website, used for information related to illnesses in employees who work in developing or disarming nuclear weapons, was specifically targeted in a watering-hole attack. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. One security expert says these types of attacks will be successful unless users begin utilizing advanced browser protection software, such as virtual containers. Similar recent attacks have affected the Council on Foreign Relations think tank, NBC, and Capstone Turbine, a renewable energy firm, according to NextGov, a news and analysis website for US federal IT managers. Microsoft indicated it will issue a fix for its browser vulnerability but has not said when. The company’s next regularly scheduled security update will be on 14 May. (Computerworld)(ZDNet)(NextGov)

Cyberattacks against US Infrastructure Are Increasingly Likely

Security experts predict that new cyberattacks against US targets may hit important infrastructure elements rather than corporate networks or other IT assets. Hackers could focus on remotely-controlled and –monitored infrastructure systems originally constructed without security considerations such as those for street lights, building security, sewers, oil-transport pipelines, prison security. DARPA is identifying and mapping security vulnerabilities in these systems. National Public Radio reports that “close to 200 cyberattacks on critical infrastructure” were reported to the US Department of Homeland Security in the past year. The Presidential Policy Directive on Critical Infrastructure Security and Resilience, released 12 February, is designed to address such incidents, but critics say more definitive action is necessary. (NPR)(Politico)(International Affairs Review)

Showing 2 results.