By Ryan KamauffHere are the top cyber news and stories of the day.
At Commerce Dept., false alarm on cyberattack cost almost $3 million – The Commerce Department was recently hit by a cyber attack, one it deemed “so vicious that the agency’s entire computer network had been put at risk.” The Commerce Department even had 200 employees “spend months without e-mail or access to Internet servers and databases.” This cut out communications to regional offices, and cost untold dollars in lost productivity. They also spent almost $3M on destroying ‘infected’ machines. However, the attack was merely a small infection on six machines, which could have easily been cleaned up by routine antivirus programs. This attack, and the reactions, demonstrate how important accurate diagnosis is. Via Washington Post, more here.
Malware campaign strikes Asian, European governments – It is sometimes nice to see that the US is not the only target of cyber attackers. “Trend Micro says it detected a targeted attack that sent malware-laden emails to representatives of 16 European countries and some Asian governments.” These emails are allegedly from the Chinese defense ministry, but those allegations have not been verified. Via ComputerWorld, more here.
Cell phone amplifiers can be hacked – Recently, some security researchers have found it possible to hack Verizon femtocells and siphon off personal data, directly from the device. They can record phone calls, take users’ browser history and grab text messages. Verizon claims they became aware of these vulnerabilities last year and have since fixed them, but it seems odd that they were still able to control the devices. Via SFGate, more here.
The ban on feds at Defcon draws a mixed reaction – In the past, Defcon has been a place where government folks and hackers of all sorts can meet on a common ground. However, after the PRISM news, it seems they are no longer welcome. This is unfortunate, because the event could have been a way for the government to reach out, and start to mend relationships, but that day will have to wait. Via ComputerWorld, more here.
Chinese APT Worked through Cloud – “The Chinese Advanced Persistent Threat (APT) group that targeted The New York Times last year used Dropbox and WordPress to carry out its missions, said researchers from Cyber Squared in a new report.” Dropbox allowed them to better anonymize themselves, and to move past some security measures. The attacks then used a WordPress blog for command and control, effectively hiding in plain sight. Via ISS Source, more here.
DISA cloud contractors face strict security standards – ”The Defense Information Systems Agency anticipates up to 10 awards on a potential $450 million contract to provide cloud computing services to Defense Department agencies. But to make the